COS 80011 Web Application Architectures Lecture 10 Access Control

Outline What is Access Control? 4/6/2017 Outline What is Access Control? Access Control Matrix and Access Control List Role-Based Access Control User-Role Assignment Role-Permission Assignment Attribute-Based Access Control Context-Aware Access Control Context-Aware User-Role Assignment Context-Aware Role-Permission Assignment Swinburne University of Technology Swinburne University of Technology 2

Outline What is Access Control? 4/6/2017 Outline What is Access Control? Access Control Matrix and Access Control List Role-Based Access Control User-Role Assignment Role-Permission Assignment Attribute-Based Access Control Context-Aware Access Control Context-Aware User-Role Assignment Context-Aware Role-Permission Assignment Swinburne University of Technology Swinburne University of Technology 3

4/6/2017 Access Control (I) Access control is one of the fundamental security mechanisms needed to protect computer resources (and/or services) against unauthorized access according to a security policy policy – is a rule (who can access what) verifying whether a subject (user) is allowed to carry out a specific action (operation) on an object (resource) it is a mechanism to determine whether a request from a user to access resources in a system should be permitted or denied Swinburne University of Technology Swinburne University of Technology 4

Access Control (II) It has three major components 4/6/2017 Access Control (II) It has three major components subjects – represent the users in a system performing actions on an object objects – represent the resources that are being protected by the system operations – represent all the actions that the subjects can perform on the objects Swinburne University of Technology Swinburne University of Technology 5

Access Control (III) Access Control Models/Technologies 4/6/2017 Access Control (III) Access Control Models/Technologies Access Control Matrix or Access Matrix (AM) Access Control List (ACL) Role-Based Access Control (RBAC) Attribute-Based Access Control (ABAC) Context-Aware Access Control (CAAC) Extended RBAC Models: TMAC (team), OrBAC (organization), … ABAC Models: XACML, … … Swinburne University of Technology Swinburne University of Technology 6

Access Control (IV) Traditional forms of Access Control 4/6/2017 Access Control (IV) Traditional forms of Access Control AM, ACL, RBAC, … file systems, operating systems, database systems, … Access Control on the Web XACML (OASIS standard Web-based AC), XACML for RBAC, … Domain-specific inputs converted to the XACML Request Context.xml (PEP) XACML core policy framework or XACML RBAC implementation using (J2SE, CORBA, etc.), resources are exposed as Web services (PDP, PIP, PAP) XACML Response Context.xml is converted to the domain-specific outputs (PEP) Swinburne University of Technology Swinburne University of Technology 7

Outline What is Access Control? 4/6/2017 Outline What is Access Control? Access Control Matrix and Access Control List Role-Based Access Control User-Role Assignment Role-Permission Assignment Attribute-Based Access Control Context-Aware Access Control Context-Aware User-Role Assignment Context-Aware Role-Permission Assignment Swinburne University of Technology Swinburne University of Technology 8

Access Control Matrix (I) 4/6/2017 Access Control Matrix (I) Access Control Matrix or Access Matrix (AM) access control technology has a long history that started in the late 60s it was first introduced by Lampson in 1971, who introduced a formal, mathematical description of a basic access control model named Access Control Matrix <Lampson, Butler W. (1971), Protection, Proceedings of the 5th Princeton Conference on Information Sciences and Systems> Swinburne University of Technology Swinburne University of Technology 9

Access Control Matrix (II) 4/6/2017 Access Control Matrix (II) Access Control Matrix or Access Matrix (AM) the first basic model of access control is the AM a formal security model in computer systems characterizes the rights of the subjects with respect to the objects describes the relationships between subjects and objects in a system <Lampson, Butler W. (1971), Protection, Proceedings of the 5th Princeton Conference on Information Sciences and Systems> Swinburne University of Technology Swinburne University of Technology 10

Access Control Matrix (III) 4/6/2017 Access Control Matrix (III) Access Control Matrix: It has three components a set of Objects O, a set of Subjects S, and an Access function A an Object is an entity in the system which has to be protected a Subject is an entity that has access to the Object which Subjects can access which Objects is determined by the Access function Swinburne University of Technology Swinburne University of Technology 11

