Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Provenance-based Access Control Model (PBAC) July 18, 2012 PST’12, Paris, France Jaehong Park, Dang Nguyen and Ravi Sandhu Institute for Cyber Security.

Published byZain Riches Modified over 9 years ago

Similar presentations

Presentation on theme: "A Provenance-based Access Control Model (PBAC) July 18, 2012 PST’12, Paris, France Jaehong Park, Dang Nguyen and Ravi Sandhu Institute for Cyber Security."— Presentation transcript:

1 A Provenance-based Access Control Model (PBAC) July 18, 2012 PST’12, Paris, France Jaehong Park, Dang Nguyen and Ravi Sandhu Institute for Cyber Security University of Texas at San Antonio 1 Institute for Cyber Security World-leading research with real-world impact!

2 Provenance Data Information of operations/transactions performed against data objects and versions – Actions that were performed against data – Agents who performed actions on data – Data used for actions – Data generated from actions World-leading research with real-world impact! 2

3 Provenance-aware Systems Capturing/expressing provenance data Storing provenance data Querying provenance data Using provenance data Securing provenance data World-leading research with real-world impact! 3 Access Control

4 Access control in Provenance-aware Systems Provenance Access Control (PAC) – Controlling access to provenance data which could be more sensitive than the underlying data – Needs access control models/mechanisms (e.g, RBAC) – (Meaningful) control granularity? Right level of abstraction? Provenance-based Access Control (PBAC) – Using provenance data to control access to the underlying data – Provenance-based policy specification 4 Meaningful granularity of provenance data? World-leading research with real-world impact!

5 PBAC Access Controls in Provenance-aware Systems World-leading research with real-world impact! 5 PAC Prov-based PAC Prov-based PAC Role-based PAC Base PBAC Common Foundations: Base Provenance Data, DName (named abstraction) and matching DPath (Dependency Path Pattern) Common Foundations: Base Provenance Data, DName (named abstraction) and matching DPath (Dependency Path Pattern) Extended PBAC ………. Sanitization/Filtering/Redaction/…. Access control Prov Data Trust

6 PAC & PBAC in Applications Common Foundation – Base provenance data – Dependency list Dependency Name: meaningful, named abstraction matching regular expression-based causality dependency path pattern PAC and PBAC are complementary – In PAC, control decision can be based on provenance data (PB-PAC) – In PBAC, PAC can be used for added trustworthiness on provenance data 6 World-leading research with real-world impact!

7 Provenance Data Directed Acyclic Graph (DAG) Causality dependencies between entities (acting users, action processes and data objects) Dependency graph can be traced for extracting Origin, usage, versioning information, etc. PBAC can support origin/usage-based control, Dynamic Separation of Duty (DSOD), workflow control, etc. 7 World-leading research with real-world impact!

8 From Open Provenance Model (OPM) 3 Nodes – Artifact (ellipse) – Process (Rectangle) – Agent (Hexagon) 5 Causality dependency edges (not dataflow) 8 Provenance data: a set of 2 entities & 1 dependency E.g., (ag,p1,a1,a2):,, World-leading research with real-world impact!

9 Direct vs. Indirect Dependencies Direct dependencies – Used (u), wasGeneratedBy (g), wasControlledBy (c) – Captured from transactions as base provenance data Indirect dependencies – System-computable dependencies using pre-defined dependency names and matching dependency path patterns – User-declared dependencies using pre-defined dependency names 9 World-leading research with real-world impact!

10 Object Dependency List (DL O ) A set of pairs of – abstracted dependency names (DNAME) and – regular expression-based object dependency path patterns (DPATH) Examples – 10 World-leading research with real-world impact!

11 PBAC vs. PAC 11 World-leading research with real-world impact!

12 PBAC Model Components 12 World-leading research with real-world impact!

13 A Family of PBAC Models 13 World-leading research with real-world impact!

14 PBAC B : A Base Model System-captured Base Provenance Data only – Using only 3 direct dependencies (u, g, c) – No user-declared provenance data Object dependency only Policy is readily available – No policy retrieval required World-leading research with real-world impact! 14

15 Example: A Homework Grading System 1.Anyone can upload a homework. 2.A user can replace a homework if she uploaded it (origin-based control) and the homework is not submitted yet. 3.A user can submit a homework if she uploaded it and the homework is not submitted already. (workflow control) 4.A user can review a homework if she is not the author of the homework (DSOD), the user did not review the homework earlier, and the homework is submitted already but not graded yet. 5.A user can grade a homework if the homework is reviewed but not graded yet. 15 World-leading research with real-world impact!

