SlideShare una empresa de Scribd logo

Verification and change impact analysis of access-control policies

Descargar como PPT, PDF
B
bdemchak

Verification and change impact analysis of access-control policies

Software
1 de 49
Verification and Change-Impact Analysis ofVerification and Change-Impact Analysis of Access-Control PoliciesAccess-Control Policies Kathi Fisler, Shriram Krishnamurthi, Leo Meyerovich, and Michael TschantzKathi Fisler, Shriram Krishnamurthi, Leo Meyerovich, and Michael Tschantz ICSE’05ICSE’05 Presented byPresented by Barry DemchakBarry Demchak CSE 294CSE 294 Winter 2006Winter 2006
2 Background – Data and Privilege ManagementBackground – Data and Privilege Management  Checkpoint Financial exposed 163,000Checkpoint Financial exposed 163,000 records in 2005. Penalty:records in 2005. Penalty: $15M$15M  Ameriprise exposed 226,000 recordsAmeriprise exposed 226,000 records this weekthis week  California SB1386 effective July 2003California SB1386 effective July 2003 requires disclosurerequires disclosure
3 Background – Policy ObjectivesBackground – Policy Objectives  AllowAllow access only to proper partiesaccess only to proper parties under proper conditionsunder proper conditions  DenyDeny access to those that should notaccess to those that should not have ithave it
4 Background – Economics of ScaleBackground – Economics of Scale  One-size-fits-all applicationsOne-size-fits-all applications (security-(security- neutral)neutral)  Tracking increasing subjects/Tracking increasing subjects/ resources/actions needs automationresources/actions needs automation  Tracking interactions seemsTracking interactions seems hopelesshopeless  Tracking exceptions seemsTracking exceptions seems hopelesshopeless
5 Background – Economics of ScaleBackground – Economics of Scale Time Complexity Budget $
6 Background – XACML PropositionBackground – XACML Proposition  Common language to express policiesCommon language to express policies  Hierarchy of definition to matchHierarchy of definition to match hierarchy of organizationhierarchy of organization  Disconnect policies from mainstreamDisconnect policies from mainstream application designapplication design (separation of concerns)(separation of concerns)  Model to specify policies, queryModel to specify policies, query access, and resultsaccess, and results  Vendor-neutral mechanismsVendor-neutral mechanisms
7 Background – User RequirementsBackground – User Requirements  WritingWriting  ReviewingReviewing  TestingTesting  ApprovingApproving  DeployingDeploying  CombiningCombining  AnalyzingAnalyzing  ModifyingModifying  WithdrawingWithdrawing  RetrievingRetrieving  EnforcingEnforcing
8 Background – Basic ConstructionBackground – Basic Construction  Rule:Rule: {{subjectsubject}* {}* {actionaction}* {}* {resourceresource}* {}* {conditionalconditional}*}*  Rules are combined to makeRules are combined to make policiespolicies  Policies are combined to makePolicies are combined to make policypolicy setssets
9
10 Background – Basic ConstructionBackground – Basic Construction  Policy:Policy:  TargetTarget  Rule combining algorithmRule combining algorithm  {rules}*{rules}*  {obligations}*{obligations}*
11 Background – Basic FlowBackground – Basic Flow 1.1. Application creates XACML-basedApplication creates XACML-based queryquery 2.2. Application chooses {policy}*Application chooses {policy}* 3.3. XACML engine compares query toXACML engine compares query to {policy}* and produces reply:{policy}* and produces reply:  PermitPermit  DenyDeny  InapplicableInapplicable 4.4. Application fulfills {obligations}*Application fulfills {obligations}*
12
13 Background – Engine CapabilitiesBackground – Engine Capabilities  Combining rulesCombining rules (first applicable, only-one applicable, etc)(first applicable, only-one applicable, etc)  Multiple subjectsMultiple subjects  Subject and resource attributes (e.g.,Subject and resource attributes (e.g., LDAP-maintained)LDAP-maintained)  Multi-valued attributesMulti-valued attributes  Operator libraryOperator library  XQuery conditionalsXQuery conditionals
14 Background – Policy DistributionBackground – Policy Distribution  Policies are stored in databases orPolicies are stored in databases or anywhere elseanywhere else  Policies apply to particular targetPolicies apply to particular target (subjects, actions, resources)(subjects, actions, resources)  Engine can fetch multiple policies toEngine can fetch multiple policies to evaluateevaluate
15 Background – CovenantBackground – Covenant  Policies contain obligations thatPolicies contain obligations that applications must:applications must:  promise to understandpromise to understand  act on when Permit is returnedact on when Permit is returned
16 Background – Trivial Policy ExampleBackground – Trivial Policy Example  AllowAllow any subjectany subject to performto perform anyany actionaction onon any resourceany resource so long as theso long as the domaindomain name is medico.comname is medico.com
17  HeaderHeader  [p01] <?xml version=1.0" encoding="UTF-8"?>[p01] <?xml version=1.0" encoding="UTF-8"?>  [p02] <Policy[p02] <Policy xmlns="urn:oasis:names:tc:xacml:1.0:policy"xmlns="urn:oasis:names:tc:xacml:1.0:policy"  [p03][p03] xmlns:xsi="http://www.w3.org/2001/XMLSchema-xmlns:xsi="http://www.w3.org/2001/XMLSchema- instance"instance"  [p04][p04] xsi:schemaLocation="urn:oasis:names:tc:xacml:1.0:pxsi:schemaLocation="urn:oasis:names:tc:xacml:1.0:p olicyolicy  [p05] http://www.oasis-open.org/tc/xacml/1.0/cs-[p05] http://www.oasis-open.org/tc/xacml/1.0/cs- xacml-schema-policy-01.xsd"xacml-schema-policy-01.xsd"  [p06] PolicyId="identifier:example:SimplePolicy1"[p06] PolicyId="identifier:example:SimplePolicy1"  [p07] RuleCombiningAlgId="identifier:rule-[p07] RuleCombiningAlgId="identifier:rule- combining-algorithm:deny-overrides">combining-algorithm:deny-overrides">
18  DescriptionDescription  [p08] <Description>[p08] <Description>  [p09] Medi Corp access control policy[p09] Medi Corp access control policy  [p10] </Description>[p10] </Description>
19  TargetTarget  [p11] <Target>[p11] <Target>  [p12] <Subjects>[p12] <Subjects>  [p13][p13] <AnySubject/><AnySubject/>  [p14] </Subjects>[p14] </Subjects>  [p15] <Resources>[p15] <Resources>  [p16][p16] <AnyResource/><AnyResource/>  [p17] </Resources>[p17] </Resources>  [p18] <Actions>[p18] <Actions>  [p19][p19] <AnyAction/><AnyAction/>  [p20] </Actions>[p20] </Actions>  [p21] </Target>[p21] </Target>
20  Rule HeaderRule Header  [p22] <Rule[p22] <Rule  [p23] RuleId=[p23] RuleId= "urn:oasis:names:tc:xacml:1.0:example:SimpleRule1""urn:oasis:names:tc:xacml:1.0:example:SimpleRule1"  [p24][p24] Effect="Permit"Effect="Permit">>
