an attribute based authorization policy framework with dynamic conflict resolution
Download
Skip this Video
Download Presentation
An Attribute-based Authorization Policy Framework with Dynamic Conflict Resolution

Loading in 2 Seconds...

play fullscreen
1 / 22

An Attribute-based Authorization Policy Framework with Dynamic Conflict Resolution - PowerPoint PPT Presentation


  • 104 Views
  • Uploaded on

An Attribute-based Authorization Policy Framework with Dynamic Conflict Resolution. Apurva Mohan Douglas M. Blough Georgia Institute of Technology. Contents. Problem introduction Motivating scenario Proposed solution Performance of the proposed framework Conclusion. Introduction.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' An Attribute-based Authorization Policy Framework with Dynamic Conflict Resolution' - tal


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
an attribute based authorization policy framework with dynamic conflict resolution

An Attribute-based Authorization Policy Frameworkwith Dynamic Conflict Resolution

Apurva Mohan

Douglas M. Blough

Georgia Institute of Technology

contents
Contents
  • Problem introduction
  • Motivating scenario
  • Proposed solution
  • Performance of the proposed framework
  • Conclusion
introduction
Introduction
  • Policy based authorization systems
  • Role-based vs. attribute-based systems
  • Multi-authority systems
  • Conflicts in policy decisions
problem introduction
Problem Introduction
  • Conflict resolution in current systems is static
  • Most policy based systems do not provide modularity
  • Difficult to add or remove special purpose policies
  • Evaluation of a large number of non-applicable rules
  • Fast indexing scheme for finding applicable policies
motivating scenario
Motivating Scenario

Superior Health Care (SHC)

Proxy

request

Alex’s policy

Data source policy

response

Querier

SHC’s policy

Regulatory policy

EMR Repository

scenario cont
Scenario – Cont.

Alex’s Policy

Deny Overrides

Permit

Overrides

1

2

3

1

2

3

Normal

Emergency

proposed solution
Proposed Solution
  • Dynamic Conflict Resolution
  • Decide Applicable policies based on context
  • Dynamically include (remove) specialized policies
  • Increase modularity of policies
  • Increasing the efficiency of policy target matching
motivating scenario revisited
Motivating Scenario revisited

What Alex wants –

  • Only his Doctor can access his EMR
  • During his trip, ‘Doctors’ or ‘paramedics in Florida’ can access his EMR
  • Attributes used – Alex’s location, Doctor’s credentials, paramedics credentials and location, Alex’s trip duration
motivating scenario revisited1
Motivating Scenario revisited

Location Provider

Atlanta

Proxy Server

Alex’s policy

(‘doctor’ or ‘paramedic in FL’) and (AlexLocation = FL) and (date = [d1,d2])

P1

P2

P3

Florida

EMR Repository

paramedic in FL

scenario continued
Scenario - Continued

Location Provider

Atlanta

Proxy Server

Alex’s policy

(‘doctor’ or ‘paramedic in FL’) and (AlexLocation = FL) and (date = [d1,d2])

P1

P2

P3

Florida

EMR Repository

paramedic in FL

experimental setup
Experimental Setup
  • Total Applicable Policy Set evaluation
    • 1,2,4 and 8 rules/policy
    • 1,10, 100, 1000 and 10000 policies
  • PCA selection evaluation
    • 7 PCA’s, 2-10000 attributes/rule
  • Evaluation time
    • 1,2,4,and 8 rules/policy
    • 1,10,100, 1000 and 10000 policies
conclusion
Conclusion
  • Proposed a framework for dynamically changing the PCA
  • Selecting the applicable policies in a dynamic and efficient manner
  • Included modularity in policies
  • Add/remove specialized policies dynamically
ad