1 / 22

An Attribute-based Authorization Policy Framework with Dynamic Conflict Resolution

An Attribute-based Authorization Policy Framework with Dynamic Conflict Resolution. Apurva Mohan Douglas M. Blough Georgia Institute of Technology. Contents. Problem introduction Motivating scenario Proposed solution Performance of the proposed framework Conclusion. Introduction.

tal
Download Presentation

An Attribute-based Authorization Policy Framework with Dynamic Conflict Resolution

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. An Attribute-based Authorization Policy Frameworkwith Dynamic Conflict Resolution Apurva Mohan Douglas M. Blough Georgia Institute of Technology

  2. Contents • Problem introduction • Motivating scenario • Proposed solution • Performance of the proposed framework • Conclusion

  3. Introduction • Policy based authorization systems • Role-based vs. attribute-based systems • Multi-authority systems • Conflicts in policy decisions

  4. Problem Introduction • Conflict resolution in current systems is static • Most policy based systems do not provide modularity • Difficult to add or remove special purpose policies • Evaluation of a large number of non-applicable rules • Fast indexing scheme for finding applicable policies

  5. Motivating Scenario Superior Health Care (SHC) Proxy request Alex’s policy Data source policy response Querier SHC’s policy Regulatory policy EMR Repository

  6. Scenario – Cont. Alex’s Policy Deny Overrides Permit Overrides 1 2 3 1 2 3 Normal Emergency

  7. Proposed Solution • Dynamic Conflict Resolution • Decide Applicable policies based on context • Dynamically include (remove) specialized policies • Increase modularity of policies • Increasing the efficiency of policy target matching

  8. Authorization Flow

  9. Proposed Solution - Dynamic Conflict Resolution

  10. Proposed Solution – Applicable Policies

  11. Motivating Scenario revisited What Alex wants – • Only his Doctor can access his EMR • During his trip, ‘Doctors’ or ‘paramedics in Florida’ can access his EMR • Attributes used – Alex’s location, Doctor’s credentials, paramedics credentials and location, Alex’s trip duration

  12. Motivating Scenario revisited Location Provider Atlanta Proxy Server Alex’s policy (‘doctor’ or ‘paramedic in FL’) and (AlexLocation = FL) and (date = [d1,d2]) P1 P2 P3 Florida EMR Repository paramedic in FL

  13. Scenario - Continued Location Provider Atlanta Proxy Server Alex’s policy (‘doctor’ or ‘paramedic in FL’) and (AlexLocation = FL) and (date = [d1,d2]) P1 P2 P3 Florida EMR Repository paramedic in FL

  14. Experimental Setup • Total Applicable Policy Set evaluation • 1,2,4 and 8 rules/policy • 1,10, 100, 1000 and 10000 policies • PCA selection evaluation • 7 PCA’s, 2-10000 attributes/rule • Evaluation time • 1,2,4,and 8 rules/policy • 1,10,100, 1000 and 10000 policies

  15. Performance graph - 1

  16. Performance graph - 2

  17. Performance graph - 3

  18. Performance graph - 4

  19. Performance graph - 5

  20. Performance graph - 6

  21. Conclusion • Proposed a framework for dynamically changing the PCA • Selecting the applicable policies in a dynamic and efficient manner • Included modularity in policies • Add/remove specialized policies dynamically

  22. Questions/Comments?

More Related