A security framework combining access control and trust

Скачать презентацию A security framework combining access control and trust Скачать презентацию A security framework combining access control and trust

8acb03d782ef2cfe6659ae98f3ed3b02.ppt

  • Количество слайдов: 19

A security framework combining access control and trust management for mobile e-commerce applications Gregor A security framework combining access control and trust management for mobile e-commerce applications Gregor v. Bochmann, Zhen Zhang, Carlisle Adams School of Information Technology and Engineering (SITE) and Jennifer Chandler Faculty of Law University of Ottawa

Abstract In the context of e-commerce applications, access control must be combined with authentication Abstract In the context of e-commerce applications, access control must be combined with authentication and trust management. In this presentation, we consider several typical usage scenarios for mobile e-commerce users. We consider the security requirements which include authentication, authorization, privacy, and risk management, and discuss how these requirements can be met with various access control and trust management models. We then present a secure e-commerce framework including functions for authentication, role-based access control and trust management for clients as well as service providers. The distributed trust management system allows the client to choose the service provider based on trust information, and the service provider may determine his trust in the user before determining the access rights that will be granted; we note that this may raise certain privacy law issues. An experimental implementation of this framework is then presented which is based on our previous work [1, 2, 4] and incorporates the "XML Security Suite" from IBM. The presentation will introduce the architecture of this security framework, highlight some of the system components and discuss implementation choices and performance issues.

Overview n n Usage scenarios and security requirements Background studies n n n n Overview n n Usage scenarios and security requirements Background studies n n n n Home directory for mobile users Authentication for mobile users A trust model Combining trust and access control Security and trust for mobile users System Implementation Conclusion

Typical Scenarios Mobile users: in a foreign domain – using portable and ad hoc Typical Scenarios Mobile users: in a foreign domain – using portable and ad hoc devices I. II. Vo. IP Conversation Bob starts audio/video conversation with Alice over Internet while he is in a hotel. Secure Printing Bob needs to print sensitive documentations from a commercial site III. Anonymous Online Service Bob requests a online service from a hotel room without disclosing his identification to service provider

Security requirements n n n Data integrity Authentication Privacy, Anonymity Access control, Authorization Signatures Security requirements n n n Data integrity Authentication Privacy, Anonymity Access control, Authorization Signatures with non-repudiation … and Trust …

Background study Authentication for mobile users n Enable support for mobile user and services: Background study Authentication for mobile users n Enable support for mobile user and services: The concept of home directory[1]

Background study Authentication for mobile users n Proposed authentication model for mobile users: A Background study Authentication for mobile users n Proposed authentication model for mobile users: A secure authentication protocol for mobile users[2]

Background study Transactions based on trust n Existing access control model for mobile users: Background study Transactions based on trust n Existing access control model for mobile users: Autonomic Distributed Authorization Middleware [3] (Figure adapted from [3])

Background study Trust model with statistical foundation n Proposed trust model for mobile users: Background study Trust model with statistical foundation n Proposed trust model for mobile users: A trust model with statistical foundation[4]

Overview of proposed system (with typical scenario II) While Bob is on a business Overview of proposed system (with typical scenario II) While Bob is on a business trip in Paris, he wants to print his bank statement from a hotel’s business center of which he is staying at

Phase I: Authentication & Role Assignment CERTFA(Role{R 1, R 2, R 3, …}) At Phase I: Authentication & Role Assignment CERTFA(Role{R 1, R 2, R 3, …}) At this point, Bob and F. A. share Ks 2 while Bob and H. A. share Ks 3. Additionally, Bob receive a set of Roles from F. A, each of which has the form of CERTFA( Rx, IDBob)

Phase II: Service Selection Phase II: Service Selection

Phase III: Service Request & Access Control Phase III: Service Request & Access Control

Phase IV: Service Reputation update Phase IV: Service Reputation update

Implementation Environment Open wireless LAN Service Directory & Reputation Server: wellknown URL Use of Implementation Environment Open wireless LAN Service Directory & Reputation Server: wellknown URL Use of XACL (XML-encoded) n n n Service request/response messages Access policy representation Role assignment: based on trust Implementation: n n Java (Sun JVM and Blackdown java on IPAQ) IBM Security Suite (XACL support)

Implementation architecture PC-1 Ipaq PC-3 PC-2 Implementation architecture PC-1 Ipaq PC-3 PC-2

Conclusion n Secure e-commerce framework for fixed and mobile users n n n authentication Conclusion n Secure e-commerce framework for fixed and mobile users n n n authentication role-based access control trust management for clients as well as service providers The general framework can be customized to fit any particular service requirement Performance of a simplified system implementation is still under investigation

Reference 1. 2. 3. 4. K. El-Khatib, Zhen E. Zhang, N. Hadibi, and G. Reference 1. 2. 3. 4. K. El-Khatib, Zhen E. Zhang, N. Hadibi, and G. v. Bochmann, Personal and Service Mobility in Ubiquitous Computing Environments, Journal of Wireless communications and Mobile Computing, 2004 G. v. Bochmann and Zhen E. Zhang, A secure authentication infrastructure for mobile users, Advances in Security and Payment Methods for Mobile Commerce, 2004 A. Seleznyov, S. Hailes, An access control model based on distributed knowledge management, 18 th International Conference on Advanced Information Networking and Applications, 2004. Jianqiang Shi, G. v. Bochmann and Carlisle Adams, A trust model with statistical foundation, Workshop on Formal Aspects in Security and Trust (FAST '04), 18 th IFIP World Computer Congress, 2004

Thank you! Questions ? Thank you! Questions ?




  • Мы удаляем страницу по первому запросу с достаточным набором данных, указывающих на ваше авторство. Мы также можем оставить страницу, явно указав ваше авторство (страницы полезны всем пользователям рунета и не несут цели нарушения авторских прав). Если такой вариант возможен, пожалуйста, укажите об этом.