Assured Information Sharing. Prof. Bhavani Thuraisingham and Prof. Latifur Khan The University of...
-
Upload
scarlett-webster -
Category
Documents
-
view
218 -
download
3
Transcript of Assured Information Sharing. Prof. Bhavani Thuraisingham and Prof. Latifur Khan The University of...
Assured Information Sharing
Prof. Bhavani Thuraisingham and Prof. Latifur Khan
The University of Texas at Dallas
Prof. Ravi Sandhu
George Mason University
August 2006
Information Operation Across Infospheres:
Assured Information Sharing
Acknowledgements• Students
–UTDallas• Dilsad Cavus (MS, Data mining and data sharing)
• Srinivasan Iyer (MS, Trust management)• Ryan Layfield (PhD, Game theory)• Mehdi (PhD, Worm detection)
–GMU• Min (PhD, Extended RBAC)
• Faculty and Staff–UTDallas
• Prof. Murat (Game theory)• Dr. Mamoun Awad (Data mining and Data sharing)
• Project supplemented by Texas Enterprise Funds
Architecture
ExportData/Policy
ComponentData/Policy for Agency A
Data/Policy for Federation
ExportData/Policy
ComponentData/Policy for Agency C
ComponentData/Policy for Agency B
ExportData/Policy
Our Approach• Integrate the Medicaid claims data and mine the
data; next enforce policies and determine how much information has been lost by enforcing policies
• Examine RBAC and UCON in a coalition environment
• Apply game theory and probing techniques to extract information from non cooperative partners; conduct information operations and determine the actions of an untrustworthy partner.
• Defensive and offensive operations
Coalition for Assured Information Sharing
• A coalition is formed by related entities like Medical care facilities
and Health insurance companies to share information within
themselves and to selected outsiders in a secure manner.
• Each of these entities can specify policies for access control through
the coalition.
• The coalition provides controlled access to information in the
database after enforcing policies generated by the entity owning the
database.
Example
• Consider a set of hospitals: {H1, H2, … Hn} and a set of Health
Insurance agencies {I1, I2, … In}. Each of these hospitals and
insurance companies can be an entity in a Coalition.
• The Coalition server provides a single point of access for databases
owned by each of the member entities.
• Each of these entities provides a policy file to the
company/individual hosting the Coalition server.
Example … continued
Situation – 1
• When registering a client, an insurance agency I5 might want to ensure that the applicant does
not have an active insurance coverage from any other insurance agency.
• A web service agent from the insurance company I5 issues a request to the Coalition server to
verify this.
- Using the applicant’s SSN, the web service agent can query each of the other insurance agency
databases to retrieve records of active insurance coverage for the client with the specified SSN.
Coalition
Architecture
Architectural Elements – 1
Web Service Agent:
Formulates a request and sends the request to the Response Engine
Receives response from the Response Engine and uses it to provide the appropriate service.
The aim of the web service agent is to obtain as much information as possible.
Architectural Elements – 2
Response Engine:
Policy Enforcement Point (PEP):
Enforces policies on requests sent by the Web Service.
Translates this request into an XACML request; sends it to the PDP.
Policy Decision Point (PDP):
Makes decisions regarding the request made by the web service.
Conveys the XACML request to the PEP.
Architectural Elements – 3
Coalition ( Policy files + Database)
Policy Files:
Policy Files are written in XACML policy language.
Policy Files specify rules for “Targets”. Each target is composed of 3 components: Subject,
Resource and Action; each target is identified uniquely by its components taken together. The
XACML request generated by the PEP contains the target. The PDP’s decision making capability lies
in matching the target in the request file with the target in the policy file.
These policy files are supplied by the owner of the databases (Entities in the coalition).
Databases:
The entities participating in the coalition provide access to their databases.
Screenshots - 1
Screenshots - 2
Screenshots - 3
Enforcing Honesty
• Everyone has a choice:– Tell the truth– Lie
• Distributed Behavior Enforcement– Non-trivial to implement– Difficult to guarantee– Examples: BitTorrent, P2P Networks, etc.
• Unless we can afford to have a neutral 3rd party that everyone can agree on, we need some way of enforcing ‘good’ behavior
Punishment
• However, there is a third option: refuse to participate– Usually not researched– Drastic measure that only makes sense if we
can influence behavior
• Our modeling suggests that, with proper use of refusal, we can ultimately enforce helpful behavior without a managing agent
Evolutionary Strategy
• Every 200 rounds, we create a new generation of agents, using the most successful strategies available
• The fitness f() of a given agent is a function of how well they have performed during interaction with other agents– More successful agents have a higher probability of
being a part of the next generation
n
ii
ii
select
af
afap
0
)(
)()(
Our Work
• Our mathematical models suggest that, assuming we punish by cutting off communication, the equilibrium is to always tell the truth
• Therefore, using an evolutionary environment, we have placed our particular rationality amongst a heterogeneous pool of competing ideologies– Tit-For-Tat: A famous algorithm that simply mirrors the last
move an opponent made– Random: An agent that selects it’s strategy with a 50/50 chance– Casual Liar: Like our agent, but lies with a 10% probability– Subtle Liar: Like our agent, but chooses to lie when it perceives
the piece being traded is of significant value• With equal parts given to each agent, which one will
emerge victorious?
Results
Centralized Reputations in Decentralized P2P Networks
Nathalie Tsybulnik, Kevin W. Hamlen, Bhavani Thuraisingham
Motivation
• P2P Systems offer few security guarantees
• Shared data has low confidentiality
• Shared data has low integrity
• Easy for malicious peers to propagate malicious code
Introducing Penny
• A P2P Network that addresses the following types of attacks:– Spread of corrupt or incorrect data– Attaching incorrect labels to data– Discovering which peers own particular data– Generating a list of all peers who own
particular data
Penny
• P2P Network that supports shared data labeling of:– Confidentiality – Integrity
• Peers can share data without revealing which data object they own
• Security labels are global but do not require a centralized server
Penny (Cont’d)
• P2P Network uses reputation-based trust management system – Store/retrieve labels – Despite malicious peer existence
• Maintain efficiency of network operations
• O(log N)