incorporating off line attribute
play

Incorporating Off-Line Attribute Delegation into Hierarchical Group - PowerPoint PPT Presentation

Sep 14, 2023 •153 likes •511 views

Incorporating Off-Line Attribute Delegation into Hierarchical Group and Attribute-Based Access Control Daniel Servos Michael Bauer Western University Western University London, Ontario London, Ontario dservos5@uwo.ca bauer@uwo.ca November

  1. Incorporating Off-Line Attribute Delegation into Hierarchical Group and Attribute-Based Access Control Daniel Servos Michael Bauer Western University Western University London, Ontario London, Ontario dservos5@uwo.ca bauer@uwo.ca November 5th FPS 2019 1

  2. Outline • Outline • Background • Attribute Delegation Model • Attribute Delegation Framework • Conclusions Outline 2

  3. Background: The HGABAC Project

  4. HGABAC Project HGABAC Hierarchical group based formal model HGABAC Administrative of ABAC Model Model governing the Servos et al., 2014 administration of attributes, users, etc. in HGABAC GURA G by Gupta and Sandhu, 2016 ABAC Delegation Strategies Set of potential strategies for incorporating delegation into ABAC models and architectures Time HGAA Servos et al., 2016 System architecture and protocols to support real world use of HGABAC Group Membership Attribute Based Permission Based Servos et al., 2018 Based Delegation Delegation Model Delegation Model Model Future Work Sabahein et al., 2018 Servos et al., 2019 Reference Implementation and Full Evaluation of Each Delegation Model Future Work Background 4

  5. HGABAC Project HGABAC Hierarchical group based formal model HGABAC Administrative of ABAC Model Model governing the Servos et al., 2014 administration of attributes, Hierarchical Group and Attribute-Based Access Control (2014) users, etc. in HGABAC GURA G by Gupta and Sandhu, 2016 ABAC Delegation Strategies • Formal attribute-based access control model. Set of potential strategies for incorporating delegation • into ABAC models and architectures Introduces concepts of hierarchical user and object attribute Time HGAA Servos et al., 2016 groups. System architecture and protocols to • Goals: support real world use of HGABAC ▪ Lightweight Group Membership Attribute Based Permission Based Servos et al., 2018 Based Delegation ▪ Delegation Model Delegation Model Easy to comprehend policies Model Future Work ▪ Sabahein et al., 2018 Servos et al., 2019 User and object groups to simplify administration ▪ Scalable ▪ Ability to emulate traditional models (MAC, DAC, RBAC) Reference Implementation and Full Evaluation of Each • Shown to be capable of emulating MAC, DAC and RBAC. Delegation Model Future Work Background 5

  6. HGABAC Project HGABAC Hierarchical group based formal model HGABAC Administrative of ABAC Model Model governing the Servos et al., 2014 administration of attributes, users, etc. in HGABAC GURA G by Gupta and Sandhu, 2016 ABAC Delegation Strategies Set of potential strategies for incorporating delegation into ABAC models and architectures Time HGAA Servos et al., 2016 System architecture Strategies for Incorporating Delegation into ABAC (2016) and protocols to support real world • use of HGABAC Details strategies for incorporating delegation into ABAC. Group Membership Attribute Based Permission Based Servos et al., 2018 Based Delegation Delegation Model Delegation Model • Strategies formulated by evaluating each possible combination of Model Future Work Sabahein et al., 2018 Servos et al., 2019 delegator , delegatee and delegatable access control component . • Resulted in three potential families of strategies that share Reference Implementation and Full Evaluation of Each common properties; Group Membership Delegation , Attribute Delegation Model Future Work Delegation and Permission Delegation . Background 6

