Context-based Access Control - PowerPoint PPT Presentation

About This Presentation
Title:

Context-based Access Control

Description:

Context-based Access Control A. Corradi, R. Montanari & D. Tibaldi, Context-Based Access Control Management in Ubiquitous Environments , Network Computing and ... – PowerPoint PPT presentation

Number of Views:179
Avg rating:3.0/5.0
Slides: 23
Provided by: cseFauEd
Learn more at: https://www.cse.fau.edu
Category:

less

Transcript and Presenter's Notes

Title: Context-based Access Control


1
Context-based Access Control
  • A. Corradi, R. Montanari D. Tibaldi,
    Context-Based Access Control Management in
    Ubiquitous Environments, Network Computing and
    Applications, Third IEEE International Symposium
    on (NCA'04), August 30 - September 01, 2004,
    Boston, MA.

A review by A. Escobar Dr. Maria
Petrie Department of Computer Science Florida
Atlantic University March 31st , 2005
2
Context-based Access Control
  • Traditional RBAC not applicable.
  • Service providers do NOT know in advance the
    identities/roles of all subjects.
  • Users could be unknown entities.

- RBAC model taken from Fer04
3
Context-based Access Control
  • Context-based AC (CBAC).
  • As with role, context provides a level of
    indirection between users and permissions.

4
Security Framework
  • Corradis Contribution
  • Allows flexible solutions for CBAC.
  • Defines 3 views
  • Desired View Resources that a user is willing
    to access.
  • Allowed View Accessible Resources depending on
    context-dependent AC Policies.
  • Active-Context View Desired View n Allowed
    View.
  • Supports Privacy of user context information.

Sys. Allowed View
Allowed View
Desired View
Active-Context View
5
Context Model
  • Corradis Contribution
  • Physical Context
  • Identify physical spaces.
  • There is only one per user.
  • Holds references to the protected resources.
  • Logical Context
  • Identify logical states of users and resources.
  • Many per user/resource.

Not UML and taken From Cor04
6
Context Model
  • Our Contribution
  • UML representation of Corradis Context Model.

in
User


Logical_Context
Location_Context
User may only be in 1 Location_Context at a
time
7
Physical Context
Corradis Framework for Physical Context
Our UML interpretation
Physical_Context name Cinema type Physical
activation_condGeoCoordinate.IsEqual(Area.GetInf
o) activate( ) deactivate ( )
8
Logical Context
Corradis Framework for Logical Context
Our UML interpretation
9
Resource
Corradis Framework for Resource
Our UML interpretation
10
Context Model
  • Our Contribution
  • UML representation of Corradis Context Model.

11
Security Model
  • Corradis Contribution
  • Allow System Administrators and Users specify
    their own policies.
  • Introduces Metadata
  • User/Device/Resource Profiles (Security logic).
  • Access Control Policies (Security control).
  • Allowing separation between security logic and
    security control.

Not UML and taken From Cor04
12
Profiles
  • User Profile
  • Properties
  • Desired View
  • Desired Objects.
  • Desired Actions to be performed on Desired
    Objects.
  • Context Conditions to perform the Desired
    Actions.
  • Device Profile Dont know the substructure.
  • Resource Profile Dont know the substructure.

13
A User Profile
14
Profiles
  • Our Contribution
  • UML representation of Corradis Profile.

15
Security Model
  • Our Contribution
  • UML representation of Corradis Security Model.

1

Devi ce
16
Access Control Policies
  • Association rules between set of permissions and
    set of contexts.
  • Simple Association ( One permission to One
    Context)
  • And, Or Dependence Associations (One permission
    to many Contexts)
  • System Level.
  • Administrator defines permissions.
  • Protect system resources
  • User Level.
  • User defines permissions.
  • Protect user privacy.

17
Permission
Corradis Permission
Our UML interpretation
18
Context-Based Access Control Policies
19


1

Device
20
MBAC Pattern
MBAC pattern taken from Fer04
21
MBAC Pattern
Not mapped yet Device Device Profile
CBAC Policy
1..
protects
ltltresourcegtgt
1..
ltltusergtgt
Context
Subject
Object
physical
target


1
AttributeValue
PropertyValue
ltltpermissiongtgt
value
value


1
1
ltltuser_profile gtgt
ltltpropertygtgt
ltltresource_profile gtgt
ltltpropertygtgt


Subject
Descriptor
Attribute
Property
Object
Descriptor
isAuthorized
For
1
1


ltltdesired_view gtgt
ltltdesired_view gtgt
Property
Qualifier
Attribute
Qualifier


operator
operator
value
value
MBAC pattern taken from Fer04
22
References
  • Boo98 G. Booch, J. Rumbaugh, I. Jacobson The
    Unified Modeling Language User Guide,
    Addison-Wesley Pub Co 1st edition (September 30,
    1998).
  • Cor04 A. Corradi, R. Montanari, D. Tibaldi,
    Context-Based Access Control Management in
    Ubiquitous Environments, Network Computing and
    Applications, Third IEEE International Symposium
    on (NCA'04), August 30 - September 01, 2004,
    Boston, MA.
  • DeC03 S. DeCapitani di Vimercati, S.
    Paraboschi, P. Samarati Access
    control principles and solutions, ACM
    SoftwarePractice Experience, John Wiley
    Sons, 33 (5)397-421, April 2003.
  • Fer04 T. Priebe, E.B.Fernandez, J.I.Mehlau, and
    G. Pernul, A Pattern System for Access Control
    Procs. of  the 18th. Annual IFIP WG 11.3 Working
    Conference on Data and Applications Security,
    Sitges, Spain, July 2004, 235-249.
  • San96 R. Sandhu, E. Coyne, H. Feinstein, C.
    Youman "Role-Based Access Control models", IEEE
    Computer , 29(2)38-47, February 1996.
  • San94 R. Sandhu, P. Samarati, Access Control
    Principles and Practice, IEEE Communications
    Magazine (1994, 40-48).
Write a Comment
User Comments (0)
About PowerShow.com