Presentation is loading. Please wait.

Presentation is loading. Please wait.

CatBAC: A Generic Framework for Designing and Validating Hybrid Access Control Models Bernard Stepien, University of Ottawa Hemanth Khambhammettu Kamel.

Published byOswald Shields Modified over 9 years ago

Similar presentations

Presentation on theme: "CatBAC: A Generic Framework for Designing and Validating Hybrid Access Control Models Bernard Stepien, University of Ottawa Hemanth Khambhammettu Kamel."— Presentation transcript:

1 CatBAC: A Generic Framework for Designing and Validating Hybrid Access Control Models Bernard Stepien, University of Ottawa Hemanth Khambhammettu Kamel Adi Luigi Logrippo Université du Québec en Outaouais

2 Université du Québec en Outaouais Small university of about 8,000 students Part of the “Université du Québec” network 2

3 Selective access control Alice works in project 1A and has security level Unclassified, can she write on file RFP? RFP

4 Thousand of Alices, thousands of resources …

5 Access Control Many subjects, many resources in an organization Virtual, real subjects and resources What each subject can do on the resources can depend on many factors The role or group of the subject in the organization (RBAC) The other roles it may have (SOD) The other files it may have accessed (CW) Its security level (BLP) Delegation Etc. 5

6 Models and languages Many access control models have been developed Are associated with access control languages to specify access control properties of subjects Languages express access control policies

7 Issues in Access Control (AC) Access control policies in an organization can contain tens of thousands of rules that can be implemented at different levels of abstraction with a variety of methods. We address issues of: Homogeneity and expressiveness: Identifying common high-level concepts, leading to unified terminology and languages Consistency, completeness Are there inconsistencies in set of rules? Do we have all the rules that we need? Lifecycle From the initial design stages to the final set of implemented policies through refinement and formal verification stages

8 Homogeneity and expressiveness In business, RBAC, Role Based Access Control, is a prevalent AC model We have a real ‘alphabet soup’ of other models that complement RBAC DAC, Discretionary Access Control GBAC, Group-Based Access Control ABAC, Attribute-Based Access Control BLP, Bell-Lapadula, Biba, etc.

9 Combining access control models Combine AC models in a single Hybrid policy model for maximum power and flexibility In a company, one may wish to have: RBAC as a basic model Bell-LaPadula as an auxiliary model  E.g. within a role, subjects can have different clearance levels Complex combinations may be desirable RBAC research has shown how many AC control models can be represented in RBAC But this is not always intuitive

10 Specification of combined models Defined a framework for combined AC specs starting from an abstract UML meta-model Provided a language for it, together with an engine for execution and verification

11 Concept of Category Categories can be roles, groups, security levels, etc. Can be assigned to other categories E.g. A role can be assigned to a security level Can be organized in hierarchies E.g. Role hierarchies

12 Combined model in UML and text resources actions categories subjects In more compact textual form: assign subject Alice to role Consultant; assign subject Alice to group Project 1A; assign subject Alice to security level Unclassified; In more compact textual form: assign subject Alice to role Consultant; assign subject Alice to group Project 1A; assign subject Alice to security level Unclassified;

13 CAtBAC language A strongly typed, user-friendly language to be the textual representation of UACML

14 CatBAC Features Assign subjects to categories assign subject Alice to role Consultant; Assignments between categories assign category group Project_1B to category security_level Classified; Assignments of permissions to resources-actions assign permission permit to categories role Consultant, Manager for resources Input_RFP, Bid_RFP and actions read, write; Mandatory assignments assign mandatory permission permit to category group Project_1A for resource Input_RFP and action Read;

15 Authorization Constraints Constraints that specify restrictions on subject-category assignments, category- resource assignments and resource-action assignments E.g. separation of duties

16 Constraints in CatBAC Mutual exclusion category role teacher and category role student are mutually exclusive; Requirements category assignment role teacher requires category assignment role researcher; Cardinality category role President assignments should not exceed 1;

17 Execution and verification CatBAC has operational semantics based on Prolog (Horn-clauses predicate calculus) CatBAC can be executed and can be queried For verification of consistency: find all possible outcomes of an access request Find whether there are violations of mandatory assignments Find whether there are violations of constraints

18 Practical use Security administrators can Express high-level security policies in graphic UML form Compile the graphic form into a form that allows the inclusion of detailed low-level security policies Textual form Enables expressing policy sets of realistic sizes Can be validated to detect design faults: inconsistency, separation of duties, etc. This top-down approach enables an integrated view of the security policies of a whole enterprise, using a unified model and language

19 Conclusion UACML and CatBAC form a powerful conceptual framework for the expression and combination of Access Control methods Most common access control systems can coexist within this framework Lifecycle support is provided, by allowing iterative development from UML notation to executable code, with verification steps in between

Download ppt "CatBAC: A Generic Framework for Designing and Validating Hybrid Access Control Models Bernard Stepien, University of Ottawa Hemanth Khambhammettu Kamel."

Similar presentations

ROWLBAC – Representing Role Based Access Control in OWL

ROWLBAC – Representing Role Based Access Control in OWL
Logical Model and Specification of Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University.

Logical Model and Specification of Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University.
Information Flow and Covert Channels November, 2006.

Information Flow and Covert Channels November, 2006.
The RBAC96 Model Prof. Ravi Sandhu. 2 © Ravi Sandhu WHAT IS RBAC?  multidimensional  open ended  ranges from simple to sophisticated.

The RBAC96 Model Prof. Ravi Sandhu. 2 © Ravi Sandhu WHAT IS RBAC?  multidimensional  open ended  ranges from simple to sophisticated.
Access Control A Meta-Model 1Dennis Kafura – CS5204 – Operating Systems.

Access Control A Meta-Model 1Dennis Kafura – CS5204 – Operating Systems.
Access Control RBAC Database Activity Monitoring.

Access Control RBAC Database Activity Monitoring.
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
Process Model for Access Control Wael Hassan University of Ottawa Luigi Logrippo, Université du Québec en Outaouais.

Process Model for Access Control Wael Hassan University of Ottawa Luigi Logrippo, Université du Québec en Outaouais.
Access Control Patterns Fatemeh Imani Mehr Amirkabir university of technology, Department of Computer Engineering & Information Technology.

Access Control Patterns Fatemeh Imani Mehr Amirkabir university of technology, Department of Computer Engineering & Information Technology.
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.

Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.
Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Introduction to Computer Security ©2004 Matt Bishop.

Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Introduction to Computer Security ©2004 Matt Bishop.
Role Based Access Control Venkata Marella. Access Control System Access control is the ability to permit or deny the use of a particular resource by a.

Role Based Access Control Venkata Marella. Access Control System Access control is the ability to permit or deny the use of a particular resource by a.
Governance Policies for Privacy Access and their Interactions ICFI-2005 Waël Hassan 1 & Luigi Logrippo 2 1 University of Ottawa School of information technology.

Governance Policies for Privacy Access and their Interactions ICFI-2005 Waël Hassan 1 & Luigi Logrippo 2 1 University of Ottawa School of information technology.
1 Clark Wilson Implementation Shilpa Venkataramana.

1 Clark Wilson Implementation Shilpa Venkataramana.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 4: Access Control.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 4: Access Control.
Describing Syntax and Semantics

Describing Syntax and Semantics
User Domain Policies.

User Domain Policies.
End-to-End Design of Embedded Real-Time Systems Kang G. Shin Real-Time Computing Laboratory EECS Department The University of Michigan Ann Arbor, MI 48019-2122.

End-to-End Design of Embedded Real-Time Systems Kang G. Shin Real-Time Computing Laboratory EECS Department The University of Michigan Ann Arbor, MI
Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.

Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.

Similar presentations

Ads by Google