Fatih Turkmen

Analysis of XACML Policies with SMT

The eXtensible Access Control Markup Language XACML is an extensible and flexible XML language for the specification of access control policies. However, the richness and flexibility of the language along with the verbose syntax of XML come with a price: errors are easy to make and difficult to detect when policies grow in size. If these errors are not detected and rectified, they can result in serious data leakage and/or privacy violations leading to significant legal and financial consequences. To assist policy authors in the analysis of their policies, several policy analysis tools have been proposed based on different underlying formalisms. However, most of these tools either abstract away functions over non-Boolean domains hence they cannot provide information about them or produce very large encodings which hinder the performance. In this paper, we present a generic policy analysis framework that employs SMT as the underlying reasoning mechanism. The use of SMT does not only allow more fine-grained analysis of policies but also improves the performance. We demonstrate that a wide range of security properties proposed in the literature can be easily modeled within the framework. A prototype implementation and its evaluation are also provided.

Formal analysis of XACML policies using SMT

The eXtensible Access Control Markup Language (XACML) has attracted significant attention from both industry and academia, and has become the de facto standard for the specification of access control policies. However, its XML-based verbose syntax and rich set of constructs make the authoring of XACML policies difficult and error-prone. Several automated tools have been proposed to analyze XACML policies before their actual deployment. However, most of the existing tools either cannot efficiently reason about non-Boolean attributes, which often appear in XACML policies, or restrict the analysis to a small set of properties. This work presents a policy analysis framework for the verification of XACML policies based on SAT modulo theories (SMT). We show how XACML policies can be encoded into SMT formulas, along with a query language able to express a variety of well-known security properties, for policy analysis. By being able to reason over non-Boolean attributes, our SMT-based policy analysis framework allows a fine-grained policy analysis while relieving policy authors of the burden of defining an appropriate level of granularity of the analysis. An evaluation of the framework shows that it is computationally efficient and requires less memory compared to existing approaches.

On the Use of SMT Solving for XACML Policy Evaluation

eXtensible Access Control Markup Language (XACML) allows for flexible management of authorisations and is particularly useful in settings where permissions change dynamically. However, it has been shown that policy evaluation in XACML may have scalability problems when policies become large and sophisticated in content. Among several proposals for designing efficient policy decision points for XACML policies, decision diagram (DD) based procedures still represent the state-of-the-art. In this paper, we present an alternative approach to policy evaluation that employs Satisfiability Modulo Theories (SMT) solving instead of DDs. The approach does not only represent a feasible policy evaluation procedure in terms of performance but also easily lends itself to different application areas such as verification at run-time during authorization query answering. We discuss various scenarios in which SMT-based policy evaluation would be more practical compared to DD-based procedures. A preliminary experimental evaluation of our policy evaluation procedure against real-world policies is also provided in the paper.

Defining Intercloud Security Framework and Architecture Components for Multi-Cloud Data Intensive Applications

This paper presents results of the ongoing development of the Intercloud Security Framework (ICSF), that is a part of the Intercloud Architecture Framework (ICAF), and provides an architectural basis for building security infrastructure services for multi-cloud applications. The paper refers to general use case of the data intensive applications that indicate need for multi-cloud applications platforms that will require corresponding multi-cloud security services. The paper presents analysis of the general multi-cloud use case that helps eliciting the general requirement to ICSF and identifying the security infrastructure functional components that would allow using distributed cloud based resources and data sets. The paper defines the main ICSF services and functional components, and explains importance of consistent implementation of the Security Services Lifecycle Management in cloud based applications. The paper provides overview of the cloud compliance standards and their role in cloud security. The paper refers to the security infrastructure development in the CYCLONE project that implements federated identify management, secure logging service, and multi-domain Attribute Based Access Control, security services lifecycle management. The paper discusses implementation of the Trust Bootstrapping Protocol as an important mechanism to ensure consistent security in the virtualised inter-cloud environment.

