Presentation is loading. Please wait.

Presentation is loading. Please wait.

● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0.

Published byIris Farmer Modified over 8 years ago

Similar presentations

Presentation on theme: "● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0."— Presentation transcript:

1

2 ● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0 ● Scope ● Progress ● Work Done

3  Access Right Delegation For Secure Group Information System  In a large enterprise, security policy has many elements and many points of enforcements. Elements of policy may be managed by different departments within that enterprise. In Group centric Secure Information Systems, common language for expressing security policy makes it easier to share resources among different departments or different enterprises.

4 In a Group-centric Secure Information System (g-SIS) multiple groups need to collaborate and share each other’s sensitive resources. These groups may use different Access Control Models. Communication between different groups is not possible in g-SIS due to heterogeneous access control environment.

5 To make communication possible between groups having different ACMs we have to introduce an intermediate layer which will be provided by our System. So that various groups can delegate rights independent of their individual ACM’s.

6  XACML v3.0 Administration and Delegation Profile Version 1.0  Adding Support to XACML for Dynamic Delegation of Authority in Multiple Domains David W Chadwick, Sassa Otenko, and Tuan Anh Nguyen (Sep. 2011)  eXtensible Access Control Markup Language (XACML) Version 3.0 (January 2013)  User-to-User Delegation in a Federated Identity Environment Hong Qian Karen Lu SERVICE COMPUTATION 2011 : The Third International Conferences on Advanced Service Computing

7  This profile distinguishes XACML 2.0 from XACML 3.0 and discusses the enhancements which have been incorporated in the newer version. Furthermore it discusses in detail the dynamic delegation module, working of context handler and the formation of reduction graph and decisions taken on the basis of those reductions.  Techniques for policy validation and back tracking are also discussed.

8  This paper discusses a way to add dynamic delegation to an authorization infrastructure containing XACML 2.0 PDP, without changing XACML 2.0 or its policy, this paper is concerned with dynamic delegation of authority from one user to another by the use of credentials. One important feature of a credential is that it requires validation before the user can be attributed with the asserted property.  Problems in adding dynamic delegation to an authorization infrastructure  Solution is to place Credential Validation Service on PDP

9  Functional Requirements  “Generate” delegation policy as per XACML format for requested Resource  “Revoke” delegated rights to users/groups/roles by deleting previously stored delegation policies  “Generate” reports which can show the activities of Delegators and Delegatees within system

10  Non Functional Requirements  Performance Requirements:  Response time: Our framework will be able to withstand the stress and load balancing tests to confirm the number of requests that the PEP can process at any particular time.  Decision accuracy: The accuracy of PDP must be ensured by testing it in different scenarios (data sets) against number of test cases.  Security Requirements:  If PDP is unable to find the applicable policy then it will be reliable enough to respond appropriately to the PEP server so that it may enforce the right decision.  All the policies generated through PAP will preferably implement “Deny override algorithm” to avoid any unauthorized access.

11  The quality assurance of the system will be assured via unit testing of individual components (PDP, PAP and PEP) and system testing of complete system.  The system will be available as an open source software on official web site of KTH-Applied Information Security lab.  This system will be the intellectual property of Higher Education Commission Pakistan and National University of Sciences and Technology after is it deployed on web for public use.  Well known MySQL or Oracle databases can be used for policy storage.

12  Literature review and initial report submission  Analysis and selection of development platform (Java EE vs. Spring)  Analysis and selection of database (My SQL or Oracle)  Complete Documentation  Software Requirement Specification  Software Design Specification  Comprehensive Final Year Product booklet

13  Development  Responsive Interface Designing Phase  Basic infrastructure development phase  OR mapping phase  Intra Group Access rights delegation module development  Revocation of Access rights module development  Report generation module development  Inter Group Access rights delegation module development (same ACM)  Inter Group Access rights delegation module development (Different ACM)

14  Comprehensive Testing  Designing and Development of Test case scenarios  Unit testing of individual components (PEP, PDP, PAP)  Unit testing of ‘Delegation’, ‘Revocation’ and ‘Report Generation’ module  Complete System testing

15

16  An innovative and efficient system which will be user friendly with desktop integration.  It will use dynamic delegation to ensure inter/intra group Access Right Delegation. Our system will generate policy and store an XML file on a central PR and corresponding entries in database will be updated.

17  A well documented system, making future developments easier  A system which will provide ease of access rights delegation for users

Download ppt "● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0."

Similar presentations

Building Portals to access Grid Middleware National Technical University of Athens Konstantinos Dolkas, On behalf of Andreas Menychtas.

Building Portals to access Grid Middleware National Technical University of Athens Konstantinos Dolkas, On behalf of Andreas Menychtas.
GT 4 Security Goals & Plans Sam Meder

GT 4 Security Goals & Plans Sam Meder
News in XACML 3.0 and application to the cloud Erik Rissanen, Axiomatics

News in XACML 3.0 and application to the cloud Erik Rissanen, Axiomatics
DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.

DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.
James Martin CpE 691, Spring 2010 February 11, 2010.

James Martin CpE 691, Spring 2010 February 11, 2010.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Authz work in GGF David Chadwick

Authz work in GGF David Chadwick
TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-

TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-
XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.

XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.
Building Enterprise Applications Using Visual Studio ®.NET Enterprise Architect.

Building Enterprise Applications Using Visual Studio ®.NET Enterprise Architect.
Technical Architectures

Technical Architectures
15 Chapter 15 Web Database Development Database Systems: Design, Implementation, and Management, Fifth Edition, Rob and Coronel.

15 Chapter 15 Web Database Development Database Systems: Design, Implementation, and Management, Fifth Edition, Rob and Coronel.
Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.

Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.
Copyright B. Wilkinson, 2008. This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.

Copyright B. Wilkinson, This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Dynasis Secure Group Information Sharing System ADVISOR: DR. AWAIS SHIBLI CO-ADVISOR: DR. ABDUL GHAFOOR GROUP MEMBERS: MANSOOR AHMED SAIF ULLAH YASIR.

Dynasis Secure Group Information Sharing System ADVISOR: DR. AWAIS SHIBLI CO-ADVISOR: DR. ABDUL GHAFOOR GROUP MEMBERS: MANSOOR AHMED SAIF ULLAH YASIR.
XACML By Ganesh Godavari Craig Peltier. Information Sharing Information Sharing relates to the sharing of information between two or more entities. Entities.

XACML By Ganesh Godavari Craig Peltier. Information Sharing Information Sharing relates to the sharing of information between two or more entities. Entities.
Understanding Active Directory

Understanding Active Directory
Chapter 2 Database System Concepts and Architecture

Chapter 2 Database System Concepts and Architecture

Similar presentations

Ads by Google