meta policies for distributed role based access control
play

Meta-policies for Distributed Role-based Access Control Andrs - PowerPoint PPT Presentation

Oct 13, 2022 •329 likes •480 views

Meta-policies for Distributed Role-based Access Control Andrs Belokosztolszki, Ken Moody {ab374,km}@cl.cam.ac.uk University of Cambridge, Computer Laboratory, OPERA Policy 2002 1 Outline Role-Based Access Control OASIS

  1. Meta-policies for Distributed Role-based Access Control András Belokosztolszki, Ken Moody {ab374,km}@cl.cam.ac.uk University of Cambridge, Computer Laboratory, OPERA Policy 2002 1

  2. Outline • Role-Based Access Control • OASIS • Meta-Policies – Meta-Policy Types – Compliance • Summary Policy 2002 2

  3. Role-Based Access Control Authorization Activation Roles Privileges Sessions Activation Policy 2002 3

  4. OASIS Rules (Open Architecture for Secure Interworking Services) Activation Rule MC MC MC Prerequisite Environmental Appointment Role Predicates Parameters Parameters Parameters Authorization Rule Policy 2002 4

  5. Administrative Domains Users Admin Policy SLA SLA SLA Policy 2002 5

  6. Problems • SLA maintenance – New domain, change to a domain, … • Policy evolution • Information hiding • Information about the policy • Local Autonomy Policy 2002 6

  7. Meta-Policies • Data types • Objects (privileges) • Functions and Predicates • Roles (parameters) • Appointment Certificates (parameters) • Rules (membership conditions) • Explicit / Implicit • Negation • Constraints (SSoD, …) Policy 2002 7

  8. Meta-Policy Types • Compliance • Interface – For a single domain – Communication with other Domains – Information for users Meta-Pol – Higher level policies – Policy evolution Exp Imp Policy 2002 8

  9. Mappings • Meta-Policies are mapped to Policies – Data-types (one-to-one, one directional) – Functions / Environmental Predicates – Roles / Appointments – Rules – Other Constraints (SSOD, …) • Policy or subset of a policy is considered • Direction of Mappings • Parameters (and constants) Policy 2002 9

  10. Compliance Check • Existence of the mappings • Prerequisite services? • Rules: 1. Translating into policy context 2. Checking explicit rules 3. Checking Implicit rules • Negation (entire policy is considered) 4. Other Constraints • Result: Certificate Policy 2002 10

  11. SLA generation • For Interface Meta-Policies: • Automatic generation Meta-Policy Importing Exporting SLA Policy 2002 11

  12. Implementation Desert: Mapping Editor SLA generator Policy 2002 12

  13. Summary • Meta-Policies (Compliance/Interface) • Implementation (Desert) – Mapping editor – SLA generator Policy 2002 13

  14. Acknowledgement • King’s College Cambridge Graduate Student Fund • Overseas Research Students Award Scheme Policy 2002 14

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A Distributed Calculus for Role-Based Access Control Chiara Braghin joint work with D. Gorla and

A Distributed Calculus for Role-Based Access Control Chiara Braghin joint work with D. Gorla and

A Distributed Calculus for Role-Based Access Control Chiara Braghin joint work with D. Gorla and V. Sassone MyThS Meeting, Venice, June, 14th, 2004 A Distributed Calculus for Role-Based Access Control p.1/18 RBAC Why: Role-Based Access

613 views • 36 slides
Rewrite-Based Access Control Policies in Distributed Environments Maribel Fern andez Kings

Rewrite-Based Access Control Policies in Distributed Environments Maribel Fern andez Kings

Rewrite-Based Access Control Policies in Distributed Environments Maribel Fern andez Kings College London Joint work with Clara Bertolissi (LIF, Univ. Marseilles) 12th CREST Open Workshop - Security and Code April 2011 M. Fern andez

1.04k views • 30 slides
Cassandra: Distributed Access Control Policies with Tunable Expressiveness Moritz Y. Becker and

Cassandra: Distributed Access Control Policies with Tunable Expressiveness Moritz Y. Becker and

Cassandra: Distributed Access Control Policies with Tunable Expressiveness Moritz Y. Becker and Peter Sewell Computer Laboratory, University of Cambridge, U.K. Cassandra: Distributed Access Control Policies with Tunable Expressiveness p.