Access Control Matrix (IV) 4/6/2017 Access Control Matrix (IV) Access Control Matrix the rows of the Access function are labelled with the Subject names and its columns by the Object names. element Ai,j specifies the access which Subject i has to Object j each element or cell of the matrix consists of a set of strings called access attributes, such as read and write, which are typical access attributes Swinburne University of Technology Swinburne University of Technology 12

Access Control Matrix (V) 4/6/2017 Access Control Matrix (V) AM Implementations operating systems database systems Swinburne University of Technology Swinburne University of Technology 13

Access Control Matrix (VI) 4/6/2017 Access Control Matrix (VI) AM Implementations a rectangular array of cells, with one row per subject and one column per object Table: A rectangular array file1 file2 user1 read, write read, write, execute user2 read execute user3 write Swinburne University of Technology Swinburne University of Technology 14

Access Control List (I) 4/6/2017 Access Control List (I) Access control list (ACL) each column in an Access Control Matrix (AM) is translated to an Access Control List (ACL) the ACL contains entries for each subject defining the operations that the subject can execute on the given object Swinburne University of Technology Swinburne University of Technology 15

Access Control List (II) 4/6/2017 Access Control List (II) Access control list (ACL): it specifies which users or system processes are granted access to objects what operations are allowed on given objects <Access Control List: Google patents, http://www.google.com/patents/US20130145028> Swinburne University of Technology Swinburne University of Technology 16

Access Control List (III) 4/6/2017 Access Control List (III) ACL Implementations File System ACL: A file system ACL is a data structure (table) containing entries that specify individual user or group rights to specific system resources. resources - programs, files, etc. entries – access control entries (ACEs). Swinburne University of Technology Swinburne University of Technology 17

Access Control List (IV) 4/6/2017 Access Control List (IV) ACL Implementations File System ACL - used to administrate file permissions for example, a file has an ACL that contains (Bob, delete) this gives Bob permission to delete the file. <MS Windows, Unix/Linux Operating Systems> Swinburne University of Technology Swinburne University of Technology 18

Access Control List (V) 4/6/2017 Access Control List (V) ACL Implementations File System ACL – access ACL and default ACL (Red Hat Linux) an access ACL is the access control list for a specific file or directory. a default ACL can only be associated with a directory; if a file within the directory does not have an access ACL. default ACL uses the rules of the default ACL for the directory. ACLs can be configured per user or per group. <https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/ch-acls.html> Swinburne University of Technology Swinburne University of Technology 19

Access Control List (VI) 4/6/2017 Access Control List (VI) ACL Implementations File System ACL – access ACL and default ACL (Red Hat Linux) the setfacl utility sets ACLs for files and directories. # setfacl -m rules files use the -m option to add/modify the ACL of a file/directory rule formats u:uid:perms, g:gid:perms # setfacl -m u:bob:rw /cos80011/waa <https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/ch-acls.html> Swinburne University of Technology Swinburne University of Technology 20

Access Control List (VII) 4/6/2017 Access Control List (VII) ACL Implementations SQL-based systems relational database systems networking ACLs Swinburne University of Technology Swinburne University of Technology 21

AM and ACL (VIII) Advantages Disadvantages 4/6/2017 AM and ACL (VIII) Advantages easy to implement, simplicity and flexibility are the keys effective in closed and relatively unchangeable systems Disadvantages do not allow modelling the global policy rules by which permissions can change in any particular system they do not have adequate functionalities to maintain the users and objects in the large-scale systems, where more than one user need same object Swinburne University of Technology Swinburne University of Technology 22

Outline What is Access Control? 4/6/2017 Outline What is Access Control? Access Control Matrix and Access Control List Role-Based Access Control User-Role Assignment Role-Permission Assignment Attribute-Based Access Control Context-Aware Access Control Context-Aware User-Role Assignment Context-Aware Role-Permission Assignment Swinburne University of Technology Swinburne University of Technology 23

Role-Based Access Control (I) 4/6/2017 Role-Based Access Control (I) Role-Based Access Control (RBAC) a well accepted access control model based on the role of the user is Role-based Access Control (RBAC) was introduced to tackle the problems: global policy rules, large-scale systems first RBAC, Ferraiolo et al (RBAC92) the RBAC92 model has been subsequently extended by Sandhu et al (RBAC96) <Sandhu et al (RBAC96): http://dl.acm.org/citation.cfm?id=226710> <Ferraiolo et al (RBAC92): http://csrc.nist.gov/rbac/ferraiolo-kuhn-92.pdf> Swinburne University of Technology Swinburne University of Technology 24

