Presentation is loading. Please wait.

Presentation is loading. Please wait.

Approaching Fine-grain Access Control for Distributed Biomedical Databases within Virtual Environments Onur Kalyoncu, Yi Pan, Matthias Assel High Performance.

Similar presentations


Presentation on theme: "Approaching Fine-grain Access Control for Distributed Biomedical Databases within Virtual Environments Onur Kalyoncu, Yi Pan, Matthias Assel High Performance."— Presentation transcript:

1 Approaching Fine-grain Access Control for Distributed Biomedical Databases within Virtual Environments Onur Kalyoncu, Yi Pan, Matthias Assel High Performance Computing Center – HLRS University Stuttgart assel@hlrs.de

2 Outline The ViroLab Project Motivation Data Resource Protection Towards Fine-grain Access Control Conclusions CGW 2008 Matthias Assel

3 The ViroLab Project CGW 2008 Matthias Assel Funded by EC within the 6th Framework Programme in the area of integrated biomedical information for better health 11 partners from 8 different European countries 3 years project (2006-2009) Experts from multiple disciplines (Physicians, virologists, epidemiologists, computer scientists) Develop a “Virtual Laboratory” for medical experts that allows clinical studies, medical knowledge discovery, and decision support for HIV drug resistance

4 Motivation What we had… Distributed teams/groups/researcher Distributed resources providing heterogeneous data/information and capabilities local applications and workflows CGW 2008 Matthias Assel

5 What we wanted and basically achieved… Integration of users, data, workflows, applications, resources into one sophisticated, virtual environment Interdisciplinary collaboration and research Dynamic, on-demand and secure accessibility of resources and knowledge CGW 2008 Matthias Assel Motivation

6 ViroLab Virtual Laboratory CGW 2008 Matthias Assel

7 Data Resource Protection - Approach Two-step authentication and authorisation procedure Authentication based on Shibboleth -> Home organisations are responsible for users' identity management Final authorisation decision up to the data resources’ owner Access control handled with the aid of so-called access control policies being stored and evaluated by a dedicated component: Policy Decision Point (PDP) Policies implemented using established policy description language: XACML Attribute-based access control approach: The policies contain a set of rules specifying the required attributes (conditions) to become authorised for certain resources User-friendly graphical interface for dynamically adding, updating or removing policies CGW 2008 Matthias Assel

8 Data Resource Protection - Realisation CGW 2008 Matthias Assel Institution Resource-URL Resource-ID Policy Structure Resource Identification

9 Data Resource Protection - Scenario CGW 2008 Matthias Assel

10 Data Resource Protection - Implementation CGW 2008 Matthias Assel

11 Towards Fine-grain Access Control Enhancement of actual policy descriptions Introduction of hierarchies CGW 2008 Matthias Assel

12 Towards Fine-grain Access Control Mapping access rules onto database views Why views? - supported by most of today’s relational DBMS - can be created and dropped dynamically and on-demand - useful to restrict someone’s access to a set of tables, columns, or rows Two scenarios to implement the generation of views - during policy creation the view is generated under control of administrator does not reduce administrative tasks; the human factor - during policy evaluation the view is dynamically created according to specified rules more flexibility during creation and deletion scalability and performance issues View creation achieved either via the DAS or directly on the local DBMS CGW 2008 Matthias Assel

13 Conclusions Approach to realise fine-grain access control for relational databases does not support XML and object-oriented databases Usage of existing standards and technologies Creation of simple and highly detailed access control policies One standard access control policy language (XACML) Flexibility and dynamicity through VO approach and attribute-based access control Fast and easy generation, change, and upload of policies through nice and user-friendly graphical interface Future work - Implementation and testing of presented approach (XACML 2.0/3.0) - Encrypted policy management - Trust management CGW 2008 Matthias Assel

14 Where to find more information? http://www.virolab.org http://virolab.hlrs.de http://virolab.cyfronet.pl

15 Thank you for your attention. Any questions? CGW 2008 Matthias Assel


Download ppt "Approaching Fine-grain Access Control for Distributed Biomedical Databases within Virtual Environments Onur Kalyoncu, Yi Pan, Matthias Assel High Performance."

Similar presentations


Ads by Google