Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Temporal Location-Aware Access Control Model Based on Composite Events Presented by Yu, Lijun

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Temporal Location-Aware Access Control Model Based on Composite Events Presented by Yu, Lijun"— Presentation transcript:

1 1 Temporal Location-Aware Access Control Model Based on Composite Events Presented by Yu, Lijun lijun@cs.colostate.edu

2 2 Outline Motivation Background The TL-RBAC model Composite event model Conditions Actions Conclusion and future work

3 3 Motivation Manager John agrees with the employee Bob that he can track Bob’s location only during office hours and when Bob is in office, i.e. 9AM – 5PM, M-F Bob paid twenty dollars per month for roadside assistant service so that he can use that service for up to thirty hours per week Solution: A combined temporal and location based RBAC model

4 4 Background PA Session_rolesUser_sessions USERSROLES SESSIONS PRMS OPS OBS RH UA

5 5 Temporal RBAC model Temporal constraints User assignment Permission assignment Role activation Role enabling RBAC Constraints Temporal constraints can be Duration constraints Periodic constraints

6 6 Temporal RBAC model Role Status Expressions Role Triggers Run-time requests Execution model

7 7 Location-based access control model Location is modeled as a set of points Location constraints on User assignment Permission assignment Role activation Permission (object location) Users have dynamic access control at different user location and object location

8 8 The TL-RBAC model Composite event model Conditions Actions

9 9 Composite event model Based on the Snoop event specification language for active databases Extension Primitive RBAC events Primitive location-based events Duration composite constructs

10 10 Composite event model Primitive events Primitive RBAC events Primitive location-based events Temporal Composite events Periodic / APeriodic Disjunction / Conjunction Sequence Duration

11 11 TL-RBAC system state The TL-RBAC system state is a tuple S = where ER  Roles is a set of enabled roles, UA: Users   (Roles) is a function to get the set of roles assigned to the user UT: Users   (Roles) is a function to get the set of roles activated by the user PA: Roles  (Permissions) is a function to get the assigned set of permission of a role RS = Time  Priority  Expressions is the set of role enabling expressions, where Expressions can be one of the following formats: assign r to u, that is assign role r to user u de-assign r to u, that is de-assign role r from user u assign p to r, that is assign permission p to role r de-assign p to r, that is de-assign permission p from role r enable r, that is enable role r disable r, that is disable role r activate r for u, that is activate role r by user u deactivate r for u, that is deactivate role r by user u

12 12 TL-RBAC predicates TL-RBAC predicates are boolean expressions comprised of role status predicates and location-based predicates where Role status predicates can be: r  er indicates whether role r is enabled in set er  ER r  ua(u) indicates whether role r is assigned to user u in function ua  UA r  ut(u) indicates whether role r is activated by user u in function ut  UT p  pa(r) indicates whether permission p is assigned to role r by function pa  PA Location-based predicates can be: location(u)  loc location(obj)  loc loc1 = loc2

13 13 TL-RBAC Action and Action Semantics The TL-RBAC action is defined as Actions  Priority  Expressions, where Actions = {Add, Remove, Execute} The semantics of each TL-RBAC action is modeled as transition of TL-RBAC system state, that is S(ER, UA, UT, PA, RS)  S’(ER’, UA’, UT’, PA’, RS’) where S is the TL-RBAC system state before the action and S’ is the state after the action.

14 14 Runtime Request Event: [Now] + [  t] Condition: TL-RBAC predicates Actions: TL-RBAC-Action(t, ) where t is the time that the event occurs, p  Priority and e  Expressions

15 15 Role Trigger Event: Any(n, E1, E2, …, En) + [  t] Condition: TL-RBAC predicates Actions: TL-RBAC-Action(t, ) where t is the time that the event occurs, p  Priority and e  Expressions

16 16 Periodic TL-RBAC Constraints Monday = P([09:00:00)04/04/2005], [7days], [*/*/*])) Friday = P([09:00:00)04/08/2005], [7days], [*/*/*])) Ebegin = Any(1, Monday, Friday) Eend = Ebgin + [8 hours] Event: Ebegin Condition: true Actions: TL-RBAC-Action(t, ) where t is the time that the event occurs Event: Eend Condition: true Actions: TL-RBAC-Action(t, ) where t is the time that the role enabling expression is added

17 17 Duration TL-RBAC Constraints E1 = D*(activate player for John, [30 minutes], deactivate play for John) Event: A([(09:00:00)*/*/*], E1, [(17:00:00)*/*/*]) Condition: true Actions: TL-RBAC-Action(t, ) where t is the time that the event occurs

18 18 Location-based TL-RBAC Constraints Event: User Location Changing or Object Location Changing Condition: TL-RBAC predicates Actions: TL-RBAC-Action(t, ) where t is the time that the event occurs, a  Actions, p  Priority and e  Expressions

19 19 Related work Snoop model independent event specification language for active databases S. Chakravarthy and D. Mishra [3] The temporal RBAC model (TRBAC) and GTRBAC model Elisa Bertino James Joshi et al. The LRBAC model

20 20 Conclusion and future work Duration Event detection Temporal Role hierarchy Temporal cardinality constraints

21 21 Questions

Download ppt "1 Temporal Location-Aware Access Control Model Based on Composite Events Presented by Yu, Lijun"

Similar presentations

RBAC Role-Based Access Control

RBAC Role-Based Access Control
1 Formal Model and Analysis of Usage Control Dissertation defense Student: Xinwen Zhang Director: Ravi S. Sandhu Co-director: Francesco Parisi-Presicce.