Cloud based big data infrastructure: Architectural components and automated provisioning

This paper describes the general architecture and functional components of the cloud based Big Data Infrastructure (BDI). The proposed BDI architecture is based on the analysis of the emerging Big Data and data intensive technologies and supported by the definition of the Big Data Architecture Framework (BDAF) that defines the following components of the Big Data technologies: Big Data definition, Data Management including data lifecycle and data structures, Big Data Infrastructure (generically cloud based), Data Analytics technologies and platforms, and Big Data security, compliance and privacy. The paper provides example of requirements analysis and implementation of two bioinformatics use cases on cloud and using SlipStream based cloud applications deployment and management automation platform being developed in the CYCLONE project. The paper also refers to importance of standardisation of all components of BDAF and BDI and provides short overview of the NIST Big Data Interoperability Framework (BDIF). The paper discusses importance of automation of all stages of the Big Data applications developments, deployment and management and refers to existing cloud automation tools and new developments in the SlipStream cloud automation platform that allows multi-cloud applications deployment and management.

POSTER: Analyzing Access Control Policies with SMT

The flexibility and expressiveness of eXtensible Access Control Markup Language (XACML) allows the specification of a wide range of policies in different access control models. However, XACML policies are often verbose and, thus, prone to errors. Several tools have been developed to assist policy authors for the verification and analysis of policies, but most of them are limited in the types of analysis they can perform. In particular, they are not able to reason about predicates of non-boolean variables and, even if they do, they do it inefficiently. In this paper, we present the X2S framework, a formal framework for the analysis of XACML policies that employs Satisfiability Modulo Theories (SMT) as the underlying reasoning mechanism. The use of SMT not only allows more fine-grained analysis of policies, but it also improves the performance of policy analysis significantly.

Cloud Computing Infrastructure for Data Intensive Applications

Abstract This chapter describes the general architecture and functional components of the cloud-based big data infrastructure (BDI). The chapter starts with the analysis of emerging Big Data and data intensive technologies and provides the general definition of the Big Data Architecture Framework (BDAF) that includes the following components: Big Data definition, Data Management including data lifecycle and data structures, generically cloud based BDI, Data Analytics technologies and platforms, and Big Data security, compliance, and privacy. The chapter refers to NIST Big Data Reference Architecture (BDRA) and summarizes general requirements to Big Data systems described in NIST documents. The proposed BDI and its cloud-based components are defined in accordance with the NIST BDRA and BDAF. This chapter provides detailed analysis of the two bioinformatics use cases as typical example of the Big Data applications that have being developed by the authors in the framework of the CYCLONE project. The effective use of cloud for bioinformatics applications requires maximum automation of the applications deployment and management that may include resources from multiple clouds and providers. The proposed CYCLONE platform for multicloud multiprovider applications deployment and management is based on the SlipStream cloud automation platform and includes all necessary components to build and operate complex scientific applications. The chapter discusses existing platforms for cloud powered applications development and deployment automation, in particularly referring to the SlipStream cloud automation platform, which allows multicloud applications deployment and management. The chapter also includes a short overview of the existing Big Data platforms and services provided by the major cloud services providers which can be used for fast deployment of customer Big Data applications using the benefits of cloud technologies and global cloud infrastructure.

An Economical Security Architecture for Multi-cloud Application Deployments in Federated Environments

Contemporary multi-cloud application deployments require increasingly complex security architectures, especially within federated environments. However, increased complexity often leads to higher efforts and raised costs for managing and securing those applications. This publication establishes an economical and comprehensive security architecture that is readily instantiable, pertinent to concrete users’ requirements, and builds upon up-to-date protocols and software. We highlight its feasibility by applying the architecture within the CYCLONE innovation action, deploying federated Bioinformatics applications within a cloud production environment. At last, we put special emphasis on the reduced management efforts to highlight the economic benefit of following our approach.

iGenoPri: Privacy-preserving genomic data processing with integrity and correctness proofs

Nowadays, governmental and non-governmental health organisations and insurance companies invest in integrating an individuals genetic information to their daily practices. In this paper, we focus on an emerging area of genome analysis, called Disease Susceptibility (DS), from which an individuals susceptibility to a disease is calculated by using her genetic information. Recent work by Danezis et al. [1] presents an approach for calculating DS in a privacy-preserving manner. However, the proposed solution has two drawbacks. First, it does not provide a mechanism to check the integrity of genomic data that is used to calculate the susceptibility and more importantly the computed result. Second, it lacks a mechanism to check the correctness of the performed DS test. In this paper, we present iGenoPri that aims at addressing both problems by employing the Message Authentication Code (MAC) and verifiable computing.