16 Sample Transactions & Base Provenance Data (au1, upload1, o 1v1 ):, (au1, replace1, o 1v1, o 1v2 ):,, (au1, submit1, o 1v2, o 1v3 ):,, (au2, review1, o 1v3, o 2v1 ):,, (au3, grade1, o 1v3, o 3v1 ):,, 16 World-leading research with real-world impact!

17 A Sample Base Provenance Data 17

18 A Sample Base Provenance Data 18 wasReplacedVof DL O : wasReplacedVof DL O : wasSubmittedVof wasReviewedOof wasReviewedOby wasGradedOof

19 A Sample Base Provenance Data 19 wasAuthtoredBy DL O : wasAuthtoredBy DL O :

20 A Sample Base Provenance Data 20 wasReviewedBy DL O : wasReviewedBy DL O :

21 Sample Object Dependency List (DL O ) 1. 2. 3. 4. 5. 6. 7. 21 World-leading research with real-world impact!

22 Sample Policies 1.allow(au, upload, o) ⇒ true 2.allow(au, replace, o) ⇒ au ∈ (o, wasAuthoredBy) ∧ |(o,wasSubmittedVof)| = 0. 3.allow(au, submit, o) ⇒ au ∈ (o, wasAuthoredBy) ∧ |(o,wasSubmittedVof)|=0. 22 1.Anyone can upload a homework. 2.A user can replace a homework if she uploaded it (origin- based control) and the homework is not submitted yet. 3.A user can submit a homework if she uploaded it and the homework is not submitted already. (workflow control) World-leading research with real-world impact!

23 Sample Policies (cont.) 4.allow(au, review, o) ⇒ au ∉ (o, wasAuthoredBy) ∧ au ∉ (o, wasReviewedBy) ∧ |(o, wasSubmittedV of)| ≠ 0 ∧ |(o,wasGradedOof −1 )| = 0. 5.allow(au, grade, o) ⇒ |(o, wasReviewedOof)| ≠ 0 ∧ |(o,wasGradedOof −1 )| = 0). 23 4.A user can review a homework if she is not the author of the homework (DSOD), the user did not review the homework earlier, and the homework is submitted already but not graded yet. 5.A user can grade a homework if the homework is reviewed but not graded yet. World-leading research with real-world impact!

24 Access Evaluation Procedure Rule collecting phase User authorization (UAuth) phase Action validation (AVal) phase conjunctive decision of UAuth and AVal World-leading research with real-world impact! 24

25 Access Evaluation Example Policy: user can submit a homework if she uploaded it (origin-based control) and the homework is not submitted already. (workflow control) 25 World-leading research with real-world impact! (au1, submit2, o 1v3 ) au1

26 Rule Collecting Phase Request: (au1, submit2, o 1v3 ) Action type: submit Policy for submit – allow(au, submit, o) ⇒ au ∈ (o, wasAuthoredBy) ∧ |(o,wasSubmittedVof)| = 0. User authorization rule – au ∈ (o, wasAuthoredBy) Action Validation rule – |(o,wasSubmittedVof)| = 0 World-leading research with real-world impact! 26

27 User Authorization Phase User Authorization Rule: au ∈ (o, wasAuthoredBy) Dependency List (DL) –, – au1 ∈ (o1v3, [g submit.u input ]?.[g replace.u input ]*.g upload.c ) = {au1} World-leading research with real-world impact! 27 World-leading research with real-world impact! (au1, submit2, o 1v3 ) au1

28 Action Validation Phase Action Validation Rule: |(o,wasSubmittedVof)| = 0 Dependency List (DL): |(o1v3, g submit.u input )| ≠ 0 World-leading research with real-world impact! 28 World-leading research with real-world impact! (au1, submit2, o 1v3 ) au1

29 Summary Proposed a foundation for PBAC and PAC – the notion of named abstractions of causality dependency path patterns – Regular expression-based dependency path pattern Identified a Family of PBAC models Developed a Base model for PBAC – Supports Simple and effective policy specification and access control management – Supports DSOD, workflow control, origin-based control, usage-based control, object versioning, etc. 29 World-leading research with real-world impact!

30 What’s next? Enhancing/extending PBAC model Provenance Access Control Models Provenance data sharing in multiple systems 30 World-leading research with real-world impact!

31 Thank you! Questions and Comments? 31 World-leading research with real-world impact!

Download ppt "A Provenance-based Access Control Model (PBAC) July 18, 2012 PST’12, Paris, France Jaehong Park, Dang Nguyen and Ravi Sandhu Institute for Cyber Security."

