Presentation is loading. Please wait.

Presentation is loading. Please wait.

Access Control A Meta-Model 1Dennis Kafura – CS5204 – Operating Systems.

Published byAllan Vance Modified over 10 years ago

Similar presentations

Presentation on theme: "Access Control A Meta-Model 1Dennis Kafura – CS5204 – Operating Systems."— Presentation transcript:

1 Access Control A Meta-Model 1Dennis Kafura – CS5204 – Operating Systems

2 Access Control Meta-Model Dennis Kafura – CS5204 – Operating Systems Motivation Goal: develop a general and semantically well grounded model of access control from which specific access control systems can be expressed by specialization of the model’s elements. Advantages:  Explicates the fundamental principles of access control  Provides a common basis for specifying access control and understanding relationship among access control models  Facilitates sharing of access control policy information across models  Is the basis for developing policy languages with solid semantic foundation 2 Steve Barker King’s College London (Deceased: Jan 2012)

3 Access Control Meta-Model Fundamental Concepts Elements (all countable sets)  Categories, C, denoted c o, c 1, …  Principals, P, denoted p o, p 1, …  Actions, A, denoted a o, a 1, …  Resource identifiers, R, denoted r o, r 1, …  Situational identifiers, S, denoted s o, s 1, …  Event identifiers, E, denoted e o, e 1, … Meaning  Categories represent groups or classes sharing, for example, a common attribute, a similar level of trust, or the same security clearance.  Principals are individuals or agents  Actions are operations that can be performed on Resources  Situations are contexts and Events are significant occurrences Dennis Kafura – CS5204 – Operating Systems3

4 Access Control Meta-Model Fundamental Concepts Relations  Dennis Kafura – CS5204 – Operating Systems4

5 Access Control Meta-Model Fundamental Concepts Meta-model, M  core axiom:  By choosing different definitions of pca, contains, and arca the model M can be specialized to define different access control models Dennis Kafura – CS5204 – Operating Systems5 C (p) (a,r) (p,a,r) (a,r): permission (p,a,r): authorization PCA ARCA C’

6 Access Control Meta-Model Defining the PCA Relation Form   where P i is a condition, L i is a literal, and C i is a constraint Example “Principals are assigned to the pref(erred) category if they are categorized as being loyal and their current account balance is greater than 1000 Euro (which causes them to be categorized as members of the goodbalance category).” Dennis Kafura – CS5204 – Operating Systems6

7 Access Control Meta-Model Defining the PCA Relation Conditions and literals  may also be defined “remotely” (by another authority)  written as: Example “Principals that are categorized by having a clean driving license (CDL) according to the Driving Vehicle Licensing Authority database (dvla) or have preferred status (ps) are assigned to the “most-valued” customer (NVC) category. “ Dennis Kafura – CS5204 – Operating Systems7

8 Access Control Meta-Model Specializing contains and par Relations Hierarchical RBAC  Each role is represented by a category  The contains relation is defined as a partial order between pairs of categories (roles)  The RBAC model can then be expressed as:  Note: this is just the core axiom for a particular interpretation of categories and containment Dennis Kafura – CS5204 – Operating Systems8

9 Access Control Meta-Model Specializing contains and par Relations The Bell-LaPadula (multilevel security) model Relations  The categories are interpreted as security level (e.g., public, classified, secret, top secret)  The contains relation is an ordering of categories consistent with the notion of security level (e.g., contains(top secret, secret).  The par relation is defined as:  The first rule is “no read up” and the second is “write at same level” Dennis Kafura – CS5204 – Operating Systems9

10 Access Control Meta-Model Specializing the arca Relation Example:  Policy: A principal’s request to buy gold is permitted provided that the amount of gold requested is not greater than the current stock level recorded in v1. In a gold market that is currently categorized as “volatile”, according to the source v2, a principal is permitted to buy a maximum of 50 units of gold. All principals are permitted provided that the principal is not in the “debtor” category  Rules: Dennis Kafura – CS5204 – Operating Systems10

11 Access Control Meta-Model Other Expressions Time dependent expressions  For a time interval [T start, T stop ]  Relations may be defined as  and Dennis Kafura – CS5204 – Operating Systems11

12 Access Control Meta-Model Other Expressions Trust third-party claims (aka, certificates)  A claim/certificate issued by v can be expressed as Composition  The authorizations of two models can be combined as Inconsistencies  Single assignment:  Separation of duties:  Prerequisites: Dennis Kafura – CS5204 – Operating Systems12 Note: me(C,C’) means mutually exclusive.

