Presentation is loading. Please wait.

Presentation is loading. Please wait.

COS 80011 Web Application Architectures Lecture 10 Access Control.

Similar presentations


Presentation on theme: "COS 80011 Web Application Architectures Lecture 10 Access Control."— Presentation transcript:

1 COS Web Application Architectures Lecture 10 Access Control

2 © Swinburne University of Technology 2 What is Access Control? Access Control Matrix and Access Control List Role-Based Access Control  User-Role Assignment  Role-Permission Assignment Attribute-Based Access Control Context-Aware Access Control  Context-Aware User-Role Assignment  Context-Aware Role-Permission Assignment Outline

3 © Swinburne University of Technology 3 What is Access Control? Access Control Matrix and Access Control List Role-Based Access Control  User-Role Assignment  Role-Permission Assignment Attribute-Based Access Control Context-Aware Access Control  Context-Aware User-Role Assignment  Context-Aware Role-Permission Assignment Outline

4 © Swinburne University of Technology 4  Access control is one of the fundamental security mechanisms  needed to protect computer resources (and/or services) against unauthorized access according to a security policy  policy – is a rule (who can access what)  verifying whether a subject (user) is allowed to carry out a specific action (operation) on an object (resource)  it is a mechanism to determine whether a request from a user to access resources in a system should be permitted or denied Access Control (I)

5 © Swinburne University of Technology 5  It has three major components  subjects – represent the users in a system performing actions on an object  objects – represent the resources that are being protected by the system  operations – represent all the actions that the subjects can perform on the objects Access Control (II)

6 © Swinburne University of Technology 6  Access Control Models/Technologies - Access Control Matrix or Access Matrix (AM) - Access Control List (ACL) - Role-Based Access Control (RBAC) - Attribute-Based Access Control (ABAC) - Context-Aware Access Control (CAAC) - Extended RBAC Models: TMAC (team), OrBAC (organization), … - ABAC Models: XACML, … - … Access Control (III)

7 © Swinburne University of Technology 7  Traditional forms of Access Control  AM, ACL, RBAC, …  file systems, operating systems, database systems, …  Access Control on the Web  XACML (OASIS standard Web-based AC), XACML for RBAC, …  Domain-specific inputs converted to the XACML Request Context.xml ( PEP )  XACML core policy framework or XACML RBAC implementation using (J2SE, CORBA, etc.), resources are exposed as Web services ( PDP, PIP, PAP )  XACML Response Context.xml is converted to the domain-specific outputs ( PEP ) Access Control (IV)

8 © Swinburne University of Technology 8 What is Access Control? Access Control Matrix and Access Control List Role-Based Access Control  User-Role Assignment  Role-Permission Assignment Attribute-Based Access Control Context-Aware Access Control  Context-Aware User-Role Assignment  Context-Aware Role-Permission Assignment Outline

9 © Swinburne University of Technology 9  Access Control Matrix or Access Matrix (AM)  access control technology has a long history that started in the late 60s  it was first introduced by Lampson in 1971, who introduced a formal, mathematical description of a basic access control model named Access Control Matrix Access Control Matrix (I)

10 © Swinburne University of Technology 10  Access Control Matrix or Access Matrix (AM)  the first basic model of access control is the AM  a formal security model in computer systems  characterizes the rights of the subjects with respect to the objects  describes the relationships between subjects and objects in a system Access Control Matrix (II)

11 © Swinburne University of Technology 11  Access Control Matrix: It has three components  a set of Objects O, a set of Subjects S, and an Access function A  an Object is an entity in the system which has to be protected  a Subject is an entity that has access to the Object  which Subjects can access which Objects is determined by the Access function Access Control Matrix (III)

12 © Swinburne University of Technology 12  Access Control Matrix  the rows of the Access function are labelled with the Subject names and its columns by the Object names.  element A i,j specifies the access which Subject i has to Object j  each element or cell of the matrix consists of a set of strings called access attributes, such as read and write, which are typical access attributes Access Control Matrix (IV)

13 © Swinburne University of Technology 13  AM Implementations  operating systems  database systems Access Control Matrix (V)

14 © Swinburne University of Technology 14  AM Implementations  a rectangular array of cells, with one row per subject and one column per object Access Control Matrix (VI) file1file2 user1 read, writeread, write, execute user2 readexecute user3 writeread Table: A rectangular array

15 © Swinburne University of Technology 15  Access control list (ACL) - each column in an Access Control Matrix (AM) is translated to an Access Control List (ACL) - the ACL contains entries for each subject defining the operations that the subject can execute on the given object Access Control List (I)