21  Rule DescriptionRule Description  [p25] <Description>[p25] <Description>  [p26] Any subject with an e-mail name in the[p26] Any subject with an e-mail name in the medico.com domainmedico.com domain  [p27] can perform any action on any resource.[p27] can perform any action on any resource.  [p28] </Description>[p28] </Description>
22  Rule TargetRule Target  [p29] <Target>[p29] <Target>  [p30] <Subjects>[p30] <Subjects>  [p31] <Subject>[p31] <Subject>  [p32] <SubjectMatch MatchId="[p32] <SubjectMatch MatchId="  urn:oasis:names:tc:xacml:1.0:function:urn:oasis:names:tc:xacml:1.0:function:rfc822Name-matchrfc822Name-match">">  [p33] <SubjectAttributeDesignator[p33] <SubjectAttributeDesignator  [p34][p34]  AttributeId="urn:oasis:names:tc:xacml:1.0:subject:AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-idsubject-id""  [p35] DataType="urn:oasis:names:tc:xacml:1.0:datatype:[p35] DataType="urn:oasis:names:tc:xacml:1.0:datatype:  rfc822Namerfc822Name"/>"/>  [p36] <AttributeValue[p36] <AttributeValue  [p37] DataType="urn:oasis:names:tc:xacml:1.0:datatype:[p37] DataType="urn:oasis:names:tc:xacml:1.0:datatype:  rfc822Name">rfc822Name">medico.commedico.com  [p38] </AttributeValue>[p38] </AttributeValue>  [p39] </SubjectMatch>[p39] </SubjectMatch>  [p40] </Subject>[p40] </Subject>  [p41] </Subjects>[p41] </Subjects>  [p42] <Resources>[p42] <Resources>  [p43] <AnyResource/>[p43] <AnyResource/>  [p44] </Resources>[p44] </Resources>  [p45] <Actions>[p45] <Actions>  [p46] <AnyAction/>[p46] <AnyAction/>  [p47] </Actions>[p47] </Actions>  [p48] </Target>[p48] </Target>
23  Rule EndRule End  [p49] </Rule>[p49] </Rule>  [p50] </xacml:Policy>[p50] </xacml:Policy>
24 Background – Trivial Query ExampleBackground – Trivial Query Example  be@simpsons.combe@simpsons.com wants towants to readread /medico/record/patient/BartSimpson/medico/record/patient/BartSimpson
25  HeaderHeader  [c01] <?xml version="1.0" encoding="UTF-8"?>[c01] <?xml version="1.0" encoding="UTF-8"?>  [c02] <Request xmlns="urn:oasis:names:tc:xacml:1.0:context"[c02] <Request xmlns="urn:oasis:names:tc:xacml:1.0:context"  [c03] xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"[c03] xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  [c04] xsi:schemaLocation="urn:oasis:names:tc:xacml:1.0:context[c04] xsi:schemaLocation="urn:oasis:names:tc:xacml:1.0:context  [c05] http://www.oasis-open.org/tc/xacml/1.0/cs-xacml-schema-context-[c05] http://www.oasis-open.org/tc/xacml/1.0/cs-xacml-schema-context- 01.xsd">01.xsd">  SubjectSubject  [c06] <Subject>[c06] <Subject>  [c07] <Attribute[c07] <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subjectidsubjectid""   [c08] DataType="urn:oasis:names:tc:xacml:1.0:data-[c08] DataType="urn:oasis:names:tc:xacml:1.0:data- type:rfc822Name">type:rfc822Name">  [c09] <AttributeValue>[c09] <AttributeValue>bs@simpsons.combs@simpsons.com</AttributeValue></AttributeValue>  [c10] </Attribute>[c10] </Attribute>  [c11] </Subject>[c11] </Subject>
26  ResourceResource  [c12] <Resource>[c12] <Resource>  [c13] <Attribute[c13] <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:ufspath"AttributeId="urn:oasis:names:tc:xacml:1.0:resource:ufspath"   [c14] DataType="http://www.w3.org/2001/XMLSchema#anyURI">[c14] DataType="http://www.w3.org/2001/XMLSchema#anyURI">  [c15][c15] <AttributeValue><AttributeValue>/medico/record/patient/BartSimpson/medico/record/patient/BartSimpson</AttributeValue></AttributeValue>  [c16] </Attribute>[c16] </Attribute>  [c17] </Resource>[c17] </Resource>  ActionAction  [c18] <Action>[c18] <Action>  [c19] <Attribute[c19] <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"  [c20] DataType="http://www.w3.org/2001/XMLSchema#string">[c20] DataType="http://www.w3.org/2001/XMLSchema#string">  [c21] <AttributeValue>[c21] <AttributeValue>readread</AttributeValue></AttributeValue>  [c22] </Attribute>[c22] </Attribute>  [c23] </Action>[c23] </Action>  Query EndQuery End  [c24] </Request>[c24] </Request>
27 Background – Trivial Response ExampleBackground – Trivial Response Example  Response:Response: Not ApplicableNot Applicable  HeaderHeader  [r01] <?xml version="1.0" encoding="UTF-8"?>[r01] <?xml version="1.0" encoding="UTF-8"?>  [r02] <Response xmlns="urn:oasis:names:tc:xacml:1.0:context"[r02] <Response xmlns="urn:oasis:names:tc:xacml:1.0:context"  [r03] xsi:schemaLocation="urn:oasis:names:tc:xacml:1.0:context[r03] xsi:schemaLocation="urn:oasis:names:tc:xacml:1.0:context  [r04] http://www.oasis-open.org/tc/xacml/1.0/cs-xacml-schema-context-[r04] http://www.oasis-open.org/tc/xacml/1.0/cs-xacml-schema-context-  01.xsd">01.xsd">  ResultResult  [r05] <Result>[r05] <Result>  [r06] <Decision>[r06] <Decision>NotApplicableNotApplicable</Decision></Decision>  [r07] </Result>[r07] </Result>  EndEnd  [r08] </Response>[r08] </Response>
28 Background – Threat ModelBackground – Threat Model  Operating environment responsible forOperating environment responsible for  AuthenticationAuthentication  Communications securityCommunications security forfor  PoliciesPolicies  Query engine executionQuery engine execution  ClientClient
29 MargraveMargrave  (markgraf in German)(markgraf in German)  A lord or keeper of borders: aA lord or keeper of borders: a medieval access control managermedieval access control manager
30 ObjectivesObjectives  Detect ill-formed or inconsistentDetect ill-formed or inconsistent policiespolicies  Identify differences between policyIdentify differences between policy generationsgenerations
31 ObservationsObservations (relative to straight coding)(relative to straight coding)  Policy implementations oftenPolicy implementations often scattered across modulesscattered across modules  Sharing/changing policies is hard andSharing/changing policies is hard and sometimes subtlesometimes subtle  Offloading access control logicOffloading access control logic reduces complexity for automatedreduces complexity for automated program checkersprogram checkers
32 ObservationsObservations (relative to straight coding)(relative to straight coding)  Automated reasoning about policiesAutomated reasoning about policies is hard and is not amenable tois hard and is not amenable to automated program checkingautomated program checking  Testing isn’t exhaustive … testingTesting isn’t exhaustive … testing cost model is out of whack relative tocost model is out of whack relative to security breach cost modelsecurity breach cost model
33 ContributionContribution  Verification system checks policiesVerification system checks policies against propertiesagainst properties  Change impact analyzerChange impact analyzer
34 IssuesIssues  Visualization of XACML policiesVisualization of XACML policies  Visualization of propertiesVisualization of properties  Visualization of policy diffsVisualization of policy diffs  Expanding Margrave to cover more ofExpanding Margrave to cover more of XACMLXACML
