Security tutorial slides

1
Security tutorial slides
2
Primary security issues

• Integrity and non-repudiation of p-assertions
• Access control to provenance store
• Delegation of identity / access control
• Federated security

3
Integrity and non-repudiation of p-assertions

• P-assertion is a subjective view of actor
• Need to establish accountability for the creation
  of an assertion (non-repudiation)
• Ensure that p-assertions are not altered after
  being created (integrity)
• Directly implemented by signing p-assertions

4
Signed actor state p-assertion
5
Signed relationship p-assertion
6
Signed interaction p-assertion
7
Access control to provenance store

• Mutual authentication between actors and
  provenance store
• Secured communication link (encryption,
  signatures)
• Appropriate authorisation scheme expressed in
  suitable authorisation policy language

8
Provenance store security architecture
Remote security domain
9
Delegation of identity / access control

• Various components interact with each other in
  the logical architecture during a workflow run
• Need to be authenticated or authorized to perform
  an action or access a resource on behalf of
  another component
• Requires delegation of identity / access control

10
(No Transcript)
11
Delegation of identity / access control
Provenance store
12
Federated security

• Provenance stores can be distributed for
  scalability reasons
• Stores may be located in different security
  domains
• Federation of identity may be required for actors
  in a given domain to interact securely with
  stores in separate domains.

13
Federated security / Single sign on (SSO)
Approach 1
Provenance store Security domain 1
1. Login
Provenance store Security domain 2
14
Federated security approach 2
Provenance store Security domain 1
1. Login
Provenance store Security domain 2
15
Secondary security issues

• Ascertaining asserter identity
• Documentation style signing, anonymous,
  encryption and reference digest
• Integrity of referenced data
• Setting authorization assertions for p-assertions

16
Ascertain asserter identity

• Asserter identity is given in view of a
  p-structure
• This should match with identity on verified
  signature on associated p-assertions

17
P-structure view
18
Signed actor state p-assertion
19
Documentation style

• In simplest case, creation of p-assertion from
  original message exchanged involves copying the
  message content verbatim
• Creation of p-assertion from original message can
  also involve transformation of contents of
  original message for various reasons

20
Documentation style Security relevant
transformations

• Encryption
• Using shared key to encrypt parts of messages
• Querying actors with access to shared key can
  retrieve
• Anonymous
• Some parts of the message are replaced by
  anonymous identifiers

21
Documentation style Security relevant
transformations

• Signing
• Using proxy keys that asserting actor has of
  delegated certificates of other actors
• Different from signing the p-assertion itself
• Referenced-digest
• P-assertions may contain references to data
  rather than the actual data
• Need to ensure that the data that the reference
  is eventually resolved to was the correct,
  original data
• Accomplished by including digest of the original
  data along with the reference in p-assertion

22
Documentation style original message
lt?xml version"1.0" encoding"UTF-8"?gt lt!--Sample
XML file generated by XMLSpy v2006 sp2 U
(http//www.altova.com)--gt lttnsEnvelope
xmlnstns"http//schemas.xmlsoap.org/soap/envelop
e/" xmlnsapp"http//www.gridprovenance.com/appli
cation" xmlnsxsi"http//www.w3.org/2001/XMLSchem
a-instance" xsischemaLocation"http//schemas.xml
soap.org/soap/envelope/ soapenv.xsd//www.gridprov
enance.com/application application.xsd"gt lttnsHead
er/gt lttnsBodygt ltappcompressgt
ltappalgorithmgtjpeglt/appalgorithmgt
ltappdatagt
01101100011101111101110
lt/appdatagt lt/appcompressgt lt/tnsBodygt lt
/tnsEnvelopegt
23
Documentation style p-assertion with encrypted
content
ltpsinteractionPAssertiongt ltpslocalPAssertionId
gt1lt/pslocalPAssertionIdgt ltpsdocumentationStyle
gt http//www.pasoa.org/.../stylesAnonymised
Patient lt/psdocumentationStylegt
ltpscontentgt ltsoapenvelopegt
ltsoapheadergt......lt/soapheadergt
ltsoapbodygt ltappcompressgt
ltappalgorithmgtjpeglt/appalgorithmgt
ltencEncryptedData Type"data"gt
ltencEncryptionMethod Algorithm"some-basic-encryp
tion-method"gt ltencKeySizegt256lt/encK
eySizegt ltencDigestMethod
Algorithm"http//our.own.xsdsha1"/gt
lt/encEncryptionMethodgt ltencKeyInfogt
ltencKeyNamegtSome key
namelt/encKeyNamegt lt/encKeyInfogt
ltencCipherValuegtFwMAAYCNYHoPTT6lt/encCipherVal
uegt lt/encEncryptedDatagt
lt/appcompressgt
lt/soapbodygt lt/soapenvelopegt
lt/pscontentgt lt/psinteractionPAssertiongt
24
Documentation style Anonymous
ltpsinteractionPAssertiongt ltpslocalPAssertionId
gt1lt/pslocalPAssertionIdgt ltpsdocumentationStyle
gt http//www.pasoa.org/.../stylesAnonymised
Patient lt/psdocumentationStylegt
ltpscontentgt ltsoapenvelopegt
ltsoapheadergtlt/soapheadergt ltsoapbodygt
ltechrsrequestgt
ltechrsanoymisedPatientgt ??? lt/
echrsanoymisedPatientgt
lt/echrsrequestgt lt/soapbodygt
lt/soapenvelopegt lt/pscontentgt lt/psinteraction
PAssertiongt
25
Setting authorisation assertions

• Newly created p-assertions must have
  authorisation assertions associated with them
• These can be
• set statically by provenance store system
  administrator
• provided by the recording actor submitting the
  p-assertion
• The appropriate use depends on application
  dependent requirements

26
Questions ?