16 © Swinburne University of Technology 16  Access control list (ACL) : it specifies - which users or system processes are granted access to objects - what operations are allowed on given objects < Access Control List : Google patents, Access Control List (II)

17 © Swinburne University of Technology 17  ACL Implementations  File System ACL: A file system ACL is  a data structure (table) containing entries that specify individual user or group rights to specific system resources.  resources - programs, files, etc.  entries – access control entries (ACEs). Access Control List (III)

18 © Swinburne University of Technology 18  ACL Implementations  File System ACL - used to administrate file permissions  for example, a file has an ACL that contains (Bob, delete)  this gives Bob permission to delete the file. Access Control List (IV)

19 © Swinburne University of Technology 19  ACL Implementations  File System ACL – access ACL and default ACL (Red Hat Linux)  an access ACL is the access control list for a specific file or directory.  a default ACL can only be associated with a directory; if a file within the directory does not have an access ACL.  default ACL uses the rules of the default ACL for the directory.  ACLs can be configured per user or per group. Access Control List (V)

20 © Swinburne University of Technology 20  ACL Implementations  File System ACL – access ACL and default ACL (Red Hat Linux)  the setfacl utility sets ACLs for files and directories. # setfacl -m rules files  use the -m option to add/modify the ACL of a file/directory  rule formats u: uid : perms, g: gid : perms # setfacl -m u:bob:rw /cos80011/waa Access Control List (VI)

21 © Swinburne University of Technology 21  ACL Implementations  SQL-based systems  relational database systems  networking ACLs Access Control List (VII)

22 © Swinburne University of Technology 22  Advantages  easy to implement, simplicity and flexibility are the keys  effective in closed and relatively unchangeable systems  Disadvantages  do not allow modelling the global policy rules by which permissions can change in any particular system  they do not have adequate functionalities to maintain the users and objects in the large-scale systems, where more than one user need same object AM and ACL (VIII)

23 © Swinburne University of Technology 23 What is Access Control? Access Control Matrix and Access Control List Role-Based Access Control  User-Role Assignment  Role-Permission Assignment Attribute-Based Access Control Context-Aware Access Control  Context-Aware User-Role Assignment  Context-Aware Role-Permission Assignment Outline

24 © Swinburne University of Technology 24  Role-Based Access Control (RBAC) - a well accepted access control model based on the role of the user is Role-based Access Control (RBAC) was introduced to tackle the problems: global policy rules, large-scale systems - first RBAC, Ferraiolo et al (RBAC92) - the RBAC92 model has been subsequently extended by Sandhu et al (RBAC96) Role-Based Access Control (I)

25 © Swinburne University of Technology 25  Role-Based Access Control (RBAC) - in RBAC, it is not important to identify the individual who makes the access request, but to know his position in the structure of an organization - this concept is known as a role in RBAC - the authorizations are not assigned directly to a particular user, but to the user’s role Role-Based Access Control (II)

26 © Swinburne University of Technology 26  Role-Based Access Control (RBAC) - user group and user role – roles are closely related to the concept of user groups in access control - however, a role brings together a set of users on one side and a set of permissions on the other - whereas user groups are typically defined as a set of users only Role-Based Access Control (III)

27 © Swinburne University of Technology 27  Role-Based Access Control (RBAC): three main concepts - RBAC ensures that only an authorized user is given access to a certain resource, and is based on a user’s role in an organization - users, roles, and permissions in a simple/basic RBAC model - users – subjects are typically represented by users, who are assigned to roles and are granted membership into the roles based on their credentials and responsibilities in an organization - roles – roles represent a job function, describing the authority and responsibility conferred on a user assigned to that role, within an organization - permissions – permissions are assigned to roles, permissions contain resources and operations (the operations are allowed on the objects/resources) Role-Based Access Control (IV)

28 © Swinburne University of Technology 28  Role-Based Access Control (RBAC) Model Role-Based Access Control (V) U User R Role P Permi- ssion User Assignment UA Permission Assignment PA Figure: Basic RBAC Model

29 © Swinburne University of Technology 29  Role-Based Access Control (RBAC) Model - U, R and P are the users, roles and permissions respectively - UA is a many-to-many user to role assignment relation - PA is a many-to-many permission to role assignment relation Role-Based Access Control (VI)