1 Formal Model and Analysis of Usage Control Dissertation defense Student: Xinwen Zhang Director: Ravi S. Sandhu Co-director: Francesco Parisi-Presicce.
ROWLBAC – Representing Role Based Access Control in OWL

ROWLBAC – Representing Role Based Access Control in OWL
QUN NI 1, SHOUHUAI XU 2, ELISA BERTINO 1, RAVI SANDHU 2, AND WEILI HAN 3 1 PURDUE UNIVERSITY USA 2 UT SAN ANTONIO USA 3 FUDAN UNIVERSITY CHINA PRESENTED.

QUN NI 1, SHOUHUAI XU 2, ELISA BERTINO 1, RAVI SANDHU 2, AND WEILI HAN 3 1 PURDUE UNIVERSITY USA 2 UT SAN ANTONIO USA 3 FUDAN UNIVERSITY CHINA PRESENTED.
11 World-Leading Research with Real-World Impact! A Framework for Risk-Aware Role Based Access Control Khalid Zaman Bijon, Ram Krishnan and Ravi Sandhu.

11 World-Leading Research with Real-World Impact! A Framework for Risk-Aware Role Based Access Control Khalid Zaman Bijon, Ram Krishnan and Ravi Sandhu.
PBDM: A Flexible Delegation Model in RBAC Xinwen Zhang, Sejong Oh George Mason University Ravi Sandhu George Mason University and NSD Security.

PBDM: A Flexible Delegation Model in RBAC Xinwen Zhang, Sejong Oh George Mason University Ravi Sandhu George Mason University and NSD Security.
A Usage-based Authorization Framework for Collaborative Computing Systems Xinwen Zhang George Mason University Masayuki Nakae NEC Corporation Michael J.

A Usage-based Authorization Framework for Collaborative Computing Systems Xinwen Zhang George Mason University Masayuki Nakae NEC Corporation Michael J.
Towards A Times-based Usage Control Model Baoxian Zhao 1, Ravi Sandhu 2, Xinwen Zhang 3, and Xiaolin Qin 4 1 George Mason University, Fairfax, VA, USA.

Towards A Times-based Usage Control Model Baoxian Zhao 1, Ravi Sandhu 2, Xinwen Zhang 3, and Xiaolin Qin 4 1 George Mason University, Fairfax, VA, USA.
Flexible access control policy specification with constraint logic programming Steve Barker, Peter J. Stuckey Presenter: Vijayant Dhankhar.

Flexible access control policy specification with constraint logic programming Steve Barker, Peter J. Stuckey Presenter: Vijayant Dhankhar.
Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.

Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.
Role-Based Access Control CS461/ECE422 Fall 2011.

Role-Based Access Control CS461/ECE422 Fall 2011.
When Role Models Have Flaws: Static Validation of Enterprise Security Policies Marco Pistoia IBM T. J. Watson Research Center Hawthorne, New York

When Role Models Have Flaws: Static Validation of Enterprise Security Policies Marco Pistoia IBM T. J. Watson Research Center Hawthorne, New York
1 On the Limitations of Finite State Models as Sources of Tests for Access Control and Authentication Aditya Mathur Professor of Computer Science Purdue.

1 On the Limitations of Finite State Models as Sources of Tests for Access Control and Authentication Aditya Mathur Professor of Computer Science Purdue.
RBAC and Usage Control System Security. Role Based Access Control Enterprises organise employees in different roles RBAC maps roles to access rights After.

RBAC and Usage Control System Security. Role Based Access Control Enterprises organise employees in different roles RBAC maps roles to access rights After.
UNITS OF TIME.

UNITS OF TIME.
Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies (2000) Author: Sylvia Osborn, Ravi Sandhu,Qamar Munawer.

Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies (2000) Author: Sylvia Osborn, Ravi Sandhu,Qamar Munawer.
On Comparing the Expressing Power of Access Control Model Frameworks Workshop on Logical Foundations of an Adaptive Security Infrastructure (WOLFASI) A.

On Comparing the Expressing Power of Access Control Model Frameworks Workshop on Logical Foundations of an Adaptive Security Infrastructure (WOLFASI) A.
Unified Modeling Language Sequence Diagrams Chapter 2 (JIA)

Unified Modeling Language Sequence Diagrams Chapter 2 (JIA)
Role Based Access Control Venkata Marella. Access Control System Access control is the ability to permit or deny the use of a particular resource by a.

Role Based Access Control Venkata Marella. Access Control System Access control is the ability to permit or deny the use of a particular resource by a.
Dynamic policies through context-sensitive situations Opher Etzion IBM Research Laboratory in Haifa.

Dynamic policies through context-sensitive situations Opher Etzion IBM Research Laboratory in Haifa.

Similar presentations

Ads by Google