Scalable and Efficient Reasoning for Enforcing Role-Based Access ControlOverviewMotivationMotivation (cont’d)Why Flexible RBACWhy Flexible TRBACAutomationMain ContributionsApproachApproach (cont’d)Theoretical BackgroundRBAC(Mappings)TRBACDescription LogicsDescription LogicsSWRLSlide 18IntuitionStep 1Step 2Step 3Inference StageTBoxABoxRDFDistributed ReasoningHome PartitionConnecting PartitionsSlide 30Temporal RBAC ReasoningSlide 32AdvantagesOptimizationPolicy QueryExampleTraceExperimentsSlide 39Scalable and E cient Reasoning for ffiEnforcing Role-Based Access ControlTyrone CadenheadMurat Kantarcioglu, and Bhavani Thuraisingham1OverviewMotivationContributionsApproachTheoretical Background: –RBAC, TRBAC, Description Logics, SWRLDetailed Overview of Approach and OptimizationsExampleExperimental Results2MotivationOrganizations tend to generate large amount of data (or resources)Users need only partial access to resourcesPairs: (user, role) (role, permission) (action, resource)nu users and nr roles at most nu ×nr mappingsScalable access control modelExchange expertise among experts, between systemsHeterogeneity in systemMake decision with dataFormal Semantics of Data3Motivation (cont’d)RBAC simplifies Security Management –But Roles are statically definedTRBAC extends RBAC–Roles are dynamically defined and have a temporal dimension–Does not address Heterogeneity inherent in organization information systemsOntology has a Common Vocabulary–Conforms to a Description Logic (DL) formalism •Description Logic (DL) Reasoning Service–Can be Distributed as over a set of Knowledge Bases 4Why Flexible RBAC•Physician SamSam allowed access to BobBob record–When Bob is under is care•Emergency: SamSam is off duty, KellyKelly in emergency room:–BobBob needs immediate treatment–KellyKelly not pre-assigned to view/update BobBob’s recordTemporal RBAC5Why Flexible TRBACKellyKelly needs to collaborate with different specialist from different expertiseSharing of data across wards, departmentsSeamless and unambiguous exchange of informationOntologiesCommon VocabularyEnable reconciliation and translation between different standards6AutomationKellKelly and team make decisionsUsing Bob medical historyAccess is needed TemporarilyAccuracy and efficiency criticalAutomated Tool Access granted in Emergency sessionApply policy rules over relevant data in Bob’s recordVerify the decisions based on formal logicMake access decisions efficiently7Main ContributionsTRBAC Implementation using existing semantic technologiesReasoning Service for access control over large numbers of data instances in DL Knowledge Bases (KBs) E ciently and accurately reason about access rightsffi8ApproachTransform temporal access control policies to rules :Semantic web rule language (SWRL) Partitioning the Knowledge Base (KB) - Terminological Box (TBox) - Assertional Box (ABox)A Knowledge Base consists of a TBox and ABox9Approach (cont’d)Achieves:1. Scalability – support many users, roles, sessions, permissions; combinations w.r.t access control policies 2. E ciencyffi - determines the response time to make a decision in milliseconds3. Correct reasoning – ensure all data assertions available when applying the security policies10Theoretical Background•RBAC•TRBAC•Description Logic Language (ALCQ)•SWRL11RBAC 12(Mappings)•Connect individuals from two domain modules:RBAC assignments: •Think of mappings as relations of form P(i, j) with valid pairs (i, j) user-role, role-user, role-permission, permission-role, session-user, role-role and session-role•a binary relationship of form P(x, y), a restriction on values assigned to (x, y) pairs Hospital extensions: •the mappings patient-user, user-patient and patient-sessionPatient-Record constraint: •the one-to-one mappings patient-record and record-patient13TRBACExtension of RBAC Supports temporal accessExpressed by means of role triggers Constrains the set of roles that a particular user can activate at a given time instant TriggersFiring a trigger cause a role to be enabled/disabled Conflict ResolutionSimultaneous enabling and disabling of a rolePriorities14Description Logics•Formally build our domain concepts and the relationships between them.•Add semantics (reasoning)•Use a knowledge representation language•We can formally say a doctor is a user, a surgeon is a doctor, a doctor has a medical degree. 15Description Logics 16SWRLSemantic Web Rule language (SWRL) •W3C recommendation. •A SWRL rule has the form:hi, bj are atoms of the form C(x), P(x, y) , sameAs(x,y), or differentFrom(x,y), where C is an OWL description, P is an OWL property, and x, y are Datalog variables, OWL individuals, or OWL data values17Overview18Intuition•a user assigned to role : –User attributes (name, sex, id) in partition –Details relating to role in partition –Session related details in partition • •Query :•Optimization:19Step 1Build step offline Restrict each partition size: ensures each KB fits into the memory on the machine 20Step 2•Load the policy rules into a new knowledge base . –Rules determine which assertions are relevant to determine any policy objective. •Adding rules to more efficient•Experimental results:–Impact on the reasoning time vs. adding rules to –Rules apply to a small subset of triples –Reduced number of symbols in the ABox21Step 3 RBAC: 22Inference Stage•When there is an access request for a specific patient, start executing steps 2 and 3. •Steps 2 and 3 are our inferencing stages where we enforce the security policies. •These can also be executed concurrently for many patients, as desired.23TBox •RBAC:–The sets and are atomic concepts in –Mappings and are formalized as DL roles•Employees are Users •Primary Physicians are employees with at least one patient•We can Conclude primary physicians are users.24ABox25RDF•W3C recommendation •Make assertions about any resources on the semantic Web•We can say Bob is a doctor–Doctor(Bob) (Bob rdf:type Doctor)•Bob attended Harvard–(Bob, attended, “Harvard”)26Distributed Reasoning27Home Partition28Connecting Partitions29Distributed Reasoning•Physicians can be both a primary or
View Full Document