Towards a Framework of Authentication and Authorization ...€¦ · SARDAS 2003 / / Slide 6 Judith...
Transcript of Towards a Framework of Authentication and Authorization ...€¦ · SARDAS 2003 / / Slide 6 Judith...
![Page 1: Towards a Framework of Authentication and Authorization ...€¦ · SARDAS 2003 / / Slide 6 Judith Rossebø, Telenor AA patterns Framework: •We present a framework and classification](https://reader033.fdocuments.net/reader033/viewer/2022050117/5f4e0a37b6968c1e4a63d60c/html5/thumbnails/1.jpg)
SARDAS 2003 / / Slide 1 Judith Rossebø, Telenor
Towards a Framework of Authentication andAuthorization Patterns for Ensuring Availability
in Service Composition
061302
![Page 2: Towards a Framework of Authentication and Authorization ...€¦ · SARDAS 2003 / / Slide 6 Judith Rossebø, Telenor AA patterns Framework: •We present a framework and classification](https://reader033.fdocuments.net/reader033/viewer/2022050117/5f4e0a37b6968c1e4a63d60c/html5/thumbnails/2.jpg)
SARDAS 2003 / / Slide 2 Judith Rossebø, Telenor
Introduction
• Securing availability of services is challenging• The telecommunications environment has evolved (from centralized to
distributed)
• Services are being developed in a distributed manner in a connectionlessenvironment requiring cooperation of several components and actors
• Security requirements are not taken into account in the design process• Time to market and cost constraints
• Lack of knowledge about security
• Complexity of environment in which services are deployed
• Service Composition - allows for incremental service development.• service components are dynamically combined at run time
• Allows for reuse of components
• Our approach:• Development of (re-usable, flexible) patterns to ensure availability in composition
![Page 3: Towards a Framework of Authentication and Authorization ...€¦ · SARDAS 2003 / / Slide 6 Judith Rossebø, Telenor AA patterns Framework: •We present a framework and classification](https://reader033.fdocuments.net/reader033/viewer/2022050117/5f4e0a37b6968c1e4a63d60c/html5/thumbnails/3.jpg)
SARDAS 2003 / / Slide 3 Judith Rossebø, Telenor
Service Oriented Architecture
• Cross-cutting nature of services:• Service components interact with each other for the execution of services
• Dynamic linking - fundamental and general mechanism in S-O systems• Creation and release of dynamic links: mechanisms for service discovery, feature
selection, compatibility validation, and access control
![Page 4: Towards a Framework of Authentication and Authorization ...€¦ · SARDAS 2003 / / Slide 6 Judith Rossebø, Telenor AA patterns Framework: •We present a framework and classification](https://reader033.fdocuments.net/reader033/viewer/2022050117/5f4e0a37b6968c1e4a63d60c/html5/thumbnails/4.jpg)
SARDAS 2003 / / Slide 4 Judith Rossebø, Telenor
• ISO/IEC TR 13335:
“Availability is the property of being accessible and usableupon demand by an authorised entity”
Availability Decomposed
• Availability is a composite notion consisting of:• Exclusivity - the ability to ensure access for authorised users only
• Accessibility - the property of being at hand and useable whenneeded
Property
Accessibility Exclusivity
![Page 5: Towards a Framework of Authentication and Authorization ...€¦ · SARDAS 2003 / / Slide 6 Judith Rossebø, Telenor AA patterns Framework: •We present a framework and classification](https://reader033.fdocuments.net/reader033/viewer/2022050117/5f4e0a37b6968c1e4a63d60c/html5/thumbnails/5.jpg)
SARDAS 2003 / / Slide 5 Judith Rossebø, Telenor
Analyzing availability from different viewpoints
Viewpoint ofthe user
System viewpoint
Service viewpoint
Black box view
+ Service availability components
+ System availabilitycomponents
Servicecomponents
System components
White box view
![Page 6: Towards a Framework of Authentication and Authorization ...€¦ · SARDAS 2003 / / Slide 6 Judith Rossebø, Telenor AA patterns Framework: •We present a framework and classification](https://reader033.fdocuments.net/reader033/viewer/2022050117/5f4e0a37b6968c1e4a63d60c/html5/thumbnails/6.jpg)
SARDAS 2003 / / Slide 6 Judith Rossebø, Telenor
AA patterns Framework:
• We present a framework and classification of authentication andauthorisation patterns
• For composing with services
• To ensure that services are accessible to the authorised users only.
