semantic attribute based access control
play

Semantic Attribute-Based Access Control An overview of the existing - PowerPoint PPT Presentation

Dec 07, 2023 •422 likes •1.17k views

Semantic Attribute-Based Access Control An overview of the existing approaches Hamed Arshad Department of Informatics University of Oslo March 2018 Hamed Arshad (UiO) SABAC March 2018 1 / 25 Table of Contents Introduction 1

  1. Semantic Attribute-Based Access Control An overview of the existing approaches Hamed Arshad Department of Informatics University of Oslo March 2018 Hamed Arshad (UiO) SABAC March 2018 1 / 25

  2. Table of Contents Introduction 1 Attribute-Based Access Control (ABAC) 2 Semantic-Based Access Control (SBAC) 3 Semantic Attribute-Based Access Control (SABAC) 4 Hamed Arshad (UiO) SABAC March 2018 2 / 25

  3. Table of Contents Introduction 1 Attribute-Based Access Control (ABAC) 2 Semantic-Based Access Control (SBAC) 3 Semantic Attribute-Based Access Control (SABAC) 4 Hamed Arshad (UiO) SABAC March 2018 3 / 25

  4. Introduction Access control : restricting access for computer resources, especially in multi-user and data sharing settings Hamed Arshad (UiO) SABAC March 2018 4 / 25

  5. Introduction Access control : restricting access for computer resources, especially in multi-user and data sharing settings Authentication vs Access control Hamed Arshad (UiO) SABAC March 2018 4 / 25

  6. Introduction Access control : restricting access for computer resources, especially in multi-user and data sharing settings Authentication vs Access control Authentication : Who goes there? Hamed Arshad (UiO) SABAC March 2018 4 / 25

  7. Introduction Access control : restricting access for computer resources, especially in multi-user and data sharing settings Authentication vs Access control Authentication : Who goes there? Restrictions on who (or what) can access the system Hamed Arshad (UiO) SABAC March 2018 4 / 25

  8. Introduction Access control : restricting access for computer resources, especially in multi-user and data sharing settings Authentication vs Access control Authentication : Who goes there? Restrictions on who (or what) can access the system Access control : Are you allowed to do that? Hamed Arshad (UiO) SABAC March 2018 4 / 25

  9. Introduction Access control : restricting access for computer resources, especially in multi-user and data sharing settings Authentication vs Access control Authentication : Who goes there? Restrictions on who (or what) can access the system Access control : Are you allowed to do that? Restrictions on actions of authenticated users Hamed Arshad (UiO) SABAC March 2018 4 / 25

  10. Introduction Access control : restricting access for computer resources, especially in multi-user and data sharing settings Authentication vs Access control Authentication : Who goes there? Restrictions on who (or what) can access the system Access control : Are you allowed to do that? Restrictions on actions of authenticated users Access control enforced by Hamed Arshad (UiO) SABAC March 2018 4 / 25

  11. Introduction Access control : restricting access for computer resources, especially in multi-user and data sharing settings Authentication vs Access control Authentication : Who goes there? Restrictions on who (or what) can access the system Access control : Are you allowed to do that? Restrictions on actions of authenticated users Access control enforced by Access Control Lists Capabilities ... Hamed Arshad (UiO) SABAC March 2018 4 / 25

  12. Table of Contents Introduction 1 Attribute-Based Access Control (ABAC) 2 Semantic-Based Access Control (SBAC) 3 Semantic Attribute-Based Access Control (SABAC) 4 Hamed Arshad (UiO) SABAC March 2018 5 / 25

  13. Attribute-Based Access Control (ABAC) ABAC a successor of RBAC Hamed Arshad (UiO) SABAC March 2018 6 / 25

  14. Attribute-Based Access Control (ABAC) ABAC a successor of RBAC control based on the entities attributes Hamed Arshad (UiO) SABAC March 2018 6 / 25

  15. Attribute-Based Access Control (ABAC) ABAC a successor of RBAC control based on the entities attributes A set of attributes in ABAC Hamed Arshad (UiO) SABAC March 2018 6 / 25

