An attribute based authorization policy framework with dynamic conflict resolution
Download
1 / 22

An Attribute-based Authorization Policy Framework with Dynamic Conflict Resolution - PowerPoint PPT Presentation


  • 104 Views
  • Uploaded on

An Attribute-based Authorization Policy Framework with Dynamic Conflict Resolution. Apurva Mohan Douglas M. Blough Georgia Institute of Technology. Contents. Problem introduction Motivating scenario Proposed solution Performance of the proposed framework Conclusion. Introduction.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' An Attribute-based Authorization Policy Framework with Dynamic Conflict Resolution' - tal


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
An attribute based authorization policy framework with dynamic conflict resolution

An Attribute-based Authorization Policy Frameworkwith Dynamic Conflict Resolution

Apurva Mohan

Douglas M. Blough

Georgia Institute of Technology


Contents
Contents

  • Problem introduction

  • Motivating scenario

  • Proposed solution

  • Performance of the proposed framework

  • Conclusion


Introduction
Introduction

  • Policy based authorization systems

  • Role-based vs. attribute-based systems

  • Multi-authority systems

  • Conflicts in policy decisions


Problem introduction
Problem Introduction

  • Conflict resolution in current systems is static

  • Most policy based systems do not provide modularity

  • Difficult to add or remove special purpose policies

  • Evaluation of a large number of non-applicable rules

  • Fast indexing scheme for finding applicable policies


Motivating scenario
Motivating Scenario

Superior Health Care (SHC)

Proxy

request

Alex’s policy

Data source policy

response

Querier

SHC’s policy

Regulatory policy

EMR Repository


Scenario cont
Scenario – Cont.

Alex’s Policy

Deny Overrides

Permit

Overrides

1

2

3

1

2

3

Normal

Emergency


Proposed solution
Proposed Solution

  • Dynamic Conflict Resolution

  • Decide Applicable policies based on context

  • Dynamically include (remove) specialized policies

  • Increase modularity of policies

  • Increasing the efficiency of policy target matching



Proposed solution dynamic conflict resolution
Proposed Solution - Dynamic Conflict Resolution


Proposed solution applicable policies
Proposed Solution – Applicable Policies


Motivating scenario revisited
Motivating Scenario revisited

What Alex wants –

  • Only his Doctor can access his EMR

  • During his trip, ‘Doctors’ or ‘paramedics in Florida’ can access his EMR

  • Attributes used – Alex’s location, Doctor’s credentials, paramedics credentials and location, Alex’s trip duration


Motivating scenario revisited1
Motivating Scenario revisited

Location Provider

Atlanta

Proxy Server

Alex’s policy

(‘doctor’ or ‘paramedic in FL’) and (AlexLocation = FL) and (date = [d1,d2])

P1

P2

P3

Florida

EMR Repository

paramedic in FL


Scenario continued
Scenario - Continued

Location Provider

Atlanta

Proxy Server

Alex’s policy

(‘doctor’ or ‘paramedic in FL’) and (AlexLocation = FL) and (date = [d1,d2])

P1

P2

P3

Florida

EMR Repository

paramedic in FL


Experimental setup
Experimental Setup

  • Total Applicable Policy Set evaluation

    • 1,2,4 and 8 rules/policy

    • 1,10, 100, 1000 and 10000 policies

  • PCA selection evaluation

    • 7 PCA’s, 2-10000 attributes/rule

  • Evaluation time

    • 1,2,4,and 8 rules/policy

    • 1,10,100, 1000 and 10000 policies








Conclusion
Conclusion

  • Proposed a framework for dynamically changing the PCA

  • Selecting the applicable policies in a dynamic and efficient manner

  • Included modularity in policies

  • Add/remove specialized policies dynamically



ad