Presentation is loading. Please wait.

Presentation is loading. Please wait.

Process Model for Access Control Wael Hassan University of Ottawa Luigi Logrippo, Université du Québec en Outaouais.

Published byJoleen Foster Modified over 9 years ago

Similar presentations

Presentation on theme: "Process Model for Access Control Wael Hassan University of Ottawa Luigi Logrippo, Université du Québec en Outaouais."— Presentation transcript:

1 Process Model for Access Control Wael Hassan University of Ottawa Luigi Logrippo, Université du Québec en Outaouais

2 2 Goal Create a Privacy Model that reduces attacks by following privacy specifications while detecting conflict Why?

3 3 Security and Privacy Breaches Process 60% of security attacks are internal Attacks come from legitimate users Reason users bypass the process

4 4 Plan Basics Existing Models Privacy –Issues and requirements –Concept of process based privacy Evaluation –Support of existing concepts –Advantages over existing models Verification Conclusion

5 5 Back to Basics Subject: wael Students Verb: can access can access Object: computer their office What is the structure of a secure access control instruction? SingleGroup

6 6 Security Basic:- –Identity  Access Right An identity justifies an access-right –Example: given I am a wael, I can access my lab Extended:- –Identity1, Identity2  Forwarding Right (object) A right is owned and can be forwarded (delegated) –Example: given I am an assistant in the admissions department, »I own the right to access personal student file, »I can allow Jasmine access to my file Combined:- –Identity1, Identity2  Concurrent Access (object) Two subjects may be allowed to have concurrent access to an object

7 7 Privacy Basic:- –Purpose  Access-Right (Identity) A purpose justifies access-right Example: To update student profile, –Jo-Anne needs to have access to accepted student application data Extended:- –Step  Forwarding Right (Identity1, Identity2) A step which can be owned by a person in a process suggests a right, and that right may be forwarded (delegated) iff the recipient has access to the process/step. –Example: given that Jo-Anne participates in the admissions procedure, »She is assigned access to activity open personal student file, »She can allow Jasmine (another officer) access to the same file as long as she has the authority and she is assigned to the process Combined:- –Process1, Process2  Concurrent Access (object) Two subjects participating in two processes may or not have concurrent access to certain objects.

8 8 Existing Models There are 3 existing security models that we inherit

9 9 Bell-Lapadula Intended for military applications, Flow Based 1.Security Clearances 2.Security Requirement A can access y iff –clearance of A > requirement of y A can forward access to y for B iff –clearance of B > requirement of y A X B yLevel

10 10 Chinese Wall Originally intended for banking applications Creates separation of concerns groups Group A & Group B cannot share access to an object set {x,y,z} A B XYzXYz

11 11 RBAC Role based Access Control Principle –Group people in order to reduce management overhead Application –Corporate Uses corporate hierarchy to suggest groups Example: Director, Executive Assistant All Directors have access to client accounts

12 12 Issues with current systems When applied to privacy They only answer –Does a person A have access to object X They don’t –Capture context and purpose of an operation They grant –Access once and for all times, irrelevant of the job function Therefore, they do not satisfy privacy principles of collection, retention, distribution

13 13 What is needed Privacy requires the ability to say –Does a person A have access to resource X for purpose P –Is a person A trying to gain access to a resource x as a part of a process –Is a person A trying to gain access in the proper sequence of operation

14 14 Process Based Governance Governance of organizations by specifying control of access (to information) by applying policies to processes

15 15 Process Based Control A business process is a unit that can be composed of steps and/or processes. Steps in a process are sequenced Process

16 16 In a business process environment it should be Easy to tie purposes to actions Possible to apply invariants for a complete structure Easy to trace policy modifications Business Process

17 17 Process Approach Supports Flow of information (Bell Lapadula) Separation of concerns (Chinese Wall)

18 18 Information flow A part of standard procedures is delegating work to others. –Example: delegate meeting announcement to secretary Using process model –Action delegate meeting, allowed in a process –Action meeting cancellation cannot be delegated

19 19 Separation of Concerns In the banking industry, different groups may not share access to particular resources. Using process model we can set rules to separate groups –Example: No data that admission and scholarship share

20 20 Advantages Captures context Simplifies management (privacy)

21 21 Captures Context As a part of credit application process (x,y,z,t), an employee A receives access to credit information in step z. –A can download all credit information of all customers on file When using a process model, –access is granted or revoked based on the sequence of operations. –Therefore, under the process model, an employee A will only have access If steps x & y have been performed –Access will be revoked after operation t is completed

22 22 Simplifies Management Privacy is dependent on the application and not on the identity An identity can have a role which is involved in several functions. Its privileges are dependent on process. Grouping policies per process reduces time and management policies that are based on roles. Example: –Old If rank is General, then grant access If rank is secretary and name is Lise then grant access –New: Secretary allow-access step 3 General allow-access process change-direction

