Traditional authorization mechanisms check whether a user is acting within prescribed parameters and will not detect abuse of privileges. Advanced policies can conditionally generate audit records and in limited ways can react to state generated by intrusion detection engines based on observation of the audit records. Such policies can also adapt the level of detail of the audit records generated until an intrusion detection engine notices that something is amiss, though not necessarily what it is. Such policies can also adapt the applied authentication policies to require more information from a user when suspicious activity has been detected.
In this paper we presented an authorization framework that enables the specification and enforcement of advanced authorization policies.
The GAA-API implementation is available at
http://www.isi.edu/gost/info/gaaapi/source.
For further details about the authorization model see [16].
For more information about the GAA-API see [15].
The GAA-API has been integrated with several applications, including ssh and Globus Security Infrastructure [6]. Currently we are integrating the GAA-API with FreeS/WAN IPsec.
There are some aspects of distributed policy evaluation and enforcement that do not fit well within the framework. In the current framework we assume that conditions are evaluated consecutively and that authorization requests do not overlap. These two assumptions enable us to concentrate on a single condition evaluation at a time and, therefore, avoid the problem of coordination of multiple condition evaluation processes.
This results in inefficient policy evaluation process and leads to systems that cannot scale to large numbers of objects. Our current approach may be appropriate for some client-server applications, where the server is an autonomous agent, in complete charge of its resources. The server maintains the security policy and is responsible for the policy evaluation. Some distribution of the policy evaluation process can be achieved through the condition evaluation function implemented as, for example, an RPC call that is performed synchronously. However, this approach is not suitable for truly distributed architectures where a set of servers implement the policy and the policy evaluation processing can be distributed over several servers. Each server is responsible for enforcing of a part of the whole access control policy.
The future directions for this research include exploring extensions to the framework that could encompass these issues.