1 Web Policy Zeitgeist Kent Seamons Internet Security Research Lab Brigham Young University Panel Presentation The Semantic Web and Policy Workshop (SWPW) Galway Ireland November 7, 2005 2 Zeitgeist Some writers and artists assert that the true zeitgeist of an era cannot be known until it is over Opinions, that deviate from the ruling zeitgeist, always aggravate the crowd Germaine de Stael "the spirit (Geist) of the time (Zeit) 3 Outline Policies must be ? Opinions based on my experience Opinions based on my experience The future of Policy Zeitgeist A challenge to the policy community A challenge to the policy community 4 My Background Applied research industry and academia Database Systems my roots Security in Open Systems trust negotiation - current research 5 Security in Open Systems Closed system: the world of passwords and tokens, identity-based Open system: authentication with unknown entities (strangers), attribute- based Example: credit cardsnearly universal trust for financial authentication 6 Trust Negotiation Iterative exchange of credentials based on policy requirements Goals Automated little or no user intervention Automated little or no user intervention Open previously unknown parties may authenticate Open previously unknown parties may authenticate 7 Trust Negotiation Example Step 1: Fred requests information from Server Step 6: Server grants access to the information Info Step 3: Fred discloses his access control policy 1 City of Far Away Server Info 2 Fire Chief Fred the Fire Chief 1 Step 2: Server returns access control policy for the info 2 Step 4: Server discloses his Server credential Step 5: Fred discloses his Fire Chief credential Fire Chief 8 Trust Negotiation Policies Attribute-based policies for authentication and authorization in open systems Part of a much broader notion of policy Part of a much broader notion of policy Areas of emphasis (A policy must be ) Policies are declarative Policies are declarative Easy to use Easy to use Too often, only the PhD student that designed a policy language or framework can use it effectively Flexible / adaptive depending on context Flexible / adaptive depending on context TrustBuilder / GAA-API integration RESCUE project emergency response Context-sensitive trust negotiation - policies that play fair Hidden credentials protect sensitive policies 9 GAA-API/TrustBuilder GAA-API - provides fine-grained access control and application-level intrusion detection capabilities to applications through a simple API. TrustBuilder trust negotiation framework Integration combines the best of both systems Detection and thwarting of attacks on electronic business transactions Adaptation of information disclosure and resource access policies according to a suspicion level Support of cost effective trust negotiation, such that TrustBuilder is invoked only when negotiation is required by access control policies Ryutov, Zhou, Neuman, Leithead, Seamons. Adaptive Trust Negotiation and Access Control, SACMAT 2005 Ryutov, Zhou, Neuman, Foukia, Leithead, Seamons. Adaptive Trust Negotiation and Access Control for Grids, GRID 2005 10 TrustBuilder / GAA-API Integration 11 RESCUE Project The goal of the RESCUE project is to radically transform the ability of responding organizations to gather, manage, use, and disseminate information within emergency response networks and to the general public We will design a policy-driven information sharing architecture Flexible, customizable, dynamic, robust, scalable, policy-driven, highly automated Flexible, customizable, dynamic, robust, scalable, policy-driven, highly automated Policies must support rapid adaptation in the face of unexpected events Policies must support rapid adaptation in the face of unexpected events Funded by National Science Foundation, seeParticipant universities: BYU, Colorado, Maryland, UCI, UCSD, UIUC. Industrial partner: ImageCat 12 Context Sensitive Trust Negotiation Problem: phishing attacks Solution: release credentials based on context need to know Approach: create an ontology to represent a negotiation type to describe relevant credentials Identify policy errors and malicious phishing attacks Identify policy errors and malicious phishing attacksBenefits Greater protection Greater protection Identify policy errors Identify policy errors Efficiency - push relevant credentials Efficiency - push relevant credentials Leithead, Challenging Policies that Do Not Play Fair:, MS Thesis, BYU, August 2005. 13 Hidden Credentials Hidden credentials encrypt a message so that the recipient can read it iff he has the required credentials Credentials can be used without disclosing them Credentials can be used without disclosing them Sensitive policies policy can be hidden Sensitive policies policy can be hidden SECRET Clearance FBI Agent US Army Shar e 1 Share 2 Share 1 Share 2 Share 1 (symmetric encryption) (IBE Encryption) Bradshaw, Holt, Seamons, Concealing Complex Policies with Hidden Credentials, CCS 2004 14 Policy Zeitgeist Summary Policies must be declarative Policies must flexible Policies must be easy to configure Policies must be context sensitive Policies must adapt to unexpected change Policies must be easy to diagnose when failure occurs Policy visibility must be tunable 15 Future Policy Zeitgeist We must bridge the gap between industry/government needs and academic research As an academic, too often I fabricate toy problems in the lab using my imagination As an academic, too often I fabricate toy problems in the lab using my imagination The research process needs more real-world input The research process needs more real-world input My research colleagues and I are taking steps to resolve this My research colleagues and I are taking steps to resolve this RESCUE project, for instance Challenge The policy community must build and maintain a knowledge base to guide the design, development, and analysis of policy- based information systems The policy community must build and maintain a knowledge base to guide the design, development, and analysis of policy- based information systems I envision something patterned after successful efforts I have observed in the database, parallel computing, networking fields I envision something patterned after successful efforts I have observed in the database, parallel computing, networking fields 16 Policy Knowledge Base What it will contain? Requirements suite Ontology of policy types Ontology of policy typesSolutions Frameworks Frameworks Languages Languages Standards Standards Lessons learned Examples of broken systems Examples of broken systems Failed approaches Failed approachesBenchmarks Policy language bake-offs Policy language bake-offs Grand challenge applications Grand challenge applications Who will contribute? GovernmentIndustryAcademia Key sectors Finance Finance Health care Health care Public safety Public safety Who will benefit? UsersVendorsResearchers How to evaluate? Ease of use ExpressivenessPerformanceScalabilitySemantics 17 Policy Knowledge Base - Issues Policy-based information systems center Too big for a single organization? Too big for a single organization? Who will fund? Will government fund this? Will government fund this? Industry consortium? Industry consortium? Who should lead the effort? Organizing this effort probably wont lead to tenure Organizing this effort probably wont lead to tenure 18