Presentation is loading. Please wait.

Presentation is loading. Please wait.

Institute for Cyber Security An Attribute-Based Protection Model

Published byGriselda Harper Modified over 6 years ago

Similar presentations

Presentation on theme: "Institute for Cyber Security An Attribute-Based Protection Model"— Presentation transcript:

1 Institute for Cyber Security An Attribute-Based Protection Model
for JSON Documents Prosunjit Biswas, Ravi Sandhu and Ram Krishnan Department of Computer Science Department of Electrical and Computer Engineering 10th International Conference on Network and System Security September 28th, 2016 World-Leading Research with Real-World Impact! 1 1 1

2 Labeling JSON elements Implementation Q/A
Outline Summary Motivation Background JSON protection model Labeling JSON elements Implementation Q/A World-Leading Research with Real-World Impact! 2 2 2

3 Summary We have presented an attribute based protection model and labeling schemes for securing JSON documents. World-Leading Research with Real-World Impact! 3 3 3

4 Motivation Why JSON documents?
World-Leading Research with Real-World Impact! 4 4 4

5 Motivation (continuing)
Why not reuse XML protection models? Features of underlying data to be protected Hierarchical relationship (e.g. house-no, street, town) Semantic association (e.g. phone-no, , fax, mobile) Scatteredness (due to redundancy/duplicity) - Considered in XML protection models - Not considered World-Leading Research with Real-World Impact! 5 5 5

6 Motivation (continuing)
Existing XML models vs proposed model Labeling policies Authorization policies Attribute values Authorization policies Nodes Nodes Fig 1 (a): Existing XML protection models Fig 1(b): Proposed JSON protection model World-Leading Research with Real-World Impact! 6 6 6

7 Fig 2 (b): Corresponding JSON tree
Background - JSON JSON data forms a rooted tree hierarchical structure (like XML) { “emp-rec”:{ “name”: “...”, “con-info”:{ “ ”: “...”, “work-phone”: “...” }, “emp-info”:{ “mobile”: “...”, “EID”: “...”, “salary”: “...” } “sen-info”: { “SSN”: “...”, emp-rec con-info emp-info work-phone mobile sen-info EID Salary SSN salary name ... key nodes Fig 2 (b): Corresponding JSON tree Fig 2 (a): JSON data World-Leading Research with Real-World Impact! 7 7 7

8 JSON protection model Fig 3: Scope of the JSON protection model
Specification of authorization policies Specification of labeling policies Content based labeling Path based labeling Fig 3: Scope of the JSON protection model World-Leading Research with Real-World Impact! 8 8 8

9 JSON protection model (continuing)
ULH SLH JEH uLabel Micro-Policy sLabel U users UL SL security-label values JE JSON elements Adapted from EAP-ABAC model [1] Policy A actions Fig 4: The Attribute-based Operational Model (AtOM) [1] Biswas, Prosunjit, Ravi Sandhu, and Ram Krishnan. "Label-Based Access Control: An ABAC Model with Enumerated Authorization Policy." Proceedings of the 2016 ACM International Workshop on Attribute Based Access Control. ACM, 2016. World-Leading Research with Real-World Impact! 9 9 9

10 JSON protection model - examples
emp-rec {enterprise} manager HR sensitive con-info {enterprise} sen-info {sensitive} employee employment enterprise work-phone SSN salary guest public {enterprise} {enterprise} {sensitive} {sensitive} (a) (b) (c) Fig 5: (a) User-label values, (b) security-label values and (c) annotated JSON tree Example of a policy, Policyread = {(manager, sensitive), (HR, employment), (employee, enterprise), (guest,public) } World-Leading Research with Real-World Impact! 10 10 10

11 Labeling JSON documents
Specification of labeling policies Content based labeling Path based labeling Fig 6 (a): Types of labeling policies World-Leading Research with Real-World Impact! 11 11 11

12 Labeling JSON documents (continuing)
Purpose of labeling policies Restrict arbitrary labeling (Assignment control) Propagation of labels (Propagation control) Fig 6 (b): Purpose of labeling policies World-Leading Research with Real-World Impact! 12 12 12

13 Labeling JSON documents – Assignment control
Assignment controls No-restriction Senior-up Senior-down Junior-up Junior-down Fig 7 (a): Different types of Assignment controls Senior nodes Fig 7 (b): Junior-up assignment control Nodei Valuei Assignment Senior nodes of Nodei must be assigned junior values of Valuei Junior values 13 13 World-Leading Research with Real-World Impact! 13

14 Labeling JSON documents – Propagation control
Propagation controls No-propagation One-level up One-level down Cascading-up Cascading-down Fig 8: Different types of propagation controls World-Leading Research with Real-World Impact! 14 14 14

15 Labeling JSON documents – Path-based labeling model
JPath JSON path LabelAssignments SL security-label values constant set finite set SCOPE AC assignment control PC propagation Fig 9: Model for path-based labeling of JSON data Table 1: Example of path-based labeling World-Leading Research with Real-World Impact! 15 15 15

