Scalable and E cient Reasoning for Enforcing Role Based Access Control Tyrone Cadenhead Murat Kantarcioglu and Bhavani Thuraisingham 1 Overview Motivation Contributions Approach Theoretical Background RBAC TRBAC Description Logics SWRL Detailed Overview of Approach and Optimizations Example Experimental Results 2 Motivation Organizations tend to generate large amount of data or resources Users need only partial access to resources Pairs user role role permission action resource nu users and nr roles at most nu nr mappings Scalable access control model Exchange expertise among experts between systems Heterogeneity in system Make decision with data Formal Semantics of Data 3 Motivation cont d RBAC simplifies Security Management But Roles are statically defined TRBAC extends RBAC Roles are dynamically defined and have a temporal dimension Does not address Heterogeneity inherent in organization information systems Ontology has a Common Vocabulary Conforms to a Description Logic DL formalism Description Logic DL Reasoning Service Can be Distributed as over a set of Knowledge Bases 4 Why Flexible RBAC Physician Sam allowed access to Bob record When Bob is under is care Emergency Sam is off duty Kelly in emergency room Bob needs immediate treatment Kelly not pre assigned to view update Bob s Bob record Temporal RBAC 5 Why Flexible TRBAC Kelly needs to collaborate with different specialist from different expertise Sharing of data across wards departments Seamless and unambiguous exchange of information Ontologies Common Vocabulary Enable reconciliation and translation between different standards 6 Automation Kelly Kell and team make decisions Using Bob medical history Access is needed Temporarily Accuracy and efficiency critical Automated Tool Access granted in Emergency session Apply policy rules over relevant data in Bob s record Verify the decisions based on formal logic Make access decisions efficiently 7 Main Contributions TRBAC Implementation using existing semantic technologies Reasoning Service for access control over large numbers of data instances in DL Knowledge Bases KBs E ciently and accurately reason about access rights 8 Approach Transform temporal access control policies to rules Semantic web rule language SWRL Partitioning the Knowledge Base KB Terminological Box TBox Assertional Box ABox A Knowledge Base consists of a TBox and ABox 9 Approach cont d Achieves 1 Scalability support many users roles sessions permissions combinations w r t access control policies 2 E ciency determines the response time to make a decision in milliseconds 3 Correct reasoning ensure all data assertions available when applying the security policies 10 Theoretical Background RBAC TRBAC Description Logic Language ALCQ SWRL 11 RBAC 12 Mappings Connect individuals from two domain modules RBAC assignments Think of mappings as relations of form P i j with valid pairs i j user role role user role permission permission role session user role role and session role a binary relationship of form P x y a restriction on values assigned to x y pairs Hospital extensions the mappings patient user user patient and patient session Patient Record constraint the one to one mappings patient record and record patient 13 TRBAC Extension of RBAC Supports temporal access Expressed by means of role triggers Constrains the set of roles that a particular user can activate at a given time instant Triggers Firing a trigger cause a role to be enabled disabled Conflict Resolution Simultaneous enabling and disabling of a role Priorities 14 Description Logics Formally build our domain concepts and the relationships between them Add semantics reasoning Use a knowledge representation language We can formally say a doctor is a user a surgeon is a doctor a doctor has a medical degree 15 Description Logics 16 SWRL Semantic Web Rule language SWRL W3C recommendation A SWRL rule has the form hi bj are atoms of the form C x P x y sameAs x y or differentFrom x y where C is an OWL description P is an OWL property and x y are Datalog variables OWL individuals or OWL data values 17 Overview 18 Intuition a user assigned to role User attributes name sex id in partition Details relating to role in partition Session related details in partition Query Optimization 19 Step 1 Build step offline Restrict each partition size ensures each KB fits into the memory on the machine 20 Step 2 Load the policy rules into a new knowledge base Rules determine which assertions are relevant to determine any policy objective Adding rules to more efficient Experimental results Impact on the reasoning time vs adding rules to Rules apply to a small subset of triples Reduced number of symbols in the ABox 21 Step 3 RBAC 22 Inference Stage When there is an access request for a speci c patient start executing steps 2 and 3 Steps 2 and 3 are our inferencing stages where we enforce the security policies These can also be executed concurrently for many patients as desired 23 TBox RBAC The sets concepts in Mappings and and are atomic are formalized as DL roles Employees are Users Primary Physicians are employees with at least one patient We can Conclude primary physicians are users 24 ABox 25 RDF W3C recommendation Make assertions about any resources on the semantic Web We can say Bob is a doctor Doctor Bob Bob rdf type Doctor Bob attended Harvard Bob attended Harvard 26 Distributed Reasoning 27 Home Partition 28 Connecting Partitions 29 Distributed Reasoning Physicians can be both a primary or emergency room physician and restricted to two roles Verify Bob does not exceed two roles Execute query over is sufficient Primary Physicians attend to at most five patients at a time Query each one at a time is sufficient 30 Temporal RBAC Reasoning Implement TRBAC as triggers TBox ABox 31 Temporal RBAC Reasoning Periodic Event Trigger doctor on day duty must be enabled during the night nurse on night duty must be enabled whenever the role doctor onnight duty is 32 Advantages 33 Optimization Two types of indexing 1 indexing the assertions 2 Allow finding triple by subject s a predicate p or an object o without the cost of a linear search over all the triples in a partition creating a high level index points to the location of the partitions on disk At most linear with respect to the number of partitions 34 Policy Query 35 Example 36 Trace 37 Experiments 38 Experiments 39