Presentation is loading. Please wait.

Presentation is loading. Please wait.

QUN NI 1, SHOUHUAI XU 2, ELISA BERTINO 1, RAVI SANDHU 2, AND WEILI HAN 3 1 PURDUE UNIVERSITY USA 2 UT SAN ANTONIO USA 3 FUDAN UNIVERSITY CHINA PRESENTED.

Published byAidan Soto Modified over 10 years ago

Similar presentations

Presentation on theme: "QUN NI 1, SHOUHUAI XU 2, ELISA BERTINO 1, RAVI SANDHU 2, AND WEILI HAN 3 1 PURDUE UNIVERSITY USA 2 UT SAN ANTONIO USA 3 FUDAN UNIVERSITY CHINA PRESENTED."— Presentation transcript:

1 QUN NI 1, SHOUHUAI XU 2, ELISA BERTINO 1, RAVI SANDHU 2, AND WEILI HAN 3 1 PURDUE UNIVERSITY USA 2 UT SAN ANTONIO USA 3 FUDAN UNIVERSITY CHINA PRESENTED BY GABRIEL GHINITA An Access Control Language for a General Provenance Model

2 What is Provenance Healthcare who provides the treatment based on what observation who carries on the operation, and when Scientific Computing the support of the protein functionality predication the algorithm used to fold the protein Forensic the source of evidence

3 Why Need An Access Control on Provenance Provenance is sensitive The patient privacy, e.g. health situation, treatment, etc. The proprietary algorithm used to predicate protein functionalities The security of the source of evidences Therefore, we need a mechanism to control the access on provenance. However, provenance access control results in some new research challenges

4 Motivation Scenario HIPAA: Purpose based Hospital: Only by employees on duty Department: at working time, on specific machines Patient: only for research purpose

5 Challenge of Decision Aggregation

6 A General Provenance Model To understand the requirements of an access control model on provenance, we need understand the data model of provenance first.

7 The Schemata of Provence Records Provence records Operation records Context records Actor records Message records Preference records

8 A Healthcare Example

9

10 Observations Each medical record is generated by one operation at a specific time, and can be uniquely identified by the output attribute (with two fields) in the operations record. Some message records have values in their content attributes that reference medical records, and others do not. Message records and operation records connected by these message records form two independent DAGs whose structure is exactly the same as that of the workflow of interest. Actor records are referenced from operation, message, and preference records. Each preference record references exact one message record or operation record.

11 Desiderata for an Access Control Model First, provenance access control must be fine- grained. Second, provenance access control may have to constrain data accesses in order to address both security and privacy. Third, provenance access control may need both originator control (ORGCON) and usage control (UCON).

12 The Language Model

13 Target The target specifies the set of subjects and records, to which the policy is intended to apply. anyuser operation.description anyuser.role == doctor AND operation.timestamp

14 Condition A condition represents a boolean expression that describes the optional context requirements that confine the applicable access requests, e.g. access purpose, limitation on access time and location, and verification of the record originators license. system.machineid == obelix AND purpose == research

15 Obligation An obligation is an operation, specified in a policy, that should be executed before the condition in the policy is evaluated, in conjunction with the enforcement of an authorization decision, or after the execution of the access. inform the actor of the record 10 days access

16 Effect The effect of a policy indicates the policy authors intended consequence of a true evaluation for policy: Absolute Permit, Deny, Necessary Permit, and Finalizing Permit. anyuser operation.description anyuser.role == doctor AND operation.timestamp system.machineid == obelix AND purpose == research necessary permit

17

18 Originator Preference The access control language can be applied to specify originator preferences, that is, to support originator control. anyuser operation.description operation.ID == 12345678 purpose == reverse engineering OR purpose == reselling deny 1.29.2009

19 Purpose Binding In conjunction with effects, purpose predicates can directly model the following common cases of purpose requirements in privacy regulations. some records can only be used for some specific purposes; purpose == research OR purpose == development necessary permit some records can be used for some specific purposes; purpose == research OR purpose == development finalizing permit some records should not be used for some purposes. purpose == marketing deny

20 Additional Examples The language can be applied to examples proposed by other approaches, e.g. Braun et al. and Hasan. Employee Performance Review anyuser operation operation.output.record == review AND anyuser.name == review.objectname deny

21 Conclusion and Future Work In the evaluation of provenance access control policies, decisions with uncertainties about the result of target evaluation or condition evaluation may arise. Delegation of access control rights, which is one important requirement for provenance access control has not been addressed in this paper. Because of the semantics of different effects and predicates used in conditions and restrictions, inappropriate policy specifications may generate conflicting policies or redundant policies.

