CS343 Access Control in PRPL - PowerPoint PPT Presentation


Title: CS343 Access Control in PRPL


1
CS343 Access Control in PRPL
  • Greg Bayer, Debangsu Sengupta, Antone Vogt, Tom
    Wang

2
Problem Access Control
  • New domain for which to provide Access Control
  • Semantic Web rich, but unstructured
  • Need for Fine-Grained sharing
  • Incompatible data sources from multiple systems

3
Problem Usual solutions
  • Expose complexity to user
  • Ex Distributed file systems, ACLs
  • Or, too coarse-grained
  • Ex Share with everyone or friends (Facebook)
  • Access control files on a specific system, not
    your data wherever it may be
  • Static access control systems
  • Does not scale new systems all the time

4
Our Solution Attribute-Based (ABAC)
  • Leverage harvesters' knowledge of data context
  • Support arbitrary, harvester-defined ontologies
  • Infer Attributes from Semantic Web Information
  • Provide access control for PRPL data based on
    these attributes
  • fine-grained
  • easy-to-use
  • semantic rules automatically apply to new data

5
Demo
6
What we learned
  • The context extracted by harvester (screen
    scraping, XML feeds) is sufficient for
    interesting access control tasks.
  • Can leverage semantic web tools RDF/RDFS, OWL,
    SPARQL, etc.
  • Intuitive UI representation is critical
  • Must be flexible/extensible to express complex
    rules
  • Good framework Prefuse
  • Much work to be done to express complex access
    control policies intuitively
  • Email recipient/attachments scenario

7
Future work
  • Demonstrate more complex rules in the system and
    UI.
  • Email recipients scenario.
  • Blacklist rules / Conflicts between rules
  • Prune attributes displayed in tree using machine
    learning methods.
  • Time Frame 1-2 months
  •  Automatic rules generations
  • Sophisticated heuristics
  • Time frame 3 months
  • Publish content owners rules - alternative use
  • Ex. Express sharing rules in PRPL UI, publish to
    facebook
  • Pull from PRPL-compliant web service
  • Time frame 1 month

8
Future work
  • Scalability
  • Expressivity / performance tradeoff. Different
    inference engines.
  • Cache rules / relationships in database
  • Time frame 2-3 months
  • Authentication
  • Study integration with OAuth, single sign-on
    services like Shibboleth.
  • Time frame 2-3 months.
  •  
  • Usability studies.
  • Do users like our solution? Focus groups.
  • Time frame 1 month.
  • Build system statistics module.
  • E.g. number of steps taken by user to complete
    common rules assignment tasks.
  • Time frame 1 month

9
PRPL Index Server with Access Control
10
Questions/comments/suggestions?
11
Backup slides
12
Surprises for the project
  • Coarse grained sharing
  • Not flexible enough for PRPL.
  • Better Fine - grained mechanism.
  • Traditional RBAC / ACL.
  • Complexity exposed to user. Difficult to express
    simple tasks. Static hierarchical data not
    available in PRPL context.
  • Better Attribute links from persons to resources
  • Static / manually assigned attributes
  • Works within organizations. Inappropriate for
    web-based open systems.
  • Better Relations defined from attributes
    gathered/inferred from harvesting.
  • Complexity shown to user e.g. ACL
  • Better Hide complexity. Tradeoff between complex
    rules and ones that can be easily expressed.
  • Allow users to verify.

13
Features
  • Attribute-based
  • Use common access control ontology that is
    customized by groups suggested for the user.
  • Ontology for persons and resources. Can leverage
    existing work in the areas.
  • Relationships and rules generation to augment
    access control ontology.
  • Currently, heuristics based.
  • Groups are represented as attributes for both
    persons and resources.
  • Toolset Jena, Sparql, RDF/XML, RDFS, OWL
    ontology, reasoners.

14
Features ctd
  • Easy to use minimize use effort / transparency
  • Intuitive UI
  • Use familiar patterns to establish links between
    Persons and objects.
  • Translate content owner actions to rules.
  • Currently support accept/deny rules.
  • Extensible
  • Underlying model based on standard GraphML.
  • Can include complicated rules and expose
    attributes.
  • Tree view to browse through persons and files
    hierarchies
  • Search feature on both sides.