• We demonstrate how the authentication and authorisation patternscan be composed with services to ensure that access to servicesis granted to authorised users only. This involves
• Employing policies (role binding policies) to specify rules
• Compatibility of roles
• Is actor/agent authorised to play a role
• Is playing of a role allowed by the actor/agent• Policies are specified in OCL.
• Using goals, and/or pre- / post- conditions
• Employing Semantic Interfaces to define the interface behaviour betweenparticipating roles
![Page 7: Towards a Framework of Authentication and Authorization ...€¦ · SARDAS 2003 / / Slide 6 Judith Rossebø, Telenor AA patterns Framework: •We present a framework and classification](https://reader033.fdocuments.net/reader033/viewer/2022050117/5f4e0a37b6968c1e4a63d60c/html5/thumbnails/7.jpg)
SARDAS 2003 / / Slide 7 Judith Rossebø, Telenor
Classification of authentication patterns
UniOnePassAuthenticate
UnilateralAuthenticate
TwoPartyAuthenticate
MutualAuthenticate
UniTwoPassAuthenticate
MTwoPassAuthenticate
MThreePassAuthenticate
![Page 8: Towards a Framework of Authentication and Authorization ...€¦ · SARDAS 2003 / / Slide 6 Judith Rossebø, Telenor AA patterns Framework: •We present a framework and classification](https://reader033.fdocuments.net/reader033/viewer/2022050117/5f4e0a37b6968c1e4a63d60c/html5/thumbnails/8.jpg)
SARDAS 2003 / / Slide 8 Judith Rossebø, Telenor
Unilateral one pass authentication patterns
UniOnePassAuthenticate
UniOnePassAuthenticateSymmetric
UniOnePassAuthenticateAsymmetric
UniOnePassAuthenticatecrypto check
function
UniOnePassAuthenticate
Hash Function
![Page 9: Towards a Framework of Authentication and Authorization ...€¦ · SARDAS 2003 / / Slide 6 Judith Rossebø, Telenor AA patterns Framework: •We present a framework and classification](https://reader033.fdocuments.net/reader033/viewer/2022050117/5f4e0a37b6968c1e4a63d60c/html5/thumbnails/9.jpg)
SARDAS 2003 / / Slide 9 Judith Rossebø, Telenor
Classification of authentication patterns
• Rationale:• Describe generic patterns first• Separate the choices that the developer must take• Pinpoint each of the levels of specialisation for re-usability, flexibility and
awareness• Protocol• Algorithm• Key size
Why?• Flaws may be introduced in each of the layers of specialisation
How?• Specify the (policies) properties/requirements on the instances
playing the roles independently of choice of protocol/algorithm• Employ UML 2.0 Collaboration uses and Interaction uses to
facilitate re-usability of the patterns
![Page 10: Towards a Framework of Authentication and Authorization ...€¦ · SARDAS 2003 / / Slide 6 Judith Rossebø, Telenor AA patterns Framework: •We present a framework and classification](https://reader033.fdocuments.net/reader033/viewer/2022050117/5f4e0a37b6968c1e4a63d60c/html5/thumbnails/10.jpg)
SARDAS 2003 / / Slide 10 Judith Rossebø, Telenor
Specifying AA-patterns
TwoPtyAuthenticate
authenticatee : aType authenticator : bType
• UML 2.0 collaboration diagram for generic two party authenticationpattern
![Page 11: Towards a Framework of Authentication and Authorization ...€¦ · SARDAS 2003 / / Slide 6 Judith Rossebø, Telenor AA patterns Framework: •We present a framework and classification](https://reader033.fdocuments.net/reader033/viewer/2022050117/5f4e0a37b6968c1e4a63d60c/html5/thumbnails/11.jpg)
SARDAS 2003 / / Slide 11 Judith Rossebø, Telenor
Specialization - view 1
{def: goal : Boolean = authenticatee.Unilaterally_Authenticated}
UniTwoPassAuthenticate
authenticatee :responder
authenticator :challenger
• UML 2.0 collaboration diagram for unilateral two passauthentication pattern
