SlideShare una empresa de Scribd logo

Authorization (2).ppt

Descargar como PPT, PDF
S
ssuserec53e73

authorisation

Educación
1 de 54
Authorization Brian Garback
Research Issues  Authentication  who are you?  quantification of trust levels  Mobile devices  what capabilities do you have?  can wireless be as secure as wired?  Authorization  given who you are, what can you do?  how do we control privileges?  Federation  how can trust be shared?  how to cross trust domain boundaries?
Itinerary  History of Access Control  Role-Based AC  Context-Based AC  Context-Aware AC  Permission Based Delegation Model  Authorization Specifications  CAAC WS-Policy Implementation  XACML  SAML  Specification-Level Goals
Access Control History RBAC CBAC CAAC PBDM
Role-Based Access Control  Sandu et al. formalized Role-Based Access Control in 1996  User U acting in role R is granted permission P  Advantage: greatly improved efficiency  Disadvantage: cannot specify fine-grained rules User Role Permission
Context-Based Access Control  What is “context”?  Circumstances in which an event occurs System Subject Object Type Owner Name Age ID Location Time Date CPU Load
Context-Based Access Control Role User  Advantage: access control is context-aware  Disadvantage: this is still a static model Context Permission Constraints with has given
RBAC → CBAC → CAAC  RBAC and CBAC, even with extensions, cannot meet the access requirements of modern healthcare environments  CAAC is an extension to CBAC that is consistent with implementation via web services  CAAC permits dynamic specification and dynamic enforcement of arbitrary access rules  Context implementation is separated from the main business logic of target applications.
Context-Aware Access Control  Presented 2004 by Juhnze Hu  Terminology:  Data Object: the smallest unit to be accessed in an application  Data Type: a group of data objects with the same attributes  Data Set: the set of all data objects  User Set: the set of potential entities that access the data objects
Definition 1: Context Type A context type is defined as a property related to every participant in an application when it is running.  Context Set: a set of all context types in an application. CS = {CT1, CT2 … CTn}, 1  i  n.  Context Implementation: a function of context types defined by CI: CT1 CT2  …  CTn  CT, n  0
Definition 2: Context Constraint We define a context constraint as a regular expression as follows: Context Constraint := Clause1  Clause2 …  Clausei Clause := Condition1  Condition2 …  Conditioni Condition := <CT> <OP> <VALUE>  CT is an element of CS  OP is a logical operator in set {>, , , , , =}  VALUE is a specific value of CT
Definition 3: Authorization Policy An authorization policy as a triple, AP = (S, P, C) where:  S: the subject in this policy, which could be a user or a role  P: the permission in this policy, which is defined as a pair <M, O>, where M is an operation mode defined in {READ, APPEND, DELETE, UPDATE} and O is a data object or data type  C: is a context constraint in this policy
Definition 4: Data Access We define data access as a triple, DA = (U, P, RC) where:  U: a user in the User Set who issues this data access  P: the permission this user wants to acquire  RC: the runtime context, a set of values for every context type in the Context Set  DA (U, P, RC) is granted iff there exists an AP (S, P, C) st 1. U  S && 2. P = P && 3. C is evaluated as true under RC
CAAC Authorization Policy given has S: user or role P: permission C: constraint Clause 1 Clause n ……   condition condition ……   context type context implementation A predicate of Evaluated by
2004 Security Infrastructure
Quick Review  RBAC  CBAC  CAAC:  dynamic specification and dynamic enforcement of arbitrary access rules  separation of context implementation and the main business logic of target applications. User Role Permission Role User Context Permission Constraints assigned has given assigned granted
Permission Based Delegation Model  2003: Zhang at GMU  Given RBAC as an AC model  Delegation of authority is common  Need-to-know  Separation of duty  Rotation of sensitive job position  Delegation involves 1. Backup of role 2. Decentralization of authority 3. Collaboration of work
Delegation History  RBDM0: human → human  Delegator delegates role membership to a delegatee  RDM2000:  Role delegation in a role hierarchy and multi-step delegation  Unit of delegation is a ROLE!  PBDM  Supports role and permission level delegation
RBDM Shortcomings
Permission Based Delegation  PBDM0 Summary:  Multi-step temporal delegation  Two role types:  Regular Roles (RR)  Temporary Delegation Roles (DTR)  Multi-step delegation and revocation  Drawbacks: 1. No delegation limitations (risky) 2. No role-hierarchy
PBDM0 > RBDM 1. John creates “D1” 2. John assigns:  permission “change_schedule” to D1 (permission-role)  role “PE” to D1 (role-role) 3. John assigns Jenny to D1 (user-role)
Permission Based Delegation  PBDM0 Summary:  Multi-step temporal delegation  Two role types:  Regular Roles (RR)  Temporary Delegation Roles (DTR)  Multi-step delegation and revocation  Drawbacks: 1. No admin delegation limitations (risky) 2. No role-hierarchy
PBDM1  Role-layers: 1. Regular Roles (RR)  cannot be delegated to other roles or users 2. Delegatable Roles (DBR)  permissions can be delegated 3. Delegation Roles (DTR)  created by delegatable roles  Each user has (RR, DBR) pair = RR in PBDM0  Solves admin issue:  Administrative assignment of permissions to roles
PBDM1 Example 1. John creates a DTR “D2” 2. John assigns  “change schedule” to D2 from PL’  “PE’” to D2 3. John assigns Jenny to D2
PBDM1 Revocation  Individual user can: 1. Remove a user from delegatees 2. Remove parts from the delegation role  Admin can: 1. Move permissions from DBR to RR 2. Revoke a user from RR or DBR
PBDM2 > PBDM1  0 & 1 cannot support role-to-role delegation  2 does with multi-step delegation and multi- option revocation features
PDBM2 Overview  Four layers: 1. Regular roles (RR) 2. Fixed delegatable roles (FDBR)  owns a set of DTRs which form a role hierarchy 3. Temporal delegatable roles (TDBR)  has no role hierarchy  can receive permissions delegated by a FDBR (role-to-role deleg.) 4. Delegation roles (DTR)  owned by a FDBR  RR and FDBR:  the same as RR and DBR in PDBM1  have role hierarchies
PDBM2 Rules and Example  Delegation authority handled by admin  No individual user can own a DTR or permission  Scenario:  D3 created based on PL’ and delegated to QE’’ 1. Create a delegation role D3 2. Assign:  permission change_schedule to D3  FDBR PE’ to D3 3. Assign D3 to TDBR QE’’
PBDM2 Architecture  D3 created based on PL’ and delegated to QE’’ 1. Create a delegation role D3 2. Assign:  permission change_schedule to D3  FDBR PE’ to D3 3. Assign D3 to TDBR QE’’
PBDM2 Revocation  Contains PBDM1’s security admin  PBDM2 has options in the role layer: 1. Remove pieces of permissions from a delegation role 2. Revoke a DTR owned by a FBDR 3. Remove pieces of permissions from a FBDR to a RR
PBDM Comparison  RBDM:  Ambiguity btw admin and delegation  PBDM:  supports role and permission level delegation  Partial revocation is also possible
Authorization Specifications WS-Policy XACML SAML
Policy Specification  Security policies must be exchangeable across domains Hospital Pharmacy
Policy Specification  There are several XML-based policy languages  WS-Policy (from Microsoft)  XACML (eXtensible Access Control Markup Language)  SAML (Security Assertion Markup Language) In CAAC, WS-Policy was chosen as the specification language because it is inherently supported in the Microsoft .NET framework.
WS-Policy Overview  Why:  To describe service requirements, preferences, and capabilities of web services  Goal:  Provide the general purpose model and syntax to describe and communicate the policies of a Web service  What:  Provides a flexible and extensible grammar for expressing the capabilities, requirements, and general characteristics of Web Services
CAAC Policy Specification  Our customized WS-Policy tags For any authorization policy AP = (S, P, C) <wsa:DataType> specifies the data object or data type of permission P <wsa:AccessType> specifies the operation mode of permission P <wsa:Permission> specifies the permission P in an AP <wsse:SubjectToken> specifies the security token issued to S <wsse:ContextToken> specifies one context condition in C <wsse:ContextType> specifies which context type is used in one context condition of C
A Sample Policy <wsp:Policy> <wsp:AppliesTo> <wsa:EndpointReference> <wsa:DataType>PatientRecord</wsa:DataType> <wsa:AccessType>Delete</wsa:AccessType> <wsa:Permission>DeletePatientRecord</wsa:Permission> </wsa:EndpointReference> </wsp:AppliesTo> <wsse:SubjectToken wsp:Usage="Required"> <wsse:TokenType>Medical Records Staff</wsse:TokenType> </wsse:SubjectToken> <wsp:OneOrMore wsp:Usage="Required"> <wsp:All> <wsse:ContextToken wsp:Usage="wsp:GreatThan“ wsp:Preference="T(password)"> <wsse:ContextType>Trust Level</wsse:ContextType> </wsse:ContextToken> </wsp:All> </wsp:OneOrMore> </wsp:Policy>
XACML  OASIS standard version 1.1 (2.0 and 3.0)  Policy language  Access control decision request/response language
XACML - Policies  Policy Set: container of policies (local and remote)  Policy: a set of rules  Rule: a target, effect, and condition  Target: a resource, subject, and action  Effect: results of rule; “Permit” or “Deny”  Condition: Boolean; “True,” “False,” or “Indeterminate”
XACML – Access Control  Reconciles  Multiple policies  Multiple rules per policy  Multiple control decisions  Use a combining algorithm to combine multiple decisions into a single decision  Use standard or customized algorithms  Policy Combining Algorithms—used by PolicySet  Rule Combining Algorithms—used by Policy
XACML – Policy Evaluation  Obtain attributes from subject  Compare obtained attributes with attributes accepted by the policy  Evaluate conditions using standard or customized functions  E.g. The function [type]-one-and-only looks in a “bag” of attribute values and returns the single value if there is one or an error if there are zero or multiple.
XACML Data Flow
SAML assertions  An assertion is a declaration of facts about a subject  SAML has three kinds, all related to security: 1. Authentication 2. Attribute 3. Authorization decision  You can extend SAML to make your own kinds of assertions
SAML conceptual model SAML Authentication Assertion Attribute Assertion Authorization Decision Assertion Authentication Authority Attribute Authority Policy Decision Point Policy Enforcement Point Policy Policy Policy Credentials Collector System Entity Application Request
Some common information in all assertions  Issuer and issuance timestamp  Assertion ID  Subject  Name plus the security domain  Optional subject confirmation, e.g. public key  “Conditions” under which assertion is valid  SAML clients must reject assertions containing unsupported conditions  Special kind of condition: assertion validity period  Additional “advice”  E.g., to explain how the assertion was made
Authentication assertion  An issuing authority asserts that:  subject S  was authenticated by means M  at time T  Caution: Actually checking or revoking of credentials is not in scope for SAML!  It merely lets you link back to acts of authentication that took place previously
Example authentication assertion <saml:Assertion MajorVersion=“1” MinorVersion=“0” AssertionID=“128.9.167.32.12345678” Issuer=“University of Virginia“ IssueInstant=“2003-12-03T10:02:00Z”> <saml:Conditions NotBefore=“2003-12-03T10:00:00Z” NotAfter=“2003-12-03T10:05:00Z” /> <saml:AuthenticationStatement AuthenticationMethod=“password” AuthenticationInstant=“2003-12- 03T10:02:00Z”> <saml:Subject> <saml:NameIdentifier SecurityDomain=“virginia.edu” Name=“jim” /> </saml:Subject> </saml:AuthenticationStatement> </saml:Assertion>
Attribute assertion  An issuing authority asserts that:  subject S  is associated with attributes A, B, C…  with values “a”, “b”, “c”…  Typically this would be gotten from an LDAP repository  “jim” in “virginia.edu”  is associated with attribute “Department”  with value “Computer Science”
Example attribute assertion <saml:Assertion …> <saml:Conditions …/> <saml:AttributeStatement> <saml:Subject> <saml:NameIdentifier SecurityDomain=“virginia.edu” Name=“jim” /> </saml:Subject> <saml:Attribute AttributeName=“Department” AttributeNamespace=“http://virginia.edu”> <saml:AttributeValue> Computer Science </saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> </saml:Assertion>
Authorization decision assertion  An issuing authority decides whether to grant the request:  by subject S  for access type A  to resource R  given evidence E  The subject could be a human or a program  The resource could be a web page or a web service, for example
Example authorization decision assertion  <saml:Assertion …> <saml:Conditions …/> <saml:AuthorizationStatement Decision=“Permit” Resource=“http://www.amazon.com/purchase.htm”> <saml:Subject> <saml:NameIdentifier SecurityDomain=“virginia.edu” Name=“jim” /> </saml:Subject> </saml:AuthorizationStatement> </saml:Assertion>
SAML conceptual model SAML Authentication Assertion Attribute Assertion Authorization Decision Assertion Authentication Authority Attribute Authority Policy Decision Point Policy Enforcement Point Policy Policy Policy Credentials Collector System Entity Application Request
XACML & SAML  XACML & SAML are counterparts  XACML handles the access control policies and decisions  SAML handles the actual communication of authentication and authorization requests and responses  E.g.  SAML used to assert authentication and authorization attributes  XACML uses these assertions and evaluates the policies to come to a decision
Research Questions  Dynamic interfaces per permission/role  Permission management for subobjects  Secondary role issues:  Constrained hierarchical roles  Permission-level constrained delegation  Revocation  Delegation extensions to XACML & SAML  Provide an access control interface

Recomendados

multilevel security Database
multilevel security Database multilevel security Database
multilevel security Database
VrundaBhavsar
 
Vpd Virtual Private Database By Saurabh
Vpd Virtual Private Database By SaurabhVpd Virtual Private Database By Saurabh
Vpd Virtual Private Database By Saurabh
guestd83b546
 
Database Management System Security.pptx
Database Management System Security.pptxDatabase Management System Security.pptx
Database Management System Security.pptx
Roshni814224
 
IEEE publication on QoS
IEEE publication on QoSIEEE publication on QoS
IEEE publication on QoS
Nathan Muruganantha
 
Opa in the api management world
Opa in the api management worldOpa in the api management world
Opa in the api management world
Red Hat
 
Oracle Database Vault
Oracle Database VaultOracle Database Vault
Oracle Database Vault
Marco Alamanni
 
Chapter23
Chapter23Chapter23
Chapter23
gourab87
 
DB2 Security Model
DB2 Security ModelDB2 Security Model
DB2 Security Model
uniqueYGB
 

Recomendados

multilevel security Database
multilevel security Database multilevel security Database
multilevel security Database
VrundaBhavsar
 
Vpd Virtual Private Database By Saurabh
Vpd Virtual Private Database By SaurabhVpd Virtual Private Database By Saurabh
Vpd Virtual Private Database By Saurabh
guestd83b546
 
Database Management System Security.pptx
Database Management System Security.pptxDatabase Management System Security.pptx
Database Management System Security.pptx
Roshni814224
 
IEEE publication on QoS
IEEE publication on QoSIEEE publication on QoS
IEEE publication on QoS
Nathan Muruganantha
 
Opa in the api management world
Opa in the api management worldOpa in the api management world
Opa in the api management world
Red Hat
 
Oracle Database Vault
Oracle Database VaultOracle Database Vault
Oracle Database Vault
Marco Alamanni
 
Chapter23
Chapter23Chapter23
Chapter23
gourab87
 
DB2 Security Model
DB2 Security ModelDB2 Security Model
DB2 Security Model
uniqueYGB
 
Overview Of RBAC
Overview Of RBACOverview Of RBAC
Overview Of RBAC
King's College London
 
Securing FIWARE Architectures
Securing FIWARE ArchitecturesSecuring FIWARE Architectures
Securing FIWARE Architectures
FIWARE
 
Architecture authorization-constrained
Architecture authorization-constrainedArchitecture authorization-constrained
Architecture authorization-constrained
Ahmed Sabeeh
 
Sql Server Security
Sql Server SecuritySql Server Security
Sql Server Security
Vinod Kumar
 
Rfc3415
Rfc3415Rfc3415
Rfc3415
Saurabh Maggo
 
Windows 2008 Active Directory Branch office Management_MVP Sampath Perera
Windows 2008 Active Directory Branch office Management_MVP Sampath PereraWindows 2008 Active Directory Branch office Management_MVP Sampath Perera
Windows 2008 Active Directory Branch office Management_MVP Sampath Perera
Quek Lilian
 
Context Aware Paradigm for Pervasive Computing Environment
Context Aware Paradigm for Pervasive Computing EnvironmentContext Aware Paradigm for Pervasive Computing Environment
Context Aware Paradigm for Pervasive Computing Environment
Umar Mahmud
 
PRShare: a framework for privacy-preserving, interorganizational data sharing.
PRShare: a framework for privacy-preserving, interorganizational data sharing.PRShare: a framework for privacy-preserving, interorganizational data sharing.
PRShare: a framework for privacy-preserving, interorganizational data sharing.
Lihi Idan
 
Modern Database Development Oow2008 Lucas Jellema
Modern Database Development Oow2008 Lucas JellemaModern Database Development Oow2008 Lucas Jellema
Modern Database Development Oow2008 Lucas Jellema
Lucas Jellema
 
Security and Usability: Designing Security Tooling That Roboticists Can Use
Security and Usability: Designing Security Tooling That Roboticists Can UseSecurity and Usability: Designing Security Tooling That Roboticists Can Use
Security and Usability: Designing Security Tooling That Roboticists Can Use
Ruffin White
 
2004 10 21 Rbac At Mazda Horst Walther
2004 10 21 Rbac At Mazda Horst Walther2004 10 21 Rbac At Mazda Horst Walther
2004 10 21 Rbac At Mazda Horst Walther
CardinaleWay Mazda
 
AAA Protocol
AAA ProtocolAAA Protocol
AAA Protocol
Netwax Lab
 
Overview of DoDAF with Innoslate
Overview of DoDAF with InnoslateOverview of DoDAF with Innoslate
Overview of DoDAF with Innoslate
Elizabeth Steiner
 
Week11 qo s-2017(1)
Week11 qo s-2017(1)Week11 qo s-2017(1)
Week11 qo s-2017(1)
trayyoo
 
service methodology, service description, service characteristics, performanc...
service methodology, service description, service characteristics, performanc...service methodology, service description, service characteristics, performanc...
service methodology, service description, service characteristics, performanc...
csk selva
 
Model-Driven Run-Time Enforcement of Complex Role-Based Access Control Policies
Model-Driven Run-Time Enforcement of Complex Role-Based Access Control PoliciesModel-Driven Run-Time Enforcement of Complex Role-Based Access Control Policies
Model-Driven Run-Time Enforcement of Complex Role-Based Access Control Policies
Lionel Briand
 
Building enterprise web applications with spring 3
Building enterprise web applications with spring 3Building enterprise web applications with spring 3
Building enterprise web applications with spring 3
Abdelmonaim Remani
 
Requirement Engineering for Dependable Systems
Requirement Engineering for Dependable SystemsRequirement Engineering for Dependable Systems
Requirement Engineering for Dependable Systems
Kamalika Guha Roy
 
BoardSprintUser Story ScenarioDesignDevelopmentTestUAT Release1U .docx
BoardSprintUser Story ScenarioDesignDevelopmentTestUAT Release1U .docxBoardSprintUser Story ScenarioDesignDevelopmentTestUAT Release1U .docx
BoardSprintUser Story ScenarioDesignDevelopmentTestUAT Release1U .docx
jasoninnes20
 
Week No 13 Access Control Part 1.pptx
Week No 13 Access Control Part 1.pptxWeek No 13 Access Control Part 1.pptx
Week No 13 Access Control Part 1.pptx
XhamiiiCH
 
Threats in network that can be noted in security
Threats in network that can be noted in securityThreats in network that can be noted in security
Threats in network that can be noted in security
ssuserec53e73
 
Lsn21_NumPy in data science using python
Lsn21_NumPy in data science using pythonLsn21_NumPy in data science using python
Lsn21_NumPy in data science using python
ssuserec53e73
 

Más contenido relacionado

Similar a Authorization (2).ppt

Windows 2008 Active Directory Branch office Management_MVP Sampath Perera
Windows 2008 Active Directory Branch office Management_MVP Sampath PereraWindows 2008 Active Directory Branch office Management_MVP Sampath Perera
Windows 2008 Active Directory Branch office Management_MVP Sampath Perera
Quek Lilian
 
Security and Usability: Designing Security Tooling That Roboticists Can Use
Security and Usability: Designing Security Tooling That Roboticists Can UseSecurity and Usability: Designing Security Tooling That Roboticists Can Use
Security and Usability: Designing Security Tooling That Roboticists Can Use
Ruffin White
 
Model-Driven Run-Time Enforcement of Complex Role-Based Access Control Policies
Model-Driven Run-Time Enforcement of Complex Role-Based Access Control PoliciesModel-Driven Run-Time Enforcement of Complex Role-Based Access Control Policies
Model-Driven Run-Time Enforcement of Complex Role-Based Access Control Policies
Lionel Briand
 
Building enterprise web applications with spring 3
Building enterprise web applications with spring 3Building enterprise web applications with spring 3
Building enterprise web applications with spring 3
Abdelmonaim Remani
 
BoardSprintUser Story ScenarioDesignDevelopmentTestUAT Release1U .docx
BoardSprintUser Story ScenarioDesignDevelopmentTestUAT Release1U .docxBoardSprintUser Story ScenarioDesignDevelopmentTestUAT Release1U .docx
BoardSprintUser Story ScenarioDesignDevelopmentTestUAT Release1U .docx
jasoninnes20
 

Similar a Authorization (2).ppt (20)

Overview Of RBAC
Overview Of RBACOverview Of RBAC
Overview Of RBAC
 
Securing FIWARE Architectures
Securing FIWARE ArchitecturesSecuring FIWARE Architectures
Securing FIWARE Architectures
 
Architecture authorization-constrained
Architecture authorization-constrainedArchitecture authorization-constrained
Architecture authorization-constrained
 
Sql Server Security
Sql Server SecuritySql Server Security
Sql Server Security
 
Rfc3415
Rfc3415Rfc3415
Rfc3415
 
Windows 2008 Active Directory Branch office Management_MVP Sampath Perera
Windows 2008 Active Directory Branch office Management_MVP Sampath PereraWindows 2008 Active Directory Branch office Management_MVP Sampath Perera
Windows 2008 Active Directory Branch office Management_MVP Sampath Perera
 
Context Aware Paradigm for Pervasive Computing Environment
Context Aware Paradigm for Pervasive Computing EnvironmentContext Aware Paradigm for Pervasive Computing Environment
Context Aware Paradigm for Pervasive Computing Environment
 
PRShare: a framework for privacy-preserving, interorganizational data sharing.
PRShare: a framework for privacy-preserving, interorganizational data sharing.PRShare: a framework for privacy-preserving, interorganizational data sharing.
PRShare: a framework for privacy-preserving, interorganizational data sharing.
 
Modern Database Development Oow2008 Lucas Jellema
Modern Database Development Oow2008 Lucas JellemaModern Database Development Oow2008 Lucas Jellema
Modern Database Development Oow2008 Lucas Jellema
 
Security and Usability: Designing Security Tooling That Roboticists Can Use
Security and Usability: Designing Security Tooling That Roboticists Can UseSecurity and Usability: Designing Security Tooling That Roboticists Can Use
Security and Usability: Designing Security Tooling That Roboticists Can Use
 
2004 10 21 Rbac At Mazda Horst Walther
2004 10 21 Rbac At Mazda Horst Walther2004 10 21 Rbac At Mazda Horst Walther
2004 10 21 Rbac At Mazda Horst Walther
 
AAA Protocol
AAA ProtocolAAA Protocol
AAA Protocol
 
Overview of DoDAF with Innoslate
Overview of DoDAF with InnoslateOverview of DoDAF with Innoslate
Overview of DoDAF with Innoslate
 
Week11 qo s-2017(1)
Week11 qo s-2017(1)Week11 qo s-2017(1)
Week11 qo s-2017(1)
 
service methodology, service description, service characteristics, performanc...
service methodology, service description, service characteristics, performanc...service methodology, service description, service characteristics, performanc...
service methodology, service description, service characteristics, performanc...
 
Model-Driven Run-Time Enforcement of Complex Role-Based Access Control Policies
Model-Driven Run-Time Enforcement of Complex Role-Based Access Control PoliciesModel-Driven Run-Time Enforcement of Complex Role-Based Access Control Policies
Model-Driven Run-Time Enforcement of Complex Role-Based Access Control Policies
 
Building enterprise web applications with spring 3
Building enterprise web applications with spring 3Building enterprise web applications with spring 3
Building enterprise web applications with spring 3
 
Requirement Engineering for Dependable Systems
Requirement Engineering for Dependable SystemsRequirement Engineering for Dependable Systems
Requirement Engineering for Dependable Systems
 
BoardSprintUser Story ScenarioDesignDevelopmentTestUAT Release1U .docx
BoardSprintUser Story ScenarioDesignDevelopmentTestUAT Release1U .docxBoardSprintUser Story ScenarioDesignDevelopmentTestUAT Release1U .docx
BoardSprintUser Story ScenarioDesignDevelopmentTestUAT Release1U .docx
 
Week No 13 Access Control Part 1.pptx
Week No 13 Access Control Part 1.pptxWeek No 13 Access Control Part 1.pptx
Week No 13 Access Control Part 1.pptx
 

Más de ssuserec53e73

Threats in network that can be noted in security
Threats in network that can be noted in securityThreats in network that can be noted in security
Threats in network that can be noted in security
ssuserec53e73
 
Lsn21_NumPy in data science using python
Lsn21_NumPy in data science using pythonLsn21_NumPy in data science using python
Lsn21_NumPy in data science using python
ssuserec53e73
 
OpenSecure socket layerin cyber security
OpenSecure socket layerin cyber securityOpenSecure socket layerin cyber security
OpenSecure socket layerin cyber security
ssuserec53e73
 
Hash functions, digital signatures and hmac
Hash functions, digital signatures and hmacHash functions, digital signatures and hmac
Hash functions, digital signatures and hmac
ssuserec53e73
 
50134147-Knowledge-Representation-Using-Rules.ppt
50134147-Knowledge-Representation-Using-Rules.ppt50134147-Knowledge-Representation-Using-Rules.ppt
50134147-Knowledge-Representation-Using-Rules.ppt
ssuserec53e73
 

Más de ssuserec53e73 (20)

Threats in network that can be noted in security
Threats in network that can be noted in securityThreats in network that can be noted in security
Threats in network that can be noted in security
 
Lsn21_NumPy in data science using python
Lsn21_NumPy in data science using pythonLsn21_NumPy in data science using python
Lsn21_NumPy in data science using python
 
OpenSecure socket layerin cyber security
OpenSecure socket layerin cyber securityOpenSecure socket layerin cyber security
OpenSecure socket layerin cyber security
 
Hash functions, digital signatures and hmac
Hash functions, digital signatures and hmacHash functions, digital signatures and hmac
Hash functions, digital signatures and hmac
 
Asian Elephant Adaptations - Chelsea P..pptx
Asian Elephant Adaptations - Chelsea P..pptxAsian Elephant Adaptations - Chelsea P..pptx
Asian Elephant Adaptations - Chelsea P..pptx
 
Module 10-Introduction to OOP.pptx
Module 10-Introduction to OOP.pptxModule 10-Introduction to OOP.pptx
Module 10-Introduction to OOP.pptx
 
unit-1-l3.ppt
unit-1-l3.pptunit-1-l3.ppt
unit-1-l3.ppt
 
AI.ppt
AI.pptAI.ppt
AI.ppt
 
50134147-Knowledge-Representation-Using-Rules.ppt
50134147-Knowledge-Representation-Using-Rules.ppt50134147-Knowledge-Representation-Using-Rules.ppt
50134147-Knowledge-Representation-Using-Rules.ppt
 
Dr Jose Reena K.pdf
Dr Jose Reena K.pdfDr Jose Reena K.pdf
Dr Jose Reena K.pdf
 
Enumeration.pptx
Enumeration.pptxEnumeration.pptx
Enumeration.pptx
 
footscan.PPT
footscan.PPTfootscan.PPT
footscan.PPT
 
UNIT II.pptx
UNIT II.pptxUNIT II.pptx
UNIT II.pptx
 
Unit 1 iot.pptx
Unit 1 iot.pptxUnit 1 iot.pptx
Unit 1 iot.pptx
 
IoT Reference Architecture.pptx
IoT Reference Architecture.pptxIoT Reference Architecture.pptx
IoT Reference Architecture.pptx
 
patent ppt.pptx
patent ppt.pptxpatent ppt.pptx
patent ppt.pptx
 
Introduction to measurement.pptx
Introduction to measurement.pptxIntroduction to measurement.pptx
Introduction to measurement.pptx
 
ML-DecisionTrees.ppt
ML-DecisionTrees.pptML-DecisionTrees.ppt
ML-DecisionTrees.ppt
 
ML_Lecture_7.ppt
ML_Lecture_7.pptML_Lecture_7.ppt
ML_Lecture_7.ppt
 
070308-simmons.ppt
070308-simmons.ppt070308-simmons.ppt
070308-simmons.ppt
 

Último

Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdfVishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
ssuserdda66b
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
AnaAcapella
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
QucHHunhnh
 

Último (20)

HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdfVishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 

Authorization (2).ppt

  • 2. Research Issues  Authentication  who are you?  quantification of trust levels  Mobile devices  what capabilities do you have?  can wireless be as secure as wired?  Authorization  given who you are, what can you do?  how do we control privileges?  Federation  how can trust be shared?  how to cross trust domain boundaries?
  • 3. Itinerary  History of Access Control  Role-Based AC  Context-Based AC  Context-Aware AC  Permission Based Delegation Model  Authorization Specifications  CAAC WS-Policy Implementation  XACML  SAML  Specification-Level Goals
  • 5. Role-Based Access Control  Sandu et al. formalized Role-Based Access Control in 1996  User U acting in role R is granted permission P  Advantage: greatly improved efficiency  Disadvantage: cannot specify fine-grained rules User Role Permission
  • 6. Context-Based Access Control  What is “context”?  Circumstances in which an event occurs System Subject Object Type Owner Name Age ID Location Time Date CPU Load
  • 7. Context-Based Access Control Role User  Advantage: access control is context-aware  Disadvantage: this is still a static model Context Permission Constraints with has given
  • 8. RBAC → CBAC → CAAC  RBAC and CBAC, even with extensions, cannot meet the access requirements of modern healthcare environments  CAAC is an extension to CBAC that is consistent with implementation via web services  CAAC permits dynamic specification and dynamic enforcement of arbitrary access rules  Context implementation is separated from the main business logic of target applications.
  • 9. Context-Aware Access Control  Presented 2004 by Juhnze Hu  Terminology:  Data Object: the smallest unit to be accessed in an application  Data Type: a group of data objects with the same attributes  Data Set: the set of all data objects  User Set: the set of potential entities that access the data objects
  • 10. Definition 1: Context Type A context type is defined as a property related to every participant in an application when it is running.  Context Set: a set of all context types in an application. CS = {CT1, CT2 … CTn}, 1  i  n.  Context Implementation: a function of context types defined by CI: CT1 CT2  …  CTn  CT, n  0
  • 11. Definition 2: Context Constraint We define a context constraint as a regular expression as follows: Context Constraint := Clause1  Clause2 …  Clausei Clause := Condition1  Condition2 …  Conditioni Condition := <CT> <OP> <VALUE>  CT is an element of CS  OP is a logical operator in set {>, , , , , =}  VALUE is a specific value of CT
  • 12. Definition 3: Authorization Policy An authorization policy as a triple, AP = (S, P, C) where:  S: the subject in this policy, which could be a user or a role  P: the permission in this policy, which is defined as a pair <M, O>, where M is an operation mode defined in {READ, APPEND, DELETE, UPDATE} and O is a data object or data type  C: is a context constraint in this policy
  • 13. Definition 4: Data Access We define data access as a triple, DA = (U, P, RC) where:  U: a user in the User Set who issues this data access  P: the permission this user wants to acquire  RC: the runtime context, a set of values for every context type in the Context Set  DA (U, P, RC) is granted iff there exists an AP (S, P, C) st 1. U  S && 2. P = P && 3. C is evaluated as true under RC
  • 14. CAAC Authorization Policy given has S: user or role P: permission C: constraint Clause 1 Clause n ……   condition condition ……   context type context implementation A predicate of Evaluated by
  • 16. Quick Review  RBAC  CBAC  CAAC:  dynamic specification and dynamic enforcement of arbitrary access rules  separation of context implementation and the main business logic of target applications. User Role Permission Role User Context Permission Constraints assigned has given assigned granted
  • 17. Permission Based Delegation Model  2003: Zhang at GMU  Given RBAC as an AC model  Delegation of authority is common  Need-to-know  Separation of duty  Rotation of sensitive job position  Delegation involves 1. Backup of role 2. Decentralization of authority 3. Collaboration of work
  • 18. Delegation History  RBDM0: human → human  Delegator delegates role membership to a delegatee  RDM2000:  Role delegation in a role hierarchy and multi-step delegation  Unit of delegation is a ROLE!  PBDM  Supports role and permission level delegation
  • 20. Permission Based Delegation  PBDM0 Summary:  Multi-step temporal delegation  Two role types:  Regular Roles (RR)  Temporary Delegation Roles (DTR)  Multi-step delegation and revocation  Drawbacks: 1. No delegation limitations (risky) 2. No role-hierarchy
  • 21. PBDM0 > RBDM 1. John creates “D1” 2. John assigns:  permission “change_schedule” to D1 (permission-role)  role “PE” to D1 (role-role) 3. John assigns Jenny to D1 (user-role)
  • 22. Permission Based Delegation  PBDM0 Summary:  Multi-step temporal delegation  Two role types:  Regular Roles (RR)  Temporary Delegation Roles (DTR)  Multi-step delegation and revocation  Drawbacks: 1. No admin delegation limitations (risky) 2. No role-hierarchy
  • 23. PBDM1  Role-layers: 1. Regular Roles (RR)  cannot be delegated to other roles or users 2. Delegatable Roles (DBR)  permissions can be delegated 3. Delegation Roles (DTR)  created by delegatable roles  Each user has (RR, DBR) pair = RR in PBDM0  Solves admin issue:  Administrative assignment of permissions to roles
  • 24. PBDM1 Example 1. John creates a DTR “D2” 2. John assigns  “change schedule” to D2 from PL’  “PE’” to D2 3. John assigns Jenny to D2
  • 25. PBDM1 Revocation  Individual user can: 1. Remove a user from delegatees 2. Remove parts from the delegation role  Admin can: 1. Move permissions from DBR to RR 2. Revoke a user from RR or DBR
  • 26. PBDM2 > PBDM1  0 & 1 cannot support role-to-role delegation  2 does with multi-step delegation and multi- option revocation features
  • 27. PDBM2 Overview  Four layers: 1. Regular roles (RR) 2. Fixed delegatable roles (FDBR)  owns a set of DTRs which form a role hierarchy 3. Temporal delegatable roles (TDBR)  has no role hierarchy  can receive permissions delegated by a FDBR (role-to-role deleg.) 4. Delegation roles (DTR)  owned by a FDBR  RR and FDBR:  the same as RR and DBR in PDBM1  have role hierarchies
  • 28. PDBM2 Rules and Example  Delegation authority handled by admin  No individual user can own a DTR or permission  Scenario:  D3 created based on PL’ and delegated to QE’’ 1. Create a delegation role D3 2. Assign:  permission change_schedule to D3  FDBR PE’ to D3 3. Assign D3 to TDBR QE’’
  • 29. PBDM2 Architecture  D3 created based on PL’ and delegated to QE’’ 1. Create a delegation role D3 2. Assign:  permission change_schedule to D3  FDBR PE’ to D3 3. Assign D3 to TDBR QE’’
  • 30. PBDM2 Revocation  Contains PBDM1’s security admin  PBDM2 has options in the role layer: 1. Remove pieces of permissions from a delegation role 2. Revoke a DTR owned by a FBDR 3. Remove pieces of permissions from a FBDR to a RR
  • 31. PBDM Comparison  RBDM:  Ambiguity btw admin and delegation  PBDM:  supports role and permission level delegation  Partial revocation is also possible
  • 33. Policy Specification  Security policies must be exchangeable across domains Hospital Pharmacy
  • 34. Policy Specification  There are several XML-based policy languages  WS-Policy (from Microsoft)  XACML (eXtensible Access Control Markup Language)  SAML (Security Assertion Markup Language) In CAAC, WS-Policy was chosen as the specification language because it is inherently supported in the Microsoft .NET framework.
  • 35. WS-Policy Overview  Why:  To describe service requirements, preferences, and capabilities of web services  Goal:  Provide the general purpose model and syntax to describe and communicate the policies of a Web service  What:  Provides a flexible and extensible grammar for expressing the capabilities, requirements, and general characteristics of Web Services
  • 36. CAAC Policy Specification  Our customized WS-Policy tags For any authorization policy AP = (S, P, C) <wsa:DataType> specifies the data object or data type of permission P <wsa:AccessType> specifies the operation mode of permission P <wsa:Permission> specifies the permission P in an AP <wsse:SubjectToken> specifies the security token issued to S <wsse:ContextToken> specifies one context condition in C <wsse:ContextType> specifies which context type is used in one context condition of C
  • 37. A Sample Policy <wsp:Policy> <wsp:AppliesTo> <wsa:EndpointReference> <wsa:DataType>PatientRecord</wsa:DataType> <wsa:AccessType>Delete</wsa:AccessType> <wsa:Permission>DeletePatientRecord</wsa:Permission> </wsa:EndpointReference> </wsp:AppliesTo> <wsse:SubjectToken wsp:Usage="Required"> <wsse:TokenType>Medical Records Staff</wsse:TokenType> </wsse:SubjectToken> <wsp:OneOrMore wsp:Usage="Required"> <wsp:All> <wsse:ContextToken wsp:Usage="wsp:GreatThan“ wsp:Preference="T(password)"> <wsse:ContextType>Trust Level</wsse:ContextType> </wsse:ContextToken> </wsp:All> </wsp:OneOrMore> </wsp:Policy>
  • 38. XACML  OASIS standard version 1.1 (2.0 and 3.0)  Policy language  Access control decision request/response language
  • 39. XACML - Policies  Policy Set: container of policies (local and remote)  Policy: a set of rules  Rule: a target, effect, and condition  Target: a resource, subject, and action  Effect: results of rule; “Permit” or “Deny”  Condition: Boolean; “True,” “False,” or “Indeterminate”
  • 40. XACML – Access Control  Reconciles  Multiple policies  Multiple rules per policy  Multiple control decisions  Use a combining algorithm to combine multiple decisions into a single decision  Use standard or customized algorithms  Policy Combining Algorithms—used by PolicySet  Rule Combining Algorithms—used by Policy
  • 41. XACML – Policy Evaluation  Obtain attributes from subject  Compare obtained attributes with attributes accepted by the policy  Evaluate conditions using standard or customized functions  E.g. The function [type]-one-and-only looks in a “bag” of attribute values and returns the single value if there is one or an error if there are zero or multiple.
  • 43. SAML assertions  An assertion is a declaration of facts about a subject  SAML has three kinds, all related to security: 1. Authentication 2. Attribute 3. Authorization decision  You can extend SAML to make your own kinds of assertions
  • 44. SAML conceptual model SAML Authentication Assertion Attribute Assertion Authorization Decision Assertion Authentication Authority Attribute Authority Policy Decision Point Policy Enforcement Point Policy Policy Policy Credentials Collector System Entity Application Request
  • 45. Some common information in all assertions  Issuer and issuance timestamp  Assertion ID  Subject  Name plus the security domain  Optional subject confirmation, e.g. public key  “Conditions” under which assertion is valid  SAML clients must reject assertions containing unsupported conditions  Special kind of condition: assertion validity period  Additional “advice”  E.g., to explain how the assertion was made
  • 46. Authentication assertion  An issuing authority asserts that:  subject S  was authenticated by means M  at time T  Caution: Actually checking or revoking of credentials is not in scope for SAML!  It merely lets you link back to acts of authentication that took place previously
  • 47. Example authentication assertion <saml:Assertion MajorVersion=“1” MinorVersion=“0” AssertionID=“128.9.167.32.12345678” Issuer=“University of Virginia“ IssueInstant=“2003-12-03T10:02:00Z”> <saml:Conditions NotBefore=“2003-12-03T10:00:00Z” NotAfter=“2003-12-03T10:05:00Z” /> <saml:AuthenticationStatement AuthenticationMethod=“password” AuthenticationInstant=“2003-12- 03T10:02:00Z”> <saml:Subject> <saml:NameIdentifier SecurityDomain=“virginia.edu” Name=“jim” /> </saml:Subject> </saml:AuthenticationStatement> </saml:Assertion>
  • 48. Attribute assertion  An issuing authority asserts that:  subject S  is associated with attributes A, B, C…  with values “a”, “b”, “c”…  Typically this would be gotten from an LDAP repository  “jim” in “virginia.edu”  is associated with attribute “Department”  with value “Computer Science”
  • 49. Example attribute assertion <saml:Assertion …> <saml:Conditions …/> <saml:AttributeStatement> <saml:Subject> <saml:NameIdentifier SecurityDomain=“virginia.edu” Name=“jim” /> </saml:Subject> <saml:Attribute AttributeName=“Department” AttributeNamespace=“http://virginia.edu”> <saml:AttributeValue> Computer Science </saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> </saml:Assertion>
  • 50. Authorization decision assertion  An issuing authority decides whether to grant the request:  by subject S  for access type A  to resource R  given evidence E  The subject could be a human or a program  The resource could be a web page or a web service, for example
  • 51. Example authorization decision assertion  <saml:Assertion …> <saml:Conditions …/> <saml:AuthorizationStatement Decision=“Permit” Resource=“http://www.amazon.com/purchase.htm”> <saml:Subject> <saml:NameIdentifier SecurityDomain=“virginia.edu” Name=“jim” /> </saml:Subject> </saml:AuthorizationStatement> </saml:Assertion>
  • 52. SAML conceptual model SAML Authentication Assertion Attribute Assertion Authorization Decision Assertion Authentication Authority Attribute Authority Policy Decision Point Policy Enforcement Point Policy Policy Policy Credentials Collector System Entity Application Request
  • 53. XACML & SAML  XACML & SAML are counterparts  XACML handles the access control policies and decisions  SAML handles the actual communication of authentication and authorization requests and responses  E.g.  SAML used to assert authentication and authorization attributes  XACML uses these assertions and evaluates the policies to come to a decision
  • 54. Research Questions  Dynamic interfaces per permission/role  Permission management for subobjects  Secondary role issues:  Constrained hierarchical roles  Permission-level constrained delegation  Revocation  Delegation extensions to XACML & SAML  Provide an access control interface