15
  • Slides From First
  • Presentation
  • (in-class discussion)


16
Access Control in PRPL
  • Basic idea
  • Fine-grained data sharing
  • In PRPL
  • Index Server
  • Perimeter security
  • Index data is unencrypted.
  • Data Server
  • Encrypted data - pictures, sensitive documents. 
  • Policy-based encryption

17
Access Control Fundamentals
  • RBAC
  • Commonly used in enterprise
  • Role concept is central
  • Principals (users) map to 1 or more roles.
  • Permissions on objects (r/w/x) map to 1 or more
    roles.
  • Attribute-based Access Control
  • Roles are determined from attributes extracted
    from subjects and objects.

18
Attribute-Based Access Control
  • Object attributes
  • Types of objects Files, Folders, URI's
  • Attribute Ski photos
  • Subject/Principal attributes
  • Examples of subjects Tom, Harry
  • Attributes Friends, family, colleagues
  • Harvest attributes from semantic web (social
    network information).

19
Concept
  • Coalition Alliances and collaboration between
    individuals from multiple organizations. 
  • Dynamic coalition Entities join or leave in an
    ad-hoc manner.

20
Access Control policy fundamentals
  • Principals Users including owners and
    requesters.
  • Objects Files, services etc.
  • Policy definition
  • Which principals have access to what resources
    and has the ability to do what activities.
  • Dynamic access control Principal (subject)
    information must be derived from user attributes.

21
Attribute based approach
  • Determine user and object attributes.
  • Infer which user attributes are semantically
    relevant to object attributes.
  • Identify mapping relationships that enable
    mapping between user attributes, job functions
    (attributes), and object attributes. 
  • Prune the semantically relevant attributes.
  • Identify which are unlikely to be held by those
    principals outside the role. 

22
Attributes User
  • User attributes
  • Manual - generally
  • Certifiable or organizationally assigned
  • User Attribute Base Set of all user attributes.
  • Example 2. Tom, who works at LM company, has the
    following attribute set UAB(Tom)
    (hasDegreebachelors),(performsJobsoftware),
    (assignedToprojectBlue),(hasExpertiseInjava),
    (officeLocNVC1).

23
Attributes Object
  • Object attributes
  • Manual
  • Manual tagging, file name, file description
  • Automatic
  • Inference based on content, keywords, owners,
    owner relationships etc.
  • Object attribute base (OAB) Set of all object
    attributes.
  • Example 3
  • "Component 1 software" (C1) object attribute set
    (hasContentjava), (hasContentfinancial)(hasCon
    tentsoftware), (createdUnderProjectBlue).

24
Link user and object attributes
  • Use concept hierarchy
  • Example relationships used
  • Subclass
  • Synonyms.
  • Superclass
  • Compatible - common parent.
  • .....
  •                                               
                                                
    ......

25
Matching
  • Semantic Match
  • Between subject (user) attribute/value pair and
    object attribute/value pair if...
  • Both
  • The attributes are linked
  • And
  • The values and are synonymous or
  • The object value is a subclass of the object
    value.

26
PRPL Access Control Module
27
Attribute Relationships
  • Relationship expansion.
  • Existing database / auto generated
  • From User
  • Examples
  • Object "Wedding photos" -gt "Photos"
  • Subject "CS343 friends" -gt"Stanford"
  • .....
  •                                               
                                                   
    .......

28
Smart Security
  • Multiple levels of security
  • Whitelist - Very secure.
  • Blacklist - Open.
  • Grey / Smart / adaptive security - Our focus
  • Smart security consists of
  • Automatic attribute-relationship generation
  • Subject attributes
  • Object attributes
  • Automatic rule generation
  • Rule Subjects with certain attributes can read
    objects with certain attributes

29
Subject Relationships, Our Approach
  • Auto-attribute generation based on
  • Existing information online, as in Tokyo paper
  • FOAF, event attendee acquaintance
  • Email conversations.
  • User tuning
  • Group "Stanford friends" and "UMass friends"
    into "University friends" attribute
  • Harvesting Scenairo
  • 4 of us have exchanged 25 mails, 10 attachments,
    calendar data, Facebook events.gt Harvester
    creates group for sharing data