• Goal expressed in OCL
![Page 12: Towards a Framework of Authentication and Authorization ...€¦ · SARDAS 2003 / / Slide 6 Judith Rossebø, Telenor AA patterns Framework: •We present a framework and classification](https://reader033.fdocuments.net/reader033/viewer/2022050117/5f4e0a37b6968c1e4a63d60c/html5/thumbnails/12.jpg)
SARDAS 2003 / / Slide 12 Judith Rossebø, Telenor
Specialization - view 2
UniTwoPass Authenticate
respondersecret : string
GenerateResponse ()
challenger
challenge : stringknowledge : string
GenerateChallenge ()ValidateResponse ()
authenticatorauthenticatee
{ Context c:UniTwoPassAuthenticateInv:c.authenticatee.Generate Response.is_generatable ANDc.authenticator.GenerateChallenge.is_generatable ANDc.authenticator.ValidateResponse.is_validatablePre:c.authenticatee.secret.is_assigned ANDc.authenticator.knowledge.is_assigned ANDRelation (c.authenticatee.secret, c.authenticator.knowledge) }
![Page 13: Towards a Framework of Authentication and Authorization ...€¦ · SARDAS 2003 / / Slide 6 Judith Rossebø, Telenor AA patterns Framework: •We present a framework and classification](https://reader033.fdocuments.net/reader033/viewer/2022050117/5f4e0a37b6968c1e4a63d60c/html5/thumbnails/13.jpg)
SARDAS 2003 / / Slide 13 Judith Rossebø, Telenor
Specialization - view 2
UniTwoPass Authenticate
respondersecret : string
algorithm : string
GenerateResponse ()
challenger
challenge : stringknowledge : string
GenerateChallenge ()ValidateResponse ()
authenticatorauthenticatee
{ Context c:UniTwoPassAuthenticateInv:c.authenticatee.Generate Response.is_generatable ANDc.authenticator.GenerateChallenge.is_generatable ANDc.authenticator.ValidateResponse.is_validatablePre:c.authenticatee.secret.is_assigned ANDc.authenticator.knowledge.is_assigned ANDRelation (c.authenticatee.secret, c.authenticator.knowledge) }
![Page 14: Towards a Framework of Authentication and Authorization ...€¦ · SARDAS 2003 / / Slide 6 Judith Rossebø, Telenor AA patterns Framework: •We present a framework and classification](https://reader033.fdocuments.net/reader033/viewer/2022050117/5f4e0a37b6968c1e4a63d60c/html5/thumbnails/14.jpg)
SARDAS 2003 / / Slide 14 Judith Rossebø, Telenor
User Pull patterns
User
Access Server
Service AccessFilter
UAs1:TwoParty
Authentic
ate
authenticator
authenticatee
UAs2:A
uths
Activ
atio
n
authsrequestor
authsgranter
USaf2:CheckingAccess Rights
authorisorauthorisee
UserPull
![Page 15: Towards a Framework of Authentication and Authorization ...€¦ · SARDAS 2003 / / Slide 6 Judith Rossebø, Telenor AA patterns Framework: •We present a framework and classification](https://reader033.fdocuments.net/reader033/viewer/2022050117/5f4e0a37b6968c1e4a63d60c/html5/thumbnails/15.jpg)
SARDAS 2003 / / Slide 15 Judith Rossebø, Telenor
{def: goal : Boolean = authenticatee.Unilaterally_Authenticated }
UniTwoPassAuthenticate
authenticatee :responder
authenticator :challenger
UniTwoPassAuthenticate : responder UniTwoPassAuthenticate :challenger
idle
idle
Unilaterally_Authenticated{ goal = true }
GenerateResponse
GenerateChallenge
ValidateResponse
?Challenge
?authenticate
!Challenge
!Response
waiting
?authenticate successful
waiting
?Response
?authenticate fail
NotAuthenticated
!authenticate successful
Unilaterally_Authenticated
!authenticate fail
NotAuthenticated
idle idle
P2a P6b
• Using semanticinterfaces:
• Defined based on rolemodelling and simplegoal expressions
• Facilitate validation ofsafety and livenessproperties
• Define visible interfacebehaviour and goals ofthe collaboration
• Declaration of role-binding policy is useful
• validation that securityproperties arepreserved incomposition of thepattern and services.