23 23 Implementation and Validation A validation environment is provided by the language Alloy A formal language based on set theory and first order predicate calculus –Model analyser –Consistency checker –Being developed at MIT

24 24 Alloy Signatures or elements are the basic constructs of an Alloy model; they are a cluster of relationships grouped in a class like structure. 1.Sig [abstract] enterprise { 2. root : CEO 3.}{ 4. [lone] root 5.} 1.abstract sig process { 2. parent : lone process, 3. composedOf : set steps 4.} Process abstract sig policy { attachedTo : lone process, permitted: role -> process, denied : role -> process Policy Enterprise } no permitted & denied role.permitted in attachedTo role.denied in attachedTo } Facts & Rules

25 25 Alloy Separation of Concerns

26 26 Architecture UML Model Verification Alloy Meta Model Alloy Policy Specification Translation Manual Translation Manual Verification XACML ebXML Manual Verification

27 27 Pragmatic Goals GUIs to formulate validated policies Able to answer questions: –Given an enterpise model and a set of policies Who can/cannot and under what circumstances Given circumstances, who can/cannot? Is there inconsistency or incompleteness? Automatic translation between –GUI representation –XACML representation –Formal representation (Alloy or other)

28 28 Conclusion Privacy requires a native model; The transposition of existing security models does not address the right requirements. We propose a process based model that attaches policies to processes which are composed of activities, We use Alloy as model analyzer to verify properties.

29 29 Thanks from Wael Hassan, Luigi Logrippo wael@ieee.orgwael@ieee.org, luigi@uqo.caluigi@uqo.ca

Download ppt "Process Model for Access Control Wael Hassan University of Ottawa Luigi Logrippo, Université du Québec en Outaouais."

Similar presentations

A Method for Validating Software Security Constraints Filaret Ilas Matt Henry CS 527 Dr. O.J. Pilskalns.

A Method for Validating Software Security Constraints Filaret Ilas Matt Henry CS 527 Dr. O.J. Pilskalns.
Information Flow and Covert Channels November, 2006.

Information Flow and Covert Channels November, 2006.
Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.

Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.
Alan Shaffer, Mikhail Auguston, Cynthia Irvine, Tim Levin The 7th OOPSLA Workshop on Domain-Specific Modeling October 21-22, 2007 Toward a Security Domain.

Alan Shaffer, Mikhail Auguston, Cynthia Irvine, Tim Levin The 7th OOPSLA Workshop on Domain-Specific Modeling October 21-22, 2007 Toward a Security Domain.
Access Control Methodologies

Access Control Methodologies
RBAC and Usage Control System Security. Role Based Access Control Enterprises organise employees in different roles RBAC maps roles to access rights After.

RBAC and Usage Control System Security. Role Based Access Control Enterprises organise employees in different roles RBAC maps roles to access rights After.
Role Based Access Control Venkata Marella. Access Control System Access control is the ability to permit or deny the use of a particular resource by a.

Role Based Access Control Venkata Marella. Access Control System Access control is the ability to permit or deny the use of a particular resource by a.
Governance Policies for Privacy Access and their Interactions ICFI-2005 Waël Hassan 1 & Luigi Logrippo 2 1 University of Ottawa School of information technology.

Governance Policies for Privacy Access and their Interactions ICFI-2005 Waël Hassan 1 & Luigi Logrippo 2 1 University of Ottawa School of information technology.
Formal Methods. Importance of high quality software ● Software has increasingly significant in our everyday activities - manages our bank accounts - pays.

Formal Methods. Importance of high quality software ● Software has increasingly significant in our everyday activities - manages our bank accounts - pays.
Security Fall 2006McFadyen ACS-49021 How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.

Security Fall 2006McFadyen ACS How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.
Chapter 10: Analyzing Systems Using Data Dictionaries Instructor: Paul K Chen.

Chapter 10: Analyzing Systems Using Data Dictionaries Instructor: Paul K Chen.
CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
Bootstrapping Privacy Compliance in Big Data System Shayak Sen, Saikat Guha et al Carnegie Mellon University Microsoft Research Presenter: Cheng Li.

Bootstrapping Privacy Compliance in Big Data System Shayak Sen, Saikat Guha et al Carnegie Mellon University Microsoft Research Presenter: Cheng Li.
User Domain Policies.

User Domain Policies.
Lecture 7 Access Control

Lecture 7 Access Control
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.

1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.
Understanding Active Directory

Understanding Active Directory
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
Complex Security Policies Dave Andersen Advanced Operating Systems Georgia State University.

Complex Security Policies Dave Andersen Advanced Operating Systems Georgia State University.
Audumbar. Access control and privacy Who can access what, under what conditions, and for what purpose.

Audumbar. Access control and privacy Who can access what, under what conditions, and for what purpose.

Similar presentations

Ads by Google