Presentation is loading. Please wait.

Presentation is loading. Please wait.

Approaching Fine-grain Access Control for Distributed Biomedical Databases within Virtual Environments Onur Kalyoncu, Yi Pan, Matthias Assel High Performance.

Published byDebra Charles Modified over 8 years ago

Similar presentations

Presentation on theme: "Approaching Fine-grain Access Control for Distributed Biomedical Databases within Virtual Environments Onur Kalyoncu, Yi Pan, Matthias Assel High Performance."— Presentation transcript:

1 Approaching Fine-grain Access Control for Distributed Biomedical Databases within Virtual Environments Onur Kalyoncu, Yi Pan, Matthias Assel High Performance Computing Center – HLRS University Stuttgart assel@hlrs.de

2 Outline The ViroLab Project Motivation Data Resource Protection Towards Fine-grain Access Control Conclusions CGW 2008 Matthias Assel

3 The ViroLab Project CGW 2008 Matthias Assel Funded by EC within the 6th Framework Programme in the area of integrated biomedical information for better health 11 partners from 8 different European countries 3 years project (2006-2009) Experts from multiple disciplines (Physicians, virologists, epidemiologists, computer scientists) Develop a “Virtual Laboratory” for medical experts that allows clinical studies, medical knowledge discovery, and decision support for HIV drug resistance

4 Motivation What we had… Distributed teams/groups/researcher Distributed resources providing heterogeneous data/information and capabilities local applications and workflows CGW 2008 Matthias Assel

5 What we wanted and basically achieved… Integration of users, data, workflows, applications, resources into one sophisticated, virtual environment Interdisciplinary collaboration and research Dynamic, on-demand and secure accessibility of resources and knowledge CGW 2008 Matthias Assel Motivation

6 ViroLab Virtual Laboratory CGW 2008 Matthias Assel

7 Data Resource Protection - Approach Two-step authentication and authorisation procedure Authentication based on Shibboleth -> Home organisations are responsible for users' identity management Final authorisation decision up to the data resources’ owner Access control handled with the aid of so-called access control policies being stored and evaluated by a dedicated component: Policy Decision Point (PDP) Policies implemented using established policy description language: XACML Attribute-based access control approach: The policies contain a set of rules specifying the required attributes (conditions) to become authorised for certain resources User-friendly graphical interface for dynamically adding, updating or removing policies CGW 2008 Matthias Assel

8 Data Resource Protection - Realisation CGW 2008 Matthias Assel Institution Resource-URL Resource-ID Policy Structure Resource Identification

9 Data Resource Protection - Scenario CGW 2008 Matthias Assel

10 Data Resource Protection - Implementation CGW 2008 Matthias Assel

11 Towards Fine-grain Access Control Enhancement of actual policy descriptions Introduction of hierarchies CGW 2008 Matthias Assel

12 Towards Fine-grain Access Control Mapping access rules onto database views Why views? - supported by most of today’s relational DBMS - can be created and dropped dynamically and on-demand - useful to restrict someone’s access to a set of tables, columns, or rows Two scenarios to implement the generation of views - during policy creation the view is generated under control of administrator does not reduce administrative tasks; the human factor - during policy evaluation the view is dynamically created according to specified rules more flexibility during creation and deletion scalability and performance issues View creation achieved either via the DAS or directly on the local DBMS CGW 2008 Matthias Assel

13 Conclusions Approach to realise fine-grain access control for relational databases does not support XML and object-oriented databases Usage of existing standards and technologies Creation of simple and highly detailed access control policies One standard access control policy language (XACML) Flexibility and dynamicity through VO approach and attribute-based access control Fast and easy generation, change, and upload of policies through nice and user-friendly graphical interface Future work - Implementation and testing of presented approach (XACML 2.0/3.0) - Encrypted policy management - Trust management CGW 2008 Matthias Assel

14 Where to find more information? http://www.virolab.org http://virolab.hlrs.de http://virolab.cyfronet.pl

15 Thank you for your attention. Any questions? CGW 2008 Matthias Assel

Download ppt "Approaching Fine-grain Access Control for Distributed Biomedical Databases within Virtual Environments Onur Kalyoncu, Yi Pan, Matthias Assel High Performance."

Similar presentations

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Database Systems: Design, Implementation, and Management Tenth Edition

Database Systems: Design, Implementation, and Management Tenth Edition
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Dr Gordon Russell, Napier University Unit 5.3 - Data Dictionary 1 Data Dictionary Unit 5.3.