35 Basic Verification - PropertiesBasic Verification - Properties  Margrave adds properties: a logicalMargrave adds properties: a logical predicate involving subjects, actions, andpredicate involving subjects, actions, and resourcesresources  Consider aConsider a policy Pol1policy Pol1: “Requests for Students: “Requests for Students to Receive ExternalGrades, and for Faculty toto Receive ExternalGrades, and for Faculty to Assign and View both InternalGrades andAssign and View both InternalGrades and ExternalGrades, will succeed.”ExternalGrades, will succeed.”  Consider aConsider a property Pr1property Pr1: “There do not exist: “There do not exist members of Student who can Assignmembers of Student who can Assign ExternalGrades.”ExternalGrades.”  The verifier willThe verifier will acceptaccept Pol1/Pr1 because Pr1Pol1/Pr1 because Pr1 doesn’t address any part of Pol1.doesn’t address any part of Pol1.
36 Basic Verification - PropertiesBasic Verification - Properties  Consider aConsider a policy Pol1policy Pol1: “Requests for: “Requests for Students to Receive ExternalGrades, andStudents to Receive ExternalGrades, and for Faculty to Assign and View bothfor Faculty to Assign and View both InternalGrades and ExternalGrades, willInternalGrades and ExternalGrades, will succeed.”succeed.”  Consider aConsider a property Pr2property Pr2: “All members of: “All members of Faculty can Assign both InternalGradesFaculty can Assign both InternalGrades and ExternalGrades”.and ExternalGrades”.  The verifier willThe verifier will acceptaccept Pol1/Pr2 becausePol1/Pr2 because Pr2 affirms Pol1.Pr2 affirms Pol1.
37 Basic Verification - PropertiesBasic Verification - Properties  Consider aConsider a policy Pol1policy Pol1: “Requests for: “Requests for Students to Receive ExternalGrades, andStudents to Receive ExternalGrades, and for Faculty to Assign and View bothfor Faculty to Assign and View both InternalGrades and ExternalGrades, willInternalGrades and ExternalGrades, will succeed.”succeed.”  Consider aConsider a property Pr3property Pr3: “No member of: “No member of Faculty can View ExternalGrades.”Faculty can View ExternalGrades.”  The verifier willThe verifier will rejectreject Pol1/Pr3 becausePol1/Pr3 because Pr3 conflicts with Pol1.Pr3 conflicts with Pol1.
38 Representation of PoliciesRepresentation of Policies  Policies are represented as MTBDDsPolicies are represented as MTBDDs (multi-(multi- terminal binary decision diagrams)terminal binary decision diagrams)
39 Representation of PoliciesRepresentation of Policies  MTBDDs are constructed according to aMTBDDs are constructed according to a fixed ordering of the variablesfixed ordering of the variables (easy(easy comparison)comparison)  MTBDDs maximally share subtreesMTBDDs maximally share subtrees  MTBDDs collapse irrelevant variablesMTBDDs collapse irrelevant variables (where(where all transitions are to the same node)all transitions are to the same node)
40 Operations on MTBDDsOperations on MTBDDs  MTBDDs created for individual rules andMTBDDs created for individual rules and then merged to create policiesthen merged to create policies according to theaccording to the policy’s rule combining algorithmspolicy’s rule combining algorithms  Combining MTBDDs starts at the top ofCombining MTBDDs starts at the top of both MTBDDs and executes a briefboth MTBDDs and executes a brief recursive algorithmrecursive algorithm  Environmental constraints (e.g., “noEnvironmental constraints (e.g., “no Faculty is also a Student”) get combined inFaculty is also a Student”) get combined in a similar waya similar way
41 Operations on MTBDDsOperations on MTBDDs
42 ImplementationImplementation  Built on PLT SchemeBuilt on PLT Scheme  Properties are hand-assembled in SchemeProperties are hand-assembled in Scheme  A pseudo-code implementation of checkingA pseudo-code implementation of checking “A student can assign ExternalGrades”:“A student can assign ExternalGrades”:
43 ImplementationImplementation  Produces error reports (line 11 maskedProduces error reports (line 11 masked with line 9 shows properties that caused awith line 9 shows properties that caused a violation … i.e., a counter-example)violation … i.e., a counter-example)
44 ImplementationImplementation  Produces change analyses (N->P meansProduces change analyses (N->P means non-applicable->Permit)non-applicable->Permit)
45 PerformancePerformance  Parsing a policy havingParsing a policy having 50 variables50 variables andand 1268 nodes1268 nodes tooktook 2050ms2050ms on desktopon desktop computercomputer  CheckingChecking 12 properties12 properties was too quick towas too quick to measuremeasure  Memory consumption wasMemory consumption was 316KB316KB  On another test, a compare tookOn another test, a compare took 2ms2ms andand produced a tree containingproduced a tree containing 1133 nodes1133 nodes takingtaking 16KB16KB
46 AlternativesAlternatives  SELinux (Security-enhanced Linux)SELinux (Security-enhanced Linux) produces BDDs, but they are orientedproduces BDDs, but they are oriented toward determiningtoward determining information flowinformation flow in ain a traditional model-checker activitytraditional model-checker activity  A complete solution would use bothA complete solution would use both Margrave and information flow analysisMargrave and information flow analysis
47 DeficienciesDeficiencies  Visualization (obviously)Visualization (obviously)  Cannot reason about data valuesCannot reason about data values  Does not process complete XACMLDoes not process complete XACML
48 ConclusionsConclusions  Margrave is aMargrave is a work in progresswork in progress  XACML and Margrave are aboutXACML and Margrave are about managingmanaging complexitycomplexity throughthrough separation of concernsseparation of concerns  Margrave adds the concept of properties toMargrave adds the concept of properties to verify policiesverify policies  Margrave compares policies, whichMargrave compares policies, which enablesenables incremental validationincremental validation
49 ReferencesReferences  Verification and Change-Impact Analysis ofVerification and Change-Impact Analysis of Access-Control PoliciesAccess-Control Policies by Kathi Fisler, Shriramby Kathi Fisler, Shriram Krishnamurthi, Leo Meyerovich, and Michael Tschantz, ICSE’05Krishnamurthi, Leo Meyerovich, and Michael Tschantz, ICSE’05  OASIS eXtensible Access Control MarkupOASIS eXtensible Access Control Markup Language (XACML),Language (XACML), http://www.oasis-open.org/committees/xacml/repository/cs-xacml-specifichttp://www.oasis-open.org/committees/xacml/repository/cs-xacml-specific , December 2002, December 2002