  16. Attribute-Based Access Control (ABAC) ABAC a successor of RBAC control based on the entities attributes A set of attributes in ABAC the same as a role in RBAC Hamed Arshad (UiO) SABAC March 2018 6 / 25

  17. Attribute-Based Access Control (ABAC) ABAC a successor of RBAC control based on the entities attributes A set of attributes in ABAC the same as a role in RBAC The XACML standard Hamed Arshad (UiO) SABAC March 2018 6 / 25

  18. Attribute-Based Access Control (ABAC) ABAC a successor of RBAC control based on the entities attributes A set of attributes in ABAC the same as a role in RBAC The XACML standard a policy language, which is sufficiently fine-grained and declarative Hamed Arshad (UiO) SABAC March 2018 6 / 25

  19. Attribute-Based Access Control (ABAC) ABAC a successor of RBAC control based on the entities attributes A set of attributes in ABAC the same as a role in RBAC The XACML standard a policy language, which is sufficiently fine-grained and declarative as well as an architecture for ABAC Hamed Arshad (UiO) SABAC March 2018 6 / 25

  20. Attribute-Based Access Control (ABAC) Hamed Arshad (UiO) SABAC March 2018 7 / 25

  21. Attribute-Based Access Control (ABAC) Hamed Arshad (UiO) SABAC March 2018 7 / 25

  22. Attribute-Based Access Control (ABAC) Hamed Arshad (UiO) SABAC March 2018 7 / 25

  23. Attribute-Based Access Control (ABAC) Hamed Arshad (UiO) SABAC March 2018 7 / 25

  24. Attribute-Based Access Control (ABAC) Hamed Arshad (UiO) SABAC March 2018 7 / 25

  25. Attribute-Based Access Control (ABAC) Hamed Arshad (UiO) SABAC March 2018 7 / 25

  26. Attribute-Based Access Control (ABAC) Hamed Arshad (UiO) SABAC March 2018 8 / 25

  27. Attribute-Based Access Control (ABAC) Hamed Arshad (UiO) SABAC March 2018 8 / 25

  28. Attribute-Based Access Control (ABAC) ABAC is supposed to be a proper solution in open and distributed systems Hamed Arshad (UiO) SABAC March 2018 9 / 25

  29. Attribute-Based Access Control (ABAC) ABAC is supposed to be a proper solution in open and distributed systems Heterogeneous systems = mismatch between attributes Hamed Arshad (UiO) SABAC March 2018 9 / 25

  30. Attribute-Based Access Control (ABAC) ABAC is supposed to be a proper solution in open and distributed systems Heterogeneous systems = mismatch between attributes Example An e-healthcare system may represent adult patients with an attribute “Adult” Hamed Arshad (UiO) SABAC March 2018 9 / 25

  31. Attribute-Based Access Control (ABAC) ABAC is supposed to be a proper solution in open and distributed systems Heterogeneous systems = mismatch between attributes Example An e-healthcare system may represent adult patients with an attribute “Adult” Patients may try to prove using “hasDriverLicense” or “age” Hamed Arshad (UiO) SABAC March 2018 9 / 25

  32. Attribute-Based Access Control (ABAC) ABAC is supposed to be a proper solution in open and distributed systems Heterogeneous systems = mismatch between attributes Example An e-healthcare system may represent adult patients with an attribute “Adult” Patients may try to prove using “hasDriverLicense” or “age” Considering all the possible synonyms (semantically) of each attribute Hamed Arshad (UiO) SABAC March 2018 9 / 25

  33. Attribute-Based Access Control (ABAC) ABAC is supposed to be a proper solution in open and distributed systems Heterogeneous systems = mismatch between attributes Example An e-healthcare system may represent adult patients with an attribute “Adult” Patients may try to prove using “hasDriverLicense” or “age” Considering all the possible synonyms (semantically) of each attribute defining several policies or one general policy Hamed Arshad (UiO) SABAC March 2018 9 / 25