  7. HGABAC Project HGABAC Hierarchical group based formal model HGABAC Administrative Hierarchical Group Attribute Architecture (2018) of ABAC Model Model governing the Servos et al., 2014 • System architecture and protocols for administration of attributes, users, etc. in HGABAC implementing an HGABAC based system. GURA G by Gupta and Sandhu, 2016 ABAC Delegation Strategies • Answers questions like; “Who assigns the Set of potential strategies for incorporating delegation into ABAC models and architectures Time attributes?” , “How are attributes shared?” , HGAA Servos et al., 2016 System architecture “How is proof of attribute ownership given?” , and protocols to support real world and “where and how are policies evaluated?” use of HGABAC Group Membership Attribute Based Permission Based Servos et al., 2018 • Defines Attribute Certificate format, HGABAC Based Delegation Delegation Model Delegation Model Model Namespace , and core services . Future Work Sabahein et al., 2018 Servos et al., 2019 • Focus on “Off - Line” function (no dependence on third party once attribute certificate issued). Reference Implementation and Full Evaluation of Each Delegation Model Future Work Background 7

  8. HGABAC Project Incorporating Off-Line Attribute Delegation into HGABAC (2019) • Current effort, to create formal delegation model for each strategy. HGABAC • Group Membership based model created by Sabahein et al. Hierarchical group based formal model HGABAC Administrative • Presenting Attribute based model today. of ABAC Model Model governing the Servos et al., 2014 administration of attributes, • Permission based model still in development. users, etc. in HGABAC GURA G by Gupta and Sandhu, 2016 ABAC Delegation Strategies Set of potential strategies for incorporating delegation into ABAC models and architectures Time HGAA Servos et al., 2016 System architecture and protocols to support real world use of HGABAC Group Membership Attribute Based Permission Based Servos et al., 2018 Based Delegation Delegation Model Delegation Model Model Future Work Sabahein et al., 2018 Servos et al., 2019 Work I am presenting today. Reference Implementation and Full Evaluation of Each Delegation Model Future Work Background 8

  9. HGABAC Project End Goal for Delegation HGABAC Hierarchical group • Formalization of each ABAC delegation model. based formal model HGABAC Administrative of ABAC Model • Creation of reference implementation for each model. Model governing the Servos et al., 2014 administration of attributes, • Full evaluation and comparison. users, etc. in HGABAC GURA G by Gupta and Sandhu, 2016 ABAC Delegation Strategies Set of potential strategies for incorporating delegation into ABAC models and architectures Time HGAA Servos et al., 2016 System architecture and protocols to support real world use of HGABAC Group Membership Attribute Based Permission Based Servos et al., 2018 Based Delegation Delegation Model Delegation Model Model Future Work Sabahein et al., 2018 Servos et al., 2019 End Goal Reference Implementation and Full Evaluation of Each Delegation Model Future Work Background 9

  10. Attribute Delegation Model

  11. Attribute Delegation Example Year : 4 Role : faculty Role : undergrad Department : SoftEng Department : CompSci Alice Bob Year: 3 Role : grad Department : SoftEng Charlie Attribute Delegation Model 11

  12. Attribute Delegation Example Year : 4 Role : faculty Role : undergrad Department : SoftEng Department : CompSci Alice Bob Alice wishes to delegate her access to the CS student lounge to Charlie so he can pick up a textbook for her. The normal policy governing access is: Department = “ CompSci ” AND year >= 4 Year: 3 Role : grad Department : SoftEng Charlie Attribute Delegation Model 12

  13. Attribute Delegation Example Year : 4 Role : faculty Role : undergrad Department : SoftEng Department : CompSci Alice Bob Department : CompSci Year : 4 Year: 3 Role : grad Department : SoftEng Charlie Attribute Delegation Model 13

  14. Attribute Delegation Example Year : 4 Role : faculty Role : undergrad Department : SoftEng Department : CompSci Alice Bob Department : CompSci Year : 4 Direct att. set Year: 3 Role : grad Department : SoftEng Delegated set from Alice Charlie Department : CompSci Year : 4 Attribute Delegation Model 14