1.44k views • 20 slides
Role-based access control Role-based access control 1 RBAC: Motivations Complexity of

Role-based access control Role-based access control 1 RBAC: Motivations Complexity of

Role-based access control Role-based access control 1 RBAC: Motivations Complexity of security administration p y y For large number of subjects and objects, the number of authorizations can become extremely large For dynamic

536 views • 51 slides
Rewrite Specifications of Access Control Policies in Distributed Environments C. Bertolissi and

Rewrite Specifications of Access Control Policies in Distributed Environments C. Bertolissi and

Rewrite Specifications of Access Control Policies in Distributed Environments C. Bertolissi and M. Fernndez LIF , Marseille & Kings College London WTS2010, Nancy C. Bertolissi, M. Fernndez () Term rewriting for Access Control

1.04k views • 28 slides
Role-Based Access Control Corban Rivera CS 6204, Spring 2005 1 Trusted Computer System

Role-Based Access Control Corban Rivera CS 6204, Spring 2005 1 Trusted Computer System

Role-Based Access Control Corban Rivera CS 6204, Spring 2005 1 Trusted Computer System Evaluation Criteria (TCSEC) Background MAC Mandatory Access Control Firm security levels DAC Discretionary Access Control Access

240 views • 6 slides
Static enforceability of XPath-based access control policies James Cheney University of

Static enforceability of XPath-based access control policies James Cheney University of

Static enforceability of XPath-based access control policies James Cheney University of Edinburgh DBPL 2013 August 30, 2013 Background Access control for XML databases Read-only security views [Stoica & Farkas 2002, Fan

431 views • 29 slides
PERMIS Role-Based Access Control Example System Presenter: Haiyan Cheng CS 6204, Spring 2005 1

PERMIS Role-Based Access Control Example System Presenter: Haiyan Cheng CS 6204, Spring 2005 1

PERMIS Role-Based Access Control Example System Presenter: Haiyan Cheng CS 6204, Spring 2005 1 PERMIS Review A role-based access control infrastructure Uses X.509 attribute certificate (AC) to store users roles All access

397 views • 8 slides
1 General Access Control General Access Control Control of access to memory relatively easy:

1 General Access Control General Access Control Control of access to memory relatively easy:

Role of Access Control Before closing back doors we need to close front doors Access control: determines access to files & processes in OS Fall 2008 We will return to these themes throughout the course Fall 2008 CS

512 views • 6 slides
Delegation in Role-Based Access Control Controlling delegation Enforcing transfer delegation

Delegation in Role-Based Access Control Controlling delegation Enforcing transfer delegation

Introduction Delegation operations in hierarchical RBAC Delegation in Role-Based Access Control Controlling delegation Enforcing transfer delegation Jason Crampton Hemanth Khambhammettu semantics Conclusion Information Security

959 views • 57 slides
An Automated Model-based Test Oracle for Access Control Systems Antonia Bertolino 1 , Said

An Automated Model-based Test Oracle for Access Control Systems Antonia Bertolino 1 , Said

An Automated Model-based Test Oracle for Access Control Systems Antonia Bertolino 1 , Said Daoudagh 1,2 , Francesca Lonetti 1 , Eda Marchetti 1 1 ISTI-CNR 2 University of Pisa Agenda Introduction Access Control Systems XACML policies

459 views • 31 slides
Role-Based Access Control CS461/ECE422 Spring 2012 Reading

Role-Based Access Control CS461/ECE422 Spring 2012 Reading

Role-Based Access Control CS461/ECE422 Spring 2012 Reading Material Chapter 4, sec?ons 4.5 and 4.6 [SFK00] DAC vs RBAC DAC Users, Groups

415 views • 25 slides
Constraints in Role-Based Access Control Jason Crampton Information Security Group, Royal

Constraints in Role-Based Access Control Jason Crampton Information Security Group, Royal

Constraints in Role-Based Access Control Jason Crampton Information Security Group, Royal Holloway University of London jason.crampton@rhul.ac.uk www.isg.rhul.ac.uk/~jason Outline Introduction Separation of duty Role-based

482 views • 14 slides
A System to Specify and Manage Multipolicy Access Control Models Elisa Bertino Barbara Catania

A System to Specify and Manage Multipolicy Access Control Models Elisa Bertino Barbara Catania

