Access Control Policy Tool (ACPT) Ensure the safety and flexibility in composing access control policies Current features: Allows policy authors to conveniently.

Slides:

Advertisements

Similar presentations

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu

Advertisements

A Usage-based Authorization Framework for Collaborative Computing Systems Xinwen Zhang George Mason University Masayuki Nakae NEC Corporation Michael J.

.NET Technology. Introduction Overview of.NET What.NET means for Developers, Users and Businesses Two.NET Research Projects:.NET Generics AsmL.

Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.

Access Control Intro, DAC and MAC System Security.

Authz work in GGF David Chadwick

Illinois Security Lab Using Attribute-Based Access Control to Enable Attribute- Based Messaging Rakesh Bobba, Omid Fatemieh, Fariba Khan, Carl A. Gunter.

Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.

Building Enterprise Applications Using Visual Studio ®.NET Enterprise Architect.

1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.

1 Network Management and SNMP  What is Network Management?  ISO Network Management Model (FCAPS)  Network Management Architecture  SNMPv1 and SNMPv2.

Cloud Usability Framework

Introduction to Software Testing

Web services security I

ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.

Business Rules INFS 770 – KM for E-Business Professor L. Kerschberg Spring 2004.

Combining KMIP and XACML. What is XACML? XML language for access control Coarse or fine-grained Extremely powerful evaluation logic Ability to use any.

● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0.

James Cabral, David Webber, Farrukh Najmi, July 2012.

What is.NET?.NET is a "revolutionary new platform, built on open Internet protocols and standards, with tools and services that meld computing and communications.

1 TAPAS Workshop Nicola Mezzetti - TAPAS Workshop Bologna Achieving Security and Privacy on the Grid Nicola Mezzetti.

Xusheng Xiao, Tao Xie North Carolina State University Amit Paradkar IBM T.J. Watson Research Center

CatBAC: A Generic Framework for Designing and Validating Hybrid Access Control Models Bernard Stepien, University of Ottawa Hemanth Khambhammettu Kamel.

Testing : A Roadmap Mary Jean Harrold Georgia Institute of Technology Presented by : Navpreet Bawa.

Kuali Enterprise Workflow Presented at ITANA October 2009 Eric Westfall – Kuali Rice Project Manager.

In-Band Access Control Framework Group Name: WG4 SEC Source: Qualcomm Meeting Date: Agenda Item:

© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 6: Implement Wireless Scalability.

Security Architecture and Design Chapter 4 Part 3 Pages 357 to 377.

Application Policy on Network Functions (APONF) G. Karagiannis and T.Tsou 1.

Higher Express Banner-APEX Integration Framework

Project co-funded by the European Commission within the 7th Framework Program (Grant Agreement No ) Business Convergence WS#2 Smart Grid Technologies.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

11 Usage policies for end point access control  XACML is Oasis standard to express enterprise security policies with a common XML based policy language.

In-Band Access Control Framework Group Name: WG4 SEC Source: Qualcomm Meeting Date: Agenda Item:

1 GT XACML Authorization Rachana Ananthakrishnan Argonne National Laboratory.

Extensible Access Control Framework for Cloud Applications KTH-SEECS Applied Information Security Lab SEECS NUST Implementation Perspective.

Computer Science Systematic Testing and Verification of Security Policies Tao Xie Department of Computer Science North Carolina State University

Team TFY (Think For You).  Problems we want to solve  What we showed last time  Our new solutions now  Our feature list  Issues identified so far.

Proposal for RBAC Features for SDD James Falkner Sun Microsystems October 11, 2006.

Wojciech Sliwinski BE/CO for the RBAC team 25/04/2013.

Computer Science 1 Mining Likely Properties of Access Control Policies via Association Rule Mining JeeHyun Hwang 1, Tao Xie 1, Vincent Hu 2 and Mine Altunay.

Federal Aviation Administration 2011 V&V Summit: Verification & Validation Overview Presented by: John Frederick Date:10/19/11.

Model Checking Grid Policies JeeHyun Hwang, Mine Altunay, Tao Xie, Vincent Hu Presenter: tanya levshina International Symposium on Grid Computing (ISGC.

Computer Science Conformance Checking of Access Control Policies Specified in XACML Vincent C. Hu (National Institute of Standards and Technology) Evan.

