© 2006 ravi sandhu secure information sharing enabled by trusted computing and pei * models ravi...
TRANSCRIPT
![Page 1: © 2006 Ravi Sandhu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)](https://reader035.vdocuments.net/reader035/viewer/2022070305/551463b3550346414e8b5a60/html5/thumbnails/1.jpg)
© 2006 Ravi Sandhuwww.list.gmu.edu
Secure Information Sharing Enabled byTrusted Computing and PEI* Models
Ravi Sandhu (George Mason University and TriCipher)
Kumar Ranganathan (Intel System Research Center, Bangalore)
Xinwen Zhang (George Mason University)
*PEI: Policy, Enforcement, Implementation
![Page 2: © 2006 Ravi Sandhu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)](https://reader035.vdocuments.net/reader035/viewer/2022070305/551463b3550346414e8b5a60/html5/thumbnails/2.jpg)
2
© 2005 Ravi Sandhuwww.list.gmu.edu
Three Megatrends
Fundamental changes in• Cyber-security goals• Cyber-security threats• Cyber-security technology
![Page 3: © 2006 Ravi Sandhu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)](https://reader035.vdocuments.net/reader035/viewer/2022070305/551463b3550346414e8b5a60/html5/thumbnails/3.jpg)
3
© 2005 Ravi Sandhuwww.list.gmu.edu
Cyber-security goals have changedCyber-security goals
• electronic commerce• information sharing• etcetera• multi-party security objectives• fuzzy objectives
INTEGRITYmodification
AVAILABILITYaccess
CONFIDENTIALITYdisclosure
USAGEpurpose
USAGE
![Page 4: © 2006 Ravi Sandhu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)](https://reader035.vdocuments.net/reader035/viewer/2022070305/551463b3550346414e8b5a60/html5/thumbnails/4.jpg)
4
© 2005 Ravi Sandhuwww.list.gmu.edu
Cyber-security attacks have changed
The professionals have moved in• Hacking for fun and fame• Hacking for cash, espionage and sabotage
![Page 5: © 2006 Ravi Sandhu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)](https://reader035.vdocuments.net/reader035/viewer/2022070305/551463b3550346414e8b5a60/html5/thumbnails/5.jpg)
5
© 2005 Ravi Sandhuwww.list.gmu.edu
Basic premise• Software alone cannot provide an adequate foundation for trust
Old style Trusted Computing (1970 – 1990’s)• Multics system• Capability-based computers
– Intel 432 vis a vis Intel 8086• Trust with security kernel based on military-style security labels
– Orange Book, eliminate trust from applications
What’s new (2000’s)• Hardware and cryptography-based root of trust
– Ubiquitous availability– Trust within a platform– Trust across platforms
• Rely on trust in applications– No Trojan Horses or– Mitigate Trojan Horses and bugs by legal and reputational recourse
Cyber-security technology has changed
Massive paradigm shift
Prevent information leakage by binding information to Trusted Viewers on the client
![Page 6: © 2006 Ravi Sandhu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)](https://reader035.vdocuments.net/reader035/viewer/2022070305/551463b3550346414e8b5a60/html5/thumbnails/6.jpg)
6
© 2005 Ravi Sandhuwww.list.gmu.edu
PEI Models Framework
Security and system goals(requirements/objectives)
Target platform, e.g., TrustedComputing technology
Enforcement models
Policy models
Implementation models
NecessarilyInformal
ActualCode
Horizontalview
Looks atIndividual
layer
VerticalViewLooksAcrossLayers
Formal/quasi-formal
System blockdiagrams,
Protocol flows
Pseudo-code
Cannot do security without analyzing the application space in business terms
Cannot do security without understanding the target platform and its limitations
Divide and conquer AND confront and deal with issues at the correct layer}
![Page 7: © 2006 Ravi Sandhu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)](https://reader035.vdocuments.net/reader035/viewer/2022070305/551463b3550346414e8b5a60/html5/thumbnails/7.jpg)
7
© 2005 Ravi Sandhuwww.list.gmu.edu
What is Information Sharing
The mother of all security problems• Share but protect
Requires controls on the client• Server-side controls do not scale to high assurance
Different from• Retail DRM (Digital Rights Management)• Enterprise DRM
Integrity of information on the client can be crypto-guaranteed to very high assurance by digital signatures. Guarantee of confidentiality on the client needs mechanisms beyond crypto alone.
