Approaching Fine-grain Access Control for Distributed Biomedical Databases within Virtual Environments Onur Kalyoncu, Yi Pan, Matthias Assel High Performance.

Slides:

Advertisements

Similar presentations

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Advertisements

Database Systems: Design, Implementation, and Management Tenth Edition

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Dr Gordon Russell, Napier University Unit Data Dictionary 1 Data Dictionary Unit 5.3.

Database Management System

James Martin CpE 691, Spring 2010 February 11, 2010.

CoreGRID Workpackage 5 Virtual Institute on Grid Information and Monitoring Services Authorizing Grid Resource Access and Consumption Erik Elmroth, Michał.

Chapter 2 Data Models Database Systems: Design, Implementation, and Management, Seventh Edition, Rob and Coronel.

1 7 Concepts of Database Management, 4 th Edition, Pratt & Adamski Chapter 7 DBMS Functions.

ALERT FRAMEWORK Sri Harsha Sudhir. INTRODUCTION A framework which continuously monitors data associated with a patient in a hospital and derives an inference.

“A Service-enabled Access Control Model for Distributed Data” Mark Turner, Philip Woodall Pennine Forum - 16 th September 2004.

Distributed Collaborations Using Network Mobile Agents Anand Tripathi, Tanvir Ahmed, Vineet Kakani and Shremattie Jaman Department of computer science.

1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.

Database Administration Chapter 16. Need for Databases  Data is used by different people, in different departments, for different reasons  Interpretation.

SOA & BPM Business Architecture, SOA & BPM Learn about SOA and Business Process Management (BPM) Learn how to build process diagrams.

Regional Policy EXCHANGES OF INFORMATION BETWEEN THE M EMBER S TATE AND THE C OMMISSION (SFC2014) Fifth Meeting of the Expert Group on Delegated and Implementing.

1 A Role Based Administration Model For Attribute Xin Jin, Ram Krishnan, Ravi Sandhu SRAS, Sep 19, 2012 World-Leading Research with Real-World Impact!

Service System for Management and Sharing of Scientific Data in Medicine Depei Liu, Ph.D. Chinese Academy of Medical Sciences.

WP6: Grid Authorization Service Review meeting in Berlin, March 8 th 2004 Marcin Adamski Michał Chmielewski Sergiusz Fonrobert Jarek Nabrzyski Tomasz Nowocień.

2 1 Chapter 2 Data Model Database Systems: Design, Implementation, and Management, Sixth Edition, Rob and Coronel.

● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0.

Database System Concepts and Architecture Lecture # 3 22 June 2012 National University of Computer and Emerging Sciences.

CS370 Spring 2007 CS 370 Database Systems Lecture 2 Overview of Database Systems.

The University of Akron Dept of Business Technology Computer Information Systems DBMS Functions 2440: 180 Database Concepts Instructor: Enoch E. Damson.

Concepts of Database Management, Fifth Edition

Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.

COMP 410 & Sky.NET May 2 nd, What is COMP 410? Forming an independent company The customer The planning Learning teamwork.

Introduction to Database Systems

Distributed systems – Part 2  Bluetooth 4 Anila Mjeda.

DBSQL 14-1 Copyright © Genetic Computer School 2009 Chapter 14 Microsoft SQL Server.

HSCI 709 SQL Data Definition Language. SQL Standard SQL-92 was developed by the INCITS Technical Committee H2 on Databases. SQL-92 was designed to be.

Database Design and Management CPTG /23/2015Chapter 12 of 38 Functions of a Database Store data Store data School: student records, class schedules,

CLARIN work packages. Conference Place yyyy-mm-dd

Lecture # 3 & 4 Chapter # 2 Database System Concepts and Architecture Muhammad Emran Database Systems 1.

Supporting further and higher education The Akenti Authorisation System Alan Robiette, JISC Development Group.

IS 325 Notes for Wednesday August 28, Data is the Core of the Enterprise.

MANAGING DATA RESOURCES ~ pertemuan 7 ~ Oleh: Ir. Abdul Hayat, MTI.

Extensible Access Control Framework for Cloud Applications KTH-SEECS Applied Information Security Lab SEECS NUST Implementation Perspective.

Database Environment Chapter 2. Data Independence Sometimes the way data are physically organized depends on the requirements of the application. Result:

OGF22 25 th February 2008 OGF22 Demo Slides Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland

CIS/SUSL1 Fundamentals of DBMS S.V. Priyan Head/Department of Computing & Information Systems.

Database Administration

Database Management Supplement 1. 2 I. The Hierarchy of Data Database File (Entity, Table) Record (info for a specific entity, Row) Field (Attribute,

Trusted Virtual Machine Images a step towards Cloud Computing for HEP? Tony Cass on behalf of the HEPiX Virtualisation Working Group October 19 th 2010.

Academic Year 2014 Spring Academic Year 2014 Spring.

NCP training session 30 October 2002 Integrated information system on RTD in Europe Gwenda Jeffreys-Jones, DG RTD European Commission.

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

Evaluation of DBMiner By: Shu LIN Calin ANTON. Outline  Importing and managing data source  Data mining modules Summarizer Associator Classifier Predictor.

Access Control for Dynamic Virtual Organisations Duncan Russell, Peter Dew & Karim Djemame University of Leeds.