Recomendados

Web services, the ws stack, and research prospects a survey
Web services, the ws stack, and research prospects a surveyWeb services, the ws stack, and research prospects a survey
Web services, the ws stack, and research prospects a survey
bdemchak
 
A Business Case for Establishing BCP
A Business Case for Establishing BCPA Business Case for Establishing BCP
A Business Case for Establishing BCP
Business Beam
 
Khazi Sox A
Khazi Sox AKhazi Sox A
Khazi Sox A
ahmedjeelani
 
7 Tips to Help You Prepare for CECL
7 Tips to Help You Prepare for CECL7 Tips to Help You Prepare for CECL
7 Tips to Help You Prepare for CECL
Colleen Beck-Domanico
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
PECB
 
GRA, NIEM and XACML Security Profiles July 2012
GRA, NIEM and XACML Security Profiles July 2012GRA, NIEM and XACML Security Profiles July 2012
GRA, NIEM and XACML Security Profiles July 2012
Bizagi Inc
 
zSecurity_L9_Standards and Policies.ppt
zSecurity_L9_Standards and Policies.pptzSecurity_L9_Standards and Policies.ppt
zSecurity_L9_Standards and Policies.ppt
ssuser45a8a6
 
BCM Regulations and Learnings from across the globe..
BCM Regulations and Learnings from across the globe..BCM Regulations and Learnings from across the globe..
BCM Regulations and Learnings from across the globe..
Continuity and Resilience
 

Recomendados

Web services, the ws stack, and research prospects a survey
Web services, the ws stack, and research prospects a surveyWeb services, the ws stack, and research prospects a survey
Web services, the ws stack, and research prospects a survey
bdemchak
 
A Business Case for Establishing BCP
A Business Case for Establishing BCPA Business Case for Establishing BCP
A Business Case for Establishing BCP
Business Beam
 
Khazi Sox A
Khazi Sox AKhazi Sox A
Khazi Sox A
ahmedjeelani
 
7 Tips to Help You Prepare for CECL
7 Tips to Help You Prepare for CECL7 Tips to Help You Prepare for CECL
7 Tips to Help You Prepare for CECL
Colleen Beck-Domanico
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
PECB
 
GRA, NIEM and XACML Security Profiles July 2012
GRA, NIEM and XACML Security Profiles July 2012GRA, NIEM and XACML Security Profiles July 2012
GRA, NIEM and XACML Security Profiles July 2012
Bizagi Inc
 
zSecurity_L9_Standards and Policies.ppt
zSecurity_L9_Standards and Policies.pptzSecurity_L9_Standards and Policies.ppt
zSecurity_L9_Standards and Policies.ppt
ssuser45a8a6
 
BCM Regulations and Learnings from across the globe..
BCM Regulations and Learnings from across the globe..BCM Regulations and Learnings from across the globe..
BCM Regulations and Learnings from across the globe..
Continuity and Resilience
 
Data61's Regulation as a Platform (RaaP)
Data61's Regulation as a Platform (RaaP)Data61's Regulation as a Platform (RaaP)
Data61's Regulation as a Platform (RaaP)
Guido Governatori
 
MongoDB World 2018: A Journey to the Cloud with Fraud Detection, Transactions...
MongoDB World 2018: A Journey to the Cloud with Fraud Detection, Transactions...MongoDB World 2018: A Journey to the Cloud with Fraud Detection, Transactions...
MongoDB World 2018: A Journey to the Cloud with Fraud Detection, Transactions...
MongoDB
 
Security of IoT Data: Implementing Data-Centric Security and User Access Stra...
Security of IoT Data: Implementing Data-Centric Security and User Access Stra...Security of IoT Data: Implementing Data-Centric Security and User Access Stra...
Security of IoT Data: Implementing Data-Centric Security and User Access Stra...
Altoros
 
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
John Gilligan
 
Vendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIECVendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIEC
ControlCase
 
Im 8
Im 8Im 8
Im 8
Pranav Mehrotra
 
Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...
Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...
Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...
HPCC Systems
 
Mc leod ch02
Mc leod ch02Mc leod ch02
Mc leod ch02
Judianto Nugroho
 
Welingkar Presentation On Cobit And Iso 1799 And Bs 7799
Welingkar Presentation On Cobit And Iso 1799 And Bs 7799Welingkar Presentation On Cobit And Iso 1799 And Bs 7799
Welingkar Presentation On Cobit And Iso 1799 And Bs 7799
Abhinav Goyal
 
Cyber Security IT GRC Management Model and Methodology.
Cyber Security IT GRC Management Model and Methodology.Cyber Security IT GRC Management Model and Methodology.
Cyber Security IT GRC Management Model and Methodology.
360factors
 
Compliance Framework
Compliance FrameworkCompliance Framework
Compliance Framework
barnetdh
 
Nagios Conference 2013 - Jorge Higueros - Trust Management in Monitoring Fina...
Nagios Conference 2013 - Jorge Higueros - Trust Management in Monitoring Fina...Nagios Conference 2013 - Jorge Higueros - Trust Management in Monitoring Fina...
Nagios Conference 2013 - Jorge Higueros - Trust Management in Monitoring Fina...
Nagios
 
PUBLIC PROCUREMENT REGIME & AN OVERVIEW OF PUBLIC PROCUREMENT RULES, 2004
PUBLIC PROCUREMENT REGIME & AN OVERVIEW OF PUBLIC PROCUREMENT RULES, 2004 PUBLIC PROCUREMENT REGIME & AN OVERVIEW OF PUBLIC PROCUREMENT RULES, 2004
PUBLIC PROCUREMENT REGIME & AN OVERVIEW OF PUBLIC PROCUREMENT RULES, 2004
Nadeem Khan
 
Enterprise Architecture Governance
Enterprise Architecture GovernanceEnterprise Architecture Governance
Enterprise Architecture Governance
Brian K. Seitz
 
Whats new in primavera unifier - Oracle Primavera P6 Collaborate 14
Whats new in primavera unifier - Oracle Primavera P6 Collaborate 14Whats new in primavera unifier - Oracle Primavera P6 Collaborate 14
Whats new in primavera unifier - Oracle Primavera P6 Collaborate 14
p6academy
 
Watkins Meegan: Compliance with FAR Ethics Requirements
Watkins Meegan: Compliance with FAR Ethics RequirementsWatkins Meegan: Compliance with FAR Ethics Requirements
Watkins Meegan: Compliance with FAR Ethics Requirements
Andrea Contres Moore, MBA
 
Integrated Compliance – Collect Evidence Once, Certify to Many
Integrated Compliance – Collect Evidence Once, Certify to ManyIntegrated Compliance – Collect Evidence Once, Certify to Many
Integrated Compliance – Collect Evidence Once, Certify to Many
ControlCase
 
Bridging Cross-Functional Systems Using PPDM Well Standard
Bridging Cross-Functional Systems Using PPDM Well StandardBridging Cross-Functional Systems Using PPDM Well Standard
Bridging Cross-Functional Systems Using PPDM Well Standard
Munira Gandhi
 
India’s new merger notification regime iba international conference 2008
India’s new merger notification regime iba international conference 2008India’s new merger notification regime iba international conference 2008
India’s new merger notification regime iba international conference 2008
KK Sharma Law Offices (Delhi, Brasilia, Ottawa, UAE, Brussels, Netherlands and Washington DC)
 
Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7
Dr. Ahmed Al Zaidy
 
Cytoscape Network Visualization and Analysis
Cytoscape Network Visualization and AnalysisCytoscape Network Visualization and Analysis
Cytoscape Network Visualization and Analysis
bdemchak
 
The New CyREST: Economical Delivery of Complex, Reproducible Network Biology ...
The New CyREST: Economical Delivery of Complex, Reproducible Network Biology ...The New CyREST: Economical Delivery of Complex, Reproducible Network Biology ...
The New CyREST: Economical Delivery of Complex, Reproducible Network Biology ...
bdemchak
 

Más contenido relacionado

Similar a Verification and change impact analysis of access-control policies

Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...
Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...
Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...
HPCC Systems
 
Compliance Framework
Compliance FrameworkCompliance Framework
Compliance Framework
barnetdh
 
Bridging Cross-Functional Systems Using PPDM Well Standard
Bridging Cross-Functional Systems Using PPDM Well StandardBridging Cross-Functional Systems Using PPDM Well Standard
Bridging Cross-Functional Systems Using PPDM Well Standard
Munira Gandhi
 

Similar a Verification and change impact analysis of access-control policies (20)

Data61's Regulation as a Platform (RaaP)
Data61's Regulation as a Platform (RaaP)Data61's Regulation as a Platform (RaaP)
Data61's Regulation as a Platform (RaaP)
 
MongoDB World 2018: A Journey to the Cloud with Fraud Detection, Transactions...
MongoDB World 2018: A Journey to the Cloud with Fraud Detection, Transactions...MongoDB World 2018: A Journey to the Cloud with Fraud Detection, Transactions...
MongoDB World 2018: A Journey to the Cloud with Fraud Detection, Transactions...
 