30 © Swinburne University of Technology 30  Role-Based Access Control (RBAC): ESP Submissions (Assignments) - user-role and role-permission assignments (policies) Role-Based Access Control (VII) UserRolePermission Student Tutor/Marker Lecturer/Convenor Table: Relationships among users, roles and permissions

31 © Swinburne University of Technology 31  Role-Based Access Control (RBAC): Role Hierarchy - also called role inheritance - for structuring roles to reflect an organization’s lines of authority and responsibility - the senior roles can inherit all permissions from the junior roles - the senior roles can have permissions in addition to those inherited from the junior roles Role-Based Access Control (VIII)

32 © Swinburne University of Technology 32  Role-Based Access Control (RBAC): Role Hierarchy Example - The lecturer role (senior role) can inherits all permissions from the staff role (junior role) - The lecturer role can have own permissions also Role-Based Access Control (IX) University User Staff Lecturer Student UGS Tutor PGS Figure: Role Hierarchy

33 © Swinburne University of Technology 33  Role-Based Access Control (RBAC): Other RBAC Concepts - RBAC Session (users can create and terminate sessions, to activate/deactivate roles) - RBAC Constraints (predicates that can apply to the UA and PA relations) Role-Based Access Control (X)

34 © Swinburne University of Technology 34  Role-Based Access Control (RBAC): Patient Medical Records Management - user-role assignments Role-Based Access Control (XI) UseruserID JaneJane00X MaryMary00X BobBob00X RoleroleID Registered NurseRN00X Primary-care Physician PP00X Emergency Doctor ED00X Specialist Physician SP00X PhysicianP00X User-Role Assignments (UA)

35 © Swinburne University of Technology 35  Role-Based Access Control (RBAC): Patient Medical Records Management - role-permission assignments Role-Based Access Control (XII) Permission Role -Permission Assignments (PA) >

36 © Swinburne University of Technology 36  Role-Based Access Control (RBAC): Patient Medical Records Management - The specialist physician role (senior role) can inherits all permissions from the physician role (junior role) Role-Based Access Control (XIII) Healthcare User Physician Specialist Physician Nurse Figure: An Excerpt of Healthcare Role Hierarchy Primary-care Physician Registered Nurse Nurse Manager Emergency Doctor

37 © Swinburne University of Technology 37  Role-Based Access Control (RBAC): Patient Medical Records Management Role-Based Access Control (XIV) Physician Specialist Physician Primary-care Physician Emergency Doctor UA PA > RoleroleID Registered NurseRN00X Primary-care Physician PP00X Emergency Doctor ED00X Specialist Physician SP00X PhysicianP00X

38 © Swinburne University of Technology 38  Role-Based Access Control (RBAC): main part Role-Based Access Control (XV) Role Resource Operation Organization

39 © Swinburne University of Technology 39  Advantages  simplifies management of permissions  effective/useful model in large-scale systems/domains  Disadvantages  the user-role and role-permission assignments are static without taking into account the dynamic attributes, such as the location of users  this makes a less effective solution in today’s open and dynamic environments Role-Based Access Control (XVI)

40 © Swinburne University of Technology 40 What is Access Control? Access Control Matrix and Access Control List Role-Based Access Control  User-Role Assignment  Role-Permission Assignment Attribute-Based Access Control Context-Aware Access Control  Context-Aware User-Role Assignment  Context-Aware Role-Permission Assignment Outline

41 © Swinburne University of Technology 41  Attribute-Based Access Control (ABAC) - a new access control paradigm where access rights are granted to users through the use of policies which combine attributes together - the policies can use any type of attributes (user attributes, resource attribute, etc.) - it is a rule-based approach to access control, it does not use the concept of a role - the building blocks in the ABAC model are the attributes - an ABAC policy specifies which constraints need to be satisfied based on the attributes (e.g., user age is greater than 20) in order to grant access to an object Attribute-Based Access Control (I)

42 © Swinburne University of Technology 42  Attribute-Based Access Control (ABAC) - the formal definition of basic ABAC is composed of four parts: access control related entities, attributes of entities, policy representation, and policy evaluation - entities – requestor ( Req ), resource ( Res ), action ( Act ), environment ( Env ) - attributes of entities (e.g., attributes of environment (Attr(Env)) – the current date or time) - policy specification – the definition of access control policies - policy evaluation – the process of making an access decision based on the security policy Attribute-Based Access Control (II)

43 © Swinburne University of Technology 43 Attribute-Based Access Control (III)