Policy 2002: IEEE 3rd International Workshop on Policies for Distributed Systems and Networks Hosted by the Naval Postgraduate School , Monterey, California, U.S.A. June 5-7, 2002 A System to Specify and Manage Multipolicy Access Control Models

671 views • 29 slides
Working Set- -Based Access Control for Based Access Control for Working Set Network File

Working Set- -Based Access Control for Based Access Control for Working Set Network File

Working Set- -Based Access Control for Based Access Control for Working Set Network File Systems Network File Systems Stephen Smaldone, Vinod Ganapathy, and Liviu Iftode DiscoLab - Department of Computer Science Rutgers, The State University

667 views • 23 slides
Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions Protection objects : system resources for which protection is

576 views • 21 slides
Meta Queries Workshop Scott Joyce Advanced Meta Queries Which table do I use? How do I

Meta Queries Workshop Scott Joyce Advanced Meta Queries Which table do I use? How do I

Meta Queries Workshop Scott Joyce Advanced Meta Queries Which table do I use? How do I link two or more tables? Tips and Tricks New Features 2 Reference Guides & Standard Tables Keystone has delivered several standard

603 views • 44 slides
Bayesian Meta-Learning CS 330 1 Logistics Homework 2 due next Wednesday. Project proposal due in

Bayesian Meta-Learning CS 330 1 Logistics Homework 2 due next Wednesday. Project proposal due in

Bayesian Meta-Learning CS 330 1 Logistics Homework 2 due next Wednesday. Project proposal due in two weeks . Poster presentation: Tues 12/3 at 1:30 pm . 2 Disclaimers Bayesian meta-learning is an ac#ve area of research (like most of the

622 views • 33 slides
Meta Reinforcement Learning Kate Rakelly 11/13/19 Questions we seek to answer Motivation : What

Meta Reinforcement Learning Kate Rakelly 11/13/19 Questions we seek to answer Motivation : What

Meta Reinforcement Learning Kate Rakelly 11/13/19 Questions we seek to answer Motivation : What problem is meta-RL trying to solve? Context : What is the connection to other problems in RL? Solutions : What are solution methods for meta-RL and

787 views • 52 slides
Recruit itment Messagin ing: From analy lysis to desig ign Jonathan Schreiner American

Recruit itment Messagin ing: From analy lysis to desig ign Jonathan Schreiner American

Redesignin ing th the Americ ican Community Survey Recruit itment Messagin ing: From analy lysis to desig ign Jonathan Schreiner American Community Survey Office, U.S. Census Bureau DC-AAPOR/WSS Review-Preview Summer Conference June 12,

581 views • 44 slides
Towards Proximity Graph Auto-Configuration: an Approach Based on Meta-learning Rafael S. Oyamada,

Towards Proximity Graph Auto-Configuration: an Approach Based on Meta-learning Rafael S. Oyamada,

Towards Proximity Graph Auto-Configuration: an Approach Based on Meta-learning Rafael S. Oyamada, Larissa C. Shimomura, Sylvio Barbon Junior, and Daniel S. Kaster. Summary Introduction and Concepts Similarity Searches Proximity

283 views • 26 slides
Stacking for supervised learning Stacking for supervised learning Niall Rooney, NIKEL,

Stacking for supervised learning Stacking for supervised learning Niall Rooney, NIKEL,

Stacking for supervised learning Stacking for supervised learning Niall Rooney, NIKEL, University of Ulster 1 Ensemble learning Ensemble learning l Postulate multiple hypotheses to explain the data l Shortcomings of single model learning

681 views • 19 slides
Improving Cross-Validation Classifier Selection Accuracy through Meta- learning Jesse H. Krijthe

Improving Cross-Validation Classifier Selection Accuracy through Meta- learning Jesse H. Krijthe

Improving Cross-Validation Classifier Selection Accuracy through Meta- learning Jesse H. Krijthe Jesse H. Krijthe, Tin Kam Ho, Marco Loog Classifier Selection Problem Classifiers Classification problem D QDA Classification problem SVM 4 LDA

555 views • 22 slides
A toolkit for metainferential logics David Ripley Monash University http://davewripley.rocks

A toolkit for metainferential logics David Ripley Monash University http://davewripley.rocks

A toolkit for metainferential logics David Ripley Monash University http://davewripley.rocks Introduction Introduction Whats up? Some exciting recent work in higher metainferences: BPS A hierarchy (Meta)inferential

1.37k views • 82 slides

More recommend