route based authorization and discovery for personal data
play

Route-based Authorization and Discovery for Personal Data EuroDW - PowerPoint PPT Presentation

Dec 26, 2022 •152 likes •293 views

Route-based Authorization and Discovery for Personal Data EuroDW 2017 Yousef Amar 2017-04-23 Research Context The Databox Platform Research Context The Databox Platform Databox Databox Sensors & Dash- Manager Actuators board User

  1. Route-based Authorization and Discovery for Personal Data EuroDW 2017 Yousef Amar 2017-04-23

  2. Research Context The Databox Platform

  3. Research Context The Databox Platform Databox Databox Sensors & Dash- Manager Actuators board User Collects Driver App Arbiter Permission IoT Records App Devices Store Points to Hypercat Actuates Driver Catalog Publish to Social Collects Driver Requests App Pushes to Emits Export 3rd Media Parties

  4. Research Context The Databox Platform Databox Databox Sensors & Dash- Manager Actuators board User Collects Driver App Arbiter Permission IoT Records App Devices Store Points to Hypercat Actuates Driver Catalog Publish to Social Collects Driver Requests App Pushes to Emits Export 3rd Media Parties How can we design safe, scalable access control systems with arbitrary restrictions in this context?

  5. Implementation The Route { ◮ Triad of target , path , and method "target": "smartphone -store", "path": "/ accelerometer /ts/latest", ◮ The container as a host "method": "POST" } ◮ RESTful APIs for all operations { ◮ Direct mapping of HTTP methods to "target": "smartphone -store", CRUD functions "path": "/( sub|unsub)/gps /*", "method": "GET" ◮ Per-route granular permissions }

  6. Implementation Delegated Authorization ◮ Google Research: Macaroons ◮ A standard similar to signed cookies ◮ Can be attenuated by “caveats” ◮ Embedded permissions ◮ Minting and verification can be separated through shared secret keys target = smartphone -store path = /( sub|unsub)/gps /* method = GET time < 1489405851417 target = smartphone -store path = /light/ts/range method = GET startTimestamp >= 1489405234352 endTimestamp <= 1489405259525

  7. Implementation Resource Discovery ◮ API for describing APIs ◮ Directory servers ◮ Many competing standards ◮ Resource Description Framework (RDF) ◮ Web Application Description Language (WADL) ◮ Web Services Description Language (WSDL) ◮ eXtensible Resource Descriptor (XRD) ◮ Subject-predicate-object style pervalent ◮ Different formats and applications — XML for REST, SOAP, OpenID

  8. Implementation Resource Discovery { "catalogue -metadata": [ { "rel": "urn:X-hypercat:rels: isContentType ", ◮ Hypercat: Recently joined BSI Group "val": " application /vnd.hypercat.catalogue+json" } , { "rel": "urn:X-hypercat:rels: hasDescription :en", ◮ IoT-first specification design "val": "A Databox Store" } ], ◮ JSON/REST over XML/SOAP "items": [ { "href": "http://some -store/light", ◮ Only cataloguing; ontologies and "item -metadata": [ { "rel": "urn:X-hypercat:rels: hasDescription :en", authorisation extensible "val": "Light Datasource " } , { "rel": "urn:X-databox:rels:hasVendor", ◮ Discoverability vs accessibility "val": "Databox Inc ." } , { ◮ Catalogues can be nested, allowing "rel": "urn:X-databox:rels:isActuator ", "val": false decentralisation and distribution } ] } ] }

  9. Implementation The Arbiter Databox Databox Sensors & Dash- Manager Actuators board User Collects Driver App Arbiter Permission IoT Records App Devices Store Points to Hypercat Actuates Driver Catalog Publish to Social Collects Driver Requests App Pushes to Emits Export 3rd Media Parties

  10. Implementation Transcription of Permissions 1. Drivers/apps come packaged with a manifest { ◮ Contain image metadata "name": "app", ◮ Enumerate granular permissions for sources, "author": "amar", " permissions ": [ concurrency, external access, and hardware { 2. Users generate a Service-level Ageement (SLA) "source": "twitter" "required": true 3. The arbiter records granted permissions } , { 4. Tokens are minted based on these "source": "gps" } , {} , {} ] } Manifest SLA Token