Security of IoT Data: Implementing Data-Centric Security and User Access Stra...
Security of IoT Data: Implementing Data-Centric Security and User Access Stra...Security of IoT Data: Implementing Data-Centric Security and User Access Stra...
Security of IoT Data: Implementing Data-Centric Security and User Access Stra...
 
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
 
Vendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIECVendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIEC
 
Im 8
Im 8Im 8
Im 8
 
Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...
Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...
Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...
 
Mc leod ch02
Mc leod ch02Mc leod ch02
Mc leod ch02
 
Welingkar Presentation On Cobit And Iso 1799 And Bs 7799
Welingkar Presentation On Cobit And Iso 1799 And Bs 7799Welingkar Presentation On Cobit And Iso 1799 And Bs 7799
Welingkar Presentation On Cobit And Iso 1799 And Bs 7799
 
Cyber Security IT GRC Management Model and Methodology.
Cyber Security IT GRC Management Model and Methodology.Cyber Security IT GRC Management Model and Methodology.
Cyber Security IT GRC Management Model and Methodology.
 
Compliance Framework
Compliance FrameworkCompliance Framework
Compliance Framework
 
Nagios Conference 2013 - Jorge Higueros - Trust Management in Monitoring Fina...
Nagios Conference 2013 - Jorge Higueros - Trust Management in Monitoring Fina...Nagios Conference 2013 - Jorge Higueros - Trust Management in Monitoring Fina...
Nagios Conference 2013 - Jorge Higueros - Trust Management in Monitoring Fina...
 
PUBLIC PROCUREMENT REGIME & AN OVERVIEW OF PUBLIC PROCUREMENT RULES, 2004
PUBLIC PROCUREMENT REGIME & AN OVERVIEW OF PUBLIC PROCUREMENT RULES, 2004 PUBLIC PROCUREMENT REGIME & AN OVERVIEW OF PUBLIC PROCUREMENT RULES, 2004
PUBLIC PROCUREMENT REGIME & AN OVERVIEW OF PUBLIC PROCUREMENT RULES, 2004
 
Enterprise Architecture Governance
Enterprise Architecture GovernanceEnterprise Architecture Governance
Enterprise Architecture Governance
 
Whats new in primavera unifier - Oracle Primavera P6 Collaborate 14
Whats new in primavera unifier - Oracle Primavera P6 Collaborate 14Whats new in primavera unifier - Oracle Primavera P6 Collaborate 14
Whats new in primavera unifier - Oracle Primavera P6 Collaborate 14
 
Watkins Meegan: Compliance with FAR Ethics Requirements
Watkins Meegan: Compliance with FAR Ethics RequirementsWatkins Meegan: Compliance with FAR Ethics Requirements
Watkins Meegan: Compliance with FAR Ethics Requirements
 
Integrated Compliance – Collect Evidence Once, Certify to Many
Integrated Compliance – Collect Evidence Once, Certify to ManyIntegrated Compliance – Collect Evidence Once, Certify to Many
Integrated Compliance – Collect Evidence Once, Certify to Many
 
Bridging Cross-Functional Systems Using PPDM Well Standard
Bridging Cross-Functional Systems Using PPDM Well StandardBridging Cross-Functional Systems Using PPDM Well Standard
Bridging Cross-Functional Systems Using PPDM Well Standard
 
India’s new merger notification regime iba international conference 2008
India’s new merger notification regime iba international conference 2008India’s new merger notification regime iba international conference 2008
India’s new merger notification regime iba international conference 2008
 
Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7
 

Más de bdemchak

The New CyREST: Economical Delivery of Complex, Reproducible Network Biology ...
The New CyREST: Economical Delivery of Complex, Reproducible Network Biology ...The New CyREST: Economical Delivery of Complex, Reproducible Network Biology ...
The New CyREST: Economical Delivery of Complex, Reproducible Network Biology ...
bdemchak
 
No More Silos! Cytoscape CI Enables Interoperability
No More Silos! Cytoscape CI Enables InteroperabilityNo More Silos! Cytoscape CI Enables Interoperability
No More Silos! Cytoscape CI Enables Interoperability
bdemchak
 

Más de bdemchak (20)

Cytoscape Network Visualization and Analysis
Cytoscape Network Visualization and AnalysisCytoscape Network Visualization and Analysis
Cytoscape Network Visualization and Analysis
 
The New CyREST: Economical Delivery of Complex, Reproducible Network Biology ...
The New CyREST: Economical Delivery of Complex, Reproducible Network Biology ...The New CyREST: Economical Delivery of Complex, Reproducible Network Biology ...
The New CyREST: Economical Delivery of Complex, Reproducible Network Biology ...
 
Cytoscape Cyberinfrastructure
Cytoscape CyberinfrastructureCytoscape Cyberinfrastructure
Cytoscape Cyberinfrastructure
 
No More Silos! Cytoscape CI Enables Interoperability
No More Silos! Cytoscape CI Enables InteroperabilityNo More Silos! Cytoscape CI Enables Interoperability
No More Silos! Cytoscape CI Enables Interoperability
 
Cytoscape CI Chapter 2
Cytoscape CI Chapter 2Cytoscape CI Chapter 2
Cytoscape CI Chapter 2
 
Composable Chat Introduction
Composable Chat IntroductionComposable Chat Introduction
Composable Chat Introduction
 
Rich Services: Composable chat
Rich Services: Composable chatRich Services: Composable chat
Rich Services: Composable chat
 
Ucsd tum workshop bd
Ucsd tum workshop bdUcsd tum workshop bd
Ucsd tum workshop bd
 
Rich Feeds for RESCUE and PALMS
Rich Feeds for RESCUE and PALMSRich Feeds for RESCUE and PALMS
Rich Feeds for RESCUE and PALMS
 
Iscram 2008 presentation
Iscram 2008 presentationIscram 2008 presentation
Iscram 2008 presentation
 
Rich feeds policy, the cloud, and CAP
Rich feeds policy, the cloud, and CAPRich feeds policy, the cloud, and CAP
Rich feeds policy, the cloud, and CAP
 
Rich services to the Rescue
Rich services to the RescueRich services to the Rescue
Rich services to the Rescue
 
Hicss 2012 presentation
Hicss 2012 presentationHicss 2012 presentation
Hicss 2012 presentation
 
Policy 2012 presentation
Policy 2012 presentationPolicy 2012 presentation
Policy 2012 presentation
 
Rich feeds for rescue an integration story
Rich feeds for rescue an integration storyRich feeds for rescue an integration story
Rich feeds for rescue an integration story
 
Background scenario drivers and critical issues with a focus on technology ...
Background scenario drivers and critical issues with a focus on technology ...Background scenario drivers and critical issues with a focus on technology ...
Background scenario drivers and critical issues with a focus on technology ...
 
