An attribute based authorization policy framework with dynamic conflict resolution
Sponsored Links
This presentation is the property of its rightful owner.
1 / 22

An Attribute-based Authorization Policy Framework with Dynamic Conflict Resolution PowerPoint PPT Presentation


  • 74 Views
  • Uploaded on
  • Presentation posted in: General

An Attribute-based Authorization Policy Framework with Dynamic Conflict Resolution. Apurva Mohan Douglas M. Blough Georgia Institute of Technology. Contents. Problem introduction Motivating scenario Proposed solution Performance of the proposed framework Conclusion. Introduction.

Download Presentation

An Attribute-based Authorization Policy Framework with Dynamic Conflict Resolution

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


An Attribute-based Authorization Policy Frameworkwith Dynamic Conflict Resolution

Apurva Mohan

Douglas M. Blough

Georgia Institute of Technology


Contents

  • Problem introduction

  • Motivating scenario

  • Proposed solution

  • Performance of the proposed framework

  • Conclusion


Introduction

  • Policy based authorization systems

  • Role-based vs. attribute-based systems

  • Multi-authority systems

  • Conflicts in policy decisions


Problem Introduction

  • Conflict resolution in current systems is static

  • Most policy based systems do not provide modularity

  • Difficult to add or remove special purpose policies

  • Evaluation of a large number of non-applicable rules

  • Fast indexing scheme for finding applicable policies


Motivating Scenario

Superior Health Care (SHC)

Proxy

request

Alex’s policy

Data source policy

response

Querier

SHC’s policy

Regulatory policy

EMR Repository


Scenario – Cont.

Alex’s Policy

Deny Overrides

Permit

Overrides

1

2

3

1

2

3

Normal

Emergency


Proposed Solution

  • Dynamic Conflict Resolution

  • Decide Applicable policies based on context

  • Dynamically include (remove) specialized policies

  • Increase modularity of policies

  • Increasing the efficiency of policy target matching


Authorization Flow


Proposed Solution - Dynamic Conflict Resolution


Proposed Solution – Applicable Policies


Motivating Scenario revisited

What Alex wants –

  • Only his Doctor can access his EMR

  • During his trip, ‘Doctors’ or ‘paramedics in Florida’ can access his EMR

  • Attributes used – Alex’s location, Doctor’s credentials, paramedics credentials and location, Alex’s trip duration


Motivating Scenario revisited

Location Provider

Atlanta

Proxy Server

Alex’s policy

(‘doctor’ or ‘paramedic in FL’) and (AlexLocation = FL) and (date = [d1,d2])

P1

P2

P3

Florida

EMR Repository

paramedic in FL


Scenario - Continued

Location Provider

Atlanta

Proxy Server

Alex’s policy

(‘doctor’ or ‘paramedic in FL’) and (AlexLocation = FL) and (date = [d1,d2])

P1

P2

P3

Florida

EMR Repository

paramedic in FL


Experimental Setup

  • Total Applicable Policy Set evaluation

    • 1,2,4 and 8 rules/policy

    • 1,10, 100, 1000 and 10000 policies

  • PCA selection evaluation

    • 7 PCA’s, 2-10000 attributes/rule

  • Evaluation time

    • 1,2,4,and 8 rules/policy

    • 1,10,100, 1000 and 10000 policies


Performance graph - 1


Performance graph - 2


Performance graph - 3


Performance graph - 4


Performance graph - 5


Performance graph - 6


Conclusion

  • Proposed a framework for dynamically changing the PCA

  • Selecting the applicable policies in a dynamic and efficient manner

  • Included modularity in policies

  • Add/remove specialized policies dynamically


Questions/Comments?


  • Login