semantic attribute based access control
play

Semantic Attribute-Based Access Control An overview of the existing - PowerPoint PPT Presentation

Semantic Attribute-Based Access Control An overview of the existing approaches Hamed Arshad Department of Informatics University of Oslo March 2018 Hamed Arshad (UiO) SABAC March 2018 1 / 25 Table of Contents Introduction 1


  1. Semantic Attribute-Based Access Control An overview of the existing approaches Hamed Arshad Department of Informatics University of Oslo March 2018 Hamed Arshad (UiO) SABAC March 2018 1 / 25

  2. Table of Contents Introduction 1 Attribute-Based Access Control (ABAC) 2 Semantic-Based Access Control (SBAC) 3 Semantic Attribute-Based Access Control (SABAC) 4 Hamed Arshad (UiO) SABAC March 2018 2 / 25

  3. Table of Contents Introduction 1 Attribute-Based Access Control (ABAC) 2 Semantic-Based Access Control (SBAC) 3 Semantic Attribute-Based Access Control (SABAC) 4 Hamed Arshad (UiO) SABAC March 2018 3 / 25

  4. Introduction Access control : restricting access for computer resources, especially in multi-user and data sharing settings Hamed Arshad (UiO) SABAC March 2018 4 / 25

  5. Introduction Access control : restricting access for computer resources, especially in multi-user and data sharing settings Authentication vs Access control Hamed Arshad (UiO) SABAC March 2018 4 / 25

  6. Introduction Access control : restricting access for computer resources, especially in multi-user and data sharing settings Authentication vs Access control Authentication : Who goes there? Hamed Arshad (UiO) SABAC March 2018 4 / 25

  7. Introduction Access control : restricting access for computer resources, especially in multi-user and data sharing settings Authentication vs Access control Authentication : Who goes there? Restrictions on who (or what) can access the system Hamed Arshad (UiO) SABAC March 2018 4 / 25

  8. Introduction Access control : restricting access for computer resources, especially in multi-user and data sharing settings Authentication vs Access control Authentication : Who goes there? Restrictions on who (or what) can access the system Access control : Are you allowed to do that? Hamed Arshad (UiO) SABAC March 2018 4 / 25

  9. Introduction Access control : restricting access for computer resources, especially in multi-user and data sharing settings Authentication vs Access control Authentication : Who goes there? Restrictions on who (or what) can access the system Access control : Are you allowed to do that? Restrictions on actions of authenticated users Hamed Arshad (UiO) SABAC March 2018 4 / 25

  10. Introduction Access control : restricting access for computer resources, especially in multi-user and data sharing settings Authentication vs Access control Authentication : Who goes there? Restrictions on who (or what) can access the system Access control : Are you allowed to do that? Restrictions on actions of authenticated users Access control enforced by Hamed Arshad (UiO) SABAC March 2018 4 / 25

  11. Introduction Access control : restricting access for computer resources, especially in multi-user and data sharing settings Authentication vs Access control Authentication : Who goes there? Restrictions on who (or what) can access the system Access control : Are you allowed to do that? Restrictions on actions of authenticated users Access control enforced by Access Control Lists Capabilities ... Hamed Arshad (UiO) SABAC March 2018 4 / 25

  12. Table of Contents Introduction 1 Attribute-Based Access Control (ABAC) 2 Semantic-Based Access Control (SBAC) 3 Semantic Attribute-Based Access Control (SABAC) 4 Hamed Arshad (UiO) SABAC March 2018 5 / 25

  13. Attribute-Based Access Control (ABAC) ABAC a successor of RBAC Hamed Arshad (UiO) SABAC March 2018 6 / 25

  14. Attribute-Based Access Control (ABAC) ABAC a successor of RBAC control based on the entities attributes Hamed Arshad (UiO) SABAC March 2018 6 / 25

  15. Attribute-Based Access Control (ABAC) ABAC a successor of RBAC control based on the entities attributes A set of attributes in ABAC Hamed Arshad (UiO) SABAC March 2018 6 / 25

  16. Attribute-Based Access Control (ABAC) ABAC a successor of RBAC control based on the entities attributes A set of attributes in ABAC the same as a role in RBAC Hamed Arshad (UiO) SABAC March 2018 6 / 25

  17. Attribute-Based Access Control (ABAC) ABAC a successor of RBAC control based on the entities attributes A set of attributes in ABAC the same as a role in RBAC The XACML standard Hamed Arshad (UiO) SABAC March 2018 6 / 25

  18. Attribute-Based Access Control (ABAC) ABAC a successor of RBAC control based on the entities attributes A set of attributes in ABAC the same as a role in RBAC The XACML standard a policy language, which is sufficiently fine-grained and declarative Hamed Arshad (UiO) SABAC March 2018 6 / 25