44 © Swinburne University of Technology 44  eXtensible Access Control Markup Language (XACML) - is the standard that implements attribute-based access control - a standard XML-based protocol for access control policies - suitable for a variety of application environments (e.g., Web-based) - uses the attributes of subject, resource, action, and environment - this framework contains PEP, PDP, PIP, and PAP Attribute-Based Access Control (IV)

45 © Swinburne University of Technology 45  eXtensible Access Control Markup Language (XACML): four main components - Policy Enforcement Point (PEP) - Policy Decision Point (PDP) - Policy Administration Point (PAP) - Policy Information Point (PIP) Attribute-Based Access Control (V)

46 © Swinburne University of Technology 46  XACML Data Authorization Framework Attribute-Based Access Control (VI) Figure: XACML Data Flow Diagram

47 © Swinburne University of Technology 47  XACML Data Authorization Framework: when access request comes from the access requesters (users) - the PEP intercepts the access requests from users and sends the requests to the PDP (through the context handler) - the PDP makes access decisions according to the security policy (policy set) written by the PAP - the PDP uses the attributes of the subjects, the resources, and the environment obtained by querying the PIP (via the context handler) - the access decision given by the PDP is sent to the PEP(through the context handler) - the PEP sends either permitted or denied request to the users according to the decision of PDP Attribute-Based Access Control (VII)

48 © Swinburne University of Technology 48  XACML Implementation  Domain-specific Inputs (from the requesters) converted to  XACML Request Context (.xml)  XACML Policy (.xml)  XACML Response Context (.xml) converted to  Domain-specific Outputs (back to the requesters) Attribute-Based Access Control (VIII)

49 © Swinburne University of Technology 49  Language Model of XACML Attribute-Based Access Control (IX) Figure: XACML Context and Policy

50 © Swinburne University of Technology 50  Advantages  easy to implement/setup  very useful model in small-scale systems/domains  Disadvantages  when the number of users is high, the number of authorizations can become extremely large, which complicates the administration tasks  this brings high complexity of security administration and significant cost of management of growing large-scale systems  it does not provide adequate functionalities for dynamic access permissions Attribute-Based Access Control (X)

51 © Swinburne University of Technology 51 What is Access Control? Access Control Matrix and Access Control List Role-Based Access Control  User-Role Assignment  Role-Permission Assignment Attribute-Based Access Control Context-Aware Access Control  Context-Aware User-Role Assignment  Context-Aware Role-Permission Assignment Outline

52 © Swinburne University of Technology 52  Static Access Permissions  AM  ACL  RBAC  ABAC  XACML Dynamic access permissions (to dynamically make access control decisions) The dynamic user-role and role-permission assignments Access to medical records of patients should be dynamically controlled depending on the location and request time of users. Normally, a nurse that is not located in the hospital should not have access to medical records of patients. Moreover, this access is allowed only during her ward duty time, and knowing the relationship between patient and nurse. Context-Aware Access Control (I)

53 © Swinburne University of Technology 53  RBAC has become the most widely used access control model  The CAAC model adopts RBAC concepts and extends its user-role and role-permission assignments  CAAC incorporates the dynamic attributes (context information) into both user-role and role-permission assignments Context-Aware Access Control (II)

54 © Swinburne University of Technology 54  CAAC Policy Framework Context-Aware Access Control (III)

55 © Swinburne University of Technology 55  Dynamic Context-Aware Environments  Shift from desktop environments to dynamic environments described by Mark Weiser, where users need seamless access to various resources at anytime from anywhere even when they are on the move  Pervasive/Ubiquitous environments  Privacy and security of accessing resources/services is of greater concern  Context information Context-Aware Access Control (IV)

56 © Swinburne University of Technology 56  Context Information and Context Awareness  Dey, Context information is defined as any information that can be used to characterize the situation of an entity and Context awareness is the ability to use context information to provide relevant information and/or services to the user Our focus is “CAAC Model”  Context-aware access control (CAAC), decision making based on the context information, reauthorization of access if context changes Context-Aware Access Control (V)

57 © Swinburne University of Technology 57  Application Scenario Context-Aware Access Control (VI) Figure: User-to-Resource Access Scenario in Context-Aware Environments Users from different locations Users from different devices A Patient in an Emergency Health Condition Users at different times Organization User Resources

58 © Swinburne University of Technology 58  Application Scenario Context-Aware Access Control (VII) Figure: Healthcare Scenario User Resources Healthcare Patients’ Medical Records A patient Bob who is in the emergency room due to a heart attack. While not being Bob's usual treating physician, Jane, a medical practitioner at the hospital, is required to treat Bob and needs to access Bob's electronic health records from the emergency room.