13 Access Control Meta-Model Examples Example  No principal that v 1 says is a debtor can be given anything other than unclassified clearance by v 2  Example  A resource may not be read more than once per day (useful to satisfy Principle of Least Privilege) by a given principal  Dennis Kafura – CS5204 – Operating Systems13

14 Access Control Meta-Model Practical Benefits Facilitates sharing of access control information  Across applications  Across models Aids policy administrators/authors  Via specialization of general axioms  Rapid prototyping of access control policies Supports development of policy languages  Various syntaxes built on top of precise semantics  E.g., can be represented in RuleML Dennis Kafura – CS5204 – Operating Systems14

Download ppt "Access Control A Meta-Model 1Dennis Kafura – CS5204 – Operating Systems."

Similar presentations

RBAC Role-Based Access Control

RBAC Role-Based Access Control
1 Formal Model and Analysis of Usage Control Dissertation defense Student: Xinwen Zhang Director: Ravi S. Sandhu Co-director: Francesco Parisi-Presicce.

1 Formal Model and Analysis of Usage Control Dissertation defense Student: Xinwen Zhang Director: Ravi S. Sandhu Co-director: Francesco Parisi-Presicce.
INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.

INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.
Author: Graeme C. Simsion and Graham C. Witt Chapter 8 Organizing the Data Modeling Task.

Author: Graeme C. Simsion and Graham C. Witt Chapter 8 Organizing the Data Modeling Task.
Granting and activation of guarantees in an updated SNA.

Granting and activation of guarantees in an updated SNA.
Design by Contract.

Design by Contract.
Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.

Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.
The RBAC96 Model Prof. Ravi Sandhu. 2 © Ravi Sandhu WHAT IS RBAC?  multidimensional  open ended  ranges from simple to sophisticated.

The RBAC96 Model Prof. Ravi Sandhu. 2 © Ravi Sandhu WHAT IS RBAC?  multidimensional  open ended  ranges from simple to sophisticated.
Database Systems: Design, Implementation, and Management Tenth Edition

Database Systems: Design, Implementation, and Management Tenth Edition
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
Chapter 3 Data Modeling Copyright © 2014 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent.

Chapter 3 Data Modeling Copyright © 2014 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent.
United Nations Statistics Division Principles and concepts of classifications.

United Nations Statistics Division Principles and concepts of classifications.
Process Model for Access Control Wael Hassan University of Ottawa Luigi Logrippo, Université du Québec en Outaouais.

Process Model for Access Control Wael Hassan University of Ottawa Luigi Logrippo, Université du Québec en Outaouais.
DDBMS Security - Bakul Gada.

DDBMS Security - Bakul Gada.
Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality model Bell-LaPadula Model –General idea –Informal description of rules.

Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality model Bell-LaPadula Model –General idea –Informal description of rules.
Lecturer: Sebastian Coope Ashton Building, Room G.18 COMP 201 web-page: Lecture.

Lecturer: Sebastian Coope Ashton Building, Room G.18 COMP 201 web-page: Lecture.
Role Based Access Control Venkata Marella. Access Control System Access control is the ability to permit or deny the use of a particular resource by a.

Role Based Access Control Venkata Marella. Access Control System Access control is the ability to permit or deny the use of a particular resource by a.
Security Fall 2009McFadyen ACS-49021 How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.

Security Fall 2009McFadyen ACS How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.
Security Fall 2006McFadyen ACS-49021 How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.

Security Fall 2006McFadyen ACS How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.
1–1 The E-R Model Prof. Sin-Min Lee Department of Computer Science.

1–1 The E-R Model Prof. Sin-Min Lee Department of Computer Science.

Similar presentations

Ads by Google