  11. Evaluation Scalability ● 200 ● ● ● ● ● ● ● ● 150 Inserts/s 100 ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● 50 ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● 0 ● ● ● ● ● ● ● ● ● ● ● ● ● 0 5 10 15 Stores Figure: Inserts/s over Stores under Maximum Load

  12. Evaluation Scalability Stores Launched 100 75 50 Experiment 25 With Arbiter Registration Without Arbiter Registration 0 0 50 100 150 Time (s) Figure: Stores Launched over Time

  13. Next Steps ◮ Arbiter token minting under load evaluation ◮ Performance vs security when modifying token expiry ◮ Many areas to research, e.g. watermarking ◮ Many example apps and drivers, with multipurpose datavis and transformation

  14. Thank you for your attention! Questions? More info: http://www.databoxproject.uk/ Contribute: https://github.com/me-box

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

OAuth 2.0 Authorization Server Discovery Metadata draft-ietf-oauth-discovery Mike Jones IETF

OAuth 2.0 Authorization Server Discovery Metadata draft-ietf-oauth-discovery Mike Jones IETF

* OAuth 2.0 Authorization Server Discovery Metadata draft-ietf-oauth-discovery Mike Jones IETF 95, Buenos Aires April 2016 1 Document Status Current draft addresses WGLC feedback See

423 views • 8 slides
Discovery of Personal Processes from Labeled Sensor Data An Application of Process Mining to

Discovery of Personal Processes from Labeled Sensor Data An Application of Process Mining to

Discovery of Personal Processes from Labeled Sensor Data An Application of Process Mining to Personalized Health Care Timo Sztyler, Johanna Vlker, Josep Carmona ATAED 2015 22.06.2015 Oliver Meier, Heiner Stuckenschmidt Motivation Health

298 views • 28 slides
For personal use only ASX: SER Australias next high-grade gold Discovery Competent Person

For personal use only ASX: SER Australias next high-grade gold Discovery Competent Person

Investor Presentation March 2020 For personal use only ASX: SER Australias next high-grade gold Discovery Competent Person Statements The information in this document that relates to Exploration Results is based on information compiled by

245 views • 9 slides
For personal use only ASX: SER Australias next high-grade gold Discovery Competent Person

For personal use only ASX: SER Australias next high-grade gold Discovery Competent Person

Investor Presentation June 2020 For personal use only ASX: SER Australias next high-grade gold Discovery Competent Person Statements The information in this document that relates to Exploration Results is based on information compiled by Mr

659 views • 11 slides
Route 147 and Route 11 Roadway Reconstruction Project PA Route 147 Section 110 US Route 11

Route 147 and Route 11 Roadway Reconstruction Project PA Route 147 Section 110 US Route 11

Route 147 and Route 11 Roadway Reconstruction Project PA Route 147 Section 110 US Route 11 Section 113 Northumberland County LARSON DESIGN GROUP, INC. DEPARTMENT OF TRANSPORTATION 715 JORDAN AVENUE 1000 COMMERCE PARK DRIVE, SUITE 201

661 views • 16 slides
Edge-based Discovery of Training Data for Machine Learning CMU authors Deep Learning Recipe

Edge-based Discovery of Training Data for Machine Learning CMU authors Deep Learning Recipe

CSci 8980 Edge-based Discovery of Training Data for Machine Learning CMU authors Deep Learning Recipe Collect a large amount of data and label it Select a model and train a DNN Deploy the DNN for inference Labelled Data Some

409 views • 14 slides
Route testing dialer Break through your data What is a dialer? The route testing dialer route

Route testing dialer Break through your data What is a dialer? The route testing dialer route

Route testing dialer Break through your data What is a dialer? The route testing dialer route testing dialer is a software module that lets you test quality of routes quality of routes provided by your vendors by automatically dialing