  15. Attribute Delegation Example Year : 4 Role : faculty Role : undergrad Department : SoftEng Department : CompSci Alice Bob Bob wishes to delegate his access to the faculty software engineering lab to Charlie while Bob is away temporarily. The normal policy governing access is: Department = “ SoftEng ” AND Role = “faculty” Direct att. set Year: 3 Role : grad Department : SoftEng Delegated set from Alice Charlie Department : CompSci Year : 4 Attribute Delegation Model 15

  16. Attribute Delegation Example Year : 4 Role : faculty Role : undergrad Department : SoftEng Department : CompSci Alice Bob Role : faculty Department : SoftEng Direct att. set Year: 3 Role : grad Department : SoftEng Delegated set from Alice Charlie Department : CompSci Year : 4 Attribute Delegation Model 16

  17. Attribute Delegation Example Year : 4 Role : faculty Role : undergrad Department : SoftEng Department : CompSci Alice Bob Role : faculty Department : SoftEng Direct att. set Year: 3 Delegated set from Bob Role : grad Role : faculty Department : SoftEng Department : SoftEng Delegated set from Alice Charlie Department : CompSci Year : 4 Attribute Delegation Model 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Strategies for Incorporating Delegation into Attribute-Based Access Control (ABAC) Sylvia L.

Strategies for Incorporating Delegation into Attribute-Based Access Control (ABAC) Sylvia L.

Strategies for Incorporating Delegation into Attribute-Based Access Control (ABAC) Sylvia L. Osborn Daniel Servos sylvia@csd.uwo.ca dservos5@uwo.ca Department of Computer Science The 9th International Symposium on Foundations & Practice

1.05k views • 75 slides
Development of a Line Source Dispersion Model for Gaseous Pollutants by Incorporating Wind Shear

Development of a Line Source Dispersion Model for Gaseous Pollutants by Incorporating Wind Shear

Development of a Line Source Dispersion Model for Gaseous Pollutants by Incorporating Wind Shear near the Ground Under Stable Atmospheric Conditions Saisantosh Vamshi Harsha Madiraju 1 , Ashok Kumar 1, * College of Engineering, The University of

640 views • 35 slides
Why attribute-based signatures? The kind of authentication required in an attribute-based system

Why attribute-based signatures? The kind of authentication required in an attribute-based system

Attribute-Based Signatures Hemanta K. Maji Manoj Prabhakaran Mike Rosulek November 22, 2010 Abstract We introduce Attribute-Based Signatures (ABS) , a versatile primitive that allows a party to sign a message with fine-grained

864 views • 35 slides
INCORPORATING LARGE-SCALE CITIZEN INCORPORATING LARGE-SCALE CITIZEN DELIBERATION INTO

INCORPORATING LARGE-SCALE CITIZEN INCORPORATING LARGE-SCALE CITIZEN DELIBERATION INTO

INCORPORATING LARGE-SCALE CITIZEN INCORPORATING LARGE-SCALE CITIZEN DELIBERATION INTO ENVIRONMENTAL CONFLICT RESOLUTION America Speaks presentation to the 2008 ECR Conference Table Introductions Please form groups of 4-5 and give: Your name

848 views • 41 slides
1 Attribute Description Examples Operations Attribute Transformation Comments Type Level

1 Attribute Description Examples Operations Attribute Transformation Comments Type Level

586 views • 12 slides
Transforming a continuous attribute into a discrete (ordinal) attribute Ricco RAKOTOMALALA

Transforming a continuous attribute into a discrete (ordinal) attribute Ricco RAKOTOMALALA

Transforming a continuous attribute into a discrete (ordinal) attribute Ricco RAKOTOMALALA Universit Lumire Lyon 2 Ricco Rakotomalala 1 Tutoriels Tanagra - http://tutoriels-data-mining.blogspot.fr/ Outline 1. What is the discretization

398 views • 36 slides
Decorated Attribute Grammars Attribute Evaluation Meets Strategic Programming CC 2009, York, UK

Decorated Attribute Grammars Attribute Evaluation Meets Strategic Programming CC 2009, York, UK