Secure middleware patterns E.B.Fernandez. Middleware security Architectures have been studied and several patterns exist Security aspects have not been.

Policy Management for OGSA Applications as Grid Services Lavanya Ramakrishnan.

Introduction to Databases Dr. Osama AL Rababah. Objectives In this capture you will learn: Some common uses of database systems. The characteristics of.

Supporting education and research The JISC Core Middleware Call Brian Gilmore The University of Edinburgh and JISC Committee for Support of Research.

b2access.eudat.eu B2ACCESS The simple and secure authorisation and authentication platform of EUDAT This work is licensed under the Creative.

Collection and storage of provenance data Jakub Wach Master of Science Thesis Faculty of Electrical Engineering, Automatics, Computer Science and Electronics.

Database Security. Introduction to Database Security Issues (1) Threats to databases Loss of integrity Loss of availability Loss of confidentiality To.

Database Security Database System Implementation CSE 507 Some slides adapted from Navathe et. Al.

Data Models. 2 The Importance of Data Models Data models –Relatively simple representations, usually graphical, of complex real-world data structures.

ACGT Architecture and Grid Infrastructure Juliusz Pukacki ‏ EGEE Conference Budapest, 4 October 2007.

Managing Data Resources File Organization and databases for business information systems.

System Software Laboratory Databases and the Grid by Paul Watson University of Newcastle Grid Computing: Making the Global Infrastructure a Reality June.

Database System Implementation CSE 507

Roles in the Database Environment

AAI for a Collaborative Data Infrastructure

Security Requirements for ChinaGrid Applications - What the current grid security solutions cannot do Hai Jin Huazhong University of Science and Technology.

A Collaborative Environment Allowing Clinical Investigations on Integrated Biomedical Databases Matthias Assel HealthGrid 2009.

Similarities between Grid-enabled Medical and Engineering Applications

MANAGING DATA RESOURCES

High Performance Computing Center – HLRS

The ViroLab Virtual Laboratory for Viral Diseases

Presentation transcript:

Approaching Fine-grain Access Control for Distributed Biomedical Databases within Virtual Environments Onur Kalyoncu, Yi Pan, Matthias Assel High Performance Computing Center – HLRS University Stuttgart

Outline The ViroLab Project Motivation Data Resource Protection Towards Fine-grain Access Control Conclusions CGW 2008 Matthias Assel

The ViroLab Project CGW 2008 Matthias Assel Funded by EC within the 6th Framework Programme in the area of integrated biomedical information for better health 11 partners from 8 different European countries 3 years project ( ) Experts from multiple disciplines (Physicians, virologists, epidemiologists, computer scientists) Develop a “Virtual Laboratory” for medical experts that allows clinical studies, medical knowledge discovery, and decision support for HIV drug resistance

Motivation What we had… Distributed teams/groups/researcher Distributed resources providing heterogeneous data/information and capabilities local applications and workflows CGW 2008 Matthias Assel

What we wanted and basically achieved… Integration of users, data, workflows, applications, resources into one sophisticated, virtual environment Interdisciplinary collaboration and research Dynamic, on-demand and secure accessibility of resources and knowledge CGW 2008 Matthias Assel Motivation

ViroLab Virtual Laboratory CGW 2008 Matthias Assel

Data Resource Protection - Approach Two-step authentication and authorisation procedure Authentication based on Shibboleth -> Home organisations are responsible for users' identity management Final authorisation decision up to the data resources’ owner Access control handled with the aid of so-called access control policies being stored and evaluated by a dedicated component: Policy Decision Point (PDP) Policies implemented using established policy description language: XACML Attribute-based access control approach: The policies contain a set of rules specifying the required attributes (conditions) to become authorised for certain resources User-friendly graphical interface for dynamically adding, updating or removing policies CGW 2008 Matthias Assel

Data Resource Protection - Realisation CGW 2008 Matthias Assel Institution Resource-URL Resource-ID Policy Structure Resource Identification

Data Resource Protection - Scenario CGW 2008 Matthias Assel

Data Resource Protection - Implementation CGW 2008 Matthias Assel

Towards Fine-grain Access Control Enhancement of actual policy descriptions Introduction of hierarchies CGW 2008 Matthias Assel

Towards Fine-grain Access Control Mapping access rules onto database views Why views? - supported by most of today’s relational DBMS - can be created and dropped dynamically and on-demand - useful to restrict someone’s access to a set of tables, columns, or rows Two scenarios to implement the generation of views - during policy creation the view is generated under control of administrator does not reduce administrative tasks; the human factor - during policy evaluation the view is dynamically created according to specified rules more flexibility during creation and deletion scalability and performance issues View creation achieved either via the DAS or directly on the local DBMS CGW 2008 Matthias Assel

Conclusions Approach to realise fine-grain access control for relational databases does not support XML and object-oriented databases Usage of existing standards and technologies Creation of simple and highly detailed access control policies One standard access control policy language (XACML) Flexibility and dynamicity through VO approach and attribute-based access control Fast and easy generation, change, and upload of policies through nice and user-friendly graphical interface Future work - Implementation and testing of presented approach (XACML 2.0/3.0) - Encrypted policy management - Trust management CGW 2008 Matthias Assel

Where to find more information?

Thank you for your attention. Any questions? CGW 2008 Matthias Assel