362 views • 10 slides
The importance of personal data protection Personal data are accessed and processed exponentially

The importance of personal data protection Personal data are accessed and processed exponentially

The importance of personal data protection Personal data are accessed and processed exponentially Abuse of personal data exploded Risk of data theft, piracy New Cambridge Analytica scandal almost every week Need to

293 views • 14 slides
Data Collection Pilot Update Carol Freedman, RPh, BCGP Prior Authorization Pilot Results

Data Collection Pilot Update Carol Freedman, RPh, BCGP Prior Authorization Pilot Results

Pharmacy Prior Authorization Data Collection Pilot Update Carol Freedman, RPh, BCGP Prior Authorization Pilot Results Prior authorization requests are not going away There is no Easy Button for this process Data collected

200 views • 8 slides
For personal use only ACN: 123 567 073 Presentation to Investors 12 June 2009 For personal use

For personal use only ACN: 123 567 073 Presentation to Investors 12 June 2009 For personal use

For personal use only ACN: 123 567 073 Presentation to Investors 12 June 2009 For personal use only For personal use only Increase Shareholder Value.. How: Discovery and/or acquisition under safe title of large &amp; highly profitable

571 views • 29 slides
Machine-Learning &amp; AI-based Approaches for GPCR Bioactive Ligand Discovery Sebastian Raschka,

Machine-Learning &amp; AI-based Approaches for GPCR Bioactive Ligand Discovery Sebastian Raschka,

Cambridge Healthtech Institute's 14th Annual GPCR-Based Drug Discovery Discovery on Target Conference September 19, 2019 | Boston, MA https://www.discoveryontarget.com/GPCR-drug-discovery Machine-Learning &amp; AI-based Approaches for GPCR

411 views • 38 slides
CSE 510 Web Data Engineering Access Control Authentication &amp; Authorization UB CSE 510 Web

CSE 510 Web Data Engineering Access Control Authentication &amp; Authorization UB CSE 510 Web

CSE 510 Web Data Engineering Access Control Authentication &amp; Authorization UB CSE 510 Web Data Engineering Access Control Mechanisms Declarative Authorization using Realms The expression of app security external to the app

540 views • 26 slides
For personal use only ACN: 123 567 073 Presentation to Investors 5 August 2009 For personal

For personal use only ACN: 123 567 073 Presentation to Investors 5 August 2009 For personal

For personal use only ACN: 123 567 073 Presentation to Investors 5 August 2009 For personal use only For personal use only Increase Shareholder Value.. How: Discovery and/or acquisition under safe title of large &amp; highly

733 views • 30 slides
Authorization the permission or power given to sb to do sth: enter a security area without

Authorization the permission or power given to sb to do sth: enter a security area without

Authorization the permission or power given to sb to do sth: enter a security area without authorization Authorization in Oxford Advanced Learner's Dictionary Object-oriented Databases authorization is the concept of allowing

70 views • 6 slides
ROUTE CHOICE Dr. Randa Oqab Mujalli Route choice User Equilibrium The rule of choice

ROUTE CHOICE Dr. Randa Oqab Mujalli Route choice User Equilibrium The rule of choice

ROUTE CHOICE Dr. Randa Oqab Mujalli Route choice User Equilibrium The rule of choice underlying user equilibrium is that travelers will select a route so as to minimize their personal travel time between the origin and destination. User

274 views • 14 slides
Handling hybrid and missing data in constraint-based causal discovery to study the etiology of

Handling hybrid and missing data in constraint-based causal discovery to study the etiology of

Handling hybrid and missing data in constraint-based causal discovery to study the etiology of ADHD Elena Sokolova, Daniel von Rhein, Jilly Naaijen, Perry Groot, Tom Claassen, Jan Buitelaar and Tom Heskes Radboud University, Nijmegen The

532 views • 30 slides
Live Case Competition FALL KICKOFF WEBINAR POWERED BY: 1 X AGENDA 12:00 - 12:10 CapSource

Live Case Competition FALL KICKOFF WEBINAR POWERED BY: 1 X AGENDA 12:00 - 12:10 CapSource

