An attribute based authorization policy framework with dynamic conflict resolution
This presentation is the property of its rightful owner.
Sponsored Links
1 / 22

An Attribute-based Authorization Policy Framework with Dynamic Conflict Resolution PowerPoint PPT Presentation


  • 64 Views
  • Uploaded on
  • Presentation posted in: General

An Attribute-based Authorization Policy Framework with Dynamic Conflict Resolution. Apurva Mohan Douglas M. Blough Georgia Institute of Technology. Contents. Problem introduction Motivating scenario Proposed solution Performance of the proposed framework Conclusion. Introduction.

Download Presentation

An Attribute-based Authorization Policy Framework with Dynamic Conflict Resolution

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


An attribute based authorization policy framework with dynamic conflict resolution

An Attribute-based Authorization Policy Frameworkwith Dynamic Conflict Resolution

Apurva Mohan

Douglas M. Blough

Georgia Institute of Technology


Contents

Contents

  • Problem introduction

  • Motivating scenario

  • Proposed solution

  • Performance of the proposed framework

  • Conclusion


Introduction

Introduction

  • Policy based authorization systems

  • Role-based vs. attribute-based systems

  • Multi-authority systems

  • Conflicts in policy decisions


Problem introduction

Problem Introduction

  • Conflict resolution in current systems is static

  • Most policy based systems do not provide modularity

  • Difficult to add or remove special purpose policies

  • Evaluation of a large number of non-applicable rules

  • Fast indexing scheme for finding applicable policies


Motivating scenario

Motivating Scenario

Superior Health Care (SHC)

Proxy

request

Alex’s policy

Data source policy

response

Querier

SHC’s policy

Regulatory policy

EMR Repository


Scenario cont

Scenario – Cont.

Alex’s Policy

Deny Overrides

Permit

Overrides

1

2

3

1

2

3

Normal

Emergency


Proposed solution

Proposed Solution

  • Dynamic Conflict Resolution

  • Decide Applicable policies based on context

  • Dynamically include (remove) specialized policies

  • Increase modularity of policies

  • Increasing the efficiency of policy target matching


Authorization flow

Authorization Flow


Proposed solution dynamic conflict resolution

Proposed Solution - Dynamic Conflict Resolution


Proposed solution applicable policies

Proposed Solution – Applicable Policies


Motivating scenario revisited

Motivating Scenario revisited

What Alex wants –

  • Only his Doctor can access his EMR

  • During his trip, ‘Doctors’ or ‘paramedics in Florida’ can access his EMR

  • Attributes used – Alex’s location, Doctor’s credentials, paramedics credentials and location, Alex’s trip duration


Motivating scenario revisited1

Motivating Scenario revisited

Location Provider

Atlanta

Proxy Server

Alex’s policy

(‘doctor’ or ‘paramedic in FL’) and (AlexLocation = FL) and (date = [d1,d2])

P1

P2

P3

Florida

EMR Repository

paramedic in FL


Scenario continued

Scenario - Continued

Location Provider

Atlanta

Proxy Server

Alex’s policy

(‘doctor’ or ‘paramedic in FL’) and (AlexLocation = FL) and (date = [d1,d2])

P1

P2

P3

Florida

EMR Repository

paramedic in FL


Experimental setup

Experimental Setup

  • Total Applicable Policy Set evaluation

    • 1,2,4 and 8 rules/policy

    • 1,10, 100, 1000 and 10000 policies

  • PCA selection evaluation

    • 7 PCA’s, 2-10000 attributes/rule

  • Evaluation time

    • 1,2,4,and 8 rules/policy

    • 1,10,100, 1000 and 10000 policies


Performance graph 1

Performance graph - 1


Performance graph 2

Performance graph - 2


Performance graph 3

Performance graph - 3


Performance graph 4

Performance graph - 4


Performance graph 5

Performance graph - 5


Performance graph 6

Performance graph - 6


Conclusion

Conclusion

  • Proposed a framework for dynamically changing the PCA

  • Selecting the applicable policies in a dynamic and efficient manner

  • Included modularity in policies

  • Add/remove specialized policies dynamically


Questions comments

Questions/Comments?


  • Login