  34. Attribute-Based Access Control (ABAC) ABAC is supposed to be a proper solution in open and distributed systems Heterogeneous systems = mismatch between attributes Example An e-healthcare system may represent adult patients with an attribute “Adult” Patients may try to prove using “hasDriverLicense” or “age” Considering all the possible synonyms (semantically) of each attribute defining several policies or one general policy A change in the policy Hamed Arshad (UiO) SABAC March 2018 9 / 25

  35. Attribute-Based Access Control (ABAC) ABAC is supposed to be a proper solution in open and distributed systems Heterogeneous systems = mismatch between attributes Example An e-healthcare system may represent adult patients with an attribute “Adult” Patients may try to prove using “hasDriverLicense” or “age” Considering all the possible synonyms (semantically) of each attribute defining several policies or one general policy A change in the policy a large number of manual work Hamed Arshad (UiO) SABAC March 2018 9 / 25

  36. Attribute-Based Access Control (ABAC) ABAC is supposed to be a proper solution in open and distributed systems Heterogeneous systems = mismatch between attributes Example An e-healthcare system may represent adult patients with an attribute “Adult” Patients may try to prove using “hasDriverLicense” or “age” Considering all the possible synonyms (semantically) of each attribute defining several policies or one general policy A change in the policy a large number of manual work ABAC needs to be extended Hamed Arshad (UiO) SABAC March 2018 9 / 25

  37. Table of Contents Introduction 1 Attribute-Based Access Control (ABAC) 2 Semantic-Based Access Control (SBAC) 3 Semantic Attribute-Based Access Control (SABAC) 4 Hamed Arshad (UiO) SABAC March 2018 10 / 25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Strategies for Incorporating Delegation into Attribute-Based Access Control (ABAC) Sylvia L.

Strategies for Incorporating Delegation into Attribute-Based Access Control (ABAC) Sylvia L.

Strategies for Incorporating Delegation into Attribute-Based Access Control (ABAC) Sylvia L. Osborn Daniel Servos sylvia@csd.uwo.ca dservos5@uwo.ca Department of Computer Science The 9th International Symposium on Foundations & Practice

1.05k views • 75 slides
Development and deployment of integrated attribute based access control for collaboration

Development and deployment of integrated attribute based access control for collaboration

Development and deployment of integrated attribute based access control for collaboration Collaborations and Virtual Organizations IdM is a critical dimension of collaboration, crossing many applications and user communities Virtual

368 views • 13 slides
HGABAC: Towards a Formal Model of Hierarchical Attribute-Based Access Control Sylvia L. Osborn

HGABAC: Towards a Formal Model of Hierarchical Attribute-Based Access Control Sylvia L. Osborn

HGABAC: Towards a Formal Model of Hierarchical Attribute-Based Access Control Sylvia L. Osborn Daniel Servos sylvia@csd.uwo.ca dservos5@uwo.ca Department of Computer Science The 7th International Symposium on Foundations & Practice of

1.05k views • 49 slides
Incorporating Off-Line Attribute Delegation into Hierarchical Group and Attribute-Based Access

Incorporating Off-Line Attribute Delegation into Hierarchical Group and Attribute-Based Access

Incorporating Off-Line Attribute Delegation into Hierarchical Group and Attribute-Based Access Control Daniel Servos Michael Bauer Western University Western University London, Ontario London, Ontario dservos5@uwo.ca bauer@uwo.ca November

511 views • 34 slides
Current Research and Open Problems in Attribute-Based Access Control Daniel Servos

Current Research and Open Problems in Attribute-Based Access Control Daniel Servos

Current Research and Open Problems in Attribute-Based Access Control Daniel Servos dservos5@uwo.ca Department of Computer Science Topics Survey/Proposal Daniel Servos TSP: ABAC February 10th 1 / 31 1. Talk Outline Outline 1 Background

1.23k views • 90 slides
Attribute-based Access Control Architectures with the eIDAS Protocols 21. SSR 2016 Frank

Attribute-based Access Control Architectures with the eIDAS Protocols 21. SSR 2016 Frank