Decorated Attribute Grammars Attribute Evaluation Meets Strategic Programming CC 2009, York, UK Lennart Kats , TU Delft ( me ) Tony Sloane, Macquarie Eelco Visser, TU Delft March 19, 2009 Software Engineering Research Group Context

314 views • 29 slides
Visual Attribute Learning: From STL to MTL VIPL 2017/08/30

Visual Attribute Learning: From STL to MTL VIPL 2017/08/30

Visual Attribute Learning: From STL to MTL VIPL 2017/08/30 hanhu@ict.ac.cn http: / / www.escience.cn/ people/ hhan/ index.html Outline Background Related work Attribute learning via STL

973 views • 61 slides
Attribute Grammars Wilhelm/Seidl/Hack: Compiler Design, Syntactic and Semantic Analysis

Attribute Grammars Wilhelm/Seidl/Hack: Compiler Design, Syntactic and Semantic Analysis

Attribute Grammars Attribute Grammars Wilhelm/Seidl/Hack: Compiler Design, Syntactic and Semantic Analysis Reinhard Wilhelm Universitt des Saarlandes wilhelm@cs.uni-saarland.de 5. November 2013 Attribute Grammars Attribute

369 views • 22 slides
Incorporating the Zebrafish Embryo Incorporating the Zebrafish Embryo Teratogenicity Assay Into

Incorporating the Zebrafish Embryo Incorporating the Zebrafish Embryo Teratogenicity Assay Into

Incorporating the Zebrafish Embryo Incorporating the Zebrafish Embryo Teratogenicity Assay Into the Drug Discovery Process Discovery Process Jedd Hillegass, Ph.D. Senior Toxicologist Lampire Biological Laboratories, Inc. Pipersville, PA, USA

497 views • 15 slides
Proposal to add masking function to GFM Proposal part 1 Adding a masking reference attribute on

Proposal to add masking function to GFM Proposal part 1 Adding a masking reference attribute on

Proposal to add masking function to GFM Proposal part 1 Adding a masking reference attribute on the spatial attribute type. Proposal part 2 Details of the masking attribute addition. Table 3-13 - S100_GF_SpatialAttributeType Role Name

558 views • 8 slides
Attribute Dependencies Wilhelm/Seidl/Hack: Compiler Design, Syntactic and Semantic Analysis

Attribute Dependencies Wilhelm/Seidl/Hack: Compiler Design, Syntactic and Semantic Analysis

Attribute Dependencies Attribute Dependencies Wilhelm/Seidl/Hack: Compiler Design, Syntactic and Semantic Analysis Reinhard Wilhelm Universitt des Saarlandes wilhelm@cs.uni-saarland.de 14. November 2013 Attribute Dependencies

879 views • 38 slides
Software Architecture Design Example Using Attribute Driven Design J. Scott Hawker/R. Kuehl p. 1

Software Architecture Design Example Using Attribute Driven Design J. Scott Hawker/R. Kuehl p. 1

Software Architecture Design Example Using Attribute Driven Design J. Scott Hawker/R. Kuehl p. 1 R I T Software Engineering Garage Door Example Design a product line architecture for a garage door opener integrated with a home

277 views • 17 slides
The past, present MIND THE GAPs and future of the Graduate Attribute Professionals Network

The past, present MIND THE GAPs and future of the Graduate Attribute Professionals Network

The past, present MIND THE GAPs and future of the Graduate Attribute Professionals Network Margaret Gwyn 2018 GACIP Summit engraccred@uvic.ca University of Toronto Whats a Graduate Attribute Professional? Have you explained the

381 views • 19 slides
The Syntax of Classes and Objects in Python Defining a Class - "Inventing a Composite Data

The Syntax of Classes and Objects in Python Defining a Class - "Inventing a Composite Data

The Syntax of Classes and Objects in Python Defining a Class - "Inventing a Composite Data Type" class [ClassName]: [attribute 0 _name]: [attribute 0 _type] [attribute 1 _name]: [attribute1_type] = [attribute 1 _default_value] [

