Www.cloudsecurityalliance.org Copyright © 2011 Cloud Security Alliance Keynote.
KeyNote Presentation KeyNote. Vishwas Patil, TIFR.2/10 KeyNote: “?” Aim:- A notation for...
-
Upload
theodora-mcdaniel -
Category
Documents
-
view
213 -
download
0
Transcript of KeyNote Presentation KeyNote. Vishwas Patil, TIFR.2/10 KeyNote: “?” Aim:- A notation for...
![Page 1: KeyNote Presentation KeyNote. Vishwas Patil, TIFR.2/10 KeyNote: “?” Aim:- A notation for specifying local security policies and security credentials.](https://reader036.fdocuments.net/reader036/viewer/2022082819/56649f325503460f94c4d77a/html5/thumbnails/1.jpg)
KeyNote Presentation
KeyNoteKeyNote
![Page 2: KeyNote Presentation KeyNote. Vishwas Patil, TIFR.2/10 KeyNote: “?” Aim:- A notation for specifying local security policies and security credentials.](https://reader036.fdocuments.net/reader036/viewer/2022082819/56649f325503460f94c4d77a/html5/thumbnails/2.jpg)
Vishwas Patil, TIFR. 2/10KeyNote Presentation
KeyNote: “?”KeyNote: “?”
Aim:- A notation for specifying local security policies and security credentials that can be sent over an untrusted network.
![Page 3: KeyNote Presentation KeyNote. Vishwas Patil, TIFR.2/10 KeyNote: “?” Aim:- A notation for specifying local security policies and security credentials.](https://reader036.fdocuments.net/reader036/viewer/2022082819/56649f325503460f94c4d77a/html5/thumbnails/3.jpg)
Vishwas Patil, TIFR. 3/10KeyNote Presentation
KeyNote: versus PolicyMakerKeyNote: versus PolicyMaker
KeyNote predicate notations are based on C-like expressions and regular expressions.
KeyNote assertions always return a boolean. It has built-in credential signature verification. Human-readable assertion syntax (RFC 822). Trusted actions are described by simple
attribute/value pair.
But it is similar in spirit to that of PolicyMaker!
![Page 4: KeyNote Presentation KeyNote. Vishwas Patil, TIFR.2/10 KeyNote: “?” Aim:- A notation for specifying local security policies and security credentials.](https://reader036.fdocuments.net/reader036/viewer/2022082819/56649f325503460f94c4d77a/html5/thumbnails/4.jpg)
Vishwas Patil, TIFR. 4/10KeyNote Presentation
KeyNote: ApproachKeyNote: Approach
KeyNote accepts as input a set of local policy assertions, a collection of credential assertions, and a collection of attributes (action environment) that describes a proposed trusted action associated with a set of public-keys.
By applying assertion predicates to the environment it decides consistency of actions with local policy.
![Page 5: KeyNote Presentation KeyNote. Vishwas Patil, TIFR.2/10 KeyNote: “?” Aim:- A notation for specifying local security policies and security credentials.](https://reader036.fdocuments.net/reader036/viewer/2022082819/56649f325503460f94c4d77a/html5/thumbnails/5.jpg)
Vishwas Patil, TIFR. 5/10KeyNote Presentation
KeyNote: ArchitectureKeyNote: Architecture
KeyNote is monotonic; adding an assertion to a query can never result in a query's having a lower compliance value that it would have had without the assertion.
Removing an assertion never results in increasing the compliance value returned by KeyNote for a given query.
The monotonicity property can simplify the design and analysis of complex network- based security protocols.
![Page 6: KeyNote Presentation KeyNote. Vishwas Patil, TIFR.2/10 KeyNote: “?” Aim:- A notation for specifying local security policies and security credentials.](https://reader036.fdocuments.net/reader036/viewer/2022082819/56649f325503460f94c4d77a/html5/thumbnails/6.jpg)
Vishwas Patil, TIFR. 6/10KeyNote Presentation
KeyNote: Architecture KeyNote: Architecture ContinuedContinued
KeyNote does not itself provide credential revocation services.
KeyNote compliance checker helps in verifying (signature) the credentials received from untrusted requestor.
![Page 7: KeyNote Presentation KeyNote. Vishwas Patil, TIFR.2/10 KeyNote: “?” Aim:- A notation for specifying local security policies and security credentials.](https://reader036.fdocuments.net/reader036/viewer/2022082819/56649f325503460f94c4d77a/html5/thumbnails/7.jpg)
Vishwas Patil, TIFR. 7/10KeyNote Presentation
![Page 8: KeyNote Presentation KeyNote. Vishwas Patil, TIFR.2/10 KeyNote: “?” Aim:- A notation for specifying local security policies and security credentials.](https://reader036.fdocuments.net/reader036/viewer/2022082819/56649f325503460f94c4d77a/html5/thumbnails/8.jpg)
Vishwas Patil, TIFR. 8/10KeyNote Presentation
Keynote: Basic Syntax structureKeynote: Basic Syntax structure A KeyNote assertion contains a sequence of sections, called fields, each of which
specifies one aspect of the assertion's semantics. Fields start with an identifier at the beginning of a line and continue until the next field
is encountered.<Assertion>:: <VersionField>? <AuthField> <LicenseesField>? <LocalConstantsField>? <ConditionsField>? <CommentField>? <SignatureField>? ;
[X]* means zero or more repetitions of character string X.[X]+ means one or more repetitions of X.<X>* means zero or more repetitions of non-terminal <X>.<X>+ means one or more repetitions of X.<X>? means zero or one repetitions of X. Nonterminal grammar symbols are enclosed in angle brackets. Quoted strings in grammar productions represent terminals. All KeyNote assertions are encoded in ASCII.
![Page 9: KeyNote Presentation KeyNote. Vishwas Patil, TIFR.2/10 KeyNote: “?” Aim:- A notation for specifying local security policies and security credentials.](https://reader036.fdocuments.net/reader036/viewer/2022082819/56649f325503460f94c4d77a/html5/thumbnails/9.jpg)
Vishwas Patil, TIFR. 9/10KeyNote Presentation
KeyNote: SemanticsKeyNote: Semantics
Informally, the semantics of KeyNote evaluation can be thought of as involving the construction of a directed graph of KeyNote assertions rooted at a POLICY assertion that connects with at least one of the principals that requested the action.
Semantics are almost similar to PolicyMaker. RFC 2704 gives detailed description of the
semantics.
![Page 10: KeyNote Presentation KeyNote. Vishwas Patil, TIFR.2/10 KeyNote: “?” Aim:- A notation for specifying local security policies and security credentials.](https://reader036.fdocuments.net/reader036/viewer/2022082819/56649f325503460f94c4d77a/html5/thumbnails/10.jpg)
Vishwas Patil, TIFR. 10/10KeyNote Presentation
KeyNote: DiscussionKeyNote: Discussion
Advantages / Disadvantages Evaluation: simplicity, expressiveness, generality,
extensibility Open-Source implementations available. OpenBSD uses it in IPSEC implementation. $ man keynote