1 / 19

CatBAC: A Generic Framework for Designing and Validating Hybrid Access Control Models

CatBAC: A Generic Framework for Designing and Validating Hybrid Access Control Models. Bernard Stepien, University of Ottawa Hemanth Khambhammettu Kamel Adi Luigi Logrippo. Université du Québec en Outaouais.

kelda
Download Presentation

CatBAC: A Generic Framework for Designing and Validating Hybrid Access Control Models

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CatBAC: A Generic Framework for Designing and Validating Hybrid Access Control Models Bernard Stepien, University of Ottawa Hemanth Khambhammettu Kamel Adi Luigi Logrippo Université du Québec en Outaouais

  2. Université du Québec en OutaouaisSmall university of about 8,000 studentsPart of the “Université du Québec” network

  3. Selective access control • Alice • works in project 1A • and has security level Unclassified, • can she write on file RFP? RFP

  4. Thousand of Alices, thousands of resources …

  5. Access Control • Many subjects, many resources in an organization • Virtual, real subjects and resources • What each subject can do on the resources can depend on many factors • The role or group of the subject in the organization (RBAC) • The other roles it may have (SOD) • The other files it may have accessed (CW) • Its security level (BLP) • Delegation • Etc.

  6. Models and languages • Many access control models have been developed • Are associated with access control languages to specify access control properties of subjects • Languages express access control policies

  7. Issues in Access Control (AC) • Access control policies in an organization can contain tens of thousands of rules that can be implemented at different levels of abstraction with a variety of methods. • We address issues of: • Homogeneity and expressiveness: • Identifying common high-level concepts, leading to unified terminology and languages • Consistency, completeness • Are there inconsistencies in set of rules? • Do we have all the rules that we need? • Lifecycle • From the initial design stages to the final set of implemented policies through refinement and formal verification stages

  8. Homogeneity and expressiveness • In business, RBAC, Role Based Access Control, is a prevalent AC model • We have a real ‘alphabet soup’ of other models that complement RBAC • DAC, Discretionary Access Control • GBAC, Group-Based Access Control • ABAC, Attribute-Based Access Control • BLP, Bell-Lapadula, Biba, etc.

  9. Combining access control models • Combine AC models in a single Hybrid policy model for maximum power and flexibility • In a company, one may wish to have: • RBAC as a basic model • Bell-LaPadula as an auxiliary model • E.g. within a role, subjects can have different clearance levels • Complex combinations may be desirable • RBAC research has shown how many AC control models can be represented in RBAC • But this is not always intuitive

  10. Specification of combined models • Defined a framework for combined AC specs starting from an abstract UML meta-model • Provided a language for it, together with an engine for execution and verification

  11. Concept of Category • Categories can be roles, groups, security levels, etc. • Can be assigned to other categories • E.g. A role can be assigned to a security level • Can be organized in hierarchies • E.g. Role hierarchies

  12. Combined model in UML and text categories subjects actions resources In more compact textual form: assign subject Alice to role Consultant; assign subject Alice to group Project 1A; assign subject Alice to security level Unclassified;

  13. CAtBAC language • A strongly typed, user-friendly language to be the textual representation of UACML

  14. CatBAC Features • Assign subjects to categories • assign subject Alice to role Consultant; • Assignments between categories • assign category group Project_1B to category security_level Classified; • Assignments of permissions to resources-actions • assign permission permit to categories role Consultant, Manager for resources Input_RFP, Bid_RFPand actions read, write; • Mandatory assignments • assign mandatory permission permit to category group Project_1A for resourceInput_RFPand action Read;

  15. Authorization Constraints • Constraints that specify restrictions on subject-category assignments, category-resource assignments and resource-action assignments • E.g. separation of duties

  16. Constraints in CatBAC • Mutual exclusion • category role teacher and category role student are mutually exclusive; • Requirements • category assignment role teacher requirescategory assignment role researcher; • Cardinality • category role President assignments should not exceed 1;

  17. Execution and verification • CatBAC has operational semantics based on Prolog (Horn-clauses predicate calculus) • CatBAC can be executed and can be queried • For verification of consistency: find all possible outcomes of an access request • Find whether there are violations of mandatory assignments • Find whether there are violations of constraints

  18. Practical use • Security administrators can • Express high-level security policies in graphic UML form • Compile the graphic form into a form that allows the inclusion of detailed low-level security policies • Textual form • Enables expressing policy sets of realistic sizes • Can be validated to detect design faults: • inconsistency, separation of duties, etc. • This top-down approach enables an integrated view of the security policies of a whole enterprise, using a unified model and language

  19. Conclusion • UACML and CatBAC form a powerful conceptual framework for the expression and combination of Access Control methods • Most common access control systems can coexist within this framework • Lifecycle support is provided, by allowing iterative development from UML notation to executable code, with verification steps in between

More Related