Role-Based Access Control (II) 4/6/2017 Role-Based Access Control (II) Role-Based Access Control (RBAC) in RBAC, it is not important to identify the individual who makes the access request, but to know his position in the structure of an organization this concept is known as a role in RBAC the authorizations are not assigned directly to a particular user, but to the user’s role Swinburne University of Technology Swinburne University of Technology 25

Role-Based Access Control (III) 4/6/2017 Role-Based Access Control (III) Role-Based Access Control (RBAC) user group and user role – roles are closely related to the concept of user groups in access control however, a role brings together a set of users on one side and a set of permissions on the other whereas user groups are typically defined as a set of users only Swinburne University of Technology Swinburne University of Technology 26

Role-Based Access Control (IV) 4/6/2017 Role-Based Access Control (IV) Role-Based Access Control (RBAC): three main concepts RBAC ensures that only an authorized user is given access to a certain resource, and is based on a user’s role in an organization users, roles, and permissions in a simple/basic RBAC model users – subjects are typically represented by users, who are assigned to roles and are granted membership into the roles based on their credentials and responsibilities in an organization roles – roles represent a job function, describing the authority and responsibility conferred on a user assigned to that role, within an organization permissions – permissions are assigned to roles, permissions contain resources and operations (the operations are allowed on the objects/resources) Swinburne University of Technology Swinburne University of Technology 27

Role-Based Access Control (V) 4/6/2017 Role-Based Access Control (V) Role-Based Access Control (RBAC) Model User Assignment UA Permission Assignment PA P Permi-ssion U User R Role Figure: Basic RBAC Model Swinburne University of Technology Swinburne University of Technology 28

Role-Based Access Control (VI) 4/6/2017 Role-Based Access Control (VI) Role-Based Access Control (RBAC) Model U, R and P are the users, roles and permissions respectively UA is a many-to-many user to role assignment relation PA is a many-to-many permission to role assignment relation U𝑨 ⊆𝑼×𝑹 P𝑨 ⊆𝑷×𝑹 Swinburne University of Technology Swinburne University of Technology 29

Role-Based Access Control (VII) 4/6/2017 Role-Based Access Control (VII) Role-Based Access Control (RBAC): ESP Submissions (Assignments) user-role and role-permission assignments (policies) Table: Relationships among users, roles and permissions User Role Permission <s7021046, ******> Student <Assignment2, submit> <akayes, ******> Tutor/Marker <Assignment2, marking> <acolman, ******> Lecturer/Convenor <Assignment2, marks release> Swinburne University of Technology Swinburne University of Technology 30

Role-Based Access Control (VIII) 4/6/2017 Role-Based Access Control (VIII) Role-Based Access Control (RBAC): Role Hierarchy also called role inheritance for structuring roles to reflect an organization’s lines of authority and responsibility the senior roles can inherit all permissions from the junior roles the senior roles can have permissions in addition to those inherited from the junior roles Swinburne University of Technology Swinburne University of Technology 31

Role-Based Access Control (IX) 4/6/2017 Role-Based Access Control (IX) Role-Based Access Control (RBAC): Role Hierarchy Example The lecturer role (senior role) can inherits all permissions from the staff role (junior role) The lecturer role can have own permissions also University User Student Staff UGS PGS Tutor Lecturer Figure: Role Hierarchy Swinburne University of Technology Swinburne University of Technology 32

Role-Based Access Control (X) 4/6/2017 Role-Based Access Control (X) Role-Based Access Control (RBAC): Other RBAC Concepts RBAC Session (users can create and terminate sessions, to activate/deactivate roles) RBAC Constraints (predicates that can apply to the UA and PA relations) <Sandhu et al (RBAC96): http://dl.acm.org/citation.cfm?id=226710> Swinburne University of Technology Swinburne University of Technology 33