![Page 8: © 2006 Ravi Sandhu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)](https://reader035.vdocuments.net/reader035/viewer/2022070305/551463b3550346414e8b5a60/html5/thumbnails/8.jpg)
8
© 2005 Ravi Sandhuwww.list.gmu.edu
Classic Approaches to Information Sharing
Discretionary Access Control (DAC), Lampson 1971• Fundamentally broken• Controls access to the original but not to copies (or extracts)
Mandatory Access Control (MAC), Bell-LaPadula 1971• Solves the problem for coarse-grained sharing
– Thorny issues of covert channels, inference, aggregation remain but can be confronted
• Does not scale to fine-grained sharing– Super-exponential explosion of security labels is impractical– Fallback to DAC for fine-grained control (as per the Orange Book) is pointless
Originator Control (ORCON), Graubart 1989• Propagated access control lists: let copying happen but propagate ACLs to
copies (or extracts)• Park and Sandhu 2002 discuss an approach based on Trusted Viewers
![Page 9: © 2006 Ravi Sandhu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)](https://reader035.vdocuments.net/reader035/viewer/2022070305/551463b3550346414e8b5a60/html5/thumbnails/9.jpg)
9
© 2005 Ravi Sandhuwww.list.gmu.edu
PEI Models Framework
Security and system goals(requirements/objectives)
Target platform, e.g., TrustedComputing technology
Enforcement models
Policy models
Implementation models
NecessarilyInformal
ActualCode
Horizontalview
Looks atIndividual
layer
VerticalViewLooksAcrossLayers
Formal/quasi-formal
System blockdiagrams,
Protocol flows
Pseudo-code
![Page 10: © 2006 Ravi Sandhu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)](https://reader035.vdocuments.net/reader035/viewer/2022070305/551463b3550346414e8b5a60/html5/thumbnails/10.jpg)
10
© 2005 Ravi Sandhuwww.list.gmu.edu
Scoping Information Sharing: Big Issues
Secure information sharing rather than Digital Rights Management (DRM)• Sensitivity of information content is the issue not revenue potential of retail
entertainment content• Open system as opposed to closed Enterprise DRM
Read-only versus read-write secure information sharing• Read-only is a useful subset• Avoids some of the complexities of read-write such as
– Extraction of pieces of information– Aggregation of several sources– Version control– Ability to overwrite versus annotate
Content-independent authorization versus content-dependent authorization• Content-independent is a useful subset• Content-dependent is more complex since it requires Trusted Viewers to parse
and understand the content
![Page 11: © 2006 Ravi Sandhu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)](https://reader035.vdocuments.net/reader035/viewer/2022070305/551463b3550346414e8b5a60/html5/thumbnails/11.jpg)
11
© 2005 Ravi Sandhuwww.list.gmu.edu
PEI Models Framework
Security and system goals(requirements/objectives)
Target platform, e.g., TrustedComputing technology
Enforcement models
Policy models
Implementation models
NecessarilyInformal
ActualCode
Horizontalview
Looks atIndividual
layer
VerticalViewLooksAcrossLayers
Formal/quasi-formal
System blockdiagrams,
Protocol flows
Pseudo-code
![Page 12: © 2006 Ravi Sandhu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)](https://reader035.vdocuments.net/reader035/viewer/2022070305/551463b3550346414e8b5a60/html5/thumbnails/12.jpg)
12
© 2005 Ravi Sandhuwww.list.gmu.edu
Scoping Information Sharing
One Decomposition at the Policy Layer• Password based• Device based• Credential based
Just one possibilityDetermined by business objectives
![Page 13: © 2006 Ravi Sandhu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)](https://reader035.vdocuments.net/reader035/viewer/2022070305/551463b3550346414e8b5a60/html5/thumbnails/13.jpg)
13
© 2005 Ravi Sandhuwww.list.gmu.edu
Scoping Information Sharing: Detailed Issues
Detailed issues include• Revocation Policy• Usage Policy• Re-dissemination Policy• Distribution Policy• Accessibility Policy
![Page 14: © 2006 Ravi Sandhu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)](https://reader035.vdocuments.net/reader035/viewer/2022070305/551463b3550346414e8b5a60/html5/thumbnails/14.jpg)
14
© 2005 Ravi Sandhuwww.list.gmu.edu
PEI Models Framework
Security and system goals(requirements/objectives)
Target platform, e.g., TrustedComputing technology
Enforcement models
Policy models
Implementation models
NecessarilyInformal
ActualCode
Horizontalview
Looks atIndividual
layer
VerticalViewLooksAcrossLayers
Formal/quasi-formal
