engineering access control policies for provenance aware
play

Engineering Access Control Policies for Provenance-aware Systems - PowerPoint PPT Presentation

Apr 17, 2023 •243 likes •491 views

Engineering Access Control Policies for Provenance-aware Systems Lianshan Sun 12 , Jaehong Park 2 and Ravi Sandhu 2 1. Shaanxi University of Science and Technology (SUST), Xian, Shaanxi, China, 710021 2. University of Texas at San Antonio

  1. Engineering Access Control Policies for Provenance-aware Systems Lianshan Sun 12 , Jaehong Park 2 and Ravi Sandhu 2 1. Shaanxi University of Science and Technology (SUST), Xi’an, Shaanxi, China, 710021 2. University of Texas at San Antonio (UTSA), San Antonio, Texas, USA, 78249 sunlianshan@gmail.com, jae.park@utsa.edu, ravi.sandhu@utsa.edu Sun et al. (SUST & UTSA) Engineering ACPs for provenance-aware systems CODASPY13, February 19, 2013 1 / 19

  2. Outline Engineering access control policies for provenance-aware systems Background What is provenance Provenance-aware systems Provenance-aware access control policies Motivations Solution and Case Study Typed Provenance Model (TPM) A TPM-Centric Process for engineering Access Control Polices A case study on Homework Grading System (HGS) Conclusion Sun et al. (SUST & UTSA) Engineering ACPs for provenance-aware systems CODASPY13, February 19, 2013 2 / 19

  3. Background What is provenance Provenance is information about entities, activities, and people involved in producing a piece of data or thing, which can be used to form assessments about its quality, reliability or trustworthiness. Figure: The provenance of a piece of cake Sun et al. (SUST & UTSA) Engineering ACPs for provenance-aware systems CODASPY13, February 19, 2013 3 / 19

  4. Background A Running Example – Homework Grading System (HGS) Students upload, replace, and submit their homework; Professors as well as some students on behalf of professors review the submitted homework; Professors grade a homework to generate a grade report having some of existing reviews of the homework as appendix. Figure: The provenance of a submitted homework. Sun et al. (SUST & UTSA) Engineering ACPs for provenance-aware systems CODASPY13, February 19, 2013 4 / 19

  5. Background Provenance-aware systems A provenance-aware system generates, stores, processes, and disseminates provenance to answer various provenance questions. Key issues in building provenance aware systems include provenance collection, storage, and retrieval. A provenance data model defines the scheme of provenance to be captured and is the conceptual basis of building provenance aware systems. A public provenance data model – Open Provenance Model (OPM). A directed graph captures entities and casuality dependencies among entities. Entities: artifact, process, agent. Casuality dependency : e → f means e is caused by f . Dependency types: direct (u, g, c), indirect (d, t). t u1 Artifact Process Agent c g u submit h2 review c : wasControlledBy; d : wasDerivedFrom u u : used; t : wasTriggeredBy h1 d g : wasGeneratedBy; Figure: An OPM graph. Sun et al. (SUST & UTSA) Engineering ACPs for provenance-aware systems CODASPY13, February 19, 2013 5 / 19

  6. Background Access control in provenance-aware systems Provenance-aware systems need to deploy some access control facilities to protect both normal data items and their provenance. Provenance differs from traditional data and meta-data in that it is an immutable directed acyclic graph called provenance graph and can only be captured at run-time. Some subgraphs of a provenance graph as a unit may show meaningful provenance semantics and could be treated as sensitive resources or be used to adjudicate access requests. u1 c u g submit h2 review u h1 Figure: A subgraph of provenance. Sun et al. (SUST & UTSA) Engineering ACPs for provenance-aware systems CODASPY13, February 19, 2013 6 / 19

  7. Background Access control in provenance-aware systems Traditional access control models, policy languages do not work well in provenance aware systems. Researchers have proposed some provenance-aware access control models and corresponding policy languages. Provenance access control, PAC Protecting sensitive provenance. A reviewer cannot see who has submitted a homework. prov: ( h → submit → u ). Provenance-based access control, PBAC Protecting both sensitive provenance and sensitive data items with provenance by using provenance to adjudicate access requests. Only a submitted homework can be reviewed. prov: ( h → submit ) Sun et al. (SUST & UTSA) Engineering ACPs for provenance-aware systems CODASPY13, February 19, 2013 7 / 19

  8. Background Provenance-aware Access Control Policies A provenance-aware policy may be either a PAC policy, a PBAC policy, or the combination of both, which may refer to provenance answering certain provenance questions A user u can see the owner of a homework h if u has started to grade h . u ∈ GradedBy ( h ) ⇐ P ( u , query , OwnedBy ( h )) . Here, both GradedBy ( h ) and OwnedBy ( h ) are two provenance questions against the homework h whose semantics can be easily understood by users without technical knowledge. Sun et al. (SUST & UTSA) Engineering ACPs for provenance-aware systems CODASPY13, February 19, 2013 8 / 19