Role-Based Access Control (XI) 4/6/2017 Role-Based Access Control (XI) Role-Based Access Control (RBAC): Patient Medical Records Management user-role assignments User userID Jane Jane00X Mary Mary00X Bob Bob00X Role roleID Registered Nurse RN00X Primary-care Physician PP00X Emergency Doctor ED00X Specialist Physician SP00X Physician P00X User-Role Assignments (UA) <Jane00X, PP00X> <Jane00X, ED00X> <Mary00X, PP00X> <Bob00X, RN00X> <Jane00X, SP00X> Swinburne University of Technology Swinburne University of Technology 34

Role-Based Access Control (XII) 4/6/2017 Role-Based Access Control (XII) Role-Based Access Control (RBAC): Patient Medical Records Management role-permission assignments Role -Permission Assignments (PA) <ED00X, <EHR, write>> <RN00X, <DMR, read>> <P00X, <DMR, write>> <P00X, <PMH, write>> <SP00X, <EHR, read>> Permission <resource, operation> <Electronic Health Records (EHR), write> <daily medical records (DMR), read> <Past Medical History (PMH), write> Swinburne University of Technology Swinburne University of Technology 35

Role-Based Access Control (XIII) 4/6/2017 Role-Based Access Control (XIII) Role-Based Access Control (RBAC): Patient Medical Records Management The specialist physician role (senior role) can inherits all permissions from the physician role (junior role) Healthcare User Nurse Physician Specialist Physician Registered Nurse Nurse Manager Emergency Doctor Primary-care Physician Figure: An Excerpt of Healthcare Role Hierarchy Swinburne University of Technology Swinburne University of Technology 36

Role-Based Access Control (XIV) 4/6/2017 Role-Based Access Control (XIV) Role-Based Access Control (RBAC): Patient Medical Records Management UA <Jane00X, PP00X> <Jane00X, ED00X> <Mary00X, PP00X> <Bob00X, RN00X> <Jane00X, SP00X> PA <ED00X, <EHR, write>> <RN00X, <DMR, read>> <P00X, <DMR, write>> <P00X, <PMH, write>> <SP00X, <EHR, read>> Role roleID Registered Nurse RN00X Primary-care Physician PP00X Emergency Doctor ED00X Specialist Physician SP00X Physician P00X Physician Emergency Doctor Primary-care Physician Specialist Physician Swinburne University of Technology Swinburne University of Technology 37

Role-Based Access Control (XV) 4/6/2017 Role-Based Access Control (XV) Role-Based Access Control (RBAC): main part Organization Resource Role Operation Swinburne University of Technology Swinburne University of Technology 38

Role-Based Access Control (XVI) 4/6/2017 Role-Based Access Control (XVI) Advantages simplifies management of permissions effective/useful model in large-scale systems/domains Disadvantages the user-role and role-permission assignments are static without taking into account the dynamic attributes, such as the location of users this makes a less effective solution in today’s open and dynamic environments Swinburne University of Technology Swinburne University of Technology 39

Outline What is Access Control? 4/6/2017 Outline What is Access Control? Access Control Matrix and Access Control List Role-Based Access Control User-Role Assignment Role-Permission Assignment Attribute-Based Access Control Context-Aware Access Control Context-Aware User-Role Assignment Context-Aware Role-Permission Assignment Swinburne University of Technology Swinburne University of Technology 40

Attribute-Based Access Control (I) 4/6/2017 Attribute-Based Access Control (I) Attribute-Based Access Control (ABAC) a new access control paradigm where access rights are granted to users through the use of policies which combine attributes together the policies can use any type of attributes (user attributes, resource attribute, etc.) it is a rule-based approach to access control, it does not use the concept of a role the building blocks in the ABAC model are the attributes an ABAC policy specifies which constraints need to be satisfied based on the attributes (e.g., user age is greater than 20) in order to grant access to an object Swinburne University of Technology Swinburne University of Technology 41

Attribute-Based Access Control (II) 4/6/2017 Attribute-Based Access Control (II) Attribute-Based Access Control (ABAC) the formal definition of basic ABAC is composed of four parts: access control related entities, attributes of entities, policy representation, and policy evaluation entities – requestor (Req), resource (Res), action (Act), environment (Env) attributes of entities (e.g., attributes of environment (Attr(Env)) – the current date or time) policy specification – the definition of access control policies policy evaluation – the process of making an access decision based on the security policy <ABAC, http://www.mcs.anl.gov/uploads/cels/papers/P1367.pdf> Swinburne University of Technology Swinburne University of Technology 42