30
Object Attributes
  • File extensions help classify file types
  • .doc, .jpg, .html
  • Extract information from existing sites
  • Example Tags of photos from Flickr
  • Assumption Semantic webgt Metadata should be
    rich source of information

31
Automatic Rule Generation
  • Infer rules based on past actions / history of
  • owner, friends.
  • Aggregate rules based on overall PRPL data.
  • Hard-coded rules based on default rules database.
  • Family ltgt "Family photos"
  • Share info with participants
  • Event info with event attendees
  • Project info with project members

32
Easy-To-Use Goals
  • Minimize user effort
  • System transparency

33
Typical User Interface
  • GUI allows users to manipulate directly or
    indirectly the internal access control
    mechanismgt Burden too heavy even for simple
    task
  • Problem Internal access control mechanism too
    arcane and difficult
  • In the paper ACL-based Access Control

34
Beyond IAM, What does easy-to-use really mean?
  • Owner should see and understand what the
    principal -gt object mappings are.
  • Transparent to owner
  • Default "Smart" security should be "good enough"
    for most owners. (predictable)
  • Can track success with how often users make
    changes.
  •  
  • .....

35
What does easy-to-use mean? ...ctd
  • Specific fine-grained updates from owner should
    be easy(match the way the user thinks about the
    task of sharing)
  • Smart security will periodically provide access
    control suggestions based on mining recent data
    in owner's social networks.
  • Recent Gmail, Facebook activity.

36
Default view
  • Medium level of specificity
  • Files and people
  • Security hints button
  • System rules view

37
Security model
  • Multiple levels of security
  • Whitelist , blacklist, smart security
  • Smart security provided at different times
  • Initial configuration - when user first links up
    their accounts.
  • Users verify the suggested model.
  • User modifies and creates finer-grained lists
    (optional)
  • Periodic updates
  • Suggestions provided based on user's activity
  • User accepts / rejects suggestion. System updates
    based on user input.

38
HCI/UI elements
  • Most General
  • Attribute view
  • Connections between object attributes and subject
    attributes
  • Example
  • Work emails and attachments -gt shared with
    "Colleagues".
  • Vacation pictures -gt Family.

39
HCI/UI elements continued...
  • Most specific
  • By source
  • Filtering attributes
  • Creating rules
  • Examples
  • Emails from gmail account1 -gt shared with theater
    group
  • Emails from gmail account2 -gt shared with all
    family.
  • Facebook photos tagged ski -gt shared with ski
    club friends.

40
UI Preview rules
  • Preview all rules
  • Manually created and auto-generated rules.
  • Why
  • Provide system visibility / transparency to user.
  • Example Display link.
  • Ski trip photos
  • NOT shared with ALL
  • Shared with Ski club friends, family
  • Wedding photos
  • Shared with ALL
  • Not shared with ex. 

41
UI Preview object access
  • Idea Given all the rules mapping, who can view a
    given object.
  • Owner selects Objects - e.g. Ski trip photos -gt
    John
  • System displays
  • List of users that can view the photos
  • Which rule(s) triggered this access.
  • e.g. Photos -gt Friends.

42
UI Preview subject access
  • Question Which pictures can grandma view?
  • Owner selects a user in the network.
  • System displays
  • List of objects grandma has access to.
  • Which rule(s) triggered this access.
  • "Personal photos" -gt family
  • Specific example if possible.

43
(No Transcript)
44
Implementation components
  • Access control
  • Attribute query
  • Relationship expansion
  • Ontology / synonyms
  • Owner defined grouping
  • Rule matching engine
  • User Interface
  • See slides before

45
Contribution - our 'twist' ltinsert group twist
picgt
  • Prototype components
  • Access control module
  • User interface
  • Basic heuristics for auto-generation
  • Provide groundwork for further exploration
  • Access control architecture
  • Rule generation ideas
  • UI based on our model
  • Semantic attribute based Access Control 
  • Prototypeindex server perimeter access control
  • Easy-to-use
  • visualization / interface
  • Smart security
  • Automatic rules generation on attributes
View by Category
About This Presentation
Title:

CS343 Access Control in PRPL

Description:

Encrypted data - pictures, sensitive documents. Policy-based encryption ... Object: 'Wedding photos' - 'Photos' Subject: 'CS343 friends' - 'Stanford' Smart Security ... – PowerPoint PPT presentation

