CatBAC: A Generic Framework for Designing and Validating Hybrid Access Control Models Bernard Stepien, University of Ottawa Hemanth Khambhammettu Kamel.

Slides:



Advertisements
Similar presentations
ROWLBAC – Representing Role Based Access Control in OWL
Advertisements

Logical Model and Specification of Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University.
Information Flow and Covert Channels November, 2006.
The RBAC96 Model Prof. Ravi Sandhu. 2 © Ravi Sandhu WHAT IS RBAC?  multidimensional  open ended  ranges from simple to sophisticated.
Access Control A Meta-Model 1Dennis Kafura – CS5204 – Operating Systems.
Access Control RBAC Database Activity Monitoring.
ISBN Chapter 3 Describing Syntax and Semantics.
Process Model for Access Control Wael Hassan University of Ottawa Luigi Logrippo, Université du Québec en Outaouais.
Access Control Patterns Fatemeh Imani Mehr Amirkabir university of technology, Department of Computer Engineering & Information Technology.
Access Control Intro, DAC and MAC System Security.
Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.
Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Introduction to Computer Security ©2004 Matt Bishop.
Role Based Access Control Venkata Marella. Access Control System Access control is the ability to permit or deny the use of a particular resource by a.
Governance Policies for Privacy Access and their Interactions ICFI-2005 Waël Hassan 1 & Luigi Logrippo 2 1 University of Ottawa School of information technology.
1 Clark Wilson Implementation Shilpa Venkataramana.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 4: Access Control.
Describing Syntax and Semantics
User Domain Policies.
End-to-End Design of Embedded Real-Time Systems Kang G. Shin Real-Time Computing Laboratory EECS Department The University of Michigan Ann Arbor, MI
Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.
Role Based Access Control Models Presented By Ankit Shah 2 nd Year Master’s Student.
Policy, Models, and Trust 1. Security Policy A security policy is a well-defined set of rules that include the following: Subjects: the agents who interact.
Lecture 7 Access Control
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
Li Xiong CS573 Data Privacy and Security Access Control.
Combining KMIP and XACML. What is XACML? XML language for access control Coarse or fine-grained Extremely powerful evaluation logic Ability to use any.
1 A Role Based Administration Model For Attribute Xin Jin, Ram Krishnan, Ravi Sandhu SRAS, Sep 19, 2012 World-Leading Research with Real-World Impact!
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
CSCE 548 Secure Software Development Security Use Cases.
A Modeling Language to Model Norms Karen Figueiredo Viviane Torres da Silva Universidade Federal Fluminense (UFF)
September Security policy systems and their consistency problems Luigi Logrippo, Kamel Adi Université du Québec en Outaouais
1 Luigi Logrippo Kamel Adi Inconsistency and incompleteness in security policies
© G. Dhillon, IS Department Virginia Commonwealth University Principles of IS Security Formal Models.
1 A pattern language for security models Eduardo B. Fernandez and Rouyi Pan Presented by Liping Cai 03/15/2006.
Information flow-based Risk Assessment in Access Control Systems
Modeling Dynamic Role- based Access Constraints using UML Khaled Alghathbar George Mason University, USA and King Saud University, Riyadh, Saudi Arabia.
Session 2 - Security Models and Architecture. 2 Overview Basic concepts The Models –Bell-LaPadula (BLP) –Biba –Clark-Wilson –Chinese Wall Systems Evaluation.
Logical Method for Reasoning about Access Control and Data Flow Control Models Luigi Logrippo Laboratoire de recherche en sécurité informatique Université.
CSCE 201 Introduction to Information Security Fall 2010 Access Control.
Lattice-Based Access Control Models Ravi S. Sandhu Colorado State University CS 681 Spring 2005 John Tesch.
Structural Modeling. Objectives O Understand the rules and style guidelines for creating CRC cards, class diagrams, and object diagrams. O Understand.
Li Xiong CS573 Data Privacy and Security Access Control.
Lecture 6: Structural Modeling
Week III  Recap from Last Week Review Classes Review Domain Model for EU-Bid & EU-Lease Aggregation Example (Reservation) Attribute Properties.
Access Control MAC. CSCE Farkas 2 Lecture 17 Reading assignments Required for access control classes:  Ravi Sandhu and P. Samarati, Access Control:
Computer Science Conformance Checking of Access Control Policies Specified in XACML Vincent C. Hu (National Institute of Standards and Technology) Evan.
12/4/20151 Computer Security Security models – an overview.
Policy, Models, and Trust
September XACML: Consistency analysis Luigi Logrippo Université du Québec University of Ottawa
1 Access Control Policies: Modeling and Validation Luigi Logrippo & Mahdi Mankai Université du Québec en Outaouais.
Policy Evaluation Testbed Vincent Hu Tom Karygiannis Steve Quirolgico NIST ITL PET Report May 4, 2010.
Security Policies. Information Warfare - Farkas2 Reading For this class: – Information Security Policy - A Development Guide for Large and Small Companies,
CSCE 201 Introduction to Information Security Fall 2010 Access Control Models.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 4 Slide 1 Software Processes.
Computer Security: Principles and Practice
Access Control.
Protection & Security Greg Bilodeau CS 5204 October 13, 2009.
1 Logic issues in policy languages Luigi Logrippo Université du Québec en Outaouais and University of Ottawa Canada.
© Duminda Wijesekera, 2003 Consistent and Complete Access Control Policies in Use Cases Khaled Alghathbar George Mason University, USA and King Saud University,
Access Controls Mandatory Access Control by Sean Dalton December 5 th 2008.
Chapter 7. Hybrid Policies
CSCE 522 Access Control.
Role-Based Access Control (RBAC)
SysML 2.0 Formalism: Requirement Benefits, Use Cases, and Potential Language Architectures Formalism WG December 6, 2016.
SysML v2 Formalism: Requirements & Benefits
Validating Access Control Policies with Alloy
Role-Based Access Control (RBAC)
Security policy systems and their consistency problems
Access Control What’s New?
Presentation transcript:

