temporal location-aware access control model based on composite events
DESCRIPTION
Temporal Location-Aware Access Control Model Based on Composite Events. Presented by Yu, Lijun [email protected]. Outline. Motivation Background The TL-RBAC model Composite event model Conditions Actions Conclusion and future work. Motivation. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Temporal Location-Aware Access Control Model Based on Composite Events](https://reader036.vdocument.in/reader036/viewer/2022062520/56815a84550346895dc7f34d/html5/thumbnails/1.jpg)
1
Temporal Location-Aware Access Control Model Based on Composite Events
Presented by Yu, Lijun
![Page 2: Temporal Location-Aware Access Control Model Based on Composite Events](https://reader036.vdocument.in/reader036/viewer/2022062520/56815a84550346895dc7f34d/html5/thumbnails/2.jpg)
2
Outline
Motivation Background The TL-RBAC model
Composite event model Conditions Actions
Conclusion and future work
![Page 3: Temporal Location-Aware Access Control Model Based on Composite Events](https://reader036.vdocument.in/reader036/viewer/2022062520/56815a84550346895dc7f34d/html5/thumbnails/3.jpg)
3
Motivation
Manager John agrees with the employee Bob that he can track Bob’s location only during office hours and when Bob is in office, i.e. 9AM – 5PM, M-F
Bob paid twenty dollars per month for roadside assistant service so that he can use that service for up to thirty hours per week
Solution: A combined temporal and location based RBAC model
![Page 4: Temporal Location-Aware Access Control Model Based on Composite Events](https://reader036.vdocument.in/reader036/viewer/2022062520/56815a84550346895dc7f34d/html5/thumbnails/4.jpg)
4
Background
PA
Session_rolesUser_sessions
USERS ROLES
SESSIONS
PRMS
OPS OBS
RH
UA
![Page 5: Temporal Location-Aware Access Control Model Based on Composite Events](https://reader036.vdocument.in/reader036/viewer/2022062520/56815a84550346895dc7f34d/html5/thumbnails/5.jpg)
5
Temporal RBAC model
Temporal constraints User assignment Permission assignment Role activation Role enabling RBAC Constraints
Temporal constraints can be Duration constraints Periodic constraints
![Page 6: Temporal Location-Aware Access Control Model Based on Composite Events](https://reader036.vdocument.in/reader036/viewer/2022062520/56815a84550346895dc7f34d/html5/thumbnails/6.jpg)
6
Temporal RBAC model
Role Status Expressions Role Triggers Run-time requests Execution model
![Page 7: Temporal Location-Aware Access Control Model Based on Composite Events](https://reader036.vdocument.in/reader036/viewer/2022062520/56815a84550346895dc7f34d/html5/thumbnails/7.jpg)
7
Location-based access control model
Location is modeled as a set of points Location constraints on
User assignment Permission assignment Role activation Permission (object location)
Users have dynamic access control at different user location and object location
![Page 8: Temporal Location-Aware Access Control Model Based on Composite Events](https://reader036.vdocument.in/reader036/viewer/2022062520/56815a84550346895dc7f34d/html5/thumbnails/8.jpg)
8
The TL-RBAC model
Composite event model Conditions Actions
![Page 9: Temporal Location-Aware Access Control Model Based on Composite Events](https://reader036.vdocument.in/reader036/viewer/2022062520/56815a84550346895dc7f34d/html5/thumbnails/9.jpg)
9
Composite event model
Based on the Snoop event specification language for active databases
Extension Primitive RBAC events Primitive location-based events Duration composite constructs
![Page 10: Temporal Location-Aware Access Control Model Based on Composite Events](https://reader036.vdocument.in/reader036/viewer/2022062520/56815a84550346895dc7f34d/html5/thumbnails/10.jpg)
10
Composite event model
Primitive events Primitive RBAC events Primitive location-based events
Temporal Composite events
Periodic / APeriodic Disjunction / Conjunction Sequence Duration
![Page 11: Temporal Location-Aware Access Control Model Based on Composite Events](https://reader036.vdocument.in/reader036/viewer/2022062520/56815a84550346895dc7f34d/html5/thumbnails/11.jpg)
11
TL-RBAC system state The TL-RBAC system state is a tuple S = <ER, UA, UT, PA, RS> where ER Roles is a set of enabled roles, UA: Users (Roles) is a function to get the set of roles assigned to the user UT: Users (Roles) is a function to get the set of roles activated by the user PA: Roles(Permissions) is a function to get the assigned set of permission of
a role RS = TimePriorityExpressions is the set of role enabling expressions, where
Expressions can be one of the following formats: assign r to u, that is assign role r to user u de-assign r to u, that is de-assign role r from user u assign p to r, that is assign permission p to role r de-assign p to r, that is de-assign permission p from role r enable r, that is enable role r disable r, that is disable role r activate r for u, that is activate role r by user u deactivate r for u, that is deactivate role r by user u
![Page 12: Temporal Location-Aware Access Control Model Based on Composite Events](https://reader036.vdocument.in/reader036/viewer/2022062520/56815a84550346895dc7f34d/html5/thumbnails/12.jpg)
12
TL-RBAC predicates
TL-RBAC predicates are boolean expressions comprised of role status predicates and location-based predicates where
Role status predicates can be: r er indicates whether role r is enabled in set er ER r ua(u) indicates whether role r is assigned to user u in fun
ction ua UA r ut(u) indicates whether role r is activated by user u in fun
ction ut UT p pa(r) indicates whether permission p is assigned to role r
by function pa PA Location-based predicates can be:
location(u) loc location(obj) loc loc1 = loc2
![Page 13: Temporal Location-Aware Access Control Model Based on Composite Events](https://reader036.vdocument.in/reader036/viewer/2022062520/56815a84550346895dc7f34d/html5/thumbnails/13.jpg)
13
TL-RBAC Action and Action Semantics
The TL-RBAC action is defined as ActionsPriorityExpressions, where Actions = {Add, Remove, Execute}
The semantics of each TL-RBAC action is modeled as transition of TL-RBAC system state, that is
S(ER, UA, UT, PA, RS)S’(ER’, UA’, UT’, PA’, RS’) where S is the TL-RBAC system state before the action and S’ is the state after the action.
