1 / 21

Temporal Location-Aware Access Control Model Based on Composite Events

Temporal Location-Aware Access Control Model Based on Composite Events. Presented by Yu, Lijun lijun@cs.colostate.edu. Outline. Motivation Background The TL-RBAC model Composite event model Conditions Actions Conclusion and future work. Motivation.

gaetan
Download Presentation

Temporal Location-Aware Access Control Model Based on Composite Events

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Temporal Location-Aware Access Control Model Based on Composite Events Presented by Yu, Lijun lijun@cs.colostate.edu

  2. Outline • Motivation • Background • The TL-RBAC model • Composite event model • Conditions • Actions • Conclusion and future work

  3. Motivation • Manager John agrees with the employee Bob that he can track Bob’s location only during office hours and when Bob is in office, i.e. 9AM – 5PM, M-F • Bob paid twenty dollars per month for roadside assistant service so that he can use that service for up to thirty hours per week • Solution: A combined temporal and location based RBAC model

  4. RH PRMS UA PA OBS OPS USERS ROLES User_sessions Session_roles SESSIONS Background

  5. Temporal RBAC model • Temporal constraints • User assignment • Permission assignment • Role activation • Role enabling • RBAC Constraints • Temporal constraints can be • Duration constraints • Periodic constraints

  6. Temporal RBAC model • Role Status Expressions • Role Triggers • Run-time requests • Execution model

  7. Location-based access control model • Location is modeled as a set of points • Location constraints on • User assignment • Permission assignment • Role activation • Permission (object location) • Users have dynamic access control at different user location and object location

  8. The TL-RBAC model • Composite event model • Conditions • Actions

  9. Composite event model • Based on the Snoop event specification language for active databases • Extension • Primitive RBAC events • Primitive location-based events • Duration composite constructs

  10. Composite event model • Primitive events • Primitive RBAC events • Primitive location-based events • Temporal • Composite events • Periodic / APeriodic • Disjunction / Conjunction • Sequence • Duration

  11. TL-RBAC system state • The TL-RBAC system state is a tuple S = <ER, UA, UT, PA, RS> where • ER  Roles is a set of enabled roles, • UA: Users(Roles) is a function to get the set of roles assigned to the user • UT: Users(Roles) is a function to get the set of roles activated by the user • PA: Roles(Permissions) is a function to get the assigned set of permission of a role • RS = TimePriorityExpressions is the set of role enabling expressions, where Expressions can be one of the following formats: • assign r to u, that is assign role r to user u • de-assign r to u, that is de-assign role r from user u • assign p to r, that is assign permission p to role r • de-assign p to r, that is de-assign permission p from role r • enable r, that is enable role r • disable r, that is disable role r • activate r for u, that is activate role r by user u • deactivate r for u, that is deactivate role r by user u

  12. TL-RBAC predicates • TL-RBAC predicates are boolean expressions comprised of role status predicates and location-based predicates where • Role status predicates can be: • r  er indicates whether role r is enabled in set er  ER • r  ua(u) indicates whether role r is assigned to user u in function ua  UA • r  ut(u) indicates whether role r is activated by user u in function ut  UT • p  pa(r) indicates whether permission p is assigned to role r by function pa  PA • Location-based predicates can be: • location(u)  loc • location(obj)  loc • loc1 = loc2

  13. TL-RBAC Action and Action Semantics • The TL-RBAC action is defined as ActionsPriorityExpressions, where Actions = {Add, Remove, Execute} • The semantics of each TL-RBAC action is modeled as transition of TL-RBAC system state, that is • S(ER, UA, UT, PA, RS)S’(ER’, UA’, UT’, PA’, RS’) where S is the TL-RBAC system state before the action and S’ is the state after the action.

  14. Runtime Request • Event: [Now] + [t] • Condition: TL-RBAC predicates • Actions: TL-RBAC-Action(t, <Execute, p, e>) where t is the time that the event occurs, p  Priority and e  Expressions

  15. Role Trigger • Event: Any(n, E1, E2, …, En) + [t] • Condition: TL-RBAC predicates • Actions: TL-RBAC-Action(t, <Execute, p, e>) where t is the time that the event occurs, p  Priority and e  Expressions

  16. Periodic TL-RBAC Constraints • Monday = P([09:00:00)04/04/2005], [7days], [*/*/*])) • Friday = P([09:00:00)04/08/2005], [7days], [*/*/*])) • Ebegin = Any(1, Monday, Friday) • Eend = Ebgin + [8 hours] • Event: Ebegin • Condition: true • Actions: TL-RBAC-Action(t, <Add, 100, enable part-time employee>) where t is the time that the event occurs • Event: Eend • Condition: true • Actions: TL-RBAC-Action(t, <Remove, 100, enable part-time employee>) where t is the time that the role enabling expression is added

  17. Duration TL-RBAC Constraints • E1 = D*(activate player for John, [30 minutes], deactivate play for John) • Event: A([(09:00:00)*/*/*], E1, [(17:00:00)*/*/*]) • Condition: true • Actions: TL-RBAC-Action(t, <Execute, , deactivate player for John>) where t is the time that the event occurs

  18. Location-based TL-RBAC Constraints • Event: User Location Changing or Object Location Changing • Condition: TL-RBAC predicates • Actions: TL-RBAC-Action(t, <a, p, e>) where t is the time that the event occurs, a  Actions, p  Priority and e  Expressions

  19. Related work • Snoop model independent event specification language for active databases • S. Chakravarthy and D. Mishra [3] • The temporal RBAC model (TRBAC) and GTRBAC model • Elisa Bertino James Joshi et al. • The LRBAC model

  20. Conclusion and future work • Duration Event detection • Temporal Role hierarchy • Temporal cardinality constraints

  21. Questions

More Related