![Page 16: Towards a Framework of Authentication and Authorization ...€¦ · SARDAS 2003 / / Slide 6 Judith Rossebø, Telenor AA patterns Framework: •We present a framework and classification](https://reader033.fdocuments.net/reader033/viewer/2022050117/5f4e0a37b6968c1e4a63d60c/html5/thumbnails/16.jpg)
SARDAS 2003 / / Slide 16 Judith Rossebø, Telenor
Specification of AA patterns:
• Specification of each each pattern as a UML2.0 collaboration withsemantic interfaces
• For which Interface behaviour for each of the roles in the collaboration is defined
• Role-binding policies are annotated• To enable us to validate that the required conditions have been fulfilled in order for
– Authentication pattern to run correctly
– So that availability requirements are fulfilled when composing the pattern with services
• Why?• Semantic interfaces facilitate validation of safety and liveness properties
• Checking compatibility of different components involved in a service collaboration• By validating the interface behaviour instead of the component as a whole
• Policy rules to check:– Compatibility of roles
– Is actor/agent authorised to play a role
– Is playing of a role allowed by the actor/agent
![Page 17: Towards a Framework of Authentication and Authorization ...€¦ · SARDAS 2003 / / Slide 6 Judith Rossebø, Telenor AA patterns Framework: •We present a framework and classification](https://reader033.fdocuments.net/reader033/viewer/2022050117/5f4e0a37b6968c1e4a63d60c/html5/thumbnails/17.jpg)
SARDAS 2003 / / Slide 17 Judith Rossebø, Telenor
Role-binding policies - constrain binding of roles toagents at run time
{ Context c:UniTwoPassAuthenticateInv:
c.authenticatee.Generate Response.is_generatablePre:c.authenticatee.secret.is_assignedPost:c.authenticatee.playRole}
{Context c:UniTwoPassAuthenticateInv:c.authenticator.GenerateChallenge.is_generatable ANDc.authenticator.ValidateResponse.is_validatablePre:c.authenticator.knowledge.is_assignedPost:c.authenticator.playRole }
![Page 18: Towards a Framework of Authentication and Authorization ...€¦ · SARDAS 2003 / / Slide 6 Judith Rossebø, Telenor AA patterns Framework: •We present a framework and classification](https://reader033.fdocuments.net/reader033/viewer/2022050117/5f4e0a37b6968c1e4a63d60c/html5/thumbnails/18.jpg)
SARDAS 2003 / / Slide 18 Judith Rossebø, Telenor
Role - binding policy
{ Context c:UniTwoPassAuthenticateInv:c.authenticatee.Generate Response.is_generatablePre:c.authenticatee.secret.is_assignedc.authenticatee.algorithm = SHA1Post:c.authenticatee.playRole}
• With condition on support of the SHA-1 algorithm
![Page 19: Towards a Framework of Authentication and Authorization ...€¦ · SARDAS 2003 / / Slide 6 Judith Rossebø, Telenor AA patterns Framework: •We present a framework and classification](https://reader033.fdocuments.net/reader033/viewer/2022050117/5f4e0a37b6968c1e4a63d60c/html5/thumbnails/19.jpg)
SARDAS 2003 / / Slide 19 Judith Rossebø, Telenor
Collaboration policy
• Express constraints that must hold for a collaboration as a wholewhen it is instantiated.
• Aim at preventing actions that may compromise the intentions and goals of thecollaboration.