Attribute-Based Access Control (III) 4/6/2017 Attribute-Based Access Control (III) Attribute-Based Access Control (ABAC): policy evaluation an access control decision is made by the evaluation function ( 𝑃 𝑖_𝑎𝑑𝑓() ), access control decision function, ADF it takes the attributes of the requestor, the resource, the action, the environment as parameters 𝑷 𝒊_𝒂𝒅𝒇() 𝐴𝑡𝑡𝑟 𝑅𝑒𝑞 ,𝐴𝑡𝑡𝑟 𝑅𝑒𝑠 ,𝐴𝑡𝑡𝑟 𝐴𝑐𝑡 ,𝐴𝑡𝑡𝑟 𝐸𝑛𝑣 =𝒑𝒆𝒓𝒎𝒊𝒕 𝑜𝑟 𝒅𝒆𝒏𝒚 Swinburne University of Technology Swinburne University of Technology 43

Attribute-Based Access Control (IV) 4/6/2017 Attribute-Based Access Control (IV) eXtensible Access Control Markup Language (XACML) is the standard that implements attribute-based access control a standard XML-based protocol for access control policies suitable for a variety of application environments (e.g., Web-based) uses the attributes of subject, resource, action, and environment this framework contains PEP, PDP, PIP, and PAP <OASIS XACML 3.0 (2013), http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.pdf> Swinburne University of Technology Swinburne University of Technology 44

Attribute-Based Access Control (V) 4/6/2017 Attribute-Based Access Control (V) eXtensible Access Control Markup Language (XACML): four main components Policy Enforcement Point (PEP) Policy Decision Point (PDP) Policy Administration Point (PAP) Policy Information Point (PIP) <OASIS XACML 3.0 (2013), http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.pdf> Swinburne University of Technology Swinburne University of Technology 45

Attribute-Based Access Control (VI) 4/6/2017 Attribute-Based Access Control (VI) XACML Data Authorization Framework <OASIS XACML 3.0 (2013), http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.pdf> Figure: XACML Data Flow Diagram Swinburne University of Technology Swinburne University of Technology 46

Attribute-Based Access Control (VII) 4/6/2017 Attribute-Based Access Control (VII) XACML Data Authorization Framework: when access request comes from the access requesters (users) the PEP intercepts the access requests from users and sends the requests to the PDP (through the context handler) the PDP makes access decisions according to the security policy (policy set) written by the PAP the PDP uses the attributes of the subjects, the resources, and the environment obtained by querying the PIP (via the context handler) the access decision given by the PDP is sent to the PEP(through the context handler) the PEP sends either permitted or denied request to the users according to the decision of PDP Swinburne University of Technology Swinburne University of Technology 47

Attribute-Based Access Control (VIII) 4/6/2017 Attribute-Based Access Control (VIII) XACML Implementation Domain-specific Inputs (from the requesters) converted to XACML Request Context (.xml) XACML Policy (.xml) XACML Response Context (.xml) Domain-specific Outputs (back to the requesters) Swinburne University of Technology Swinburne University of Technology 48

Attribute-Based Access Control (IX) 4/6/2017 Attribute-Based Access Control (IX) Language Model of XACML Figure: XACML Context and Policy <OASIS XACML 3.0 (2013), http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.pdf> Swinburne University of Technology Swinburne University of Technology 49

Attribute-Based Access Control (X) 4/6/2017 Attribute-Based Access Control (X) Advantages easy to implement/setup very useful model in small-scale systems/domains Disadvantages when the number of users is high, the number of authorizations can become extremely large, which complicates the administration tasks this brings high complexity of security administration and significant cost of management of growing large-scale systems it does not provide adequate functionalities for dynamic access permissions Swinburne University of Technology Swinburne University of Technology 50

Outline What is Access Control? 4/6/2017 Outline What is Access Control? Access Control Matrix and Access Control List Role-Based Access Control User-Role Assignment Role-Permission Assignment Attribute-Based Access Control Context-Aware Access Control Context-Aware User-Role Assignment Context-Aware Role-Permission Assignment Swinburne University of Technology Swinburne University of Technology 51

