Thomas Groß
Context-based Access Control
Abstract
Protecting web-sites and applications against unauthorized access is one of the most
important problems of the Internet. So-called access control products decide, whether
a user is allowed to access a certain resource or not. The technique of Context-based
Access Control achieves this by analysis of fine-grained attributes of an access requesting
user and the context of such an access control decision. Currently Context-based Access
Control is an emerging technology in the Internet area and a prerequisite of various
state-of-the-art e-commerce applications. The most important players on the market of
access control products currently include the Context-based Access Control functionality
in their products. It is in the scope of this thesis to solve the related problem of
dynamical attribute provision for such a product.
Many of the attributes used in Context-based Access Control have to be determined in
the very moment of the access control decision, but an access control product cannot
acquire them itself. Such attributes are for instance the current time, the age of an user
or the status of a payment. Thus, a dynamic attribute provision on demand is crucial
for these applications and with it the availability of protocols and services to do so.
Given this requirement, we analyze and design protocols and services for the dynamic
attribute provision of Context-based Access Control. We divide the thesis in two parts,
one theoretical and one practical.
Part I is more theoretical. There, we consider a single sign-on protocol of the OASIS
Security Assertion Markup Language (SAML). This is an emerging protocol standard
for the provision of assertions about a user's identity. The single sign-on protocol allows
a user to login only at a source site he trusts, while this site confirms his identity to
other sites.
We refine this standard into a protocol schema similar to that ones common for
cryptographic protocols. We describe the protocol steps in detail and name security
relevant assumptions explicitly. We provide an exact analysis for the SAML single
sign-on, which is the only one known to the author for such a protocol standard.
We discovered different attacks on the SAML single sign-on protocol including man-inthe-
middle attacks and such ones based on information leakage. We propose a repaired
protocol that is resistant against the described vulnerabilities.
Part II is oriented practically. In this part, we design a service for dynamic attribute
retrieval. This service externalizes the attribute provision functionality of access control
products. We Web Service technology to guarantee interoperability with various access
control products. We integrate the service in one given product as proof of concept.
We use different design patterns and the techniques of exemplary specification and
automated module testing in order to provide reliability, robustness and modularity. The
resulting service fulfills these quality requirements and is suitable as framework for most
kinds of attribute provision protocols.
The results of this thesis show on the one hand the feasibility of exact security analyses
for protocol standards like SAML single sign-on. We see on the other hand that the
externalization of an attribute provision service is possible and useful for access control
products.
Master Thesis. Saarland University, March 2003.
[BibTex]
[PDF]
|