{ Context c:UniTwoPassAuthenticate
Pre:Relation (c.authenticatee.secret, c.authenticator.knowledge)Post:self.instantiate }
secret, and knowledge have been assigned and distributed
a priori
![Page 20: Towards a Framework of Authentication and Authorization ...€¦ · SARDAS 2003 / / Slide 6 Judith Rossebø, Telenor AA patterns Framework: •We present a framework and classification](https://reader033.fdocuments.net/reader033/viewer/2022050117/5f4e0a37b6968c1e4a63d60c/html5/thumbnails/20.jpg)
SARDAS 2003 / / Slide 20 Judith Rossebø, Telenor
Service Composition – Example
• Service S defined as semanticinterface with roles r1 and r2:
• Collaboration S may have a policyP3 specifying:
• r1 and r2 cannot be played by thesame agent
• Restrictions on types of agents thatcan play the roles
• e.g. user agents for r1,
• terminal agent for r2
Service S : User
Service S
r1 : User r2 : Service
Goal:Service provided
P1Service S : Service
P2
P3
![Page 21: Towards a Framework of Authentication and Authorization ...€¦ · SARDAS 2003 / / Slide 6 Judith Rossebø, Telenor AA patterns Framework: •We present a framework and classification](https://reader033.fdocuments.net/reader033/viewer/2022050117/5f4e0a37b6968c1e4a63d60c/html5/thumbnails/21.jpg)
SARDAS 2003 / / Slide 21 Judith Rossebø, Telenor
Service Composition – Example
• Agents A and B may specifyconditions:
• Agent B specifies preconditions forinvoking r2
• Pre-cond: A is authenticated andauthorised
• Agent A specifies preconditions forinvoking r1
• B is authenticated and authorised
• We are looking at using OCL toexpress these conditions
• Agents A and B may negotiate on theAA patterns to apply
• E.g., B selects patterns and returns thedecision to A
Service S : User
Service S
r1 : User r2 : Service
Goal:Service provided
P1Service S : Service
P2
P3
A : User Agent B : Service Agent
s:Service S
r1 : User r2 : Service
![Page 22: Towards a Framework of Authentication and Authorization ...€¦ · SARDAS 2003 / / Slide 6 Judith Rossebø, Telenor AA patterns Framework: •We present a framework and classification](https://reader033.fdocuments.net/reader033/viewer/2022050117/5f4e0a37b6968c1e4a63d60c/html5/thumbnails/22.jpg)
SARDAS 2003 / / Slide 22 Judith Rossebø, Telenor
Service Composition
AA behaviour may be invoked in two different situations:• Creating a new session by performing a role request - Dynamic
role binding• Devise mechanisms to ensure that the role is invoked only if AA policies are
satisfied• E.g. AA behaviour performed first and desired goal reached before the service is
invoked
• AA goal is a precondition for service invocation
• During session behaviour• Required when a session and its service roles contain features or access objects
requiring dynamic authorisation (modelled using service access filters, andpolicies e.g. restricting role behaviour)
• Required to force termination of a session if authorisations are no longer valid(currently modelled as the interrupt collaboration)
• Challenging – requires tighter integration of service behaviour and AA behaviour
![Page 23: Towards a Framework of Authentication and Authorization ...€¦ · SARDAS 2003 / / Slide 6 Judith Rossebø, Telenor AA patterns Framework: •We present a framework and classification](https://reader033.fdocuments.net/reader033/viewer/2022050117/5f4e0a37b6968c1e4a63d60c/html5/thumbnails/23.jpg)
SARDAS 2003 / / Slide 23 Judith Rossebø, Telenor
Service S decomposed
• Binding roles to agents in servicecompositon
• Agent A requests a session of Service S,and role r2 from agent B
r1 : User r2 : Service
US2 :ServiceUse
Service S
A : User Agent B : Service Agent
s:Service S
serviceuser
serviceprovider
collaborations
agents
US1 : Requestfor Serviceservice
requestorservicegranter
Goal: Service provided
r1 : User r2 : Service
