Dynamic Access Control Policy Management for Web Applications

Slides:



Advertisements
Similar presentations
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Advertisements

Secure Data Storage in Cloud Computing Submitted by A.Senthil Kumar( ) C.Karthik( ) H.Sheik mohideen( ) S.Lakshmi rajan( )
Contrail and Federated Identity Management
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
High Performance Computing Course Notes Grid Computing.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Connect. Communicate. Collaborate Click to edit Master title style MODULE 1: perfSONAR TECHNICAL OVERVIEW.
WSO2 Identity Server Road Map
Securing the Broker Pattern Patrick Morrison 12/08/2005.
8.2 Discretionary Access Control Models Weiling Li.
Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.
James Martin CpE 691, Spring 2010 February 11, 2010.
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
Identity Federation in Healthcare Networks Xiaohui Chen Department of Computer Science University of Virginia.
Will Darby April  What is Federated Security  Example Implementations  Security Assertion Markup Language (SAML) Overview  Alternative.
Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.
Using Digital Credentials On The World-Wide Web M. Winslett.
3.3.5 Technology Infrastructure The technological infrastructure subtaxonomy (Fig. 3.7) is responsible to classify a cloud environment according to the.
A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.
Dynasis Secure Group Information Sharing System ADVISOR: DR. AWAIS SHIBLI CO-ADVISOR: DR. ABDUL GHAFOOR GROUP MEMBERS: MANSOOR AHMED SAIF ULLAH YASIR.
Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Secure Knowledge Management: and.
A Survey of Risk: Federated ID Management in Cloud and Grid Computing Presentation by Andy Wood (P )
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.
Web services security I
Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.
July 25, 2005 PEP Workshop, UM A Single Sign-On Identity Management System Without a Trusted Third Party Brian Richardson and Jim Greer ARIES Lab.
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Cloud based Secure.
LÊ QU Ố C HUY ID: QLU OUTLINE  What is data mining ?  Major issues in data mining 2.
1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
UMA Could I Manage My Own Data. Please?. Agenda Business Trends & Technical Solutions Distributed Business (Decentralisation) Mobility & Automation Delegation.
● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0.
Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz
Introduction to the Mobile Security (MD)  Chaitanya Nettem  Rawad Habib  2015.
Identity Management Report By Jean Carreon and Marlon Gonzales.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Indo-US Workshop, June23-25, 2003 Building Digital Libraries for Communities using Kepler Framework M. Zubair Old Dominion University.
Serving society Stimulating innovation Supporting legislation Danny Vandenbroucke & Ann Crabbé KU Leuven (SADL) AAA-architecture for.
A Flexible Access Control Model for Web Services Elisa Bertino CERIAS and CS Department, Purdue University Joint work with Anna C. Squicciarini – University.
A security framework combining access control and trust management for mobile e-commerce applications Gregor v.Bochmann, Zhen Zhang, Carlisle Adams School.
Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin
Supporting further and higher education The Akenti Authorisation System Alan Robiette, JISC Development Group.
Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.
Shibboleth: An Introduction
Access Control and Markup Languages Pages 183 – 187 in the CISSP 1.
Cerberus: A Context-Aware Security Scheme for Smart Spaces presented by L.X.Hung u-Security Research Group The First IEEE International Conference.
University of British Columbia Towards Web 2.0 Content Sharing Beyond Walled Gardens San-Tsai Sun Supervisor: Kosta Beznosov Laboratory for Education and.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
New Developments in Access Management: Setting the Scene Alan Robiette JISC Development Group JISC-CNI Conference, June 2002.
Introducing WI Proposal about Authorization Architecture and Policy Group Name: WG4 Source: Wei Zhou, Datang, Meeting Date: Agenda Item:
Introducing WI Proposal about Authorization Architecture and Policy Group Name: WG4 Source: Wei Zhou, Datang, Meeting Date: Agenda Item:
Time-Space Trust in Networks Shunan Ma, Jingsha He and Yuqiang Zhang 1 College of Computer Science and Technology 2 School of Software Engineering.
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Security and Privacy for the Smart Grid James Bryce Clark, OASIS Robert Griffin, RSA Hal Lockhart, Oracle.
Event-Based Model for Reconciling Digital Entities Ahmet Fatih Mustacoglu Ahmet E. Topcu Aurel Cami Geoffrey C. Fox Indiana University Computer Science.
Secure Mobile Development with NetIQ Access Manager
INDIGO – DataCloud Security and Authorization in WP5 INFN RIA
CSc 8320 Advanced Operating Systems Chapter 8 Distributed Computer Security 8.1 Fundamentals of Computer Security FALL 2013 Instructor: Prof. Yanqing Zhang.
AAI for a Collaborative Data Infrastructure
Federated IdM Across Heterogeneous Clouding Environment
Secure Authentication System for Public WLAN Roaming
PLUG-N-HARVEST ID: H2020-EU
Security & .NET 12/1/2018.
Multi-party Authentication in Web Services
Computer Network Information Center, Chinese Academy of Sciences
Presentation transcript:

Dynamic Access Control Policy Management for Web Applications Misbah Irum NUST-MS-CCS-21 Supervisor: Dr.Abdul Ghafoor Abbasi

Agenda Overview Introduction Existing work Problem statement Abstract Architecture Workflow Roadmap References

Overview The rapidly developing web environment provides users with a wide set of rich services as varied and complex as desktop applications. This allow users to create, manage and share their content online. It is the user who creates this data, who disseminates it and who shares it with other users and services. Storing and sharing resources on the Web poses new security challenges. Access control in particular, is currently poorly addressed in such an environment

Introduction Access control (authorization) protects resources against unauthorized disclosure and unauthorized or improper modifications. It ensures that any access to resources or data is according to access control policies of the system.

Introduction As the web evolved user is storing and sharing more and more resources on the web. Access control provided by the web application is tightly bound to the functionality of the application and is not flexible and according to the security requirements of the user. User control the resources according to the limited access control options provided by these web applications which can result in loss of privacy and may raise other security concerns like theft, fraud etc.

Introduction As the Web has evolved it has become exceedingly user-centric and user-driven. It has recently adopted a user centric identity model where authentication is delegated to third party Identity Providers (IdP) using such protocols as OpenID or Shibboleth . However, the Web still lacks a comparable access control solution based on concepts analogous to OpenID. Such a mechanism would allow users to choose their preferred access control components and use their functionality for various Web applications

Literature Survey For the purposed work literature survey is to be carried out in two parts: Research been done on user-centric access control Access control in traditional web applications

xAccess: A Unified User-Centric Access Control Framework for Web Applications In this research Kapil Singh provides a user centric access control framework. It allows the user to set access control on their content which they upload on web applications. Analysis: Can only be used with the applications which has installed the xAccess server component. Not generic and can not meet all the access requirements of the user. E.g. section level access control etc. Singh, K.“ xAccess: A unified user-centric access control framework for web applications," Network Operations and Management Symposium (NOMS),, pp.530-533, 16-20 April 2012

Architecture and Protocol for User-Controlled Access Management in Web 2.0 Applications Machulak and Moorsel presented this paper in the 2010 IEEE 30th International Conference on Distributed Computing Systems. Analysis: No authentication, only deals with authorization. Working of authorization Manager is not explained. Too many steps involved which increases the complexity . Machulak, M.P., van Moorsel, A., "Architecture and Protocol for User-Controlled Access Management in Web 2.0 Applications" . 30th International Conference on Distributed Computing Systems Workshops (ICDCSW), pp.62-71, 21-25 June 2010.

Policy Management as a Service: An Approach to Manage Policy Heterogeneity in Cloud Computing Environment This paper was presented in 2012 45th Hawaii International conference on system sciences. In this research Takabi and Joshi provides policy management as a service in cloud computing environment. Analysis: Only policy specification service is provided. Exporting policies into CSP is a complex task and interoperability is a big issue. If user removes the content from one application and move to another application the removal and exportation of policies have to be done. Takabi, H., Joshi, J.B.D., "Policy Management as a Service: An Approach to Manage Policy Heterogeneity in Cloud Computing Environment”. 45th Hawaii International Conference on System Science (HICSS) , pp.5500-5508, 4-7 Jan, 2012.

Oauth 2.0 protocol Resource Owner Client Authorization Server Oath is an open standard for authorization. It is an authorization delegation protocol. users delegate limited access of their content to other third party applications . Only provide access delegation services. User cannot write access policies and protect their resources according to their access requirements. 1.Authorization request Client Resource Owner 2. Authorization grant 3.Authorization grant Authorization Server 4.Access Token 5.Access Token Resource Server 6.Protected Resource

Access Control in Traditional Web Applications Access control provided by web application resides within the web application. User is provided with certain Access control options. User sets access control on its own resource from these options.