Rich feeds for rescue, palms cyberinfrastructure integration stories
Rich feeds for rescue, palms cyberinfrastructure integration storiesRich feeds for rescue, palms cyberinfrastructure integration stories
Rich feeds for rescue, palms cyberinfrastructure integration stories
 
Data quality and uncertainty visualization
Data quality and uncertainty visualizationData quality and uncertainty visualization
Data quality and uncertainty visualization
 
Web programming in clojure
Web programming in clojureWeb programming in clojure
Web programming in clojure
 
Structure and interpretation of computer programs modularity, objects, and ...
Structure and interpretation of computer programs modularity, objects, and ...Structure and interpretation of computer programs modularity, objects, and ...
Structure and interpretation of computer programs modularity, objects, and ...
 

Último

Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Nitya salvi
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
Presentation.STUDIO
 
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verifiedSector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Delhi Call girls
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
mohitmore19
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
VishalKumarJha10
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
ayushiqss
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
panagenda
 

Último (20)

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verifiedSector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 

Verification and change impact analysis of access-control policies

  • 1. Verification and Change-Impact Analysis ofVerification and Change-Impact Analysis of Access-Control PoliciesAccess-Control Policies Kathi Fisler, Shriram Krishnamurthi, Leo Meyerovich, and Michael TschantzKathi Fisler, Shriram Krishnamurthi, Leo Meyerovich, and Michael Tschantz ICSE’05ICSE’05 Presented byPresented by Barry DemchakBarry Demchak CSE 294CSE 294 Winter 2006Winter 2006
  • 2. 2 Background – Data and Privilege ManagementBackground – Data and Privilege Management  Checkpoint Financial exposed 163,000Checkpoint Financial exposed 163,000 records in 2005. Penalty:records in 2005. Penalty: $15M$15M  Ameriprise exposed 226,000 recordsAmeriprise exposed 226,000 records this weekthis week  California SB1386 effective July 2003California SB1386 effective July 2003 requires disclosurerequires disclosure
  • 3. 3 Background – Policy ObjectivesBackground – Policy Objectives  AllowAllow access only to proper partiesaccess only to proper parties under proper conditionsunder proper conditions  DenyDeny access to those that should notaccess to those that should not have ithave it
  • 4. 4 Background – Economics of ScaleBackground – Economics of Scale  One-size-fits-all applicationsOne-size-fits-all applications (security-(security- neutral)neutral)  Tracking increasing subjects/Tracking increasing subjects/ resources/actions needs automationresources/actions needs automation  Tracking interactions seemsTracking interactions seems hopelesshopeless  Tracking exceptions seemsTracking exceptions seems hopelesshopeless
  • 5. 5 Background – Economics of ScaleBackground – Economics of Scale Time Complexity Budget $
  • 6. 6 Background – XACML PropositionBackground – XACML Proposition  Common language to express policiesCommon language to express policies  Hierarchy of definition to matchHierarchy of definition to match hierarchy of organizationhierarchy of organization  Disconnect policies from mainstreamDisconnect policies from mainstream application designapplication design (separation of concerns)(separation of concerns)  Model to specify policies, queryModel to specify policies, query access, and resultsaccess, and results  Vendor-neutral mechanismsVendor-neutral mechanisms
  • 7. 7 Background – User RequirementsBackground – User Requirements  WritingWriting  ReviewingReviewing  TestingTesting  ApprovingApproving  DeployingDeploying  CombiningCombining  AnalyzingAnalyzing  ModifyingModifying  WithdrawingWithdrawing  RetrievingRetrieving  EnforcingEnforcing
  • 8. 8 Background – Basic ConstructionBackground – Basic Construction  Rule:Rule: {{subjectsubject}* {}* {actionaction}* {}* {resourceresource}* {}* {conditionalconditional}*}*  Rules are combined to makeRules are combined to make policiespolicies  Policies are combined to makePolicies are combined to make policypolicy setssets
  • 9. 9
  • 10. 10 Background – Basic ConstructionBackground – Basic Construction  Policy:Policy:  TargetTarget  Rule combining algorithmRule combining algorithm  {rules}*{rules}*  {obligations}*{obligations}*
  • 11. 11 Background – Basic FlowBackground – Basic Flow 1.1. Application creates XACML-basedApplication creates XACML-based queryquery 2.2. Application chooses {policy}*Application chooses {policy}* 3.3. XACML engine compares query toXACML engine compares query to {policy}* and produces reply:{policy}* and produces reply:  PermitPermit  DenyDeny  InapplicableInapplicable 4.4. Application fulfills {obligations}*Application fulfills {obligations}*
  • 12. 12
  • 13. 13 Background – Engine CapabilitiesBackground – Engine Capabilities  Combining rulesCombining rules (first applicable, only-one applicable, etc)(first applicable, only-one applicable, etc)  Multiple subjectsMultiple subjects  Subject and resource attributes (e.g.,Subject and resource attributes (e.g., LDAP-maintained)LDAP-maintained)  Multi-valued attributesMulti-valued attributes  Operator libraryOperator library  XQuery conditionalsXQuery conditionals
  • 14. 14 Background – Policy DistributionBackground – Policy Distribution  Policies are stored in databases orPolicies are stored in databases or anywhere elseanywhere else  Policies apply to particular targetPolicies apply to particular target (subjects, actions, resources)(subjects, actions, resources)  Engine can fetch multiple policies toEngine can fetch multiple policies to evaluateevaluate
  • 15. 15 Background – CovenantBackground – Covenant  Policies contain obligations thatPolicies contain obligations that applications must:applications must:  promise to understandpromise to understand  act on when Permit is returnedact on when Permit is returned
  • 16. 16 Background – Trivial Policy ExampleBackground – Trivial Policy Example  AllowAllow any subjectany subject to performto perform anyany actionaction onon any resourceany resource so long as theso long as the domaindomain name is medico.comname is medico.com
  • 17. 17  HeaderHeader  [p01] <?xml version=1.0" encoding="UTF-8"?>[p01] <?xml version=1.0" encoding="UTF-8"?>  [p02] <Policy[p02] <Policy xmlns="urn:oasis:names:tc:xacml:1.0:policy"xmlns="urn:oasis:names:tc:xacml:1.0:policy"  [p03][p03] xmlns:xsi="http://www.w3.org/2001/XMLSchema-xmlns:xsi="http://www.w3.org/2001/XMLSchema- instance"instance"  [p04][p04] xsi:schemaLocation="urn:oasis:names:tc:xacml:1.0:pxsi:schemaLocation="urn:oasis:names:tc:xacml:1.0:p olicyolicy  [p05] http://www.oasis-open.org/tc/xacml/1.0/cs-[p05] http://www.oasis-open.org/tc/xacml/1.0/cs- xacml-schema-policy-01.xsd"xacml-schema-policy-01.xsd"  [p06] PolicyId="identifier:example:SimplePolicy1"[p06] PolicyId="identifier:example:SimplePolicy1"  [p07] RuleCombiningAlgId="identifier:rule-[p07] RuleCombiningAlgId="identifier:rule- combining-algorithm:deny-overrides">combining-algorithm:deny-overrides">