CatBAC: A Generic Framework for Designing and Validating Hybrid Access Control Models Bernard Stepien, University of Ottawa Hemanth Khambhammettu Kamel Adi Luigi Logrippo Université du Québec en Outaouais

Université du Québec en Outaouais Small university of about 8,000 students Part of the “Université du Québec” network 2

Selective access control Alice works in project 1A and has security level Unclassified, can she write on file RFP? RFP

Thousand of Alices, thousands of resources …

Access Control Many subjects, many resources in an organization Virtual, real subjects and resources What each subject can do on the resources can depend on many factors The role or group of the subject in the organization (RBAC) The other roles it may have (SOD) The other files it may have accessed (CW) Its security level (BLP) Delegation Etc. 5

Models and languages Many access control models have been developed Are associated with access control languages to specify access control properties of subjects Languages express access control policies

Issues in Access Control (AC) Access control policies in an organization can contain tens of thousands of rules that can be implemented at different levels of abstraction with a variety of methods. We address issues of: Homogeneity and expressiveness: Identifying common high-level concepts, leading to unified terminology and languages Consistency, completeness Are there inconsistencies in set of rules? Do we have all the rules that we need? Lifecycle From the initial design stages to the final set of implemented policies through refinement and formal verification stages

Homogeneity and expressiveness In business, RBAC, Role Based Access Control, is a prevalent AC model We have a real ‘alphabet soup’ of other models that complement RBAC DAC, Discretionary Access Control GBAC, Group-Based Access Control ABAC, Attribute-Based Access Control BLP, Bell-Lapadula, Biba, etc.

Combining access control models Combine AC models in a single Hybrid policy model for maximum power and flexibility In a company, one may wish to have: RBAC as a basic model Bell-LaPadula as an auxiliary model  E.g. within a role, subjects can have different clearance levels Complex combinations may be desirable RBAC research has shown how many AC control models can be represented in RBAC But this is not always intuitive

Specification of combined models Defined a framework for combined AC specs starting from an abstract UML meta-model Provided a language for it, together with an engine for execution and verification

Concept of Category Categories can be roles, groups, security levels, etc. Can be assigned to other categories E.g. A role can be assigned to a security level Can be organized in hierarchies E.g. Role hierarchies

Combined model in UML and text resources actions categories subjects In more compact textual form: assign subject Alice to role Consultant; assign subject Alice to group Project 1A; assign subject Alice to security level Unclassified; In more compact textual form: assign subject Alice to role Consultant; assign subject Alice to group Project 1A; assign subject Alice to security level Unclassified;

CAtBAC language A strongly typed, user-friendly language to be the textual representation of UACML

CatBAC Features Assign subjects to categories assign subject Alice to role Consultant; Assignments between categories assign category group Project_1B to category security_level Classified; Assignments of permissions to resources-actions assign permission permit to categories role Consultant, Manager for resources Input_RFP, Bid_RFP and actions read, write; Mandatory assignments assign mandatory permission permit to category group Project_1A for resource Input_RFP and action Read;

Authorization Constraints Constraints that specify restrictions on subject-category assignments, category- resource assignments and resource-action assignments E.g. separation of duties

Constraints in CatBAC Mutual exclusion category role teacher and category role student are mutually exclusive; Requirements category assignment role teacher requires category assignment role researcher; Cardinality category role President assignments should not exceed 1;

Execution and verification CatBAC has operational semantics based on Prolog (Horn-clauses predicate calculus) CatBAC can be executed and can be queried For verification of consistency: find all possible outcomes of an access request Find whether there are violations of mandatory assignments Find whether there are violations of constraints

Practical use Security administrators can Express high-level security policies in graphic UML form Compile the graphic form into a form that allows the inclusion of detailed low-level security policies Textual form Enables expressing policy sets of realistic sizes Can be validated to detect design faults: inconsistency, separation of duties, etc. This top-down approach enables an integrated view of the security policies of a whole enterprise, using a unified model and language

Conclusion UACML and CatBAC form a powerful conceptual framework for the expression and combination of Access Control methods Most common access control systems can coexist within this framework Lifecycle support is provided, by allowing iterative development from UML notation to executable code, with verification steps in between

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.