  9. Background Provenance-aware Access Control Policies A provenance-aware policy may be either a PAC policy, a PBAC policy, or the combination of both, which may refer to provenance answering certain provenance questions A user u can see the owner of a homework h if u has started to grade h . u ∈ GradedBy ( h ) ⇐ P ( u , query , OwnedBy ( h )) . Here, both GradedBy ( h ) and OwnedBy ( h ) are two provenance questions against the homework h whose semantics can be easily understood by users without technical knowledge. Although there are provenance-aware policy languages, it is far from straightforward for developers to specify provenance-aware policies due to various reasons. Sun et al. (SUST & UTSA) Engineering ACPs for provenance-aware systems CODASPY13, February 19, 2013 8 / 19

  10. Motivations Motivations First, it is very difficult to specify provenance-aware policies due to the complexity of provenance graph. For example, policy architects need to identify one or more subgraphs in a provenance graph in defining provenance-aware policies. u ∈ GradedBy ( h ) ⇐ P ( u , query , OwnedBy ( h )) Figure: Provenance Graph of HGS. Sun et al. (SUST & UTSA) Engineering ACPs for provenance-aware systems CODASPY13, February 19, 2013 9 / 19

  11. Motivations Motivations First, it is very difficult to specify provenance-aware policies due to the complexity of provenance graph. For example, policy architects need to identify one or more subgraphs in a provenance graph in defining provenance-aware policies. u ∈ GradedBy ( h ) ⇐ P ( u , query , OwnedBy ( h )) We need some mechanisms to abstract complex provenance graph into user-comprehensible and meaningful controlling units that can be used to efficiently define provenance-aware policies at development time when the provenance graph is even not available. Figure: Provenance Graph of HGS. Sun et al. (SUST & UTSA) Engineering ACPs for provenance-aware systems CODASPY13, February 19, 2013 9 / 19

  12. Motivations Motivations Second, implications on software architecture Provenance impacts software architecture and makes some traditional functional requirements possibly be implemented as provenance-aware policies. An activity A can start only after another activity B is finished Only users who did not review a homework before can review the homework. Developers need to decide which requirements can be and should be modeled as provenance-aware requirements from the beginning of software development. Sun et al. (SUST & UTSA) Engineering ACPs for provenance-aware systems CODASPY13, February 19, 2013 10 / 19

  13. Motivations Motivations Second, implications on software architecture Provenance impacts software architecture and makes some traditional functional requirements possibly be implemented as provenance-aware policies. An activity A can start only after another activity B is finished Only users who did not review a homework before can review the homework. Developers need to decide which requirements can be and should be modeled as provenance-aware requirements from the beginning of software development. So it is conducive to take some engineering solutions in developing provenance-aware policies. Modeling provenance in abstractions Designing process to guide the identification, specification, and refinement of provenance aware policies. Figure: Motivations. Sun et al. (SUST & UTSA) Engineering ACPs for provenance-aware systems CODASPY13, February 19, 2013 10 / 19

  14. Solution and Case Study Typed Provenance Model Figure: Provenance abstractions. An entity type is a class that is instantiated into nodes in a provenance graph Artifacts: Homework, Review, Grade Processes: upload, replace, submit, review, grade Agents: Student, Professor A dependency type is a class of causality dependencies with similar provenance semantics T : = N ( E , C ) , e.g T := ReviewedBy(Homework, User) ReviewedBy ( Hw 1 , u 1 ) instantiated from T means that the homework Hw 1 was reviewed by the user u 1 . ReviewedBy ( Hw 1 , u 1 ) can also be denoted as u 1 ∈ ReviewedBy ( Hw 1 ) . Primitive dependency types and complex dependency types. Sun et al. (SUST & UTSA) Engineering ACPs for provenance-aware systems CODASPY13, February 19, 2013 11 / 19

Recommend

Oblivious Computation in Public Cloud for Privacy-aware Access Control Policies and Data Search

Oblivious Computation in Public Cloud for Privacy-aware Access Control Policies and Data Search

Oblivious Computation in Public Cloud for Privacy-aware Access Control Policies and Data Search Ph.D. Dissertation Defense Zeeshan Pervez Department of Computer Engineering Kyung Hee University, Global Campus, Korea email:

650 views • 24 slides
PASS PASS Provenance-Aware Storage System Provenance-Aware Storage System Margo Seltzer, David

PASS PASS Provenance-Aware Storage System Provenance-Aware Storage System Margo Seltzer, David

PASS PASS Provenance-Aware Storage System Provenance-Aware Storage System Margo Seltzer, David Holland, Kiran-Kumar Muniswamy-Reddy, Uri Braun, and Jonathan Ledlie Harvard University What is Provenance? What is Provenance? What did the

336 views • 12 slides
Provenance Tracking in CXXR Chris A. Silles Andrew R. Runnalls Computing Laboratory, University

Provenance Tracking in CXXR Chris A. Silles Andrew R. Runnalls Computing Laboratory, University

Provenance Tracking in CXXR Chris A. Silles Andrew R. Runnalls Computing Laboratory, University of Kent, UK Introduction Provenance CXXR Provenance-Aware CXXR Conclusion Outline 1 Introduction 2 Provenance CXXR 3 Provenance-Aware

980 views • 97 slides
Whats the Problem? What does it mean to collect provenance when you dont control:

Whats the Problem? What does it mean to collect provenance when you dont control:

Provenance in the Wild Peter Macko, Margo Seltzer June 14, 2012 Whats the Problem? What does it mean to collect provenance when you dont control: The data (types, format, organization, structure) The operators The

445 views • 10 slides
Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions Protection objects : system resources for which protection is

576 views • 21 slides
Time-aware Provenance for Distributed Systems Wenchao Zhou, Ling Ding, Andreas Haeberlen,

Time-aware Provenance for Distributed Systems Wenchao Zhou, Ling Ding, Andreas Haeberlen,

Time-aware Provenance for Distributed Systems Wenchao Zhou, Ling Ding, Andreas Haeberlen, Zachary Ives, Boon Thau Loo University of Pennsylvania Provenance for Distributed Systems Goal: Develop capability to answer diagnostic questions We need

314 views • 10 slides
Rewrite Specifications of Access Control Policies in Distributed Environments C. Bertolissi and

Rewrite Specifications of Access Control Policies in Distributed Environments C. Bertolissi and

Rewrite Specifications of Access Control Policies in Distributed Environments C. Bertolissi and M. Fernndez LIF , Marseille & Kings College London WTS2010, Nancy C. Bertolissi, M. Fernndez () Term rewriting for Access Control

1.04k views • 28 slides
Static enforceability of XPath-based access control policies James Cheney University of

Static enforceability of XPath-based access control policies James Cheney University of

Static enforceability of XPath-based access control policies James Cheney University of Edinburgh DBPL 2013 August 30, 2013 Background Access control for XML databases Read-only security views [Stoica & Farkas 2002, Fan

431 views • 29 slides
Cassandra: Distributed Access Control Policies with Tunable Expressiveness Moritz Y. Becker and

Cassandra: Distributed Access Control Policies with Tunable Expressiveness Moritz Y. Becker and

Cassandra: Distributed Access Control Policies with Tunable Expressiveness Moritz Y. Becker and Peter Sewell Computer Laboratory, University of Cambridge, U.K. Cassandra: Distributed Access Control Policies with Tunable Expressiveness p.

1.44k views • 20 slides
Meta-policies for Distributed Role-based Access Control Andrs Belokosztolszki, Ken Moody

Meta-policies for Distributed Role-based Access Control Andrs Belokosztolszki, Ken Moody

Meta-policies for Distributed Role-based Access Control Andrs Belokosztolszki, Ken Moody {ab374,km}@cl.cam.ac.uk University of Cambridge, Computer Laboratory, OPERA Policy 2002 1 Outline Role-Based Access Control OASIS

480 views • 14 slides
Provenance-based Access Control Models July 31, 2014 Dissertation Defense Dang Nguyen Institute

Provenance-based Access Control Models July 31, 2014 Dissertation Defense Dang Nguyen Institute

Institute for Cyber Security Provenance-based Access Control Models July 31, 2014 Dissertation Defense Dang Nguyen Institute for Cyber Security University of Texas at San Antonio World-leading research with real-world impact! 1 Presentation

451 views • 44 slides
Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of Access Control Discretionary acces control Mandatory access control Real systems: Unix Access Control Model Access control Access

817 views • 47 slides
Speech Acts and Tokens for Access Control and Provenance Tracking Fabian Neuhaus (NCOR) &

Speech Acts and Tokens for Access Control and Provenance Tracking Fabian Neuhaus (NCOR) &

Speech Acts and Tokens for Access Control and Provenance Tracking Fabian Neuhaus (NCOR) & Bill Andersen (Highfleet) STIDS 2011 Sorry Fabian cant be with us today 1 Neuhaus & Andersen, STIDS 2011 17 Nov 2011 Problem Statement