![Page 24: Towards a Framework of Authentication and Authorization ...€¦ · SARDAS 2003 / / Slide 6 Judith Rossebø, Telenor AA patterns Framework: •We present a framework and classification](https://reader033.fdocuments.net/reader033/viewer/2022050117/5f4e0a37b6968c1e4a63d60c/html5/thumbnails/24.jpg)
SARDAS 2003 / / Slide 24 Judith Rossebø, Telenor
Access ServerU
As1
:U
niT
wo
Pas
sA
uth
enti
cate
authenticator
authenticatee
UA
s2 :
Au
ths
Act
ivat
ion
service accessrequestee
service access requestor
USaf2 : CheckingAccess Rights
USaf3 : AAService Use
proxyserviceprovider
proxiedserviceuser
servicegranter
service requestor
ServiceS with Access control
{ def: goal: Boolean = User.AAaccessTo(Service) }
US1 : RequestService
serviceuser
serviceprovider
P2
P3
P5
P6
P7
P1
Service AccessFilter
User
USaf1: RequestService Access
Service
US2 :ServiceUse
P8
P4
![Page 25: Towards a Framework of Authentication and Authorization ...€¦ · SARDAS 2003 / / Slide 6 Judith Rossebø, Telenor AA patterns Framework: •We present a framework and classification](https://reader033.fdocuments.net/reader033/viewer/2022050117/5f4e0a37b6968c1e4a63d60c/html5/thumbnails/25.jpg)
SARDAS 2003 / / Slide 25 Judith Rossebø, Telenor
sdChallenge
authenticatee:responder
authenticator:challenger
Challenge_signal
sdResponse
authenticatee:responder
authenticator:challenger
Response_signal
sd UniTwoPassAuthenticate
authenticatee:responder
authenticator:challenger
Challengeref
GenerateChallenge
ValidateResponse
refResponse
alt
Unilaterally_Authenticated
NotAuthenticated
[Response Valid]
GenerateResponse
![Page 26: Towards a Framework of Authentication and Authorization ...€¦ · SARDAS 2003 / / Slide 6 Judith Rossebø, Telenor AA patterns Framework: •We present a framework and classification](https://reader033.fdocuments.net/reader033/viewer/2022050117/5f4e0a37b6968c1e4a63d60c/html5/thumbnails/26.jpg)
SARDAS 2003 / / Slide 26 Judith Rossebø, Telenor
Authentication and authorisation
• Authentication is the process of determining who you are.• Authentication binds an identity to a subject. Basis of ID:
• Something the entity knows (e.g. password, PIN)
• Something the entity has (e.g. smartcard, SIM card)
• Something inherent to the entity (e.g. fingerprint, retinal characteristics
• Authorisation is the process of determining what you are allowedto do
• Authentication and authorisation patterns may be used to ensureaccess to a service to authorised users only.
![Page 27: Towards a Framework of Authentication and Authorization ...€¦ · SARDAS 2003 / / Slide 6 Judith Rossebø, Telenor AA patterns Framework: •We present a framework and classification](https://reader033.fdocuments.net/reader033/viewer/2022050117/5f4e0a37b6968c1e4a63d60c/html5/thumbnails/27.jpg)
SARDAS 2003 / / Slide 27 Judith Rossebø, Telenor
User
Access Server
Service AccessFilter
UAs1:TwoParty
Authenticate
Authenticator
Authenticatee
UAs2:Auths
Activatio
n
Auths_Requestor
Auths_Granter
USaf1:Request forService Access
Service Access_Requestee
Service Access_Requestor
USaf2:CheckingAccess Rights
AuthorisorAuthorisee
USaf3:A_Service Use
Proxy_Service_Provider
ProxiedService_user
AsSaf*:Update
Acess RightsStatus
USaf*:Interrupt
Auths_notifier
Auths_notifyee
Interrupted Interrupter
UserPull overall goal Expression: Authenticated andAuthorised User is granted access to the service
Elaborated User Pull AA architecture
![Page 28: Towards a Framework of Authentication and Authorization ...€¦ · SARDAS 2003 / / Slide 6 Judith Rossebø, Telenor AA patterns Framework: •We present a framework and classification](https://reader033.fdocuments.net/reader033/viewer/2022050117/5f4e0a37b6968c1e4a63d60c/html5/thumbnails/28.jpg)
SARDAS 2003 / / Slide 28 Judith Rossebø, Telenor
Thank you for listening
Questions?