22 Questions

Download ppt "QUN NI 1, SHOUHUAI XU 2, ELISA BERTINO 1, RAVI SANDHU 2, AND WEILI HAN 3 1 PURDUE UNIVERSITY USA 2 UT SAN ANTONIO USA 3 FUDAN UNIVERSITY CHINA PRESENTED."

Similar presentations

INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.

INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.
1 Formal Model and Analysis of Usage Control Dissertation defense Student: Xinwen Zhang Director: Ravi S. Sandhu Co-director: Francesco Parisi-Presicce.

1 Formal Model and Analysis of Usage Control Dissertation defense Student: Xinwen Zhang Director: Ravi S. Sandhu Co-director: Francesco Parisi-Presicce.
Privacy-Enhancing Models and Mechanisms for Securing Provenance and its Use October 2010 Lead PI: Ravi Sandhu (UT San Antonio) PIs: Elisa Bertino (Purdue),

Privacy-Enhancing Models and Mechanisms for Securing Provenance and its Use October 2010 Lead PI: Ravi Sandhu (UT San Antonio) PIs: Elisa Bertino (Purdue),
1 TIUPAM: A Framework for Trustworthiness-centric Information Sharing Shouhuai Xu Univ. Texas at San Antonio Joint work with Qun Ni and Elisa Bertino (Purdue.

1 TIUPAM: A Framework for Trustworthiness-centric Information Sharing Shouhuai Xu Univ. Texas at San Antonio Joint work with Qun Ni and Elisa Bertino (Purdue.
1 Safety Analysis of Usage Control (UCON) Authorization Model Xinwen Zhang, Ravi Sandhu, and Francesco Parisi-Presicce George Mason University AsiaCCS.

1 Safety Analysis of Usage Control (UCON) Authorization Model Xinwen Zhang, Ravi Sandhu, and Francesco Parisi-Presicce George Mason University AsiaCCS.
Institute for Cyber Security

Institute for Cyber Security
Logical Model and Specification of Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University.

Logical Model and Specification of Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University.
A Logic Specification for Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University SACMAT 2004.

A Logic Specification for Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University SACMAT 2004.
Trust and Security for Next Generation Grids, www.gridtrust.eu Implementing UCON with XACML for Grid Services Bruno Crispo Vrije Universiteit Amsterdam.

Trust and Security for Next Generation Grids, Implementing UCON with XACML for Grid Services Bruno Crispo Vrije Universiteit Amsterdam.
A View Based Security Framework for XML Wenfei Fan, Irini Fundulaki, Floris Geerts, Xibei Jia, Anastasios Kementsietsidis University of Edinburgh Digital.

A View Based Security Framework for XML Wenfei Fan, Irini Fundulaki, Floris Geerts, Xibei Jia, Anastasios Kementsietsidis University of Edinburgh Digital.
Policy Auditing over Incomplete Logs: Theory, Implementation and Applications Deepak Garg 1, Limin Jia 2 and Anupam Datta 2 1 MPI-SWS (work done at Carnegie.

Policy Auditing over Incomplete Logs: Theory, Implementation and Applications Deepak Garg 1, Limin Jia 2 and Anupam Datta 2 1 MPI-SWS (work done at Carnegie.
THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.

THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.
Operating System Security

Operating System Security
1 Authorization XACML – a language for expressing policies and rules.

1 Authorization XACML – a language for expressing policies and rules.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Westbrook Technologies from Document Management’s Role in HIPAA.

Westbrook Technologies from Document Management’s Role in HIPAA.
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
 The Health Insurance Portability and Accountability Act of 1996.  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.

 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
RBAC and Usage Control System Security. Role Based Access Control Enterprises organise employees in different roles RBAC maps roles to access rights After.

RBAC and Usage Control System Security. Role Based Access Control Enterprises organise employees in different roles RBAC maps roles to access rights After.

Similar presentations

Ads by Google