![Page 14: Temporal Location-Aware Access Control Model Based on Composite Events](https://reader036.vdocument.in/reader036/viewer/2022062520/56815a84550346895dc7f34d/html5/thumbnails/14.jpg)
14
Runtime Request
Event: [Now] + [t] Condition: TL-RBAC predicates Actions: TL-RBAC-Action(t, <Execute, p, e>)
where t is the time that the event occurs, p Priority and e Expressions
![Page 15: Temporal Location-Aware Access Control Model Based on Composite Events](https://reader036.vdocument.in/reader036/viewer/2022062520/56815a84550346895dc7f34d/html5/thumbnails/15.jpg)
15
Role Trigger
Event: Any(n, E1, E2, …, En) + [t] Condition: TL-RBAC predicates Actions: TL-RBAC-Action(t, <Execute, p, e>)
where t is the time that the event occurs, p Priority and e Expressions
![Page 16: Temporal Location-Aware Access Control Model Based on Composite Events](https://reader036.vdocument.in/reader036/viewer/2022062520/56815a84550346895dc7f34d/html5/thumbnails/16.jpg)
16
Periodic TL-RBAC Constraints Monday = P([09:00:00)04/04/2005], [7days], [*/*/*])) Friday = P([09:00:00)04/08/2005], [7days], [*/*/*])) Ebegin = Any(1, Monday, Friday) Eend = Ebgin + [8 hours]
Event: Ebegin Condition: true Actions: TL-RBAC-Action(t, <Add, 100, enable part-time employ
ee>) where t is the time that the event occurs
Event: Eend Condition: true Actions: TL-RBAC-Action(t, <Remove, 100, enable part-time em
ployee>) where t is the time that the role enabling expression is added
![Page 17: Temporal Location-Aware Access Control Model Based on Composite Events](https://reader036.vdocument.in/reader036/viewer/2022062520/56815a84550346895dc7f34d/html5/thumbnails/17.jpg)
17
Duration TL-RBAC Constraints
E1 = D*(activate player for John, [30 minutes], deactivate play for John)
Event: A([(09:00:00)*/*/*], E1, [(17:00:00)*/*/*])
Condition: true Actions: TL-RBAC-Action(t, <Execute, , dea
ctivate player for John>) where t is the time that the event occurs
![Page 18: Temporal Location-Aware Access Control Model Based on Composite Events](https://reader036.vdocument.in/reader036/viewer/2022062520/56815a84550346895dc7f34d/html5/thumbnails/18.jpg)
18
Location-based TL-RBAC Constraints
Event: User Location Changing or Object Location Changing
Condition: TL-RBAC predicates Actions: TL-RBAC-Action(t, <a, p, e>) where t
is the time that the event occurs, a Actions, p Priority and e Expressions
![Page 19: Temporal Location-Aware Access Control Model Based on Composite Events](https://reader036.vdocument.in/reader036/viewer/2022062520/56815a84550346895dc7f34d/html5/thumbnails/19.jpg)
19
Related work
Snoop model independent event specification language for active databases
S. Chakravarthy and D. Mishra [3]
The temporal RBAC model (TRBAC) and GTRBAC model
Elisa Bertino James Joshi et al.
The LRBAC model
![Page 20: Temporal Location-Aware Access Control Model Based on Composite Events](https://reader036.vdocument.in/reader036/viewer/2022062520/56815a84550346895dc7f34d/html5/thumbnails/20.jpg)
20
Conclusion and future work
Duration Event detection
Temporal Role hierarchy
Temporal cardinality constraints
![Page 21: Temporal Location-Aware Access Control Model Based on Composite Events](https://reader036.vdocument.in/reader036/viewer/2022062520/56815a84550346895dc7f34d/html5/thumbnails/21.jpg)
21
Questions