Number of Views:36
Avg rating:3.0/5.0
Slides: 46
Provided by: Goog333
Category:
Tags: prpl | access | control | cs343

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: CS343 Access Control in PRPL


1
CS343 Access Control in PRPL
  • Greg Bayer, Debangsu Sengupta, Antone Vogt, Tom
    Wang

2
Problem Access Control
  • New domain for which to provide Access Control
  • Semantic Web rich, but unstructured
  • Need for Fine-Grained sharing
  • Incompatible data sources from multiple systems

3
Problem Usual solutions
  • Expose complexity to user
  • Ex Distributed file systems, ACLs
  • Or, too coarse-grained
  • Ex Share with everyone or friends (Facebook)
  • Access control files on a specific system, not
    your data wherever it may be
  • Static access control systems
  • Does not scale new systems all the time

4
Our Solution Attribute-Based (ABAC)
  • Leverage harvesters' knowledge of data context
  • Support arbitrary, harvester-defined ontologies
  • Infer Attributes from Semantic Web Information
  • Provide access control for PRPL data based on
    these attributes
  • fine-grained
  • easy-to-use
  • semantic rules automatically apply to new data

5
Demo
6
What we learned
  • The context extracted by harvester (screen
    scraping, XML feeds) is sufficient for
    interesting access control tasks.
  • Can leverage semantic web tools RDF/RDFS, OWL,
    SPARQL, etc.
  • Intuitive UI representation is critical
  • Must be flexible/extensible to express complex
    rules
  • Good framework Prefuse
  • Much work to be done to express complex access
    control policies intuitively
  • Email recipient/attachments scenario

7
Future work
  • Demonstrate more complex rules in the system and
    UI.
  • Email recipients scenario.
  • Blacklist rules / Conflicts between rules
  • Prune attributes displayed in tree using machine
    learning methods.
  • Time Frame 1-2 months
  •  Automatic rules generations
  • Sophisticated heuristics
  • Time frame 3 months
  • Publish content owners rules - alternative use
  • Ex. Express sharing rules in PRPL UI, publish to
    facebook
  • Pull from PRPL-compliant web service
  • Time frame 1 month

8
Future work
  • Scalability
  • Expressivity / performance tradeoff. Different
    inference engines.
  • Cache rules / relationships in database
  • Time frame 2-3 months
  • Authentication
  • Study integration with OAuth, single sign-on
    services like Shibboleth.
  • Time frame 2-3 months.
  •  
  • Usability studies.
  • Do users like our solution? Focus groups.
  • Time frame 1 month.
  • Build system statistics module.
  • E.g. number of steps taken by user to complete
    common rules assignment tasks.
  • Time frame 1 month

9
PRPL Index Server with Access Control
10
Questions/comments/suggestions?
11
Backup slides
12
Surprises for the project
  • Coarse grained sharing
  • Not flexible enough for PRPL.
  • Better Fine - grained mechanism.
  • Traditional RBAC / ACL.
  • Complexity exposed to user. Difficult to express
    simple tasks. Static hierarchical data not
    available in PRPL context.
  • Better Attribute links from persons to resources
  • Static / manually assigned attributes
  • Works within organizations. Inappropriate for
    web-based open systems.
  • Better Relations defined from attributes
    gathered/inferred from harvesting.
  • Complexity shown to user e.g. ACL
  • Better Hide complexity. Tradeoff between complex
    rules and ones that can be easily expressed.
  • Allow users to verify.

13
Features
  • Attribute-based
  • Use common access control ontology that is
    customized by groups suggested for the user.
  • Ontology for persons and resources. Can leverage
    existing work in the areas.
  • Relationships and rules generation to augment
    access control ontology.
  • Currently, heuristics based.
  • Groups are represented as attributes for both
    persons and resources.
  • Toolset Jena, Sparql, RDF/XML, RDFS, OWL
    ontology, reasoners.

14
Features ctd
  • Easy to use minimize use effort / transparency
  • Intuitive UI
  • Use familiar patterns to establish links between
    Persons and objects.
  • Translate content owner actions to rules.
  • Currently support accept/deny rules.
  • Extensible
  • Underlying model based on standard GraphML.
  • Can include complicated rules and expose
    attributes.
  • Tree view to browse through persons and files
    hierarchies
  • Search feature on both sides.

