meta policies for distributed role based access control
play

Meta-policies for Distributed Role-based Access Control Andrs - PowerPoint PPT Presentation

Oct 13, 2022 •329 likes •480 views

Meta-policies for Distributed Role-based Access Control Andrs Belokosztolszki, Ken Moody {ab374,km}@cl.cam.ac.uk University of Cambridge, Computer Laboratory, OPERA Policy 2002 1 Outline Role-Based Access Control OASIS

  1. Meta-policies for Distributed Role-based Access Control András Belokosztolszki, Ken Moody {ab374,km}@cl.cam.ac.uk University of Cambridge, Computer Laboratory, OPERA Policy 2002 1

  2. Outline • Role-Based Access Control • OASIS • Meta-Policies – Meta-Policy Types – Compliance • Summary Policy 2002 2

  3. Role-Based Access Control Authorization Activation Roles Privileges Sessions Activation Policy 2002 3

  4. OASIS Rules (Open Architecture for Secure Interworking Services) Activation Rule MC MC MC Prerequisite Environmental Appointment Role Predicates Parameters Parameters Parameters Authorization Rule Policy 2002 4

  5. Administrative Domains Users Admin Policy SLA SLA SLA Policy 2002 5

  6. Problems • SLA maintenance – New domain, change to a domain, … • Policy evolution • Information hiding • Information about the policy • Local Autonomy Policy 2002 6

  7. Meta-Policies • Data types • Objects (privileges) • Functions and Predicates • Roles (parameters) • Appointment Certificates (parameters) • Rules (membership conditions) • Explicit / Implicit • Negation • Constraints (SSoD, …) Policy 2002 7

  8. Meta-Policy Types • Compliance • Interface – For a single domain – Communication with other Domains – Information for users Meta-Pol – Higher level policies – Policy evolution Exp Imp Policy 2002 8

  9. Mappings • Meta-Policies are mapped to Policies – Data-types (one-to-one, one directional) – Functions / Environmental Predicates – Roles / Appointments – Rules – Other Constraints (SSOD, …) • Policy or subset of a policy is considered • Direction of Mappings • Parameters (and constants) Policy 2002 9

  10. Compliance Check • Existence of the mappings • Prerequisite services? • Rules: 1. Translating into policy context 2. Checking explicit rules 3. Checking Implicit rules • Negation (entire policy is considered) 4. Other Constraints • Result: Certificate Policy 2002 10

  11. SLA generation • For Interface Meta-Policies: • Automatic generation Meta-Policy Importing Exporting SLA Policy 2002 11

  12. Implementation Desert: Mapping Editor SLA generator Policy 2002 12

  13. Summary • Meta-Policies (Compliance/Interface) • Implementation (Desert) – Mapping editor – SLA generator Policy 2002 13

  14. Acknowledgement • King’s College Cambridge Graduate Student Fund • Overseas Research Students Award Scheme Policy 2002 14

Recommend

A Distributed Calculus for Role-Based Access Control Chiara Braghin joint work with D. Gorla and

A Distributed Calculus for Role-Based Access Control Chiara Braghin joint work with D. Gorla and

A Distributed Calculus for Role-Based Access Control Chiara Braghin joint work with D. Gorla and V. Sassone MyThS Meeting, Venice, June, 14th, 2004 A Distributed Calculus for Role-Based Access Control p.1/18 RBAC Why: Role-Based Access

613 views • 36 slides
Rewrite-Based Access Control Policies in Distributed Environments Maribel Fern andez Kings

Rewrite-Based Access Control Policies in Distributed Environments Maribel Fern andez Kings

Rewrite-Based Access Control Policies in Distributed Environments Maribel Fern andez Kings College London Joint work with Clara Bertolissi (LIF, Univ. Marseilles) 12th CREST Open Workshop - Security and Code April 2011 M. Fern andez

1.04k views • 30 slides
Cassandra: Distributed Access Control Policies with Tunable Expressiveness Moritz Y. Becker and

Cassandra: Distributed Access Control Policies with Tunable Expressiveness Moritz Y. Becker and

Cassandra: Distributed Access Control Policies with Tunable Expressiveness Moritz Y. Becker and Peter Sewell Computer Laboratory, University of Cambridge, U.K. Cassandra: Distributed Access Control Policies with Tunable Expressiveness p.