FlexFlow: A Flexible Flow Policy Specification Framework Shipping Chen, Duminda Wijesekera and Sushil Jajodia Center for Secure Information Systems George.

Formal Methods and Testing: Possible Attributes for Success A. J. Cowling Department of Computer Science University of Sheffield.

Workforce Scheduling Release 5.0 for Windows Implementation Overview OWS Development Team.

HACNet Simulation-based Validation of Security Protocols Vinay Venkataraghavan Advisors: S.Nair, P.-M. Seidel HACNet Lab Computer Science and Engineering.

1 Access Control Policies: Modeling and Validation Luigi Logrippo & Mahdi Mankai Université du Québec en Outaouais.

Introducing WI Proposal about Authorization Architecture and Policy Group Name: WG4 Source: Wei Zhou, Datang, Meeting Date: Agenda Item:

Protocol Derivation Assistant Matthias Anlauff Kestrel Institute

Introducing WI Proposal about Authorization Architecture and Policy Group Name: WG4 Source: Wei Zhou, Datang, Meeting Date: Agenda Item:

Policy Evaluation Testbed Vincent Hu Tom Karygiannis Steve Quirolgico NIST ITL PET Report May 4, 2010.

Secure middleware patterns E.B.Fernandez. Middleware security Architectures have been studied and several patterns exist Security aspects have not been.

PAGE 1 A Firewall Control Protocol (FCON) draft-soliman-firewall-control-00 Hesham Soliman Greg Daley Suresh Krishnan

Emerging and Evolving Cyber Threats Require Sophisticated Response and Protection Capabilities  Advanced Algorithms  Cyber Attack Detection and Machine.

Suzanne Gysin 1, Andrey D. Petrov 1, Pierre Charrue 2, Wojciech Gajewski 2, Kris Kostro 2, Maciej Peryt 2 1 Fermi National Accelerator Laboratory, 2 European.

Authorization PDP GE Course (R4) FIWARE Chapter: Security FIWARE GE: Authorization PDP FIWARE GEri: AuthZForce Authorization PDP Owner: Cyril Dangerville,

Access Control and Audit Indrakshi Ray Computer Science Department Colorado State University Fort Collins CO

EUDAT Data Policy Manager Mark van de Sanden (SURFsara) Maria Francesca Iozzi (SIGMA/University of Oslo) Claudio Cacciari (CINECA) RDA 3 rd Plenary meeting.

Sprint Demo Meeting Álvaro Alonso and Federico Fernández UPM – DIT Security Chapter. FIWARE.

Presented By: Smriti Bhatt

Identity Management and Authorization

Institute for Cyber Security

XACML and the Cloud.

CompTIA Security+ Study Guide (SY0-501)

Attribute-Based Access Control (ABAC)

Access Control What’s New?

Access Control Evolution and Prospects

Presentation transcript:

Access Control Policy Tool (ACPT) Ensure the safety and flexibility in composing access control policies Current features: Allows policy authors to conveniently specify mandatory access control models (such as RBAC and Multi-Level models) and rules as well as properties. (include combination of policies) through model templates. From the specified models and rules, the tool tests and verifies the policies against the specified properties, and reports to the policy authors on the detected problems in the policies to prevent leaving security holes in the policies before deployment. (by black-box model checking method) Generate efficient test suite (by applying NIST’s combinatorial testing technology) for testing of access control implementation.

Access Control Policy Tool (ACPT) Property verification GUI Test suite generation Combinatorial array generator Model checker AC model templates: RBAC, Multi-Level, RuBAC, ABAC XACML policy.xsd schema Test suite Policy Decision Point (PDP)

Access Control Policy Tool (ACPT) Future developments: Policy (or rule) priority configuration for combining different models or rules (e.g. combinations of global and local policies). White-box model/properties verification to verify the coverage and confinement of access control rules. Generate XACML policies derived from the verified access control model or rules. More access control policy templates including dynamic and historical access control models.

Tool for Information Sharing Access control policy Independent. Not tied to access control management architecture. (work for local and central access control management Access Control model generation, and optional XACML policy generation. No communication and authentication frameworks. Test suite can be applied to any access control implementation.