Attribute-based Access Control Architectures with the eIDAS Protocols 21. SSR 2016 Frank Morgner (Bundesdruckerei) Paul Bastian (Bundesdruckerei) Marc Fischlin (TU Darmstadt) 13. Oktober 2010 | Dr.Marc Fischlin | Kryptosicherheit | 1

404 views • 22 slides
Semantic security framework and context- aware role-based access control ontology for Smart

Semantic security framework and context- aware role-based access control ontology for Smart

Semantic security framework and context- aware role-based access control ontology for Smart Spaces Semantic Big Data Workshop, ACM SIGMOD 2016 Conference 2016, San Francisco, California, July 1st 2016 Shohreh Hosseinzadeh, Natalia

240 views • 19 slides
PERMIS Role-Based Access Control Example System Presenter: Haiyan Cheng CS 6204, Spring 2005 1

PERMIS Role-Based Access Control Example System Presenter: Haiyan Cheng CS 6204, Spring 2005 1

PERMIS Role-Based Access Control Example System Presenter: Haiyan Cheng CS 6204, Spring 2005 1 PERMIS Review A role-based access control infrastructure Uses X.509 attribute certificate (AC) to store users roles All access

397 views • 8 slides
Why attribute-based signatures? The kind of authentication required in an attribute-based system

Why attribute-based signatures? The kind of authentication required in an attribute-based system

Attribute-Based Signatures Hemanta K. Maji Manoj Prabhakaran Mike Rosulek November 22, 2010 Abstract We introduce Attribute-Based Signatures (ABS) , a versatile primitive that allows a party to sign a message with fine-grained

864 views • 35 slides
Attribute Grammars Wilhelm/Seidl/Hack: Compiler Design, Syntactic and Semantic Analysis

Attribute Grammars Wilhelm/Seidl/Hack: Compiler Design, Syntactic and Semantic Analysis

Attribute Grammars Attribute Grammars Wilhelm/Seidl/Hack: Compiler Design, Syntactic and Semantic Analysis Reinhard Wilhelm Universitt des Saarlandes wilhelm@cs.uni-saarland.de 5. November 2013 Attribute Grammars Attribute

369 views • 22 slides
Working Set- -Based Access Control for Based Access Control for Working Set Network File

Working Set- -Based Access Control for Based Access Control for Working Set Network File

Working Set- -Based Access Control for Based Access Control for Working Set Network File Systems Network File Systems Stephen Smaldone, Vinod Ganapathy, and Liviu Iftode DiscoLab - Department of Computer Science Rutgers, The State University

667 views • 23 slides
Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions Protection objects : system resources for which protection is

576 views • 21 slides
Enumerated Authorization Policy Prosunjit Biswas, Ravi Sandhu and Ram Krishnan University of

Enumerated Authorization Policy Prosunjit Biswas, Ravi Sandhu and Ram Krishnan University of

Institute for Cyber Security Label-Based Access Control: An ABAC Model with Enumerated Authorization Policy Prosunjit Biswas, Ravi Sandhu and Ram Krishnan University of Texas at San Antonio 1 st Workshop on Attribute Based Access Control (ABAC

469 views • 26 slides
Access Control Enforcement Access Control Enforcement for Conversation- -based based for

Access Control Enforcement Access Control Enforcement for Conversation- -based based for

The Cyber Center The Cyber Center Access Control Enforcement Access Control Enforcement for Conversation- -based based for Conversation Web Services Web Services Massimo Mecella * Mourad Ouzzani Univ. Roma LA SAPIENZA, Italy Purdue

375 views • 26 slides
Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of Access Control Discretionary acces control Mandatory access control Real systems: Unix Access Control Model Access control Access

817 views • 47 slides
Attribute Dependencies Wilhelm/Seidl/Hack: Compiler Design, Syntactic and Semantic Analysis

Attribute Dependencies Wilhelm/Seidl/Hack: Compiler Design, Syntactic and Semantic Analysis

Attribute Dependencies Attribute Dependencies Wilhelm/Seidl/Hack: Compiler Design, Syntactic and Semantic Analysis Reinhard Wilhelm Universitt des Saarlandes wilhelm@cs.uni-saarland.de 14. November 2013 Attribute Dependencies

