Ecole Nationale Supe´rieure des Te´le´communications Paris M´emoire de Th`ese en vue de l’obtention du grade de Docteur de l’ENST Discipline : Informatique et r´eseaux Pr´esent´e et soutenu publiquement par Alexandre MIE`GE le 27 juin 2005 Titre D´efinition d’un environnement formel d’expression de politiques de s´ecurit´e. Mod`ele Or-BAC et extensions. Jury Ana Cavalli Pr´esidente Professeur`a l’INT-EVRY Dominique Chandesris Examinateur Conseiller en s´ecurit´e des syst`emes d’information`a la DCSSI Fr´ed´eric Cuppens Directeur de th`ese Professeur`a l’ENST-Bretagne Thomas Jensen Rapporteur Directeur de recherche CNRS/IRISA Michel Riguidel Examinateur Directeur du d´epartement INFRES`a l’ENST Paris Pierre Rolin Rapporteur Responsable du d´eveloppement des comp´etences et des partenariats de recherche`a FTR&D Definition of a formal framework for specifying security policies. The Or-BAC model and extensions. by Alexandre Mie`ge A dissertation submitted to the Graduate Faculty of Ecole Nationale Sup´erieure des T´el´ecommunications for the degree of Doctor of Philosophy in Computer Science Defense date: June 27th 2005 Committee: Ana Cavalli Chairwoman Professor at INT-EVRY Dominique Chandesris Examiner Computer security counsellor for the DCSSI Fr´ed´eric Cuppens Supervisor Professor at ENST-Bretagne Thomas Jensen Reporter CNRS research director at IRISA Michel Riguidel Examiner Head of department INFRES at ENST Paris Pierre Rolin Reporter In charge of competence development and research parternship at FTR&D R´esum´e Nouspr´esentonsdanscetteth`eseunnouveaumod`eledecontrˆoled’acc`esd´enomm´eOr-BAC, Organization Based Access Control. Il vise `a pallier les limites des mod`eles de s´ecurit´e ex- istants tout en simplifiant la sp´ecification d’une politique de s´ecurit´e. Nous proposons un mod`ele plus riche et plus modulaire qui permet de distinguer la r´edaction de la politique de s´ecurit´e de son implantation. Ceci est rendu possible par l’abstraction des entit´es tradition- nelles du controˆle d’acc`es : les sujets sont employ´es dans des roˆles, les objets sont utilis´es dans des vues et les actions impl´ementent des activit´es. De plus l’organisation dans laque- lle un r`eglement de s´ecurit´e est d´efini prend une place centrale dans ce nouveau mod`ele. On peut ainsi analyser l’interop´erabilit´e d’organisations ayant chacune leur politique de s´ecurit´e et par ailleurs mod´eliser la structure des organisations. Trois autres aspects sont d´etaill´esdanscem´emoire. Premi`erement,afind’obtenirunr`eglementdes´ecurit´edynamique, nous int´egrons une large vari´et´e de contextes. De tels contextes permettent d’activer ou de d´esactiver des autorisations. Deuxi`emement, nous offrons la possibilit´e d’exprimer des autorisations n´egatives et d´efinissons une m´ethode de gestion des conflits entre autorisa- tions positives et n´egatives qui a la particularit´e d’ˆetre param´etrable et de permettre de d´etecter et surtout de pr´evenir les conflits. Enfin, nous associons a` notre mod`ele un mod`ele d’administration, AdOr-BAC, qui permet de g´erer l’ensemble d’une politique de s´ecurit´e Or-BAC de fa¸con flexible et d´ecentralis´ee. Nous pr´esentons´egalement deux travaux de mise en œuvre : l’adaptation de notre mod`ele dans un environnement r´eseau et le d´eveloppement d’OToKit, une maquette de saisie et de validation d’une politique de s´ecurit´e Or-BAC. Mots-cl´es : Or-BAC, politique de s´ecurit´e, controˆle d’acc`es, contexte, d´etection des con- flits, administration, AdOr-BAC, OToKit. L’annexe B propose un plus long r´esum´e de la th`ese en fran¸cais. La th`ese a ´et´e financ´ee par France T´el´ecom Recherche & D´eveloppement, et les travaux ont ´et´e r´ealis´es `a l’ONERA - Centre de Toulouse de mars 2002 `a d´ecembre 2004 et `a l’ENST- Bretagne (campus de Rennes) de janvier 2004 `a juin 2005. Abstract This thesis presents a new access control model called Or-BAC (Organization-Based Access Control). We aim at overcoming the limitations of the existing models while simplifying the security policy specification. We suggest a more expressive and modular model that enables us to make a distinction between the policy and its concrete implementation. This isobtainedbymakinganabstractionofthetraditionalaccesscontrolentitiessubject,action