scalable and efficient reasoning for enforcing role-based access control for provenance data

Scalable and E cient Reasoning for ffiEnforcing Role-Based Access Control for Provenance Data

Tyrone CadenheadEmail: thc071000@utdallas.edu

Advisors: Murat Kantarcioglu, and Bhavani Thuraisingham

Overview

Motivation Contributions Approach Theoretical Background:

– RBAC, TRBAC, Description Logics, SWRL

Detailed Overview of Approach and Optimizations Example Experimental Results

Motivation

1. Organizations tend to generate large amount of data

2. Users need only partial access to resources

3. nu users and nr roles = at most nu ×nr mappings

4. Scalable access control model and easy management

5. Handle heterogeneity in information system

Motivation (cont’d)

RBAC simplifies Security Management

– But Roles are statically defined

TRBAC extends RBAC

– Roles are dynamically defined and have a temporal dimension

– Does not address Heterogeneity inherent in organization information systems

Ontology has a Common Vocabulary

– Conforms to a Description Logic (DL) formalism

• As a result, ontology Knowledge Bases (KBs) has a Description Logic (DL) Reasoning Service

– Can be Distributed as different Knowledge Bases

Main Contributions

TRBAC Implementation using existing semantic technologies

Reasoning Service access control over large numbers of data instances in DL Knowledge Bases (KBs)

E ciently and accurately reason about access rightsffi

We have applied our techniques to provenance data represented as RDF graphs

Approach

Transform the access control policies into the semantic web rule language (SWRL)

Partitioning the Knowledge Base into a set of smaller Knowledge Bases, which have the same TBox but a subset of the original AboxA Knowledge Base consists of a TBox and ABox

Approach (cont’d)

Achieves:1. Scalability – support many users, roles, sessions,

permissions; combinations w.r.t access control policies

2. E ciency - determines the response time to make a ffidecision in milliseconds

3. Correct reasoning - ensures that all the data assertions are available when applying the security policies

Theoretical Background

• RBAC

• TRBAC

• Description Logic Language (ALCQ)

• SWRL

RBAC

TRBAC

• An extension of RBAC models that supports temporal constraints on the enabling/disabling of roles.

• Supports periodic role enabling and disabling, and temporal dependencies among such actions. Such dependencies are expressed by means of role triggers that can also be used to constrain the set of roles that a particular user can activate at a given time instant.

• The firing of a trigger may cause a role to be enabled/disabled either immediately, or after an explicitly specified amount of time.

• The enabling/disabling actions may be given a priority that may help in solving conflicts, such as the simultaneous enabling and disabling of a role

Description Logics

SWRL

Also the Semantic Web Rule language (SWRL) is a W3C recommendation. A SWRL rule has the form

are atoms of the form C(i) or atoms of the form P(i,j)

Detailed Overview

Step 1

Step 2

Step 3

Inference Stage

• When there is an access request for a specific patient, start executing steps 2 and 3.

• Steps 2 and 3 are our inferencing stages where we enforce the security policies.

• These can also be executed concurrently for many patients, as desired.

Advantages

• Adding SWRL rules to KBinf does not have a huge impact on the reasoning time as indicated by our experimental results.

• This is due to the fact that we are only retrieving a small subset of triples which reduces the number of symbols in the ABox when the rules are applied

Advantages (cont’d)

Definition of a Knowledge Base (KB)

(Mapping Function)

• Connects two domain modules so that we have:– RBAC assignments:

• the mappings user-role, role-user, role-permission, permission-role, user-session, role-role and role-session

– Hospital extensions: • the mappings patient-user, user-patient and patient-session

– Patient-Record constraint: • the one-to-one mappings patient-record and record-patient

Home Partition

(P-link)

Policy Query

Example

Trace

Optimization

Two types of indexing:

1. indexing the assertions• to find a triple by a subject (s), a predicate (p) or an object

(o),

• without the cost of a linear search over all the triples in a partition

2. creating a high level index.• points to the location of the partitions on disk

• At most linear with respect to the number of partitions

Experiments

Experiments

Directions

1. Our research has been applied to provenance data

2. In addition to access control, we have also carried out work on inference problem for provenance data

3. Implementation on the cloud is the next step