Similar presentations

Privacy-Enhancing Models and Mechanisms for Securing Provenance and its Use October 2010 Lead PI: Ravi Sandhu (UT San Antonio) PIs: Elisa Bertino (Purdue),

Privacy-Enhancing Models and Mechanisms for Securing Provenance and its Use October 2010 Lead PI: Ravi Sandhu (UT San Antonio) PIs: Elisa Bertino (Purdue),
A New Modeling Paradigm for Dynamic Authorization in Multi-Domain Systems MMM-ACNS, September 13, 2007 Manoj Sastry, Ram Krishnan, Ravi Sandhu Intel Corporation,

A New Modeling Paradigm for Dynamic Authorization in Multi-Domain Systems MMM-ACNS, September 13, 2007 Manoj Sastry, Ram Krishnan, Ravi Sandhu Intel Corporation,
Institute for Cyber Security

Institute for Cyber Security
Towards A Framework for Cyber Social Status Based Trusted Open Collaboration Oct. 9, 2010 Jaehong Park, Yuan Cheng, Ravi Sandhu Institute for Cyber Security.

Towards A Framework for Cyber Social Status Based Trusted Open Collaboration Oct. 9, 2010 Jaehong Park, Yuan Cheng, Ravi Sandhu Institute for Cyber Security.
Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.

Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.
Institute for Cyber Security

Institute for Cyber Security
Q UERY L ANGUAGE C ONSTRUCTS FOR P ROVENANCE Murali Mani, Mohamad Alawa, Arunlal Kalyanasundaram University of Michigan, Flint Presented at IDEAS 2011.

Q UERY L ANGUAGE C ONSTRUCTS FOR P ROVENANCE Murali Mani, Mohamad Alawa, Arunlal Kalyanasundaram University of Michigan, Flint Presented at IDEAS 2011.
Open Provenance Model Tutorial Session 2: OPM Overview and Semantics Luc Moreau University of Southampton.

Open Provenance Model Tutorial Session 2: OPM Overview and Semantics Luc Moreau University of Southampton.
PROVENANCE FOR THE CLOUD (USENIX CONFERENCE ON FILE AND STORAGE TECHNOLOGIES(FAST `10)) Kiran-Kumar Muniswamy-Reddy, Peter Macko, and Margo Seltzer Harvard.

PROVENANCE FOR THE CLOUD (USENIX CONFERENCE ON FILE AND STORAGE TECHNOLOGIES(FAST `10)) Kiran-Kumar Muniswamy-Reddy, Peter Macko, and Margo Seltzer Harvard.
A Provenance-based Access Control Model for Dynamic Separation of Duties July 10, 2013 PST 2013 Dang Nguyen, Jaehong Park, and Ravi Sandhu Institute for.

A Provenance-based Access Control Model for Dynamic Separation of Duties July 10, 2013 PST 2013 Dang Nguyen, Jaehong Park, and Ravi Sandhu Institute for.
Adopting Provenance-based Access Control in OpenStack Cloud IaaS October, 2014 NSS Presentation Institute for Cyber Security University of Texas at San.

Adopting Provenance-based Access Control in OpenStack Cloud IaaS October, 2014 NSS Presentation Institute for Cyber Security University of Texas at San.
11 World-Leading Research with Real-World Impact! Integrated Provenance Data for Access Control in Group-centric Collaboration Dang Nguyen, Jaehong Park.

11 World-Leading Research with Real-World Impact! Integrated Provenance Data for Access Control in Group-centric Collaboration Dang Nguyen, Jaehong Park.
Provenance-based Access Control Models July 31, 2014 Dissertation Defense Dang Nguyen Institute for Cyber Security University of Texas at San Antonio 1.

Provenance-based Access Control Models July 31, 2014 Dissertation Defense Dang Nguyen Institute for Cyber Security University of Texas at San Antonio 1.
Using Provenance to Support Real-Time Collaborative Design of Workflows Workflow evolution provenance and OPM Tommy Ellkvist and Juliana Freire.

Using Provenance to Support Real-Time Collaborative Design of Workflows Workflow evolution provenance and OPM Tommy Ellkvist and Juliana Freire.
1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.

1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.
1 Security and Trust Convergence: Attributes, Relations and Provenance Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown.

1 Security and Trust Convergence: Attributes, Relations and Provenance Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown.
An Approach to Evaluate Data Trustworthiness Based on Data Provenance Department of Computer Science Purdue University.

An Approach to Evaluate Data Trustworthiness Based on Data Provenance Department of Computer Science Purdue University.
Attribute-Based Access Control Models and Beyond

Attribute-Based Access Control Models and Beyond
Chapter 6 Database Design

Chapter 6 Database Design
11 World-Leading Research with Real-World Impact! RT-Based Administrative Models for Community Cyber Security Information Sharing Ravi Sandhu, Khalid Zaman.

11 World-Leading Research with Real-World Impact! RT-Based Administrative Models for Community Cyber Security Information Sharing Ravi Sandhu, Khalid Zaman.

Similar presentations

Ads by Google