Upload
kenneth-dennis
View
216
Download
0
Embed Size (px)
Citation preview
A Flexible Access Control A Flexible Access Control Service for Java Mobile CodeService for Java Mobile Code
HPCC lab문 정 아
MC (Mobile Code) Tech in Internet
Security Concern design & development
of comprehensive access control frameworks
Static & Dynamic
1. Introduction
2. How To Control Mobile Code- To control MC behavior
Development time control “Safe” programming languages Proof Carrying Code
Run-time access control mechanism Sandbox technique JDK 1.2 security architecture Safe-Tcl security framework
Simple access control lists (ACLs)
.
2. How To Control Mobile Code- Lan-based solutions
(to separate policy from access control implementation)
Logic-based declarative languages
Procedural languages
Other languages (combining procedural & declarative rules)
3. Flexible Access Control Requirements for Mobile Code
In mobile applications, MA is automatic tasks retrieval , processing of patient records
Patient records retrieval initiated from Mobile system
Strict controls on the interactions between MAs & medical DB
A patient’s primary physician is allowed to read & modify the patient’s records;
A physician collaborating with the patient primary physician can read (but not modify) the records only if the patient has explicitly authorized him;
A hospital nurse can view only the records of patients currently in the ward where she is on duty, and only during duty hours;
3. Examples of healthcare applications
4. The Ponder Language for Flexible Access Control Policies
For Policy specification
Expressiveness
Simplicity
Analysability
Policy
Authorisation
Ex>auth+ RecordAccess {
subject s = primary_physicians;target r = patient_records;Action view, modify;When member(s, r.caring_physicians());
}
4.1. Authorisations
4.1. Authorisations
Ex>Typeauth+ RecordAccess(subject s, target t) {
action view, modify;When member(s, r.caring_physicians());
}inst
auth+ r1 = RecordAccess(hospital1/physicians, hospital1/records);
r2 = RecordAccess(hospital2/paediatricians, hospital2/child-records);
}
4.2. Filtering
Typeauth+ FilteredRecordAccess(subject s, target t) {
action view()if containsExternalNodes(s.itinerary){result = reject({“PatientName”, “Address”},
result);}
}
4.3. Policy Groups and Roles
Typerole surgery_nurse (ward) extends nurse(ward) {
constraint workHours = time.between(0800,1700); Attended_patient(p) = member(p, ward) ;
instauth+ nurse_access{ action view(p); target patient_records; when workHours and attended_patient(p);
}
5. A Flexible Access Control Service for Mobile Code
Policy Specification Component (PSC)
Policy Retrieval Component (PRC)
Permission Checking Component (PCC)
Filtering Executor Component (FEC)
5.1 The Java Access Control Architecture
Java security architecture relies on building components
Policy object
Class Loader
Access controller
Security manager
5.2 How to Map Ponder Policies into Java
PolicyEditor
Policycompiler
AnalysisTool
BrowserTool
StructuringTool
AnalysisTool
SemanticAnalyzer
CodeGenerator
Java PoliciesJava Policies
5.3 The Enforcement of Ponder Policies
MA loading: permission assignment
MA access resource : run-time permission evaluation
5.3 The Enforcement of Ponder Policies
Permission assignmentPermission assignment
Current agent execution env.Current agent execution env.
class loader
PRC
Coordinate with
발견된 모든 policy 를
Appropriate protection dom
ain 에 insert!!
발견된 모든 policy 를
Appropriate protection dom
ain 에 insert!!
5.3 The Enforcement of Ponder Policies
Run-time permission evaluationRun-time permission evaluation
Proxy-based mechanism Incoming agents provides instead access proxies
& same resource interface.
Proxy coordinate with the PCC & FEC MCcheckPermissionMCfilter
5.4 Implementation Issues
MCcheckPermission
Access Controller ClassAccess Controller Class
checkPermission
PonderPermissionPonderPermission
implies
Call
5.4 Implementation Issues
i.e> in application MA calls new(FileInputStream(FileName))i.e> in application MA calls new(FileInputStream(FileName))
JDK 1.2 packageJDK 1.2 package
FileInputStream
constructor
PonderFilePermissionPonderFilePermission
checkPermission
Call
Solution (to support constraints with java
& appropriate constraint checkin
g):
Customisability property of the jav
a SecurityManager class.
( i.e. checkPermission method )
Solution (to support constraints with java
& appropriate constraint checkin
g):
Customisability property of the jav
a SecurityManager class.
( i.e. checkPermission method )
6. Conclusion
THANK YOU FOR YOUR ATTENTION !