59 © Swinburne University of Technology 59  Application Scenario Context-Aware Access Control (VIII) Figure: Healthcare Scenario User Resources Healthcare Patients’ Medical Records After getting emergency treatment, Bob is shifted and has been assigned a registered nurse Mary, who has regular follow-up visits to monitor his health condition. Mary needs to access several types of Bob's records (daily medical records and private health records) from the general ward.

60 © Swinburne University of Technology 60  Application Scenario Context-Aware Access Control (IX) Figure: Healthcare Scenario User Resources Healthcare Patients’ Medical Records Different users with different roles from different environments for different intentions Privacy and security

61 © Swinburne University of Technology 61  Main Challenges/Requirements  (Req1) - representation of context entities and context information relevant to access control (context model)  (Req2) - inferring high-level context information from the available information (reasoning model)  (Req3) - incorporating dynamic contextual information into access control policies (policy model) Context-Aware Access Control (X)

62 © Swinburne University of Technology 62 Context-Aware Access Control (XI) Figure: CAAC Model

63 © Swinburne University of Technology 63  CAAC Model Concepts (elements)  Users(U) – a user is a human-being (who is a service requester) interacting with a computing system, whose access request is being controlled (e.g., Jane, Mary)  Roles(R) – a role reflect user's job function within the organization (e.g., healthcare domain)  Resources(Res) – a resource is an object protected by access control that represents the data/information container (e.g., patient’s electronic health records)  Operations(Op) - an operation is an action that can be executed on the resources (e.g., read, write)  Permissions(P) - permissions are the approvals to perform certain operations on resources, by the users who initiate access requests Context-Aware Access Control (XII)

64 © Swinburne University of Technology 64  CAAC Model Concepts (elements)  Context Information(CI) – context Information used in an access control decision is defined as any relevant information about the state of an entity or the state of a relevant relationships between entities (e.g., location of the patient, social or interpersonal relationship between doctor and patient)  Policies(Pol) – two sets of policies: the context-aware user-role assignment policies and context-aware role-permission assignment policies Context-Aware Access Control (XIII)

65 © Swinburne University of Technology 65 Context-Aware Access Control (XIV) Figure: CAAC Model

66 © Swinburne University of Technology 66  CAAC Model Concepts (relationships)  Role Hierarchy(RH) – it supports the concept of role inheritance (like RBAC). The role is considered in a hierarchical manner in that if a permission assigned to a junior role, then it is also assigned to all the senior roles of that role  Resource Hierarchy(ResH) – the resource is also considered in a hierarchical manner in that if a user has the right to access a resource with the highest granularity level, then he also has the right to access the lower granularity levels of that resource  Operation Assignment(OpA) – each operation could be associated with many resources, and for each resource could be granted to many operations Context-Aware Access Control (XV)

67 © Swinburne University of Technology 67  CAAC Model Concepts (relationships)  Context-Aware User-Role Assignment(CAURA) – a many-to-many mapping between a set of users and roles, when a set of dynamic contextual conditions are satisfied  Context-Aware Role-Permission Assignment(CARPA) – a many- to-many mapping between a set of roles and permissions, when a set of dynamic contextual conditions are satisfied Context-Aware Access Control (XVI)

68 © Swinburne University of Technology 68 Context-Aware Access Control (XVII) Figure: CAAC Model Context Ontology Policy Ontology

69 © Swinburne University of Technology 69  Advantages  dynamic access permissions (dynamic access control decision making)  dynamic user-role and role-permission assignments  efficient model in today’s dynamic and context-aware environments  Disadvantages  implementation efforts Context-Aware Access Control (XVIII)

70 © Swinburne University of Technology 70  Access Control  AM  ACL  RBAC  ABAC  XACML  CAAC Review

71 © Swinburne University of Technology 71  Semantic Web  Semantic Technology  Ontology Concept  OWL, DL and SWRL  Ontology-Based Framework for Access Control  XACML-Based Framework for Access Control  XACML for RBAC Next

72 © Swinburne University of Technology 72  ABAC, Core XACML – attribute-based  RBAC – role-based  CAAC – ? Questions?

73 © Swinburne University of Technology 73  ABAC, Core XACML – attribute-based  RBAC – role-based  CAAC – role- and attribute-based (dblp : A. S. M. Kayes(dblp : A. S. M. Kayes) Questions?


Download ppt "COS 80011 Web Application Architectures Lecture 10 Access Control."

Similar presentations


Ads by Google