1.44k views • 20 slides
Role-based access control Role-based access control 1 RBAC: Motivations Complexity of

Role-based access control Role-based access control 1 RBAC: Motivations Complexity of

Role-based access control Role-based access control 1 RBAC: Motivations Complexity of security administration p y y For large number of subjects and objects, the number of authorizations can become extremely large For dynamic

536 views • 51 slides
Rewrite Specifications of Access Control Policies in Distributed Environments C. Bertolissi and

Rewrite Specifications of Access Control Policies in Distributed Environments C. Bertolissi and

Rewrite Specifications of Access Control Policies in Distributed Environments C. Bertolissi and M. Fernndez LIF , Marseille & Kings College London WTS2010, Nancy C. Bertolissi, M. Fernndez () Term rewriting for Access Control

1.04k views • 28 slides
Role-Based Access Control Corban Rivera CS 6204, Spring 2005 1 Trusted Computer System

Role-Based Access Control Corban Rivera CS 6204, Spring 2005 1 Trusted Computer System

Role-Based Access Control Corban Rivera CS 6204, Spring 2005 1 Trusted Computer System Evaluation Criteria (TCSEC) Background MAC Mandatory Access Control Firm security levels DAC Discretionary Access Control Access

240 views • 6 slides
Static enforceability of XPath-based access control policies James Cheney University of

Static enforceability of XPath-based access control policies James Cheney University of

Static enforceability of XPath-based access control policies James Cheney University of Edinburgh DBPL 2013 August 30, 2013 Background Access control for XML databases Read-only security views [Stoica & Farkas 2002, Fan

431 views • 29 slides
PERMIS Role-Based Access Control Example System Presenter: Haiyan Cheng CS 6204, Spring 2005 1

PERMIS Role-Based Access Control Example System Presenter: Haiyan Cheng CS 6204, Spring 2005 1

PERMIS Role-Based Access Control Example System Presenter: Haiyan Cheng CS 6204, Spring 2005 1 PERMIS Review A role-based access control infrastructure Uses X.509 attribute certificate (AC) to store users roles All access

397 views • 8 slides
1 General Access Control General Access Control Control of access to memory relatively easy:

1 General Access Control General Access Control Control of access to memory relatively easy:

Role of Access Control Before closing back doors we need to close front doors Access control: determines access to files & processes in OS Fall 2008 We will return to these themes throughout the course Fall 2008 CS

512 views • 6 slides
Delegation in Role-Based Access Control Controlling delegation Enforcing transfer delegation

Delegation in Role-Based Access Control Controlling delegation Enforcing transfer delegation

Introduction Delegation operations in hierarchical RBAC Delegation in Role-Based Access Control Controlling delegation Enforcing transfer delegation Jason Crampton Hemanth Khambhammettu semantics Conclusion Information Security

959 views • 57 slides
An Automated Model-based Test Oracle for Access Control Systems Antonia Bertolino 1 , Said

An Automated Model-based Test Oracle for Access Control Systems Antonia Bertolino 1 , Said

An Automated Model-based Test Oracle for Access Control Systems Antonia Bertolino 1 , Said Daoudagh 1,2 , Francesca Lonetti 1 , Eda Marchetti 1 1 ISTI-CNR 2 University of Pisa Agenda Introduction Access Control Systems XACML policies

459 views • 31 slides
Role-Based Access Control CS461/ECE422 Spring 2012 Reading

Role-Based Access Control CS461/ECE422 Spring 2012 Reading

Role-Based Access Control CS461/ECE422 Spring 2012 Reading Material Chapter 4, sec?ons 4.5 and 4.6 [SFK00] DAC vs RBAC DAC Users, Groups

415 views • 25 slides
Constraints in Role-Based Access Control Jason Crampton Information Security Group, Royal

Constraints in Role-Based Access Control Jason Crampton Information Security Group, Royal

Constraints in Role-Based Access Control Jason Crampton Information Security Group, Royal Holloway University of London jason.crampton@rhul.ac.uk www.isg.rhul.ac.uk/~jason Outline Introduction Separation of duty Role-based