andobject. Actually,subjectsareempoweredinroles,objectsareusedinviewsandactions implementactivities. Furthermore,theconceptoforganizationiscentraltoourmodel. This makes it possible to better analyze interporability between organizations and to model an organization structure by designing hierarchies of organization. Three other features are tackled in this dissertation. First, in order to obtain dynamic security rules, we introduce the entity context. It enables us to define in which circumstances authorizations must be activated and deactivated. Second, we consider negative authorizations since it allows to more easily specify complex policies. As conflicts might occur between positive and negative authorizations, we provide a parametric conflict management strategy that allows us to detect and resolve potential conflicts. Finally, we define an administration model called AdOr-BAC. This administration model is fully compliant with Or-BAC and offers convenient and flexible means to manage Or-BAC policies. The last part of the dissertation is dedicated to two implementation works: The application to a network environment and the development of a prototype application, OToKit, used to design Or-BAC policies and to detect and solve conflicts. Keywords: Or-BAC, security policy, access control, context, conflict management, ad- ministration, AdOr-BAC, OToKit. This thesis was funded by France T´el´ecom Recherche & D´eveloppement. The research took place at ONERA-Toulouse Research Center from March 2002 to December 2004, and at ENST-Bretagne (Rennes) from January 2004 to june 2005. Acknowledgments First and foremost, I would like to express my sincere gratitude to my supervisor Prof. Fr´ed´eric Cuppens. I thank him for the opportunity he offered me to start this thesis and then for his patience and guidance during the past three years. His constant good mood as well as his friendship have made it a real pleasure to do my thesis under his supervision. I am thankful to the committee members of my thesis defense, Michel Riguidel, Dominique Chandesris and the chairman Ana Cavalli. I would like to thank Pierre Rollin and Thomas Jensen for the time taken to review my dissertation, and for their valuable comments. I would like to thank Jacques Cazin for having welcomed me at ONERA in the DTIM department for the first part of the thesis, and Gilbert Martineau and Xavier Lagrange for having enabled me to carry out the last year and a half at ENST-Bretagne at the RSM department. Iamespeciallygrateful toChristine Potierfrom ENSTParisand Josette BrialandMonique Perron from ONERA for their determination in making it possible to start this thesis. My thanks go to my undergraduate partners Thierry Sans, Fabien Autrel, Joaquin Garcia and Remy Delmas for the work accomplished together, and who by now have become good friends. Iwouldliketothankthemforthegoodsmomentsspenttogetheroverthepastyears. Many thanks to C´eline Coma who was a great help in preparing my thesis presentation, and I wish her good luck for the thesis she is now starting. I would like to thank Nora Cuppens-Boulahia. Her ideas and suggestions had a large influ- ence on the direction the research took. Furthermore her comments on drafts of the thesis were invaluable. IbenefitedfromacollaborationwithmembersofFranceT´el´ecomR&D.Mythanksespecially go to B´eatrice Renard, Sarah Nataf, Jean-Marc Hospital and Pierre Combes. My dearest thanks go to my family and specially my Parents, Annick and St´ephane, for all their support and love during my never-ending education. Thanks to my brother, Pierre, who is a model for me and is one of the reasons why I did a Ph.D. Finally, I could not express all my gratitude to my dearest Arline Brisemur. You constantly encouragedmeduringthesethreeyearsandpushedmewhenmymotivationwasdiminishing, even though the decision of doing a Ph.D. had meant that we were separated most of the time, and made our lives quite complicated. Thank you for having spent hours and days to carefully read the draft of this thesis and help me with your professional translation skills. Your exigent coaching during the Ph.D defence preparation highly improved my talk. Thanks you for your patience ... and for everything.
Description: