hgabac towards a formal model of hierarchical attribute
play

HGABAC: Towards a Formal Model of Hierarchical Attribute-Based - PowerPoint PPT Presentation

Aug 07, 2023 •537 likes •1.05k views

HGABAC: Towards a Formal Model of Hierarchical Attribute-Based Access Control Sylvia L. Osborn Daniel Servos sylvia@csd.uwo.ca dservos5@uwo.ca Department of Computer Science The 7th International Symposium on Foundations & Practice of

  1. HGABAC: Towards a Formal Model of Hierarchical Attribute-Based Access Control Sylvia L. Osborn Daniel Servos sylvia@csd.uwo.ca dservos5@uwo.ca Department of Computer Science The 7th International Symposium on Foundations & Practice of Security, November 2014 Daniel Servos & Sylvia L. Osborn HGABAC FPS’2014 1 / 31

  2. Background Role-Based Access Control (RBAC) Daniel Servos & Sylvia L. Osborn HGABAC FPS’2014 2 / 31

  3. Background Role-Based Access Control (RBAC) Daniel Servos & Sylvia L. Osborn HGABAC FPS’2014 2 / 31

  4. Background Role-Based Access Control (RBAC) Daniel Servos & Sylvia L. Osborn HGABAC FPS’2014 2 / 31

  5. Background Attribute-Based Access Control (ABAC) Daniel Servos & Sylvia L. Osborn HGABAC FPS’2014 2 / 31

  6. Background Attribute-Based Access Control (ABAC) Daniel Servos & Sylvia L. Osborn HGABAC FPS’2014 2 / 31

  7. Background Attribute-Based Access Control (ABAC) Daniel Servos & Sylvia L. Osborn HGABAC FPS’2014 2 / 31

  8. Background Attribute-Based Access Control (ABAC) Daniel Servos & Sylvia L. Osborn HGABAC FPS’2014 2 / 31

  9. Related Work & Current Models Comparison of Notable Models of Attribute-Based Access Control Logic-based ABAC for Framework ABAC α Web WS-ABAC ABMAC for ABAC Services Hierarchical ✗ ✗ ✗ ✗ Hierarchical attributes Object ✗ ✓ ✓ ✓ ✓ Attributes ✓ ✓ ✓ ✓ ✓ User Attributes Environment ✗ ✗ ✓ ✓ ✓ Attributes Shown in Connection ✗ ✗ ✗ ✗ example but Attributes not model Administrative ✗ ✗ ✗ ✗ ✗ Attributes Separation of ✗ ✗ ✗ ✗ ✗ Duties For web For web For grid ✓ ✓ General Model services services computing Only models ✓ ✓ Formal Model policies and Simplistic Simplistic evaluation Administrative ✗ ✗ ✗ ✗ Limited Model Can Model Not demon- Not demon- Not demon- Not demon- ✓ DAC, MAC, strated strated strated strated and RBAC Daniel Servos & Sylvia L. Osborn HGABAC FPS’2014 5 / 31

  10. Related Work & Current Models Comparison of Notable Models of Attribute-Based Access Control Logic-based ABAC for Framework ABAC α Web WS-ABAC ABMAC for ABAC Services Hierarchical ✗ ✗ ✗ ✗ Hierarchical Open Problems attributes Object ✗ ✓ ✓ ✓ ✓ Attributes Lack of hierarchical structures comparable to RBAC. ✓ ✓ ✓ ✓ ✓ User Attributes Environment Lack of group based administration of multiple users. ✗ ✗ ✓ ✓ ✓ Attributes Shown in Connection Limited work towards a separation of duties model for ABAC. ✗ ✗ ✗ ✗ example but Attributes not model Administrative Limited work towards a administrative model of ABAC. ✗ ✗ ✗ ✗ ✗ Attributes Separation of ✗ ✗ ✗ ✗ ✗ Auditability of ABAC systems. Duties For web For web For grid ✓ ✓ General Model Need for formal foundational models of ABAC. services services computing Only models ✓ ✓ Formal Model policies and Simplistic Simplistic evaluation Administrative ✗ ✗ ✗ ✗ Limited Model Can Model Not demon- Not demon- Not demon- Not demon- ✓ DAC, MAC, strated strated strated strated and RBAC Daniel Servos & Sylvia L. Osborn HGABAC FPS’2014 5 / 31

  11. Related Work & Current Models Comparison of Notable Models of Attribute-Based Access Control Logic-based ABAC for Framework ABAC α Web WS-ABAC ABMAC for ABAC Services Hierarchical ✗ ✗ ✗ ✗ Hierarchical Open Problems attributes Object ✗ ✓ ✓ ✓ ✓ Attributes Lack of hierarchical structures comparable to RBAC. ✓ ✓ ✓ ✓ ✓ User Attributes Environment Lack of group based administration of multiple users. ✗ ✗ ✓ ✓ ✓ Attributes Shown in Connection Limited work towards a separation of duties model for ABAC. ✗ ✗ ✗ ✗ example but Attributes not model Administrative Limited work towards a administrative model of ABAC. ✗ ✗ ✗ ✗ ✗ Attributes Separation of ✗ ✗ ✗ ✗ ✗ Auditability of ABAC systems. Duties For web For web For grid ✓ ✓ General Model Need for formal foundational models of ABAC. services services computing Only models ✓ ✓ Formal Model policies and Simplistic Simplistic evaluation Administrative ✗ ✗ ✗ ✗ Limited Model Can Model Not demon- Not demon- Not demon- Not demon- ✓ DAC, MAC, strated strated strated strated and RBAC Daniel Servos & Sylvia L. Osborn HGABAC FPS’2014 5 / 31

  12. Related Work & Current Models Comparison of Notable Models of Attribute-Based Access Control Logic-based ABAC for Framework ABAC α Web WS-ABAC ABMAC HGABAC for ABAC Services Hierarchical ✗ ✗ ✗ ✗ ✓ Hierarchical attributes Object ✗ ✓ ✓ ✓ ✓ ✓ Attributes ✓ ✓ ✓ ✓ ✓ ✓ User Attributes Environment ✗ ✗ ✓ ✓ ✓ ✓ Attributes Shown in Connection ✗ ✗ ✗ ✗ ✓ example but Attributes not model Administrative ✗ ✗ ✗ ✗ ✗ ✓ Attributes Separation of ✗ ✗ ✗ ✗ ✗ ✗ Duties For web For web For grid ✓ ✓ ✓ General Model services services computing Only models ✓ ✓ ✓ Formal Model policies and Simplistic Simplistic evaluation Administrative ✗ ✗ ✗ ✗ ✗ Limited Model Can Model Not demon- Not demon- Not demon- Not demon- ✓ ✓ DAC, MAC, strated strated strated strated and RBAC Daniel Servos & Sylvia L. Osborn HGABAC FPS’2014 5 / 31

  13. HGABAC Model User Object User Attribute Users Assignment Attributes Attributes Object Attribute Assignment Objects Daniel Servos & Sylvia L. Osborn HGABAC FPS’2014 6 / 31

  14. HGABAC Model Attributes attr = (name, type, value) User Object User Attribute Users Assignment Attributes Attributes Object Attribute Assignment Objects Daniel Servos & Sylvia L. Osborn HGABAC FPS’2014 6 / 31

  15. HGABAC Model Policies User Object User Attribute Users Assignment Attributes Attributes Object Attribute Assignment Objects Daniel Servos & Sylvia L. Osborn HGABAC FPS’2014 6 / 31

  16. Policy Language Three-valued logic (True, False and Undefined). Boolean statements using AND, OR, and NOT logical operations. AND, OR and NOT truth tables from Kleene K3 logic. Support for value and set comparison operations < , > , ≤ , ≥ , =, � =, ∈ , ⊂ , etc. Daniel Servos & Sylvia L. Osborn HGABAC FPS’2014 7 / 31

  17. Policy Language Three-valued logic (True, False and Undefined). Boolean statements using AND, OR, and NOT logical operations. AND, OR and NOT truth tables from Kleene K3 logic. Support for value and set comparison operations < , > , ≤ , ≥ , =, � =, ∈ , ⊂ , etc. Examples (a) user.id IN { 5, 72, 4, 6, 4 } OR user.id = object.owner (b) object.required perms SUBSET user.perms AND user.age > = 18 (c) user.admin OR (user.role = “doctor” AND user.id != object.patient) Daniel Servos & Sylvia L. Osborn HGABAC FPS’2014 7 / 31

  18. HGABAC Model Policies User Object User Attribute Users Assignment Attributes Attributes Object Attribute Assignment Objects Daniel Servos & Sylvia L. Osborn HGABAC FPS’2014 8 / 31

  19. HGABAC Model Permissions Policies Operations User Object User Attribute Users Assignment Attributes Attributes Object Attribute Assignment Objects Daniel Servos & Sylvia L. Osborn HGABAC FPS’2014 8 / 31

  20. HGABAC Model Permissions Policies Operations User Object User Attribute Users Assignment Attributes Attributes Object Attribute Assignment Objects Permissions user.id = object.patient OR user.role = “doctor” → read user.role = “doctor” → write Daniel Servos & Sylvia L. Osborn HGABAC FPS’2014 8 / 31

  21. HGABAC Model Permissions Policies Operations User Object User Attribute Users Assignment Attributes Attributes Object Attribute Assignment User Session Objects Attribute Sessions Activation Daniel Servos & Sylvia L. Osborn HGABAC FPS’2014 8 / 31

  22. HGABAC Model Permissions User Group User User Group Attribute Hierarchy Groups Assignment Policies Operations User Group Assignment User Object User Attribute Users Assignment Attributes Attributes Object Attribute Assignment User Session Objects Attribute Sessions Activation Daniel Servos & Sylvia L. Osborn HGABAC FPS’2014 8 / 31

  23. Group Graph Min Group {} Undergrads Staff {(studet_level, 1), {(employe_level, 1), (room_access, {MC8, (room_access, MC10})} {MC355})} Faculty Gradstudents {(studet_level, 2), {(employe_level, 2), (room_access, {MC342, (room_access, MC325})} {MC320})} Daniel Servos & Sylvia L. Osborn HGABAC FPS’2014 9 / 31

  24. Group Graph Min Group {} Undergrads Staff {(studet_level, 1), {(employe_level, 1), (room_access, {MC8, (room_access, MC10})} {MC355})} Faculty Gradstudents {(studet_level, 2), {(employe_level, 2), (room_access, {MC342, (room_access, MC325})} {MC320})} Effective: employe_level = {1, 2} room_access = {MC355, MC320} Daniel Servos & Sylvia L. Osborn HGABAC FPS’2014 9 / 31

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Incorporating Off-Line Attribute Delegation into Hierarchical Group and Attribute-Based Access

Incorporating Off-Line Attribute Delegation into Hierarchical Group and Attribute-Based Access

Incorporating Off-Line Attribute Delegation into Hierarchical Group and Attribute-Based Access Control Daniel Servos Michael Bauer Western University Western University London, Ontario London, Ontario dservos5@uwo.ca bauer@uwo.ca November

511 views • 34 slides
CSC 530 Lecture Notes Week 5 More on Formal Semantics with Attribute Grammars CSC530-W02-L5

CSC 530 Lecture Notes Week 5 More on Formal Semantics with Attribute Grammars CSC530-W02-L5

CSC530-W02-L5 Slide 1 CSC 530 Lecture Notes Week 5 More on Formal Semantics with Attribute Grammars CSC530-W02-L5 Slide 2 I. Attribute semantics of real programming languages A. Last weeks pretty trivial B. These notes investigate SIL

790 views • 53 slides
RIB File Structure CSCD 472? Slide 1 4/8/09 Hierarchical Graphics State RenderMan uses two

RIB File Structure CSCD 472? Slide 1 4/8/09 Hierarchical Graphics State RenderMan uses two

RIB File Structure CSCD 472? Slide 1 4/8/09 Hierarchical Graphics State RenderMan uses two stacks to store the Graphics State Attribute Stack allows saving and restoring of current attribute state information includes lights, materials

583 views • 26 slides
HIERATIC Hierarchical Analysis of Complex Dynamical Systems WP6 Formal theoretical

HIERATIC Hierarchical Analysis of Complex Dynamical Systems WP6 Formal theoretical

HIERATIC Hierarchical Analysis of Complex Dynamical Systems WP6 Formal theoretical results concerning network dynamics John Haslegrave, Chris Cannings The University of Sheffield December 11, 2014 Overview 1 Tournament process 2 Cyclic

517 views • 27 slides
Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for

Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for

Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for Analyzing Computing Systems Shilpi Goel shilpi@centtech.com Formal Verification Engineer Centaur Technology, Inc. Software and Reliability Can we rely

1.14k views • 78 slides
Hierarchical Multidimensional Modelling Hierarchical Multidimensional Modelling in the Concept-

Hierarchical Multidimensional Modelling Hierarchical Multidimensional Modelling in the Concept-

Hierarchical Multidimensional Modelling Hierarchical Multidimensional Modelling in the Concept- -Oriented Data Model Oriented Data Model in the Concept Alexandr Savinov Fraunhofer Institute for Autonomous Intelligent Systems Knowledge

411 views • 23 slides
A Hierarchical Mixed Effect Model for the Analysis of Model for the Analysis of Longitudinal

A Hierarchical Mixed Effect Model for the Analysis of Model for the Analysis of Longitudinal

A Hierarchical Mixed Effect Model for the Analysis of Model for the Analysis of Longitudinal DCE-MRI Studies Volker J. Schmid Department of Statistics Ludwig-Maximilians-University Munich L d i M i ili U i i M i h joint work with j

421 views • 30 slides
Why attribute-based signatures? The kind of authentication required in an attribute-based system

Why attribute-based signatures? The kind of authentication required in an attribute-based system

Attribute-Based Signatures Hemanta K. Maji Manoj Prabhakaran Mike Rosulek November 22, 2010 Abstract We introduce Attribute-Based Signatures (ABS) , a versatile primitive that allows a party to sign a message with fine-grained

864 views • 35 slides
A hierarchical renormalization model on trees Yueyun Hu (Paris 13) The 3rd conference Probability

A hierarchical renormalization model on trees Yueyun Hu (Paris 13) The 3rd conference Probability

Motivation Results : rate of convergence Proofs A hierarchical renormalization model on trees Yueyun Hu (Paris 13) The 3rd conference Probability and Analysis 1519 May 2017, Be dlewo, Poland Yueyun Hu (Paris 13) A hierarchical

565 views • 45 slides
A Formal Approach to Embedding First-Principles Planning in BDI Agent Systems Mengwei Xu, Kim

A Formal Approach to Embedding First-Principles Planning in BDI Agent Systems Mengwei Xu, Kim

A Formal Approach to Embedding First-Principles Planning in BDI Agent Systems Mengwei Xu, Kim Bauters, Kevin McAreavey , Weiru Liu Agent Frameworks Programming-Based Model-Based Belief-Desire-Intention (BDI) Hierarchical Task Networks (HTN)

568 views • 20 slides
A Joint Model of Language and Perception for Grounded Attribute Learning Cynthia Matuszek,

A Joint Model of Language and Perception for Grounded Attribute Learning Cynthia Matuszek,

A Joint Model of Language and Perception for Grounded Attribute Learning Cynthia Matuszek, Nicholas FitzGerald, Liefeng Bo, Luke Zettlemoyer, Dieter Fox Debidatta Dwibedi SE 367 The Vision Robots should learn about their environment by

143 views • 12 slides
Monte Carlo estimation techniques for model evaluation and criticism in Bayesian hierarchical

Monte Carlo estimation techniques for model evaluation and criticism in Bayesian hierarchical

Introduction Model evaluation and model criticism Calculation with MCMC methods Examples Conclusion and Outlook Monte Carlo estimation techniques for model evaluation and criticism in Bayesian hierarchical models Julia Braun Leonhard Held

642 views • 36 slides
A hierarchical model for micro-level E.A. Valdez stochastic loss reserving joint work with K.

A hierarchical model for micro-level E.A. Valdez stochastic loss reserving joint work with K.

A hierarchical model for micro-level stochastic loss reserving A hierarchical model for micro-level E.A. Valdez stochastic loss reserving joint work with K. Antonio 1 and E.W. Frees 2 Motivation Data 44th Actuarial Research Conference

679 views • 28 slides
Tutorial Intro. to Modern Formal Methods: Mechanized Formal Analysis Using Model Checking,

Tutorial Intro. to Modern Formal Methods: Mechanized Formal Analysis Using Model Checking,

Tutorial Intro. to Modern Formal Methods: Mechanized Formal Analysis Using Model Checking, Theorem Proving SMT Solving, Abstraction, and Static Analysis With SAL, PVS, and Yices, and more John Rushby Computer Science Laboratory SRI

1.89k views • 161 slides
Model-Checking Acknowledgment Formal Verification Formal verification means to apply

Model-Checking Acknowledgment Formal Verification Formal verification means to apply

Model-Checking Acknowledgment Formal Verification Formal verification means to apply mathematical arguments to prove the correctness of systems Systems have bugs Formal verification aims to find and correct such bugs Why? Computer systems

1.42k views • 122 slides
History Earlier models: Hierarchical, Network (ch. 10 &amp; 11) The Relational Model

History Earlier models: Hierarchical, Network (ch. 10 &amp; 11) The Relational Model

History Earlier models: Hierarchical, Network (ch. 10 &amp; 11) The Relational Model complex to implement and use; widely used Introduced by Codd &amp; Date (IBM), 1970 Semantically poor; tractable to analyze Textbook 6.1-6.4

7.52k views • 3 slides
Surprise of the Kingdom 1. A different kind of King 2. A different kind of Kingdom 3. A

Surprise of the Kingdom 1. A different kind of King 2. A different kind of Kingdom 3. A

Surprise of the Kingdom 1. A different kind of King 2. A different kind of Kingdom 3. A different kind of People I baptize you with water for repentance, but he who is coming after me is mightier than I, whose sandals I am not worthy to

219 views • 8 slides
Time-domain beam signals for adaptive beamforming UDT 2019, Stockholm - 13th May a sound

Time-domain beam signals for adaptive beamforming UDT 2019, Stockholm - 13th May a sound

Time-domain beam signals for adaptive beamforming UDT 2019, Stockholm - 13th May a sound decision a sound decsion The ATLAS ELEKTRONIK Group/ 1 Table of contents Motivation For adaptive beamforming ATLAS Approach

778 views • 40 slides
Deep Learning based tonal detection for passive sonar signals Dae-Jin Jung, Jihun Park, Sang Ho

Deep Learning based tonal detection for passive sonar signals Dae-Jin Jung, Jihun Park, Sang Ho

Deep Learning based tonal detection for passive sonar signals Dae-Jin Jung, Jihun Park, Sang Ho Lee and Taekyu Reu Intelligence &amp; Information Technology Center, Agency for Defense Development, South Korea #UDT2019 Introduction

1.34k views • 18 slides
DEMONIC Programming Horsman Abramsky Outline Maxwells Demon and Landauers Hypothesis.

DEMONIC Programming Horsman Abramsky Outline Maxwells Demon and Landauers Hypothesis.

DEMONIC Programming Horsman Abramsky Outline Maxwells Demon and Landauers Hypothesis. Thermodynamics in 1 slide. A toy model system. Defining a programming language for the toy system. DEMONIC syntax and semantics. Allowed

577 views • 29 slides
Mark 5:1-20 Blue Bible pg 1068 Mark 5:1-20 Blue Bible pg 1068 Rev. Anthony Sytsma Missionary

Mark 5:1-20 Blue Bible pg 1068 Mark 5:1-20 Blue Bible pg 1068 Rev. Anthony Sytsma Missionary

Mark 5:1-20 Blue Bible pg 1068 Mark 5:1-20 Blue Bible pg 1068 Rev. Anthony Sytsma Missionary in Uganda with World Renew Mark 5:1-20 ESV 1 They came to the other side of the sea, to the country of the Gerasenes. 2 And when Jesus had stepped

995 views • 34 slides
Intro to Perception Dr. Jonathan Pillow Sensation &amp; Perception (PSY 345 / NEU 325) Spring

Intro to Perception Dr. Jonathan Pillow Sensation &amp; Perception (PSY 345 / NEU 325) Spring

Intro to Perception Dr. Jonathan Pillow Sensation &amp; Perception (PSY 345 / NEU 325) Spring 2015, Princeton University 1 What is Perception? stuff in the world 2 What is Perception? stuff in the world percepts process for:

474 views • 19 slides
disparity estimation, and structure from motion Thomas Brox University of Freiburg, Germany

disparity estimation, and structure from motion Thomas Brox University of Freiburg, Germany

Learning 3D representations, disparity estimation, and structure from motion Thomas Brox University of Freiburg, Germany Research funded by the ERC Starting Grant VideoLearn, the German Research Foundation, and the Deutsche Telekom Stiftung

488 views • 32 slides
Searching for Maxwells demon: feedback control and informa9on

Searching for Maxwells demon: feedback control and informa9on

Searching for Maxwells demon: feedback control and informa9on processing at the nanoscale Chris Jarzynski Ins.tute for Physical Science and Technology

213 views • 17 slides

More recommend