482 views • 14 slides
A System to Specify and Manage Multipolicy Access Control Models Elisa Bertino Barbara Catania

A System to Specify and Manage Multipolicy Access Control Models Elisa Bertino Barbara Catania

Policy 2002: IEEE 3rd International Workshop on Policies for Distributed Systems and Networks Hosted by the Naval Postgraduate School , Monterey, California, U.S.A. June 5-7, 2002 A System to Specify and Manage Multipolicy Access Control Models

671 views • 29 slides
Working Set- -Based Access Control for Based Access Control for Working Set Network File

Working Set- -Based Access Control for Based Access Control for Working Set Network File

Working Set- -Based Access Control for Based Access Control for Working Set Network File Systems Network File Systems Stephen Smaldone, Vinod Ganapathy, and Liviu Iftode DiscoLab - Department of Computer Science Rutgers, The State University

667 views • 23 slides
Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions Protection objects : system resources for which protection is

576 views • 21 slides
Applying Hierarchical and Role-Based Access Control to XML Documents Jason Crampton Information

Applying Hierarchical and Role-Based Access Control to XML Documents Jason Crampton Information

Applying Hierarchical and Role-Based Access Control to XML Documents Jason Crampton Information Security Group Royal Holloway, University of London ACM Workshop on Secure Web Services 2004 George Mason University, 29 October 2004 Applying

647 views • 31 slides
Towards Standardization of Distributed Access Control Mario Lischka, Yukiko Endo Elena

Towards Standardization of Distributed Access Control Mario Lischka, Yukiko Endo Elena

Towards Standardization of Distributed Access Control Mario Lischka, Yukiko Endo Elena Torroglosa, Alejandro Prez, Antonio G. Skarmeta NEC Laboratories Europe University of Murcia Presentation at W3C Workshop on Access Control Application

555 views • 9 slides
Semantic security framework and context- aware role-based access control ontology for Smart

Semantic security framework and context- aware role-based access control ontology for Smart

Semantic security framework and context- aware role-based access control ontology for Smart Spaces Semantic Big Data Workshop, ACM SIGMOD 2016 Conference 2016, San Francisco, California, July 1st 2016 Shohreh Hosseinzadeh, Natalia

240 views • 19 slides
ROLE BASED ACCESS CONTROL (RBAC) John Barkley RBAC Project Leader Software Diagnostics and

ROLE BASED ACCESS CONTROL (RBAC) John Barkley RBAC Project Leader Software Diagnostics and

ROLE BASED ACCESS CONTROL (RBAC) John Barkley RBAC Project Leader Software Diagnostics and Conformance Testing National Institute of Standards and Technology (301) 975-3346 jbarkley@nist.gov http://hissa.nist.gov/rbac/ ACTIVE PARTICIPANTS

635 views • 27 slides
Access Control Enforcement Access Control Enforcement for Conversation- -based based for

Access Control Enforcement Access Control Enforcement for Conversation- -based based for

The Cyber Center The Cyber Center Access Control Enforcement Access Control Enforcement for Conversation- -based based for Conversation Web Services Web Services Massimo Mecella * Mourad Ouzzani Univ. Roma LA SAPIENZA, Italy Purdue

375 views • 26 slides
Distributed Statistical Inference using Type Based Random Access over Multi-access Fading

Distributed Statistical Inference using Type Based Random Access over Multi-access Fading

Type Based Random Access Performance Metric Optimal TBRA Conclusion Distributed Statistical Inference using Type Based Random Access over Multi-access Fading Channels Animashree Anandkumar and Lang Tong Adaptive Communication and Signal

619 views • 40 slides
Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of Access Control Discretionary acces control Mandatory access control Real systems: Unix Access Control Model Access control Access

817 views • 47 slides
Institute for Cyber Security A Framework for Risk-Aware Role Based Access Control Khalid Zaman

Institute for Cyber Security A Framework for Risk-Aware Role Based Access Control Khalid Zaman

Institute for Cyber Security A Framework for Risk-Aware Role Based Access Control Khalid Zaman Bijon, Ram Krishnan and Ravi Sandhu Institute for Cyber Security University of Texas at San Antonio October 16, 2013 SafeConfig 2013: IEEE 6th

227 views • 18 slides

More recommend