Gail-Joon Ahn and Ravi Sandhu George Mason University Myong Kang and Joon Park Naval Research Laboratory Injecting RBAC to Secure a Web-based Workflow.

Slides:



Advertisements
Similar presentations
TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST
Advertisements

You have been given a mission and a code. Use the code to complete the mission and you will save the world from obliteration…
1 MiRo: A Virtual Private Network For Telehealth Services ROBERTO DI ROSA, MIRCO STURARI, ALDO FRANCO DRAGONI*, GIUSEPPE GIAMPIERI** *DEIT, Dipartimento.
Advanced Piloting Cruise Plot.
Kapitel 21 Astronomie Autor: Bennett et al. Galaxienentwicklung Kapitel 21 Galaxienentwicklung © Pearson Studium 2010 Folie: 1.
Cyber-Identity, Authority and Trust in an Uncertain World
Cyber-Identity, Authority and Trust in an Uncertain World
1 ACSAC 2002 © Mohammad al-Kahtani 2002 A Model for Attribute-Based User-Role Assignment Mohammad A. Al-Kahtani Ravi Sandhu George Mason University SingleSignOn.net,
1 Framework for Role-Based Delegation Models (RBDMs) By: Ezedin S.Barka and Ravi Sandhu Laboratory Of Information Security Technology George Mason University.
INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.
ARBAC99 (Model for Administration of Roles)
Institute for Cyber Security
Logical Model and Specification of Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University.
ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University.
SECURING CYBERSPACE: THE OM-AM, RBAC AND PKI ROADMAP Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University
Future Directions in Role-Based Access Control Models Ravi Sandhu Co-Founder and Chief Scientist SingleSignOn.Net & Professor of Information Technology.
A Logic Specification for Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University SACMAT 2004.
SSL Trust Pitfalls Prof. Ravi Sandhu.
A Role-Based Delegation Model and some extensions By: Ezedin S.Barka Ravi Sandhu George Mason University.
A THREE TIER ARCHITECTURE FOR ROLE-BASED ACCESS CONTROL Ravi Sandhu and Hal Feinstein Seta Corporation McLean, VA Ongoing NIST-funded project Other Project.
© Ravi Sandhu Security Issues in P2P Systems Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.
© 2005 Ravi Sandhu Role Usage and Activation Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security.
SSL Trust Pitfalls Prof. Ravi Sandhu. 2 © Ravi Sandhu 2002 THE CERTIFICATE TRIANGLE user attributepublic-key X.509 identity certificate X.509 attribute.
OM-AM and RBAC Ravi Sandhu * Laboratory for Information Security Technology (LIST) George Mason University.
Engineering Authority and Trust in Cyberspace: The OM-AM and RBAC Way Prof. Ravi Sandhu George Mason University
Chapter 1 The Study of Body Function Image PowerPoint
Fatma Y. ELDRESI Fatma Y. ELDRESI ( MPhil ) Systems Analysis / Programming Specialist, AGOCO Part time lecturer in University of Garyounis,
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 5 Author: Julia Richards and R. Scott Hawley.
1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.
By D. Fisher Geometric Transformations. Reflection, Rotation, or Translation 1.
Copyright (c) 2002 Japan Network Information Center Introduction of JPNICs New Registry System Izumi Okutani IP Address Section Japan Network Information.
Implementation of a Validated Statistical Computing Environment Presented by Jeff Schumack, Associate Director – Drug Development Information September.
Document #07-12G 1 RXQ Customer Enrollment Using a Registration Agent Process Flow Diagram (Switch) Customer Supplier Customer authorizes Enrollment.
Document #07-12G 1 RXQ Customer Enrollment Using a Registration Agent Process Flow Diagram (Switch) Customer Supplier Customer authorizes Enrollment.
Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination.
19 Copyright © 2005, Oracle. All rights reserved. Distributing Modular Applications: Developing Web Services.
Copyright CompSci Resources LLC Web-Based XBRL Products from CompSci Resources LLC Virginia, USA. Presentation by: Colm Ó hÁonghusa.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Title Subtitle.
My Alphabet Book abcdefghijklm nopqrstuvwxyz.
0 - 0.
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.
Addition Facts
ZMQS ZMQS
BT Wholesale October Creating your own telephone network WHOLESALE CALLS LINE ASSOCIATED.
ABC Technology Project
VOORBLAD.
IONA Technologies Position Paper Constraints and Capabilities for Web Services
Squares and Square Root WALK. Solve each problem REVIEW:
© 2012 National Heart Foundation of Australia. Slide 2.
Chapter 5 Test Review Sections 5-1 through 5-4.
GG Consulting, LLC I-SUITE. Source: TEA SHARS Frequently asked questions 2.
Addition 1’s to 20.
25 seconds left…...
Januar MDMDFSSMDMDFSSS
REGISTRATION OF STUDENTS Master Settings STUDENT INFORMATION PRABANDHAK DEFINE FEE STRUCTURE FEE COLLECTION Attendance Management REPORTS Architecture.
Week 1.
We will resume in: 25 Minutes.
©Brooks/Cole, 2001 Chapter 12 Derived Types-- Enumerated, Structure and Union.
PSSA Preparation.
VPN AND REMOTE ACCESS Mohammad S. Hasan 1 VPN and Remote Access.
- 1 - Defense Security Service Background: During the Fall of 2012 Defense Security Service will be integrating ISFD with the Identity Management (IdM)
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
CpSc 3220 Designing a Database
OM-AM and RBAC Ravi Sandhu*
Presentation transcript:

Gail-Joon Ahn and Ravi Sandhu George Mason University Myong Kang and Joon Park Naval Research Laboratory Injecting RBAC to Secure a Web-based Workflow System

2 © Gail J. Ahn 2000 WORKFLOW MANAGEMENT SYSTEMS ¨ Control and coordinate processes that may be processed by different processing entities ¨ Received much attention ¨ Marriage with Web technology ¨ Minimal security services

3 © Gail J. Ahn 2000 RELATED WORKS ¨ D. Hollingsworth, 1995 ¨ Peter J. Denning, 1996 ¨ Johann Eder et el., 1997 (Panta Rhei) ¨ J. Miller et al., 1998 (METEOR) ¨ Myong H. Kang et al., 1999 ¨ Wei-Kuang Huang and Vijay Atluri, 1999

4 © Gail J. Ahn 2000 OBJECTIVE ¨ Inject role-based access control (RBAC) into an existing web-based workflow system

5 © Gail J. Ahn 2000 WHY RBAC? ¨ A mechanism which allows and promotes an organization-specific access control policy based on roles ¨ Has become widely accepted as the proven technology

6 © Gail J. Ahn 2000 ROLES USERS PERMISSIONS SIMPLIFIED RBAC MODEL RH UA PA

7 © Gail J. Ahn 2000 ROLE-BASED SECURE WORKFLOW SYSTEM ¨ Workflow Design Tool ¨ Workflow (WF) System ¨ Role Server

8 © Gail J. Ahn 2000 WF system BASIC COMPONENTS Role Server user-role assignment user-role DB Certificate server role-hierarchy NRL design tool role-task assignment role-hierarchy client T1 T2-2 T2-1 T3 CORBA IIOP HTTP

9 © Gail J. Ahn 2000 ARCHITECTURES ¨ USER-PULL STYLE ¨ SERVER-PULL STYLE

10 © Gail J. Ahn 2000 Role Server WF design toolWF system User-role assignment role-task assignment role-hierarchy user-role DB Certificate server role-hierarchy T1 T2-2 T2-1 T3 Role-hierarchy client Authentication information Authorization information Workflow enforcement information USER-PULL STYLE

11 © Gail J. Ahn 2000 Role Server WF design toolWF system User-role assignment role-task assignment role-hierarchy user-role DB Certificate server role-hierarchy T1 T2-2 T2-1 T3 Role-hierarchy client Authentication information Authorization information Workflow enforcement information SERVER-PULL STYLE

12 © Gail J. Ahn 2000 NRL (Naval Research Lab.) DESIGN TOOL ¨ design workflow model ¨ create role and role hierarchies ¨ assign role to task ¨ exporting role hierarchies to role server

13 © Gail J. Ahn 2000 Platform: Windows NT, JDK1.2 Organization Editor <!--URA Revision: 1 Mon Dec 07 15:59:28 EDT > <!DOCTYPE Organization SYSTEM "../dtd/Organization.dtd"> URA director NRL DESIGN TOOL (Cont d)

14 © Gail J. Ahn 2000 WORKFLOW SYSTEM ¨ each task server is web server ¨ user should present client authentication certificate user s privilege is authorized by content of certificate (specially client s role information)

15 © Gail J. Ahn 2000 ROLE AUTHORIZATION ON WORKFLOW SYSTEM client Task Server (Web Server) resources 1. access the resource 3. read resource 4. display resource 2.1 get client certificate 2.2 retrieve role information 2.3 check authorization status

16 © Gail J. Ahn 2000 ROLE SERVER ¨ User Role Assignment ¨ Certificate Server

17 © Gail J. Ahn 2000 USER ROLE ASSIGNMENT ¨ maintain role hierarchies and user database ¨ assign users to roles ¨ generate user-role database

18 © Gail J. Ahn 2000 Converted Role Hierarchy File Alice : director Bob : engineer Chris : pro-leader USER ROLE ASSIGNMENT (Cont d)

19 © Gail J. Ahn 2000 CERTIFICATE SERVER ¨ authenticate client retrieve client s role information from user-role database issue certificate with client s role information

20 © Gail J. Ahn 2000 X.509 CERTIFICATE Serial number : seu89084jdys Validity : Subject/Name/Organization Common Name = Gail J. Ahn Organization Unit = staff.. Public key: 1e354276ssfatew djkfh ks wef Singed By : List, GMU kljsuytoj jdj284jds 4djso475-28ejd7-18re Public Key Private Key Certificate Authority Role Information

21 © Gail J. Ahn 2000 CERTIFICATE ISSUE

22 © Gail J. Ahn 2000 CERTIFICATE AUTHORIZATION OVER SSL client Task Server server certificate client certificate SSL connection Role authorization

23 © Gail J. Ahn 2000 client Task Server SSL connection Proxy Server task.html Request resource Forward resource Send resource Send modified request task.html REVERSE PROXYING (MINIMAL CHANGES IN SERVER SIDE)

24 © Gail J. Ahn 2000 client Certificate Server Role Server Task Server Step 1 Step 5 Step 4 Step 2Step 3 Proxy Server SSL FINAL SCENARIO IP checking Step 6

25 © Gail J. Ahn 2000 CONCLUSION ¨ Model-driven experimental research ¨ Develop and motivate the model first ¨ Then implement on COTS platforms ¨ OM-AM Approach ¨ Objective ¨ Model ¨ Architecture ¨ Mechanism ¨ Funded by Naval Research Lab

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.