Scalable and Efficient Reasoning for Enforcing Role-Based Access ControlOverviewMotivationMotivation (cont’d)Main ContributionsApproachApproach (cont’d)Theoretical BackgroundRBACTRBACDescription LogicsSWRLDetailed OverviewStep 1Step 2Step 3Inference StageAdvantagesAdvantages (cont’d)Definition of a Knowledge Base (KB)(Mapping Function)Home Partition(P-link)Policy QueryExampleTraceOptimizationExperimentsSlide 29Scalable and E cient Reasoning for ffiEnforcing Role-Based Access ControlTyrone CadenheadEmail: [email protected]: Murat Kantarcioglu, and Bhavani ThuraisinghamOverviewMotivationContributionsApproachTheoretical Background: –RBAC, TRBAC, Description Logics, SWRLDetailed Overview of Approach and OptimizationsExampleExperimental ResultsMotivation1. Organizations tend to generate large amount of data2. Users need only partial access to resources3. nu users and nr roles = at most nu ×nr mappings4. Scalable access control model and easy management5. Handle heterogeneity in information systemMotivation (cont’d)RBAC simplifies Security Management –But Roles are statically definedTRBAC extends RBAC–Roles are dynamically defined and have a temporal dimension–Does not address Heterogeneity inherent in organization information systemsOntology has a Common Vocabulary–Conforms to a Description Logic (DL) formalism •As a result, ontology Knowledge Bases (KBs) has a Description Logic (DL) Reasoning Service–Can be Distributed as different Knowledge BasesMain ContributionsTRBAC Implementation using existing semantic technologiesReasoning Service access control over large numbers of data instances in DL Knowledge Bases (KBs) E ciently and accurately reason about access rightsffiApproachTransform the access control policies into the semantic web rule language (SWRL) Partitioning the Knowledge Base into a set of smaller Knowledge Bases, which have the same TBox but a subset of the original AboxA Knowledge Base consists of a TBox and ABoxApproach (cont’d)Achieves:1. Scalability – support many users, roles, sessions, permissions; combinations w.r.t access control policies 2. E ciency - determines the response time to make a ffidecision in milliseconds3. Correct reasoning - ensures that all the data assertions are available when applying the security policiesTheoretical Background•RBAC•TRBAC•Description Logic Language (ALCQ)•SWRLRBACTRBAC•An extension of RBAC models that supports temporal constraints on the enabling/disabling of roles. •Supports periodic role enabling and disabling, and temporal dependencies among such actions. Such dependencies are expressed by means of role triggers that can also be used to constrain the set of roles that a particular user can activate at a given time instant. •The firing of a trigger may cause a role to be enabled/disabled either immediately, or after an explicitly specified amount of time. •The enabling/disabling actions may be given a priority that may help in solving conflicts, such as the simultaneous enabling and disabling of a roleDescription LogicsSWRLAlso the Semantic Web Rule language (SWRL) is a W3C recommendation. A SWRL rule has the formare atoms of the form C(i) or atoms of the form P(i,j)Detailed OverviewStep 1Step 2Step 3Inference Stage•When there is an access request for a specific patient, start executing steps 2 and 3. •Steps 2 and 3 are our inferencing stages where we enforce the security policies. •These can also be executed concurrently for many patients, as desired.Advantages•Adding SWRL rules to KBinf does not have a huge impact on the reasoning time as indicated by our experimental results. •This is due to the fact that we are only retrieving a small subset of triples which reduces the number of symbols in the ABox when the rules are appliedAdvantages (cont’d)Definition of a Knowledge Base (KB)(Mapping Function)•Connects two domain modules so that we have:–RBAC assignments: •the mappings user-role, role-user, role-permission, permission-role, user-session, role-role and role-session–Hospital extensions: •the mappings patient-user, user-patient and patient-session–Patient-Record constraint: •the one-to-one mappings patient-record and record-patientHome Partition(P-link)Policy QueryExampleTraceOptimizationTwo types of indexing:1. indexing the assertions•to find a triple by a subject (s), a predicate (p) or an object (o), •without the cost of a linear search over all the triples in a partition 2. creating a high level index.•points to the location of the partitions on disk•At most linear with respect to the number of
View Full Document