  19. Attribute-Based Access Control (ABAC) ABAC a successor of RBAC control based on the entities attributes A set of attributes in ABAC the same as a role in RBAC The XACML standard a policy language, which is sufficiently fine-grained and declarative as well as an architecture for ABAC Hamed Arshad (UiO) SABAC March 2018 6 / 25

  20. Attribute-Based Access Control (ABAC) Hamed Arshad (UiO) SABAC March 2018 7 / 25

  21. Attribute-Based Access Control (ABAC) Hamed Arshad (UiO) SABAC March 2018 7 / 25

  22. Attribute-Based Access Control (ABAC) Hamed Arshad (UiO) SABAC March 2018 7 / 25

  23. Attribute-Based Access Control (ABAC) Hamed Arshad (UiO) SABAC March 2018 7 / 25

  24. Attribute-Based Access Control (ABAC) Hamed Arshad (UiO) SABAC March 2018 7 / 25

  25. Attribute-Based Access Control (ABAC) Hamed Arshad (UiO) SABAC March 2018 7 / 25

  26. Attribute-Based Access Control (ABAC) Hamed Arshad (UiO) SABAC March 2018 8 / 25

  27. Attribute-Based Access Control (ABAC) Hamed Arshad (UiO) SABAC March 2018 8 / 25

  28. Attribute-Based Access Control (ABAC) ABAC is supposed to be a proper solution in open and distributed systems Hamed Arshad (UiO) SABAC March 2018 9 / 25

  29. Attribute-Based Access Control (ABAC) ABAC is supposed to be a proper solution in open and distributed systems Heterogeneous systems = mismatch between attributes Hamed Arshad (UiO) SABAC March 2018 9 / 25

  30. Attribute-Based Access Control (ABAC) ABAC is supposed to be a proper solution in open and distributed systems Heterogeneous systems = mismatch between attributes Example An e-healthcare system may represent adult patients with an attribute “Adult” Hamed Arshad (UiO) SABAC March 2018 9 / 25

  31. Attribute-Based Access Control (ABAC) ABAC is supposed to be a proper solution in open and distributed systems Heterogeneous systems = mismatch between attributes Example An e-healthcare system may represent adult patients with an attribute “Adult” Patients may try to prove using “hasDriverLicense” or “age” Hamed Arshad (UiO) SABAC March 2018 9 / 25

  32. Attribute-Based Access Control (ABAC) ABAC is supposed to be a proper solution in open and distributed systems Heterogeneous systems = mismatch between attributes Example An e-healthcare system may represent adult patients with an attribute “Adult” Patients may try to prove using “hasDriverLicense” or “age” Considering all the possible synonyms (semantically) of each attribute Hamed Arshad (UiO) SABAC March 2018 9 / 25

  33. Attribute-Based Access Control (ABAC) ABAC is supposed to be a proper solution in open and distributed systems Heterogeneous systems = mismatch between attributes Example An e-healthcare system may represent adult patients with an attribute “Adult” Patients may try to prove using “hasDriverLicense” or “age” Considering all the possible synonyms (semantically) of each attribute defining several policies or one general policy Hamed Arshad (UiO) SABAC March 2018 9 / 25

  34. Attribute-Based Access Control (ABAC) ABAC is supposed to be a proper solution in open and distributed systems Heterogeneous systems = mismatch between attributes Example An e-healthcare system may represent adult patients with an attribute “Adult” Patients may try to prove using “hasDriverLicense” or “age” Considering all the possible synonyms (semantically) of each attribute defining several policies or one general policy A change in the policy Hamed Arshad (UiO) SABAC March 2018 9 / 25

  35. Attribute-Based Access Control (ABAC) ABAC is supposed to be a proper solution in open and distributed systems Heterogeneous systems = mismatch between attributes Example An e-healthcare system may represent adult patients with an attribute “Adult” Patients may try to prove using “hasDriverLicense” or “age” Considering all the possible synonyms (semantically) of each attribute defining several policies or one general policy A change in the policy a large number of manual work Hamed Arshad (UiO) SABAC March 2018 9 / 25

  36. Attribute-Based Access Control (ABAC) ABAC is supposed to be a proper solution in open and distributed systems Heterogeneous systems = mismatch between attributes Example An e-healthcare system may represent adult patients with an attribute “Adult” Patients may try to prove using “hasDriverLicense” or “age” Considering all the possible synonyms (semantically) of each attribute defining several policies or one general policy A change in the policy a large number of manual work ABAC needs to be extended Hamed Arshad (UiO) SABAC March 2018 9 / 25

  37. Table of Contents Introduction 1 Attribute-Based Access Control (ABAC) 2 Semantic-Based Access Control (SBAC) 3 Semantic Attribute-Based Access Control (SABAC) 4 Hamed Arshad (UiO) SABAC March 2018 10 / 25

Recommend


More recommend