  • 18. 18  DescriptionDescription  [p08] <Description>[p08] <Description>  [p09] Medi Corp access control policy[p09] Medi Corp access control policy  [p10] </Description>[p10] </Description>
  • 19. 19  TargetTarget  [p11] <Target>[p11] <Target>  [p12] <Subjects>[p12] <Subjects>  [p13][p13] <AnySubject/><AnySubject/>  [p14] </Subjects>[p14] </Subjects>  [p15] <Resources>[p15] <Resources>  [p16][p16] <AnyResource/><AnyResource/>  [p17] </Resources>[p17] </Resources>  [p18] <Actions>[p18] <Actions>  [p19][p19] <AnyAction/><AnyAction/>  [p20] </Actions>[p20] </Actions>  [p21] </Target>[p21] </Target>
  • 20. 20  Rule HeaderRule Header  [p22] <Rule[p22] <Rule  [p23] RuleId=[p23] RuleId= "urn:oasis:names:tc:xacml:1.0:example:SimpleRule1""urn:oasis:names:tc:xacml:1.0:example:SimpleRule1"  [p24][p24] Effect="Permit"Effect="Permit">>
  • 21. 21  Rule DescriptionRule Description  [p25] <Description>[p25] <Description>  [p26] Any subject with an e-mail name in the[p26] Any subject with an e-mail name in the medico.com domainmedico.com domain  [p27] can perform any action on any resource.[p27] can perform any action on any resource.  [p28] </Description>[p28] </Description>
  • 22. 22  Rule TargetRule Target  [p29] <Target>[p29] <Target>  [p30] <Subjects>[p30] <Subjects>  [p31] <Subject>[p31] <Subject>  [p32] <SubjectMatch MatchId="[p32] <SubjectMatch MatchId="  urn:oasis:names:tc:xacml:1.0:function:urn:oasis:names:tc:xacml:1.0:function:rfc822Name-matchrfc822Name-match">">  [p33] <SubjectAttributeDesignator[p33] <SubjectAttributeDesignator  [p34][p34]  AttributeId="urn:oasis:names:tc:xacml:1.0:subject:AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-idsubject-id""  [p35] DataType="urn:oasis:names:tc:xacml:1.0:datatype:[p35] DataType="urn:oasis:names:tc:xacml:1.0:datatype:  rfc822Namerfc822Name"/>"/>  [p36] <AttributeValue[p36] <AttributeValue  [p37] DataType="urn:oasis:names:tc:xacml:1.0:datatype:[p37] DataType="urn:oasis:names:tc:xacml:1.0:datatype:  rfc822Name">rfc822Name">medico.commedico.com  [p38] </AttributeValue>[p38] </AttributeValue>  [p39] </SubjectMatch>[p39] </SubjectMatch>  [p40] </Subject>[p40] </Subject>  [p41] </Subjects>[p41] </Subjects>  [p42] <Resources>[p42] <Resources>  [p43] <AnyResource/>[p43] <AnyResource/>  [p44] </Resources>[p44] </Resources>  [p45] <Actions>[p45] <Actions>  [p46] <AnyAction/>[p46] <AnyAction/>  [p47] </Actions>[p47] </Actions>  [p48] </Target>[p48] </Target>
  • 23. 23  Rule EndRule End  [p49] </Rule>[p49] </Rule>  [p50] </xacml:Policy>[p50] </xacml:Policy>
  • 24. 24 Background – Trivial Query ExampleBackground – Trivial Query Example  be@simpsons.combe@simpsons.com wants towants to readread /medico/record/patient/BartSimpson/medico/record/patient/BartSimpson
  • 25. 25  HeaderHeader  [c01] <?xml version="1.0" encoding="UTF-8"?>[c01] <?xml version="1.0" encoding="UTF-8"?>  [c02] <Request xmlns="urn:oasis:names:tc:xacml:1.0:context"[c02] <Request xmlns="urn:oasis:names:tc:xacml:1.0:context"  [c03] xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"[c03] xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  [c04] xsi:schemaLocation="urn:oasis:names:tc:xacml:1.0:context[c04] xsi:schemaLocation="urn:oasis:names:tc:xacml:1.0:context  [c05] http://www.oasis-open.org/tc/xacml/1.0/cs-xacml-schema-context-[c05] http://www.oasis-open.org/tc/xacml/1.0/cs-xacml-schema-context- 01.xsd">01.xsd">  SubjectSubject  [c06] <Subject>[c06] <Subject>  [c07] <Attribute[c07] <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subjectidsubjectid""   [c08] DataType="urn:oasis:names:tc:xacml:1.0:data-[c08] DataType="urn:oasis:names:tc:xacml:1.0:data- type:rfc822Name">type:rfc822Name">  [c09] <AttributeValue>[c09] <AttributeValue>bs@simpsons.combs@simpsons.com</AttributeValue></AttributeValue>  [c10] </Attribute>[c10] </Attribute>  [c11] </Subject>[c11] </Subject>
  • 26. 26  ResourceResource  [c12] <Resource>[c12] <Resource>  [c13] <Attribute[c13] <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:ufspath"AttributeId="urn:oasis:names:tc:xacml:1.0:resource:ufspath"   [c14] DataType="http://www.w3.org/2001/XMLSchema#anyURI">[c14] DataType="http://www.w3.org/2001/XMLSchema#anyURI">  [c15][c15] <AttributeValue><AttributeValue>/medico/record/patient/BartSimpson/medico/record/patient/BartSimpson</AttributeValue></AttributeValue>  [c16] </Attribute>[c16] </Attribute>  [c17] </Resource>[c17] </Resource>  ActionAction  [c18] <Action>[c18] <Action>  [c19] <Attribute[c19] <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"  [c20] DataType="http://www.w3.org/2001/XMLSchema#string">[c20] DataType="http://www.w3.org/2001/XMLSchema#string">  [c21] <AttributeValue>[c21] <AttributeValue>readread</AttributeValue></AttributeValue>  [c22] </Attribute>[c22] </Attribute>  [c23] </Action>[c23] </Action>  Query EndQuery End  [c24] </Request>[c24] </Request>
  • 27. 27 Background – Trivial Response ExampleBackground – Trivial Response Example  Response:Response: Not ApplicableNot Applicable  HeaderHeader  [r01] <?xml version="1.0" encoding="UTF-8"?>[r01] <?xml version="1.0" encoding="UTF-8"?>  [r02] <Response xmlns="urn:oasis:names:tc:xacml:1.0:context"[r02] <Response xmlns="urn:oasis:names:tc:xacml:1.0:context"  [r03] xsi:schemaLocation="urn:oasis:names:tc:xacml:1.0:context[r03] xsi:schemaLocation="urn:oasis:names:tc:xacml:1.0:context  [r04] http://www.oasis-open.org/tc/xacml/1.0/cs-xacml-schema-context-[r04] http://www.oasis-open.org/tc/xacml/1.0/cs-xacml-schema-context-  01.xsd">01.xsd">  ResultResult  [r05] <Result>[r05] <Result>  [r06] <Decision>[r06] <Decision>NotApplicableNotApplicable</Decision></Decision>  [r07] </Result>[r07] </Result>  EndEnd  [r08] </Response>[r08] </Response>
  • 28. 28 Background – Threat ModelBackground – Threat Model  Operating environment responsible forOperating environment responsible for  AuthenticationAuthentication  Communications securityCommunications security forfor  PoliciesPolicies  Query engine executionQuery engine execution  ClientClient
  • 29. 29 MargraveMargrave  (markgraf in German)(markgraf in German)  A lord or keeper of borders: aA lord or keeper of borders: a medieval access control managermedieval access control manager
  • 30. 30 ObjectivesObjectives  Detect ill-formed or inconsistentDetect ill-formed or inconsistent policiespolicies  Identify differences between policyIdentify differences between policy generationsgenerations
  • 31. 31 ObservationsObservations (relative to straight coding)(relative to straight coding)  Policy implementations oftenPolicy implementations often scattered across modulesscattered across modules  Sharing/changing policies is hard andSharing/changing policies is hard and sometimes subtlesometimes subtle  Offloading access control logicOffloading access control logic reduces complexity for automatedreduces complexity for automated program checkersprogram checkers
  • 32. 32 ObservationsObservations (relative to straight coding)(relative to straight coding)  Automated reasoning about policiesAutomated reasoning about policies is hard and is not amenable tois hard and is not amenable to automated program checkingautomated program checking  Testing isn’t exhaustive … testingTesting isn’t exhaustive … testing cost model is out of whack relative tocost model is out of whack relative to security breach cost modelsecurity breach cost model