15
  • Slides From First
  • Presentation
  • (in-class discussion)


16
Access Control in PRPL
  • Basic idea
  • Fine-grained data sharing
  • In PRPL
  • Index Server
  • Perimeter security
  • Index data is unencrypted.
  • Data Server
  • Encrypted data - pictures, sensitive documents. 
  • Policy-based encryption

17
Access Control Fundamentals
  • RBAC
  • Commonly used in enterprise
  • Role concept is central
  • Principals (users) map to 1 or more roles.
  • Permissions on objects (r/w/x) map to 1 or more
    roles.
  • Attribute-based Access Control
  • Roles are determined from attributes extracted
    from subjects and objects.

18
Attribute-Based Access Control
  • Object attributes
  • Types of objects Files, Folders, URI's
  • Attribute Ski photos
  • Subject/Principal attributes
  • Examples of subjects Tom, Harry
  • Attributes Friends, family, colleagues
  • Harvest attributes from semantic web (social
    network information).

19
Concept
  • Coalition Alliances and collaboration between
    individuals from multiple organizations. 
  • Dynamic coalition Entities join or leave in an
    ad-hoc manner.

20
Access Control policy fundamentals
  • Principals Users including owners and
    requesters.
  • Objects Files, services etc.
  • Policy definition
  • Which principals have access to what resources
    and has the ability to do what activities.
  • Dynamic access control Principal (subject)
    information must be derived from user attributes.

21
Attribute based approach
  • Determine user and object attributes.
  • Infer which user attributes are semantically
    relevant to object attributes.
  • Identify mapping relationships that enable
    mapping between user attributes, job functions
    (attributes), and object attributes. 
  • Prune the semantically relevant attributes.
  • Identify which are unlikely to be held by those
    principals outside the role. 

22
Attributes User
  • User attributes
  • Manual - generally
  • Certifiable or organizationally assigned
  • User Attribute Base Set of all user attributes.
  • Example 2. Tom, who works at LM company, has the
    following attribute set UAB(Tom)
    (hasDegreebachelors),(performsJobsoftware),
    (assignedToprojectBlue),(hasExpertiseInjava),
    (officeLocNVC1).

23
Attributes Object
  • Object attributes
  • Manual
  • Manual tagging, file name, file description
  • Automatic
  • Inference based on content, keywords, owners,
    owner relationships etc.
  • Object attribute base (OAB) Set of all object
    attributes.
  • Example 3
  • "Component 1 software" (C1) object attribute set
    (hasContentjava), (hasContentfinancial)(hasCon
    tentsoftware), (createdUnderProjectBlue).

24
Link user and object attributes
  • Use concept hierarchy
  • Example relationships used
  • Subclass
  • Synonyms.
  • Superclass
  • Compatible - common parent.
  • .....
  •                                               
                                                
    ......

25
Matching
  • Semantic Match
  • Between subject (user) attribute/value pair and
    object attribute/value pair if...
  • Both
  • The attributes are linked
  • And
  • The values and are synonymous or
  • The object value is a subclass of the object
    value.

26
PRPL Access Control Module
27
Attribute Relationships
  • Relationship expansion.
  • Existing database / auto generated
  • From User
  • Examples
  • Object "Wedding photos" -gt "Photos"
  • Subject "CS343 friends" -gt"Stanford"
  • .....
  •                                               
                                                   
    .......

28
Smart Security
  • Multiple levels of security
  • Whitelist - Very secure.
  • Blacklist - Open.
  • Grey / Smart / adaptive security - Our focus
  • Smart security consists of
  • Automatic attribute-relationship generation
  • Subject attributes
  • Object attributes
  • Automatic rule generation
  • Rule Subjects with certain attributes can read
    objects with certain attributes

29
Subject Relationships, Our Approach
  • Auto-attribute generation based on
  • Existing information online, as in Tokyo paper
  • FOAF, event attendee acquaintance
  • Email conversations.
  • User tuning
  • Group "Stanford friends" and "UMass friends"
    into "University friends" attribute
  • Harvesting Scenairo
  • 4 of us have exchanged 25 mails, 10 attachments,
    calendar data, Facebook events.gt Harvester
    creates group for sharing data