Live Case Competition FALL KICKOFF WEBINAR POWERED BY: 1 X AGENDA 12:00 - 12:10 CapSource &amp; IACBE Introductions 12:10 - 12:20 About the Competition 12:20 - 12:40 Overview of DoorDash and Live Case: Propose a Go-to-Market Strategy for

689 views • 39 slides
Dune computing Workshop Cdric Serfon Cedric.Serfon@cern.ch On behalf of the Rucio team Rucio

Dune computing Workshop Cdric Serfon Cedric.Serfon@cern.ch On behalf of the Rucio team Rucio

Dune computing Workshop Cdric Serfon Cedric.Serfon@cern.ch On behalf of the Rucio team Rucio in a nutshell (1) Rucio is a Distributed Data Management system built initially for the ATLAS experiment It allows to federate the data

549 views • 13 slides
Habilitation Diriger des Recherches High-level Models for Embedded Systems Matthieu Moy

Habilitation Diriger des Recherches High-level Models for Embedded Systems Matthieu Moy

Introduction TLM RTC Abstract Interpretation Conclusion Habilitation Diriger des Recherches High-level Models for Embedded Systems Matthieu Moy Verimag (Grenoble INP) Grenoble, France March 13 th 2014 Jury: Grard Berry Professeur au

1.67k views • 151 slides
Welcome to our webinar This session will begin shortly Your questions please? (if you dont

Welcome to our webinar This session will begin shortly Your questions please? (if you dont

Welcome to our webinar This session will begin shortly Your questions please? (if you dont see the control panel, click on the orange arrow icon to expand it) Please enter your questions in the text box of the webinar control panel

282 views • 26 slides
EF432 Introduction to spagetti and meatballs CSC 418/2504: Computer Graphics Course web site

EF432 Introduction to spagetti and meatballs CSC 418/2504: Computer Graphics Course web site

EF432 Introduction to spagetti and meatballs CSC 418/2504: Computer Graphics Course web site (includes course information sheet): http://www.dgp.toronto.edu/~karan/courses/418/fall2016 Instructors: L0101, W 12-2pm L0201, T 12-2pm Karan Singh

1.02k views • 46 slides
NC . . OTCQX: M ACE 1S 1ST Q UARTER 20 2019 19 I NVESTOR C ALL LL Gary Medved, President &amp;

NC . . OTCQX: M ACE 1S 1ST Q UARTER 20 2019 19 I NVESTOR C ALL LL Gary Medved, President &amp;

M ACE S ECURITY I NTERNATIONAL , I NC NC . . OTCQX: M ACE 1S 1ST Q UARTER 20 2019 19 I NVESTOR C ALL LL Gary Medved, President &amp; CEO Mark Barrus, SVP &amp; CFO 5/13/2019 1 F ORWARD L OOKING S TATEMENTS Certain statements, projected

383 views • 4 slides
M ACE S ECURITY I NTERNATIONAL , I NC . OTCQX: M ACE 2 ND Q UARTER 2019 I NVESTOR C ALL Gary

M ACE S ECURITY I NTERNATIONAL , I NC . OTCQX: M ACE 2 ND Q UARTER 2019 I NVESTOR C ALL Gary

M ACE S ECURITY I NTERNATIONAL , I NC . OTCQX: M ACE 2 ND Q UARTER 2019 I NVESTOR C ALL Gary Medved, President &amp; CEO Mark Barrus, SVP &amp; CFO 8/8/2019 1 F ORWARD L OOKING S TATEMENTS Certain statements, projected financial information,

362 views • 4 slides
Pattern Recognition Theory Lecture 12 : Correlation Filters Pattern Matching a How to match

Pattern Recognition Theory Lecture 12 : Correlation Filters Pattern Matching a How to match

Prof. Marios Savvides Pattern Recognition Theory Lecture 12 : Correlation Filters Pattern Matching a How to match two patterns? How do you locate where the pattern is in a long sequence of patterns? b Are these two patterns the

1.8k views • 62 slides

More recommend