Context-Aware Access Control (I) 4/6/2017 Context-Aware Access Control (I) Static Access Permissions AM ACL RBAC ABAC XACML Dynamic access permissions (to dynamically make access control decisions) The dynamic user-role and role-permission assignments Access to medical records of patients should be dynamically controlled depending on the location and request time of users. Normally, a nurse that is not located in the hospital should not have access to medical records of patients. Moreover, this access is allowed only during her ward duty time, and knowing the relationship between patient and nurse. Swinburne University of Technology Swinburne University of Technology 52

Context-Aware Access Control (II) 4/6/2017 Context-Aware Access Control (II) RBAC has become the most widely used access control model The CAAC model adopts RBAC concepts and extends its user-role and role-permission assignments CAAC incorporates the dynamic attributes (context information) into both user-role and role-permission assignments Swinburne University of Technology Swinburne University of Technology 53

Context-Aware Access Control (III) 4/6/2017 Context-Aware Access Control (III) CAAC Policy Framework <A. S. M. Kayes, Jun Han, and Alan Colman, A Semantic Policy Framework for Context-Aware Access Control Applications, TrustCom 2013, http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6680911&tag=1> Swinburne University of Technology Swinburne University of Technology 54

Context-Aware Access Control (IV) 4/6/2017 Context-Aware Access Control (IV) Dynamic Context-Aware Environments Shift from desktop environments to dynamic environments described by Mark Weiser, where users need seamless access to various resources at anytime from anywhere even when they are on the move Pervasive/Ubiquitous environments Privacy and security of accessing resources/services is of greater concern Context information <Mark Weiser, Some computer science issues in ubiquitous computing, Comm. ACM 1993, http://dl.acm.org/citation.cfm?id=159617> Swinburne University of Technology Swinburne University of Technology 55

Context-Aware Access Control (V) 4/6/2017 Context-Aware Access Control (V) Context Information and Context Awareness Dey, Context information is defined as any information that can be used to characterize the situation of an entity and Context awareness is the ability to use context information to provide relevant information and/or services to the user Our focus is “CAAC Model” Context-aware access control (CAAC), decision making based on the context information, reauthorization of access if context changes <Dey et al, A Conceptual Framework for Context-Aware Applications, PUC 2001, http://www.tandfonline.com/doi/abs/10.1207/S15327051HCI16234_02#.U29vNfmSzzg> Swinburne University of Technology Swinburne University of Technology 56

Context-Aware Access Control (VI) 4/6/2017 Context-Aware Access Control (VI) Application Scenario Users from different locations Users from different devices A Patient in an Emergency Health Condition Users at different times Organization Resources User Figure: User-to-Resource Access Scenario in Context-Aware Environments Swinburne University of Technology Swinburne University of Technology 57

Context-Aware Access Control (VII) 4/6/2017 Context-Aware Access Control (VII) Application Scenario A patient Bob who is in the emergency room due to a heart attack. While not being Bob's usual treating physician, Jane, a medical practitioner at the hospital, is required to treat Bob and needs to access Bob's electronic health records from the emergency room. User Resources Healthcare Patients’ Medical Records Figure: Healthcare Scenario Swinburne University of Technology Swinburne University of Technology 58

Context-Aware Access Control (VIII) 4/6/2017 Context-Aware Access Control (VIII) Application Scenario After getting emergency treatment, Bob is shifted and has been assigned a registered nurse Mary, who has regular follow-up visits to monitor his health condition. Mary needs to access several types of Bob's records (daily medical records and private health records) from the general ward. User Resources Healthcare Patients’ Medical Records Figure: Healthcare Scenario Swinburne University of Technology Swinburne University of Technology 59

Context-Aware Access Control (IX) 4/6/2017 Context-Aware Access Control (IX) Application Scenario Different users with different roles from different environments for different intentions Privacy and security User Resources Healthcare Patients’ Medical Records Figure: Healthcare Scenario Swinburne University of Technology Swinburne University of Technology 60

Context-Aware Access Control (X) 4/6/2017 Context-Aware Access Control (X) Main Challenges/Requirements (Req1) - representation of context entities and context information relevant to access control (context model) (Req2) - inferring high-level context information from the available information (reasoning model) (Req3) - incorporating dynamic contextual information into access control policies (policy model) Swinburne University of Technology Swinburne University of Technology 61

Context-Aware Access Control (XI) 4/6/2017 Context-Aware Access Control (XI) Figure: CAAC Model Swinburne University of Technology Swinburne University of Technology 62