879 views • 38 slides
Resilience in Ni Nigeri ria Egina FPSO Challenging Markets AGM Presentation 21 st April

Resilience in Ni Nigeri ria Egina FPSO Challenging Markets AGM Presentation 21 st April

Resilience in Ni Nigeri ria Egina FPSO Challenging Markets AGM Presentation 21 st April 2020 A Lundin Group Company AOI TSX and Nasdaq Stockholm Kenya firs rst oil cargo South th Afric rica Deeps psea Stavang nger r rig

527 views • 19 slides
Streamlining the Development of Priority Product Profiles Green Belt: Simona Balan Project

Streamlining the Development of Priority Product Profiles Green Belt: Simona Balan Project

Streamlining the Development of Priority Product Profiles Green Belt: Simona Balan Project Champion: Andr Algazi Executive Sponsor: Meredith Williams Team: Daphne Molin, Christine Papagni, Diana Phelps, Minoo Safai- Amini, Vivek Mathrani, Lynn

700 views • 32 slides
Presenter: Shervin Amini Motivation Indoor localization of consumer mobile devices

Presenter: Shervin Amini Motivation Indoor localization of consumer mobile devices

Presenter: Shervin Amini Motivation Indoor localization of consumer mobile devices Previous works focuses on accuracy of the localization Less work on scalability and energy consumption Challenge: accuracy and energy consumption

463 views • 14 slides
Learning Steering for Parallel Autonomy: Handling Ambiguity in End-to-End Driving Alexander Amini

Learning Steering for Parallel Autonomy: Handling Ambiguity in End-to-End Driving Alexander Amini

Learning Steering for Parallel Autonomy: Handling Ambiguity in End-to-End Driving Alexander Amini Learning Steering for Parallel Autonomy Alexander Amini Motivation Autonomous systems need the ability to handle a wide range of scenarios

590 views • 57 slides
Revolutionizing the Field of Grey-box Attack Surface Testing with Evolutionary Fuzzing Jared

Revolutionizing the Field of Grey-box Attack Surface Testing with Evolutionary Fuzzing Jared

Revolutionizing the Field of Grey-box Attack Surface Testing with Evolutionary Fuzzing Jared DeMott Dr. Richard Enbody @msu.edu Dr. William Punch Black Hat 2007 www.vdalabs.com VDA Labs, LLC Agenda Goals and previous works (1)

683 views • 54 slides
Global Open Sidewalks Nick Bolten & Anat Caspi 2016-08-15 Hello! I am Nick Bolten I live

Global Open Sidewalks Nick Bolten & Anat Caspi 2016-08-15 Hello! I am Nick Bolten I live

AccessMap and Global Open Sidewalks Nick Bolten & Anat Caspi 2016-08-15 Hello! I am Nick Bolten I live a double life: </> Im a PhD researcher in synbio I work on AccessMap / OpenSidewalks Hello! I am Anat Caspi I

897 views • 47 slides
Filter Bank Multitone: A Physical Layer Candidate for Cognitive Radios P. Amini, R. Kempter, R.R.

Filter Bank Multitone: A Physical Layer Candidate for Cognitive Radios P. Amini, R. Kempter, R.R.

Filter Bank Multitone: A Physical Layer Candidate for Cognitive Radios P. Amini, R. Kempter, R.R. Chen, L. Lin, B. Farhang-Boroujeny Outline 1) Cognitive Radio Definition What has already been proposed? 2) Channel Sensing/Spectrum

650 views • 27 slides
A Half Cycle Negative Sequence Differential Protection for Synchronous Generator A. Doorwar,

A Half Cycle Negative Sequence Differential Protection for Synchronous Generator A. Doorwar,

Paper Session 1: Power System Protection Thursday, Feb. 7, 9:45 AM - 10:45 AM, MSC 2404 A Half Cycle Negative Sequence Differential Protection for Synchronous Generator A. Doorwar, B. Bhalja Current - only Directional Overcurrent Protection

498 views • 7 slides

More recommend