16 Prototype implementation
Keystone data Roles as uLabel values Policy table JSON document sLabel values Labeling policies JSONAuth plugin 1,2 3,6 4,5 1,2: User's request to keystone & responses with the credentials 3: User Request for JSON document 4,5: Request & response from object server for JSON document 6: User receive only authorized data from JSON document OpenStack Keystone OpenStack Swift Required changes Fig 10: Implementation in OpenStack Cloud World-Leading Research with Real-World Impact! 16 16 16

17 Implementation - evaluation
Fig 11: Performance evaluation World-Leading Research with Real-World Impact! 17 17 17

18

Download ppt "Institute for Cyber Security An Attribute-Based Protection Model"

Similar presentations

Privacy-Enhancing Models and Mechanisms for Securing Provenance and its Use October 2010 Lead PI: Ravi Sandhu (UT San Antonio) PIs: Elisa Bertino (Purdue),

Privacy-Enhancing Models and Mechanisms for Securing Provenance and its Use October 2010 Lead PI: Ravi Sandhu (UT San Antonio) PIs: Elisa Bertino (Purdue),
Institute for Cyber Security

Institute for Cyber Security
Institute for Cyber Security

Institute for Cyber Security
Attribute-Based Access Control Models and Beyond

Attribute-Based Access Control Models and Beyond
11 World-Leading Research with Real-World Impact! Constraints Specification for Virtual Resource Orchestration in Cloud IaaS Constraints Specification.

11 World-Leading Research with Real-World Impact! Constraints Specification for Virtual Resource Orchestration in Cloud IaaS Constraints Specification.
1 Adaptive Management Portal April 2000. 2 3 4.

1 Adaptive Management Portal April
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.

1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
Employee Central Presentation

Employee Central Presentation
11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.

11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.
Secure Information and Resource Sharing in CloudSecure Information and Resource Sharing in Cloud References OSAC-SID Model [1]K. Harrison and G. White.

Secure Information and Resource Sharing in CloudSecure Information and Resource Sharing in Cloud References OSAC-SID Model [1]K. Harrison and G. White.
11 World-Leading Research with Real-World Impact! A Formal Model for Isolation Management in Cloud Infrastructure-as-a-Service Khalid Zaman Bijon, Ram.

11 World-Leading Research with Real-World Impact! A Formal Model for Isolation Management in Cloud Infrastructure-as-a-Service Khalid Zaman Bijon, Ram.
XACML Gyanasekaran Radhakrishnan. Raviteja Kadiyam.

XACML Gyanasekaran Radhakrishnan. Raviteja Kadiyam.
1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo

1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo
1 A Role Based Administration Model For Attribute Xin Jin, Ram Krishnan, Ravi Sandhu SRAS, Sep 19, 2012 World-Leading Research with Real-World Impact!

1 A Role Based Administration Model For Attribute Xin Jin, Ram Krishnan, Ravi Sandhu SRAS, Sep 19, 2012 World-Leading Research with Real-World Impact!
1 World-Leading Research with Real-World Impact! Authorization Federation in IaaS Multi Cloud Navid Pustchi, Ram Krishnan and Ravi Sandhu SCC 2015.

1 World-Leading Research with Real-World Impact! Authorization Federation in IaaS Multi Cloud Navid Pustchi, Ram Krishnan and Ravi Sandhu SCC 2015.
NETWORK FILE ACCESS SECURITY Daniel Mattingly EKU, Dept. of Technology, CEN/CET.

NETWORK FILE ACCESS SECURITY Daniel Mattingly EKU, Dept. of Technology, CEN/CET.
11 World-Leading Research with Real-World Impact! Towards Provenance and Risk-Awareness in Social Computing Yuan Cheng, Dang Nguyen, Khalid Bijon, Ram.

11 World-Leading Research with Real-World Impact! Towards Provenance and Risk-Awareness in Social Computing Yuan Cheng, Dang Nguyen, Khalid Bijon, Ram.
Distributed Session Announcement Agents for Real-time Streaming Applications Keio University, Graduate School of Media and Governance Kazuhiro Mishima.

Distributed Session Announcement Agents for Real-time Streaming Applications Keio University, Graduate School of Media and Governance Kazuhiro Mishima.
11 World-Leading Research with Real-World Impact! Group-Centric Secure Information Sharing: A Lattice Interpretation Institute for Cyber Security Ravi.

11 World-Leading Research with Real-World Impact! Group-Centric Secure Information Sharing: A Lattice Interpretation Institute for Cyber Security Ravi.
Institute for Cyber Security Multi-Tenancy Authorization Models for Collaborative Cloud Services Bo Tang, Ravi Sandhu, and Qi Li Presented by Bo Tang ©

Institute for Cyber Security Multi-Tenancy Authorization Models for Collaborative Cloud Services Bo Tang, Ravi Sandhu, and Qi Li Presented by Bo Tang ©

Similar presentations

Ads by Google