Context-Aware Access Control (XII) 4/6/2017 Context-Aware Access Control (XII) CAAC Model Concepts (elements) Users(U) – a user is a human-being (who is a service requester) interacting with a computing system, whose access request is being controlled (e.g., Jane, Mary) Roles(R) – a role reflect user's job function within the organization (e.g., healthcare domain) Resources(Res) – a resource is an object protected by access control that represents the data/information container (e.g., patient’s electronic health records) Operations(Op) - an operation is an action that can be executed on the resources (e.g., read, write) Permissions(P) - permissions are the approvals to perform certain operations on resources, by the users who initiate access requests Swinburne University of Technology Swinburne University of Technology 63

Context-Aware Access Control (XIII) 4/6/2017 Context-Aware Access Control (XIII) CAAC Model Concepts (elements) Context Information(CI) – context Information used in an access control decision is defined as any relevant information about the state of an entity or the state of a relevant relationships between entities (e.g., location of the patient, social or interpersonal relationship between doctor and patient) Policies(Pol) – two sets of policies: the context-aware user-role assignment policies and context-aware role-permission assignment policies Swinburne University of Technology Swinburne University of Technology 64

Context-Aware Access Control (XIV) 4/6/2017 Context-Aware Access Control (XIV) Figure: CAAC Model Swinburne University of Technology Swinburne University of Technology 65

Context-Aware Access Control (XV) 4/6/2017 Context-Aware Access Control (XV) CAAC Model Concepts (relationships) Role Hierarchy(RH) – it supports the concept of role inheritance (like RBAC). The role is considered in a hierarchical manner in that if a permission assigned to a junior role, then it is also assigned to all the senior roles of that role Resource Hierarchy(ResH) – the resource is also considered in a hierarchical manner in that if a user has the right to access a resource with the highest granularity level, then he also has the right to access the lower granularity levels of that resource Operation Assignment(OpA) – each operation could be associated with many resources, and for each resource could be granted to many operations Swinburne University of Technology Swinburne University of Technology 66

Context-Aware Access Control (XVI) 4/6/2017 Context-Aware Access Control (XVI) CAAC Model Concepts (relationships) Context-Aware User-Role Assignment(CAURA) – a many-to-many mapping between a set of users and roles, when a set of dynamic contextual conditions are satisfied Context-Aware Role-Permission Assignment(CARPA) – a many-to-many mapping between a set of roles and permissions, when a set of dynamic contextual conditions are satisfied CAUR𝑨 ⊆𝑼×𝑹×𝑪𝑰 CARP𝑨 ⊆𝑹×𝑷×𝑪𝑰 Swinburne University of Technology Swinburne University of Technology 67

Context-Aware Access Control (XVII) 4/6/2017 Context-Aware Access Control (XVII) Context Ontology Policy Ontology Figure: CAAC Model Swinburne University of Technology Swinburne University of Technology 68

Context-Aware Access Control (XVIII) 4/6/2017 Context-Aware Access Control (XVIII) Advantages dynamic access permissions (dynamic access control decision making) dynamic user-role and role-permission assignments efficient model in today’s dynamic and context-aware environments Disadvantages implementation efforts Swinburne University of Technology Swinburne University of Technology 69

Review Access Control AM ACL RBAC ABAC XACML CAAC 4/6/2017 Swinburne University of Technology Swinburne University of Technology 70

Next Semantic Web Semantic Technology Ontology Concept 4/6/2017 Next Semantic Web Semantic Technology Ontology Concept OWL, DL and SWRL Ontology-Based Framework for Access Control XACML-Based Framework for Access Control XACML for RBAC Swinburne University of Technology Swinburne University of Technology 71

Questions? ABAC, Core XACML – attribute-based RBAC – role-based 4/6/2017 Questions? ABAC, Core XACML – attribute-based RBAC – role-based CAAC – ? Swinburne University of Technology Swinburne University of Technology 72

Questions? akayes@swin.edu.au (dblp: A. S. M. Kayes) 4/6/2017 Questions? ABAC, Core XACML – attribute-based RBAC – role-based CAAC – role- and attribute-based akayes@swin.edu.au (dblp: A. S. M. Kayes) Swinburne University of Technology Swinburne University of Technology 73