aci_dispo :
DESCRIPTION
ACI_Dispo :. Réunion de travail du 10-05-2005. Frédéric Cuppens Ahmed Bouabdallah. Nora Cuppens-Boulahia. État d’avancement et perspective. Finalisé, Nomad : No n ato m ic a ctions and d eadlines Enrichissement futur envisagé En cours, Modélisation de la disponibilité - PowerPoint PPT PresentationTRANSCRIPT
ACI_Dispo :ACI_Dispo :
Frédéric Cuppens Ahmed Bouabdallah
Réunion de travail du 10-05-Réunion de travail du 10-05-20052005
Nora Cuppens-Boulahia
2
État d’avancement et perspective
Finalisé, Nomad : Non atomic actions and deadlines
Enrichissement futur envisagé
En cours, Modélisation de la disponibilité
Protocole TCP/IP avec techniques de Syn Cookies Avec Nomad
Identification des aspects pertinents (au sens AOP)
Expression de la disponibilité
Réseaux Ad-hoc
3
Nomad
Provides means to specify a security policy Conditional privileges
F(A|C) P(A|C) O(A|C)
Effective privileges Expressed in a language of privileges with deadlines
Extends a logic of temporized actions with request req, waiting Extends a logic of temporized actions
start, doing, done, , , d and d
Provides means to specify non atomic privileges
4
Axiomatics of the logic of temporized actions
The axioms of classical propositional logic
(A → B) → ( A → B)
(A → B) → ( A → B)
¬ ¬A ↔ A ¬ ¬A ↔ A A ↔ A A ↔ A
start() ↔ |||| done() start(; ) ↔ (start()
|||| done())
start( & ) ↔ (start() start ())
start( & ) ↔ |||| done( & )
if |||| ≥ |||| doing() ↔ (start() (doing()
¬done())) (doing() ¬done())
→ ¬start()
5
Axiomatics of the logic of temporized actions with request
Axiomatics of logic of temporized actions
waiting() ↔(req() (waiting() ¬ start()))
6
Obligations with deadlines
Violation of obligations occurs usually after a deadline elapsed
Obligation modality OdA = OdA
OA is an immediate obligation (d0)
Where d is defined 0A = 0A = A
d0 : d+1A = d A (d+1)A = dA (d+1)A
d0 : d1A = d A (d−1)A = d A (d−1)A
7
Conditional privileges
Most of privileges are only active in specific contexts Diadic operators
O(A|C) (C OA) Od (A|C) (C OdA)
F(A|C) (C FA) Fd (A|C) (C FdA)
P(A|C) (C PA) Pd (A|C) (C PdA)
ConstraintsF(A|C ) ↔ O(¬A|C )
(P(A|C ) C ) → ¬ F(A|C )
8
Effective privileges
Conditional privileges and conditions satisfied
effective privileges
FeA = (F(A|C) C)
PeA = (P(A|C) C)
OedA = (O
d (A|C) C) (Oe(d+1)A ¬A)
Oe0A = OeA
9
Expression of security properties in Nomad Access Control requirement
Starting an action should be accepted
Closed policy : d , d (start() Pe(start())
Open policy : d , d (start() Fe(start())
Abiding with prohibition requirement Generalizing access control properties
d (A FeA)
And obviously the absence of conflicts
10
Violation condition
Fulfillment modality
fullfill(A) OedA A
Violation modality
violation(A) OedA A
Security property associated with obligation
fulfillment
d (violation (A))
11
Simple Nomad examples
Availability requirement
O1D (start(open_account)|(exist_account req(open_account)))
User contract requirement
O1H(done(open_account)|start(open_account))
Repeated violation specification
repeated_violation (violation(start(change_pwd)
O2D violation(start(change_pwd)))
Decomposition of actions and privileges
13
Decomposition of non atomic privileges
Example
O(start(block_account ; notify_repeated_violation)| repeated_violation)
Decomposition of immediate obligations
Decomposition of non atomic permissions
Decomposition of non atomic prohibitions
Decomposition of obligations with deadlines
14
Decomposition of immediate obligations
Theorem of decomposition
O(A B|C) O(A|C) O(B|C) The semantics of temporized actions says
start(&) start() start() start(;) start() |||| start()
O(start(&)|C) O(start() |C) O(start() |C)
O(start(;)|C) O(start() |C) O(|||| start()|C)
Exemple of blocking account O(start(block_account ) | repeated_violation)
O(||block_account|| start(notify_repeated_violation) | repeated_violation)
15
Decomposition of non atomic permissions Theorems of decomposition
P(A B|C) P(A|C) P(B|C)
P(A|C) O(B|C) P(A B|C)
From the semantics of temporized actions and the weaknessess of its direct application
P (start( ; )|C) P(start() |C) O(|||| start() | (C start()))
P (start( & )|C)
P(start() |C) P(start() |C) O(start() |(C start()))
O(start() |(C start()))
P (start(open_account ; change_pwd)|exist_account)
P(start(open_account) |exist_account) O(||
open_account|| start(change_pwd) |(exist_account start(open_account)))