  • 33. 33 ContributionContribution  Verification system checks policiesVerification system checks policies against propertiesagainst properties  Change impact analyzerChange impact analyzer
  • 34. 34 IssuesIssues  Visualization of XACML policiesVisualization of XACML policies  Visualization of propertiesVisualization of properties  Visualization of policy diffsVisualization of policy diffs  Expanding Margrave to cover more ofExpanding Margrave to cover more of XACMLXACML
  • 35. 35 Basic Verification - PropertiesBasic Verification - Properties  Margrave adds properties: a logicalMargrave adds properties: a logical predicate involving subjects, actions, andpredicate involving subjects, actions, and resourcesresources  Consider aConsider a policy Pol1policy Pol1: “Requests for Students: “Requests for Students to Receive ExternalGrades, and for Faculty toto Receive ExternalGrades, and for Faculty to Assign and View both InternalGrades andAssign and View both InternalGrades and ExternalGrades, will succeed.”ExternalGrades, will succeed.”  Consider aConsider a property Pr1property Pr1: “There do not exist: “There do not exist members of Student who can Assignmembers of Student who can Assign ExternalGrades.”ExternalGrades.”  The verifier willThe verifier will acceptaccept Pol1/Pr1 because Pr1Pol1/Pr1 because Pr1 doesn’t address any part of Pol1.doesn’t address any part of Pol1.
  • 36. 36 Basic Verification - PropertiesBasic Verification - Properties  Consider aConsider a policy Pol1policy Pol1: “Requests for: “Requests for Students to Receive ExternalGrades, andStudents to Receive ExternalGrades, and for Faculty to Assign and View bothfor Faculty to Assign and View both InternalGrades and ExternalGrades, willInternalGrades and ExternalGrades, will succeed.”succeed.”  Consider aConsider a property Pr2property Pr2: “All members of: “All members of Faculty can Assign both InternalGradesFaculty can Assign both InternalGrades and ExternalGrades”.and ExternalGrades”.  The verifier willThe verifier will acceptaccept Pol1/Pr2 becausePol1/Pr2 because Pr2 affirms Pol1.Pr2 affirms Pol1.
  • 37. 37 Basic Verification - PropertiesBasic Verification - Properties  Consider aConsider a policy Pol1policy Pol1: “Requests for: “Requests for Students to Receive ExternalGrades, andStudents to Receive ExternalGrades, and for Faculty to Assign and View bothfor Faculty to Assign and View both InternalGrades and ExternalGrades, willInternalGrades and ExternalGrades, will succeed.”succeed.”  Consider aConsider a property Pr3property Pr3: “No member of: “No member of Faculty can View ExternalGrades.”Faculty can View ExternalGrades.”  The verifier willThe verifier will rejectreject Pol1/Pr3 becausePol1/Pr3 because Pr3 conflicts with Pol1.Pr3 conflicts with Pol1.
  • 38. 38 Representation of PoliciesRepresentation of Policies  Policies are represented as MTBDDsPolicies are represented as MTBDDs (multi-(multi- terminal binary decision diagrams)terminal binary decision diagrams)
  • 39. 39 Representation of PoliciesRepresentation of Policies  MTBDDs are constructed according to aMTBDDs are constructed according to a fixed ordering of the variablesfixed ordering of the variables (easy(easy comparison)comparison)  MTBDDs maximally share subtreesMTBDDs maximally share subtrees  MTBDDs collapse irrelevant variablesMTBDDs collapse irrelevant variables (where(where all transitions are to the same node)all transitions are to the same node)
  • 40. 40 Operations on MTBDDsOperations on MTBDDs  MTBDDs created for individual rules andMTBDDs created for individual rules and then merged to create policiesthen merged to create policies according to theaccording to the policy’s rule combining algorithmspolicy’s rule combining algorithms  Combining MTBDDs starts at the top ofCombining MTBDDs starts at the top of both MTBDDs and executes a briefboth MTBDDs and executes a brief recursive algorithmrecursive algorithm  Environmental constraints (e.g., “noEnvironmental constraints (e.g., “no Faculty is also a Student”) get combined inFaculty is also a Student”) get combined in a similar waya similar way
  • 42. 42 ImplementationImplementation  Built on PLT SchemeBuilt on PLT Scheme  Properties are hand-assembled in SchemeProperties are hand-assembled in Scheme  A pseudo-code implementation of checkingA pseudo-code implementation of checking “A student can assign ExternalGrades”:“A student can assign ExternalGrades”:
  • 43. 43 ImplementationImplementation  Produces error reports (line 11 maskedProduces error reports (line 11 masked with line 9 shows properties that caused awith line 9 shows properties that caused a violation … i.e., a counter-example)violation … i.e., a counter-example)
  • 44. 44 ImplementationImplementation  Produces change analyses (N->P meansProduces change analyses (N->P means non-applicable->Permit)non-applicable->Permit)
  • 45. 45 PerformancePerformance  Parsing a policy havingParsing a policy having 50 variables50 variables andand 1268 nodes1268 nodes tooktook 2050ms2050ms on desktopon desktop computercomputer  CheckingChecking 12 properties12 properties was too quick towas too quick to measuremeasure  Memory consumption wasMemory consumption was 316KB316KB  On another test, a compare tookOn another test, a compare took 2ms2ms andand produced a tree containingproduced a tree containing 1133 nodes1133 nodes takingtaking 16KB16KB
  • 46. 46 AlternativesAlternatives  SELinux (Security-enhanced Linux)SELinux (Security-enhanced Linux) produces BDDs, but they are orientedproduces BDDs, but they are oriented toward determiningtoward determining information flowinformation flow in ain a traditional model-checker activitytraditional model-checker activity  A complete solution would use bothA complete solution would use both Margrave and information flow analysisMargrave and information flow analysis
  • 47. 47 DeficienciesDeficiencies  Visualization (obviously)Visualization (obviously)  Cannot reason about data valuesCannot reason about data values  Does not process complete XACMLDoes not process complete XACML
  • 48. 48 ConclusionsConclusions  Margrave is aMargrave is a work in progresswork in progress  XACML and Margrave are aboutXACML and Margrave are about managingmanaging complexitycomplexity throughthrough separation of concernsseparation of concerns  Margrave adds the concept of properties toMargrave adds the concept of properties to verify policiesverify policies  Margrave compares policies, whichMargrave compares policies, which enablesenables incremental validationincremental validation
  • 49. 49 ReferencesReferences  Verification and Change-Impact Analysis ofVerification and Change-Impact Analysis of Access-Control PoliciesAccess-Control Policies by Kathi Fisler, Shriramby Kathi Fisler, Shriram Krishnamurthi, Leo Meyerovich, and Michael Tschantz, ICSE’05Krishnamurthi, Leo Meyerovich, and Michael Tschantz, ICSE’05  OASIS eXtensible Access Control MarkupOASIS eXtensible Access Control Markup Language (XACML),Language (XACML), http://www.oasis-open.org/committees/xacml/repository/cs-xacml-specifichttp://www.oasis-open.org/committees/xacml/repository/cs-xacml-specific , December 2002, December 2002