452 views • 21 slides
Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control? How Is Access Determined? Who Determines Access? Forms of Access Control SELinux Booleans iptables File Access Control Lists Apache Access Control

711 views • 36 slides
Management of Exceptions in Access Control Policies J. G. Alfaro, F. Cuppens, N. Cuppens ENST

Management of Exceptions in Access Control Policies J. G. Alfaro, F. Cuppens, N. Cuppens ENST

Management of Exceptions in Access Control Policies J. G. Alfaro, F. Cuppens, N. Cuppens ENST Bretagne, Rennes RSM/SERES Outline - 2 - Problem domain Main strategies Use of full expressiveness Conclusions and Perspectives

562 views • 28 slides
CSE 510 Web Data Engineering Access Control Authentication & Authorization UB CSE 510 Web

CSE 510 Web Data Engineering Access Control Authentication & Authorization UB CSE 510 Web

CSE 510 Web Data Engineering Access Control Authentication & Authorization UB CSE 510 Web Data Engineering Access Control Mechanisms Declarative Authorization using Realms The expression of app security external to the app

540 views • 26 slides
Parameterized Verification goes Safety Analysis of Access Control Policies Silvio Ranise ,

Parameterized Verification goes Safety Analysis of Access Control Policies Silvio Ranise ,

Parameterized Verification goes Safety Analysis of Access Control Policies Silvio Ranise , Riccardo Traverso, Anh Truong FBK-Irst, Trento, Italy Metodi dichiarativi nella verifica di sistemi parametrici Milano, 25-26 Settembre, 2014 Ranise

577 views • 40 slides
Risk-Aware Role-Based Access Control Liang Chen Jason Crampton Information Security Group, Royal

Risk-Aware Role-Based Access Control Liang Chen Jason Crampton Information Security Group, Royal

Risk-Aware Role-Based Access Control Liang Chen Jason Crampton Information Security Group, Royal Holloway, University of London 7th International Workshop on Security and Trust Management Risk-Aware RBAC Introduction Introduction

604 views • 16 slides
Project AutoMate SESAME: Dynamic Context Aware Access Control G. Zhang, The AutoMate Group The

Project AutoMate SESAME: Dynamic Context Aware Access Control G. Zhang, The AutoMate Group The

Project AutoMate SESAME: Dynamic Context Aware Access Control G. Zhang, The AutoMate Group The Applied Software Systems Laboratory Rutgers, The State University of New Jersey http://automate.rutgers.edu CAIP Autonomic Computing

380 views • 6 slides
Evaluating access control policies through model-checking IFIP 1.3, Sept. 05 Information Security

Evaluating access control policies through model-checking IFIP 1.3, Sept. 05 Information Security

Evaluating access control policies through model-checking IFIP 1.3, Sept. 05 Information Security Conf , Sept. 05 Mark Ryan Dimitar Guelev Nan Zhang School of Computer Science, University of Birmingham Section of Logic, Institute of

478 views • 21 slides
1 General Access Control General Access Control Control of access to memory relatively easy:

1 General Access Control General Access Control Control of access to memory relatively easy:

Role of Access Control Before closing back doors we need to close front doors Access control: determines access to files & processes in OS Fall 2008 We will return to these themes throughout the course Fall 2008 CS

512 views • 6 slides
CS419 Spring 2010 Computer Security Access Control: Policies and Mechanisms Vinod Ganapathy

CS419 Spring 2010 Computer Security Access Control: Policies and Mechanisms Vinod Ganapathy

CS419 Spring 2010 Computer Security Access Control: Policies and Mechanisms Vinod Ganapathy Lectures 9 and 10 Access Control The prevention of unauthorized use of a resource, including the prevention of use of a resource in an

1.17k views • 90 slides
Semantic security framework and context- aware role-based access control ontology for Smart

Semantic security framework and context- aware role-based access control ontology for Smart

Semantic security framework and context- aware role-based access control ontology for Smart Spaces Semantic Big Data Workshop, ACM SIGMOD 2016 Conference 2016, San Francisco, California, July 1st 2016 Shohreh Hosseinzadeh, Natalia

240 views • 19 slides
Access Control Policies www.skills-1st.co.uk for LDAP Andrew Findlay Skills 1st Ltd

Access Control Policies www.skills-1st.co.uk for LDAP Andrew Findlay Skills 1st Ltd

Access Control Policies www.skills-1st.co.uk for LDAP Andrew Findlay Skills 1st Ltd andrew.findlay@skills-1st.co.uk January 2009 Why Access Control? Keep the bad guys out! www.skills-1st.co.uk Let the good guys in Who can read

501 views • 22 slides

More recommend