Dr Gordon Russell, Napier University Unit Data Dictionary 1 Data Dictionary Unit 5.3.
Database Management System

Database Management System
James Martin CpE 691, Spring 2010 February 11, 2010.

James Martin CpE 691, Spring 2010 February 11, 2010.
CoreGRID Workpackage 5 Virtual Institute on Grid Information and Monitoring Services Authorizing Grid Resource Access and Consumption Erik Elmroth, Michał.

CoreGRID Workpackage 5 Virtual Institute on Grid Information and Monitoring Services Authorizing Grid Resource Access and Consumption Erik Elmroth, Michał.
Chapter 2 Data Models Database Systems: Design, Implementation, and Management, Seventh Edition, Rob and Coronel.

Chapter 2 Data Models Database Systems: Design, Implementation, and Management, Seventh Edition, Rob and Coronel.
1 7 Concepts of Database Management, 4 th Edition, Pratt & Adamski Chapter 7 DBMS Functions.

1 7 Concepts of Database Management, 4 th Edition, Pratt & Adamski Chapter 7 DBMS Functions.
ALERT FRAMEWORK Sri Harsha Sudhir. INTRODUCTION A framework which continuously monitors data associated with a patient in a hospital and derives an inference.

ALERT FRAMEWORK Sri Harsha Sudhir. INTRODUCTION A framework which continuously monitors data associated with a patient in a hospital and derives an inference.
“A Service-enabled Access Control Model for Distributed Data” Mark Turner, Philip Woodall Pennine Forum - 16 th September 2004.

“A Service-enabled Access Control Model for Distributed Data” Mark Turner, Philip Woodall Pennine Forum - 16 th September 2004.
Distributed Collaborations Using Network Mobile Agents Anand Tripathi, Tanvir Ahmed, Vineet Kakani and Shremattie Jaman Department of computer science.

Distributed Collaborations Using Network Mobile Agents Anand Tripathi, Tanvir Ahmed, Vineet Kakani and Shremattie Jaman Department of computer science.
1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.

1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.
Database Administration Chapter 16. Need for Databases  Data is used by different people, in different departments, for different reasons  Interpretation.

Database Administration Chapter 16. Need for Databases  Data is used by different people, in different departments, for different reasons  Interpretation.
SOA & BPM Business Architecture, SOA & BPM Learn about SOA and Business Process Management (BPM) Learn how to build process diagrams.

SOA & BPM Business Architecture, SOA & BPM Learn about SOA and Business Process Management (BPM) Learn how to build process diagrams.
Regional Policy EXCHANGES OF INFORMATION BETWEEN THE M EMBER S TATE AND THE C OMMISSION (SFC2014) Fifth Meeting of the Expert Group on Delegated and Implementing.

Regional Policy EXCHANGES OF INFORMATION BETWEEN THE M EMBER S TATE AND THE C OMMISSION (SFC2014) Fifth Meeting of the Expert Group on Delegated and Implementing.
1 A Role Based Administration Model For Attribute Xin Jin, Ram Krishnan, Ravi Sandhu SRAS, Sep 19, 2012 World-Leading Research with Real-World Impact!

1 A Role Based Administration Model For Attribute Xin Jin, Ram Krishnan, Ravi Sandhu SRAS, Sep 19, 2012 World-Leading Research with Real-World Impact!
Service System for Management and Sharing of Scientific Data in Medicine Depei Liu, Ph.D. Chinese Academy of Medical Sciences.

Service System for Management and Sharing of Scientific Data in Medicine Depei Liu, Ph.D. Chinese Academy of Medical Sciences.
WP6: Grid Authorization Service Review meeting in Berlin, March 8 th 2004 Marcin Adamski Michał Chmielewski Sergiusz Fonrobert Jarek Nabrzyski Tomasz Nowocień.

WP6: Grid Authorization Service Review meeting in Berlin, March 8 th 2004 Marcin Adamski Michał Chmielewski Sergiusz Fonrobert Jarek Nabrzyski Tomasz Nowocień.
2 1 Chapter 2 Data Model Database Systems: Design, Implementation, and Management, Sixth Edition, Rob and Coronel.

2 1 Chapter 2 Data Model Database Systems: Design, Implementation, and Management, Sixth Edition, Rob and Coronel.

Similar presentations

Ads by Google