Problems Some of the problems found in the access control provided by web services are as follows: Access control lacks sophistication since it is a side issue for typical cloud-based Web 2.0 applications. User needs to use many diverse and possibly incompatible policy languages. User needs to use many diverse and bespoke policy management tools with diversified User Experience. User lacks a consolidated view of the applied access control policies across multiple Web applications.

Problem Statement Design a secure and generic User Control Access Management protocol which facilitates the user to dynamically define access control policies on their self generated resources and their sharing to authorized users through web services.

Abstract Architecture Authentication Server IDMS Authorization Server Policy Database Policy Engine Web Server User Access Control Policy Protected Resources Requestor

Authentication Server Work Flow Authentication Server 3.2. Identity info 3.1. ticket IDMS Authorization Server 1.1. Identity info Policy Database Policy Engine 1.2. ticket 2.4. upload policies Requestor User Access Control Policy 4.4 query for decision 4.5. Access control decision 4.1. ticket 2.3. create policy 4.2 Application access 2.1. ticket Web Server 4.3 Access request Protected Resources 2.2 Application access 4.6. Resource 2.5. upload resource

Standard and Technologies Security Assertion Markup Language (SAML) – web services security standard Extensible Access Control Markup Language (XACML 3.0)- policy specification FIPS 196- authentication Google docs- web service

Thesis Road Map Detailed Design Milestones Duration Preliminary Study and Research Done Detailed Design 2 weeks Implementation 1.1implementing authentication protocol 1 month 1.2 Creating Access control Policy module 1.3 implementing authorization server 1.4 implementation of final framework incorporating user-centric authorization model Testing and evaluation Thesis writing

References Fugkeaw, S. Manpanpanich, P., Juntapremjitt, S., "A development of multi-SSO authentication and RBAC model in the distributed systems”. 2nd International Conference on Digital Information Management , pp.297-302, 28-31 Oct, 2007. Sunan Shen, Shaohua Tang , "Cross-Domain Grid Authentication and Authorization Scheme Based on Trust Management and Delegation”. International Conference on Computational Intelligence and Security, vol.1, pp.399-404, 13-17 Dec, 2008. Osio, G., "A User Perspective on Cloud Computing“. Third International Conference on Advances in Human-Oriented and Personalized Mechanisms, Technologies and Services, pp.1-4, 22-27 Aug, 2010. Ting Zhang, WenAn Tan, "Role-based dynamic access control for Web services ", International Conference on Computer Application and System Modeling (ICCASM), vol.4, pp.V4-507-V4-510, 22-24 Oct, 2010. Laborde, R., Cheaito, M., Barrere, F., Benzekri, A., "An Extensible XACML Authorization Web Service: Application to Dynamic Web Sites Access Control”. Fifth International Conference on Signal-Image Technology & Internet-Based Systems (SITIS), pp.499-505, Nov. 29 2009-Dec. 4 2009.

References Jing Gao, Bin Zhang, Zhiyu Ren , "A dynamic authorization model based on security label and role”. IEEE International Conference on Information Theory and Information Security (ICITIS), pp.650-653, 17-19 Dec, 2010. Fei Xu, Jingsha He, Xu Wu, Jing Xu , "A User-Centric Privacy Access Control Model”. 2nd International Symposium on Information Engineering and Electronic Commerce (IEEC), pp.1-4, 23-25 July, 2010. Gail-Joon Ahn, Moonam Ko, Shehab, M., "Privacy-Enhanced User-Centric Identity Management”. IEEE International Conference on Communications, pp.1-5, 14-18 June, 2009. Becker, M.Y., "Specification and Analysis of Dynamic Authorization Policies”. 22nd IEEE Computer Security Foundations Symposium, pp.203-217, 8-10 July, 2009. Xiangrong Zu, Lianzhong Liu, Yan Bai, "A Role and Task-Based Workflow Dynamic Authorization Modeling and Enforcement Mechanism" .1st International Conference on Information Science and Engineering (ICISE), pp.1593-1596, 26-28 Dec, 2009. Procha´zka, M., Kouril, D.,Matyska, L., "User centric authentication for web applications” . International Symposium on Collaborative Technologies and Systems (CTS), , pp.67-74, 17-21 May, 2010.

References http:// www.oauth.net http:// www.wikipedia.org/wiki/OAuth http:// www.tools.ietf.org/html/draft-ietf-oauth-v2-31 http://www.security.setecs.com/Documents/4_SETECS_Cloud_Portal_Se curity_System.pdf http://www.security.setecs.com/Documents/5_SETECS_Cloud_Security_ Architecture.pdf

Questions & Suggestions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.