System blockdiagrams,
Protocol flows
Pseudo-code
![Page 15: © 2006 Ravi Sandhu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)](https://reader035.vdocuments.net/reader035/viewer/2022070305/551463b3550346414e8b5a60/html5/thumbnails/15.jpg)
15
© 2005 Ravi Sandhuwww.list.gmu.edu
Password-based encryption: traditional approach
Cleartextdocument:(O)
Encrypted document:{O}Kpw
Encryption (E) /Decryption (D)
PKCS5Password
(pw)
Kpw
Insecure due tooff-line dictionaryattacks
Guess Verify
![Page 16: © 2006 Ravi Sandhu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)](https://reader035.vdocuments.net/reader035/viewer/2022070305/551463b3550346414e8b5a60/html5/thumbnails/16.jpg)
16
© 2005 Ravi Sandhuwww.list.gmu.edu
Trusted Viewer Seal with Password Authentication
Cleartextdocument:(O)
Encrypted document:{O}K
Encryption (E) /Decryption (D)
PKCS5
Password (pw)
Seal /Unseal Encryption (E) /
Decryption (D)
K Hashed password:H(pw)
Sealed key: [K]TV
Encrypted & hashedpassword: {H(pw)}K
![Page 17: © 2006 Ravi Sandhu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)](https://reader035.vdocuments.net/reader035/viewer/2022070305/551463b3550346414e8b5a60/html5/thumbnails/17.jpg)
17
© 2005 Ravi Sandhuwww.list.gmu.edu
Cleartextdocument:(O)
Encrypted document:{O}K'
Encryption (E) /Decryption (D)
PKCS5
Password (pw)
Seal /Unseal
K
Kpw
Sealed key: [K]TV
K'
Trusted Viewer Seal with Password Authentication and Encryption
![Page 18: © 2006 Ravi Sandhu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)](https://reader035.vdocuments.net/reader035/viewer/2022070305/551463b3550346414e8b5a60/html5/thumbnails/18.jpg)
18
© 2005 Ravi Sandhuwww.list.gmu.edu
Cleartextdocument:(O)
Encrypted document:{O}K
Encryption (E) /Decryption (D)
Seal /Unseal
K
Sealed key:[{K}PubK_Dev]TV
Encryption /Decryption
PubK_Dev PrivK_Dev
Trusted Viewer Seal with Device Encryption
![Page 19: © 2006 Ravi Sandhu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)](https://reader035.vdocuments.net/reader035/viewer/2022070305/551463b3550346414e8b5a60/html5/thumbnails/19.jpg)
19
© 2005 Ravi Sandhuwww.list.gmu.edu
Trusted Viewer Seal with Credential Authentication
Encryption (E) /Decryption (D)
Encrypted credentialpolicy
CredentialPolicy
Credentialproof
Compare
Cleartextdocument:(O)
Encrypted document:{O}K
Encryption (E) /Decryption (D)
Seal /Unseal
K
Sealed key: [K]TV
![Page 20: © 2006 Ravi Sandhu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)](https://reader035.vdocuments.net/reader035/viewer/2022070305/551463b3550346414e8b5a60/html5/thumbnails/20.jpg)
20
© 2005 Ravi Sandhuwww.list.gmu.edu
Trusted Viewer Seal with Credential Encryption
Cleartextdocument:(O)
Encrypted document:{O}K
Encryption (E) /Decryption (D)
Seal /Unseal
K
Sealed key:[{K}PubK_Cred]TV
Encryption /Decryption
PubK_Cred PrivK_Cred
![Page 21: © 2006 Ravi Sandhu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)](https://reader035.vdocuments.net/reader035/viewer/2022070305/551463b3550346414e8b5a60/html5/thumbnails/21.jpg)
21
© 2005 Ravi Sandhuwww.list.gmu.edu
PEI Models Framework
Security and system goals(requirements/objectives)
Target platform, e.g., TrustedComputing technology
Enforcement models
Policy models
Implementation models
NecessarilyInformal
ActualCode
Horizontalview
Looks atIndividual
layer
VerticalViewLooksAcrossLayers
Formal/quasi-formal
System blockdiagrams,
Protocol flows
Pseudo-code
![Page 22: © 2006 Ravi Sandhu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)](https://reader035.vdocuments.net/reader035/viewer/2022070305/551463b3550346414e8b5a60/html5/thumbnails/22.jpg)
22
© 2005 Ravi Sandhuwww.list.gmu.edu
Trusted Viewer Seal with Password Authentication
Cleartextdocument:(O)
Encrypted document:{O}K
Encryption (E) /Decryption (D)
PKCS5
Password (pw)
Seal /Unseal Encryption (E) /
Decryption (D)
K Hashed password:H(pw)
Sealed key: [K]TV
Encrypted & hashedpassword: {H(pw)}K
On-line password guessingNeed a throttling mechanismMany possibilities
![Page 23: © 2006 Ravi Sandhu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)](https://reader035.vdocuments.net/reader035/viewer/2022070305/551463b3550346414e8b5a60/html5/thumbnails/23.jpg)
© 2006 Ravi Sandhuwww.list.gmu.edu
Secure Information Sharing Enabled byTrusted Computing and PEI* Models
Ravi Sandhu (George Mason University and TriCipher)
Kumar Ranganathan (Intel System Research Center, Bangalore)
Xinwen Zhang (George Mason University)
*PEI: Policy, Enforcement, Implementation
Questions ??