Date post: | 30-May-2018 |
Category: |
Documents |
Upload: | dlowery9327 |
View: | 213 times |
Download: | 0 times |
of 15
8/14/2019 Secure Information Sharing and Trust Architecture 2009
1/15
8/14/2019 Secure Information Sharing and Trust Architecture 2009
2/15
1
Enterra Solutions, 2009 All Rights Reserved PROPRIETARY AND CONFIDENTIAL
Overview
1
8/14/2019 Secure Information Sharing and Trust Architecture 2009
3/15
2
Enterra Solutions, 2009 All Rights Reserved PROPRIETARY AND CONFIDENTIAL
Why ABAC?
Secure Information Sharing is increasinglyimportant Inter-Organization and Intra-Organization
Other Approaches Focus on encryption of resources (e.g. Public Key
Infrastructure PKI)
Focus on sharing of credentials (e.g., Security Assertion
Markup Language SAML) Implement gross-level policies (e.g., roles, groups,
document classification)
Depend upon offline agreements (e.g., Organization A
Owner == Organization B Member) Require centralized management for multi-party
communication
Rely on programming to make changes
2
8/14/2019 Secure Information Sharing and Trust Architecture 2009
4/15
3
Enterra Solutions, 2009 All Rights Reserved PROPRIETARY AND CONFIDENTIAL
New DHS/DoT Information Sharing Model
3
8/14/2019 Secure Information Sharing and Trust Architecture 2009
5/15
4
Enterra Solutions, 2009 All Rights Reserved PROPRIETARY AND CONFIDENTIAL
Enterras Approach
Attribute-Based Access Control is a way torepresent security by directly using features of thedifferent participants both the requestor and the
item being requested
Extensible Access Control Markup Language(XACML) allows the representation of attribute-
based access policies in XML Can work with SAML and PKI as well as other
authentication and encryption mechanisms
Also allows for the introduction of a 3rd
dimension environment or situation into the policy
Introduces standard means for representing how thepolices should be enacted
4
8/14/2019 Secure Information Sharing and Trust Architecture 2009
6/155 Enterra Solutions, 2009 All Rights Reserved PROPRIETARY AND CONFIDENTIAL
Current Approach - RBAC
5
8/14/2019 Secure Information Sharing and Trust Architecture 2009
7/156 Enterra Solutions, 2009 All Rights Reserved PROPRIETARY AND CONFIDENTIAL
ABAC using XACML
6
8/14/2019 Secure Information Sharing and Trust Architecture 2009
8/157 Enterra Solutions, 2009 All Rights Reserved PROPRIETARY AND CONFIDENTIAL
Benefits of XACML-ABAC
Enables Fine Grained Access Policies
Rather than using gross buckets (roles, classificationsetc.), access can be down at the individual subject,
resource, environment level within same infrastructure
Separates the policy from the implementation
Enables Highly Dynamic Policies
No longer need to come up with a new role etc.
Introduces environment dimension
i.e., under which conditions
Allows owners of the resources to maintain controlthrough policy administration
Enables extensive auditing
7
8/14/2019 Secure Information Sharing and Trust Architecture 2009
9/158 Enterra Solutions, 2009 All Rights Reserved PROPRIETARY AND CONFIDENTIAL
The Secure Information Sharing Environment
8
8/14/2019 Secure Information Sharing and Trust Architecture 2009
10/159 Enterra Solutions, 2009 All Rights Reserved PROPRIETARY AND CONFIDENTIAL
Policy Automation [RSA]
9
8/14/2019 Secure Information Sharing and Trust Architecture 2009
11/1510 Enterra Solutions, 2009 All Rights Reserved PROPRIETARY AND CONFIDENTIAL
High-Level Architecture
10
8/14/2019 Secure Information Sharing and Trust Architecture 2009
12/1511 Enterra Solutions, 2009 All Rights Reserved PROPRIETARY AND CONFIDENTIAL
Component Level Architecture
11
8/14/2019 Secure Information Sharing and Trust Architecture 2009
13/1512 Enterra Solutions, 2009 All Rights Reserved PROPRIETARY AND CONFIDENTIAL
Policy Decision Point
12
8/14/2019 Secure Information Sharing and Trust Architecture 2009
14/1513 Enterra Solutions, 2009 All Rights Reserved PROPRIETARY AND CONFIDENTIAL
Policy Administration Point
13
8/14/2019 Secure Information Sharing and Trust Architecture 2009
15/15