Dependencies and Separation of Duty Constraints in GTRBAC

A Generalized Temporal Role Based Access Control (GTRBAC) model that captures an exhaustive set of temporal constraint needs for access control has recently been proposed. GTRBAC’s language constructs allow one to specify various temporal constraints on role, user-role assignments and role-permission assignments. In this paper, we identify various time-constrained cardinality, control flow dependency and separation of duty constraints (SoDs). Such constraints allow specification of dynamically changing access control requirements that are typical in today’s large systems. In addition to allowing specification of time, the constraints introduced here also allow expressing access control policies at a finer granularity. The inclusion of control flow dependency constraints allows defining much stricter dependency requirements that are typical in workflow types of applications

Benefits of Location-Based Access Control:A Literature Study

Location-based access control (LBAC) has been suggested as a means to improve IT security. By 'grounding' users and systems to a particular location, \ud attackers supposedly have more difficulty in compromising a system. However, the motivation behind LBAC and its potential benefits have not been investigated thoroughly. To this end, we perform a structured literature review, and examine the goals that LBAC can potentially fulfill, \ud the specific LBAC systems that realize these goals and the context on which LBAC depends. Our paper has four main contributions:\ud first we propose a theoretical framework for LBAC evaluation, based on goals, systems and context. Second, we formulate and apply criteria for evaluating the usefulness of an LBAC system. Third, we identify four usage scenarios for LBAC: open areas and systems, hospitals, enterprises, and finally data centers and military facilities. Fourth, we propose directions for future research:\ud (i) assessing the tradeoffs between location-based, physical and logical access control, (ii) improving the transparency of LBAC decision making, and \ud (iii) formulating design criteria for facilities and working environments for optimal LBAC usage

Benutzerverwaltung und Sicherheitskonzepte im Geschäftsprozessmanagement

Ein großer Teil der Geschäftsprozesse wird heutzutage in IT-gestützten Geschäftsprozessmanagementsystemen (Business Process Management System (BPMS)) abgebildet. Diese Umsetzung ermöglicht erhöhte Effizienz, Flexibilität, Transparenz und eine bessere Qualität der Prozesse in Unternehmen. Den geschäftlichen Möglichkeiten des Prozessmanagements stehen allerdings beträchtliche Gefahren bezüglich der Einhaltung von Sicherheitsvorschriften und gesetzlichen Bestimmungen gegenüber. Aus diesem Grund sind bei der automatisierten oder teilweise automatisierten Ausführung der Prozesse Mechanismen notwendig, um die Verletzungen der Sicherheitsrichtlinien zeitnah zu erfassen oder ganz auszuschließen. Diese Arbeit behandelt im Wesentlichen das große Gebiet der bestehenden Benutzerverwaltungs- und Sicherheitsansätze im Geschäftsprozessmanagement. Im Rahmen dieser Arbeit wird zudem eine Lösung zur automatisierten Verteilung und Verwaltung von Benutzerrollen in bestehenden IT-Systemen untersucht sowie das Sicherheitskonzept des Geschäftsprozessmanagementsystems Activiti analysiert und erweitert

One Way to patient empowerment: A proposal for an autorization model

Mestrado em Informática MédicaMaster Programme in Medical Informatic

Formal model and policy specification of usage control

The recent usage control model (UCON) is a foundation for next-generation access control models with distinguishing properties of decision continuity and attribute mutability. A usage control decision is determined by combining authorizations, obligations, and conditions, presented as UCON ABC core models by Park and Sandhu. Based on these core aspects, we develop a formal model and logical specification of UCON with an extension of Lamport's temporal logic of actions (TLA). The building blocks of this model include: (1) a set of sequences of system states based on the attributes of subjects, objects, and the system, (2) authorization predicates based on subject and object attributes, (3) usage control actions to update attributes and accessing status of a usage process, (4) obligation actions, and (5) condition predicates based on system attributes. A usage control policy is defined as a set of temporal logic formulas that are satisfied as the system state changes. A fixed set of scheme rules is defined to specify general UCON policies with the properties of soundness and completeness. We show the flexibility and expressive capability of this formal model by specifying the core models of UCON and some applications. © 2005 ACM

Comprehensive Specification and Efficient Enforcement of Role-based Access Control Policies using a Model-driven Approach

Prohibiting unauthorized access to critical resources and data has become a major requirement for enterprises. Access control (AC) mechanisms manage requests from users to access system resources; the access is granted or denied based on the authorization policies defined within the enterprise. One of the most used AC paradigms is role-based access control (RBAC), in which access rights are determined based on the user’s role. In this dissertation, we focus on the problems of modeling, specifying and enforcing complex RBAC policies, by making the following contributions: 1. the GemRBAC+CTX conceptual model, a UML extension of the RBAC model that includes all the entities required to express the various types of RBAC policies found in the literature, with a specific emphasis on contextual policies. For each type of policy, we provided the corresponding formalization using the Object Constraint Language (OCL) to operationalize the access decision for a user’s request using model-driven technologies. 2. the GemRBAC-DSL language, a domain-specific language for RBAC policies designed on top of the GemRBAC+CTX model. The language is characterized by a syntax close to natural language, which does not require any mathematical background for expressing RBAC policies. The language supports all the authorization policies captured by the GemRBAC+CTX model. 3. MORRO, a model-driven framework for the run-time enforcement of RBAC policies expressed in GemRBAC-DSL, built on top of the GemRBAC+CTX model. MORRO provides policy enforcement for both access and usage control. 4. three tools (an editor for GemRBAC-DSL, a model transformation tool for GemRBAC-DSL, a run-time enforcement framework) have been implemented and released as part of this work. The GemRBAC+CTX model and the GemRBAC-DSL language have been adopted by our industrial partner for the specification of the access control policies of a Web application in the domain of disaster reliefintervention. We have extensively evaluated the applicability and the scalability of MORRO on this Web application. The experimental results show that an access decision can be made on average, in less than 107 ms and that the time for processing a notification of an AC-related event is less than 512ms. Furthermore, both the access decision time and the execution time for processing a notification of an AC-related event scale—in the majority of the cases—linearly with respect to the parameters characterizing AC configurations; in the remaining cases, the access decision time is constant