30
Object Attributes
  • File extensions help classify file types
  • .doc, .jpg, .html
  • Extract information from existing sites
  • Example Tags of photos from Flickr
  • Assumption Semantic webgt Metadata should be
    rich source of information

31
Automatic Rule Generation
  • Infer rules based on past actions / history of
  • owner, friends.
  • Aggregate rules based on overall PRPL data.
  • Hard-coded rules based on default rules database.
  • Family ltgt "Family photos"
  • Share info with participants
  • Event info with event attendees
  • Project info with project members

32
Easy-To-Use Goals
  • Minimize user effort
  • System transparency

33
Typical User Interface
  • GUI allows users to manipulate directly or
    indirectly the internal access control
    mechanismgt Burden too heavy even for simple
    task
  • Problem Internal access control mechanism too
    arcane and difficult
  • In the paper ACL-based Access Control

34
Beyond IAM, What does easy-to-use really mean?
  • Owner should see and understand what the
    principal -gt object mappings are.
  • Transparent to owner
  • Default "Smart" security should be "good enough"
    for most owners. (predictable)
  • Can track success with how often users make
    changes.
  •  
  • .....

35
What does easy-to-use mean? ...ctd
  • Specific fine-grained updates from owner should
    be easy(match the way the user thinks about the
    task of sharing)
  • Smart security will periodically provide access
    control suggestions based on mining recent data
    in owner's social networks.
  • Recent Gmail, Facebook activity.

36
Default view
  • Medium level of specificity
  • Files and people
  • Security hints button
  • System rules view

37
Security model
  • Multiple levels of security
  • Whitelist , blacklist, smart security
  • Smart security provided at different times
  • Initial configuration - when user first links up
    their accounts.
  • Users verify the suggested model.
  • User modifies and creates finer-grained lists
    (optional)
  • Periodic updates
  • Suggestions provided based on user's activity
  • User accepts / rejects suggestion. System updates
    based on user input.

38
HCI/UI elements
  • Most General
  • Attribute view
  • Connections between object attributes and subject
    attributes
  • Example
  • Work emails and attachments -gt shared with
    "Colleagues".
  • Vacation pictures -gt Family.

39
HCI/UI elements continued...
  • Most specific
  • By source
  • Filtering attributes
  • Creating rules
  • Examples
  • Emails from gmail account1 -gt shared with theater
    group
  • Emails from gmail account2 -gt shared with all
    family.
  • Facebook photos tagged ski -gt shared with ski
    club friends.

40
UI Preview rules
  • Preview all rules
  • Manually created and auto-generated rules.
  • Why
  • Provide system visibility / transparency to user.
  • Example Display link.
  • Ski trip photos
  • NOT shared with ALL
  • Shared with Ski club friends, family
  • Wedding photos
  • Shared with ALL
  • Not shared with ex. 

41
UI Preview object access
  • Idea Given all the rules mapping, who can view a
    given object.
  • Owner selects Objects - e.g. Ski trip photos -gt
    John
  • System displays
  • List of users that can view the photos
  • Which rule(s) triggered this access.
  • e.g. Photos -gt Friends.

42
UI Preview subject access
  • Question Which pictures can grandma view?
  • Owner selects a user in the network.
  • System displays
  • List of objects grandma has access to.
  • Which rule(s) triggered this access.
  • "Personal photos" -gt family
  • Specific example if possible.

43
(No Transcript)
44
Implementation components
  • Access control
  • Attribute query
  • Relationship expansion
  • Ontology / synonyms
  • Owner defined grouping
  • Rule matching engine
  • User Interface
  • See slides before

45
Contribution - our 'twist' ltinsert group twist
picgt
  • Prototype components
  • Access control module
  • User interface
  • Basic heuristics for auto-generation
  • Provide groundwork for further exploration
  • Access control architecture
  • Rule generation ideas
  • UI based on our model
  • Semantic attribute based Access Control 
  • Prototypeindex server perimeter access control
  • Easy-to-use
  • visualization / interface
  • Smart security
  • Automatic rules generation on attributes
About PowerShow.com