446 views • 8 slides
Attribute Interactions in Machine Learning Aleks Jakulin Faculty of Computer and Information

Attribute Interactions in Machine Learning Aleks Jakulin Faculty of Computer and Information

Attribute Interactions in Machine Learning Aleks Jakulin Faculty of Computer and Information Science University of Ljubljana Attribute Interactions p.1/17 A Classification Problem A TTRIBUTES L ABEL Name Hair Height Weight Lotion

473 views • 21 slides
A solution for Access Delegation based on SAML Ciro Formisano Ermanno Travaglino Isabel

A solution for Access Delegation based on SAML Ciro Formisano Ermanno Travaglino Isabel

A solution for Access Delegation based on SAML Ciro Formisano Ermanno Travaglino Isabel Matranga Access Delegation in distributed environments SAML 2.0 Condition to Delegate Implementation Future plans Access Delegation in distributed

666 views • 18 slides
Josh Bloch Charlie Garrod 17-214 1 Administrivia Homework 1 graded soon Reading due

Josh Bloch Charlie Garrod 17-214 1 Administrivia Homework 1 graded soon Reading due

Principles of Software Construction: Objects, Design, and Concurrency Part 1: Designing classes Design for reuse: delegation and inheritance Josh Bloch Charlie Garrod 17-214 1 Administrivia Homework 1 graded soon Reading due today:

845 views • 36 slides
ffwd: delegation is (much) faster than you think Sepideh Roghanchi, Jakob Eriksson, Nilanjana

ffwd: delegation is (much) faster than you think Sepideh Roghanchi, Jakob Eriksson, Nilanjana

ffwd: delegation is (much) faster than you think Sepideh Roghanchi, Jakob Eriksson, Nilanjana Basu int get_seqno() { return ++seqno; } // ~1 Billion ops/s // single-threaded int threadsafe_get_seqno() { acquire(lock); int

1.04k views • 56 slides
Global Types with Internal Delegation and Connecting Communications joint work with Ilaria

Global Types with Internal Delegation and Connecting Communications joint work with Ilaria

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion Global Types with Internal Delegation and Connecting Communications joint work with Ilaria Castellani, Paola Giannini and Ross Horne Nobuko meeting

1.63k views • 116 slides
Computational Social Choice 2020 Ulle Endriss Institute for Logic, Language and Computation

Computational Social Choice 2020 Ulle Endriss Institute for Logic, Language and Computation

Liquid Democracy COMSOC 2020 Computational Social Choice 2020 Ulle Endriss Institute for Logic, Language and Computation University of Amsterdam http://www.illc.uva.nl/~ulle/teaching/comsoc/2020/ Ulle Endriss 1 Liquid Democracy

359 views • 16 slides
1. TF1 methods delegation 2. TMath reimplementation 3. Hierarchy Restructure 4. Documentation

1. TF1 methods delegation 2. TMath reimplementation 3. Hierarchy Restructure 4. Documentation

New Math Developm ents Davids W ork at CERN ( so far) 1. TF1 methods delegation 2. TMath reimplementation 3. Hierarchy Restructure 4. Documentation and Testing 5. Genetic Minimizer 6. Future Work TF1 : 1 -Dim function class TF1 * f

649 views • 16 slides
Overview Part 1: Malicious QFactory Functionality Required assumptions Protocol

Overview Part 1: Malicious QFactory Functionality Required assumptions Protocol

Overview Part 1: Malicious QFactory Functionality Required assumptions Protocol description Security Protocol Extensions (e.g. verification) Part 2: Functions implementation QHBC QFactory functions Malicious

974 views • 84 slides
Delegation Pattern Explained Professor Larry Heimann Carnegie Mellon University Information

Delegation Pattern Explained Professor Larry Heimann Carnegie Mellon University Information

Delegation Pattern Explained Professor Larry Heimann Carnegie Mellon University Information Systems Program An example close to home How does Grader calculate grades? Option 1: if / else if / else if course == 67272 ... else if course

608 views • 11 slides

More recommend