A Flexible Access Control A Flexible Access Control Service for Java Mobile CodeService for Java Mobile Code

HPCC lab문 정 아

MC (Mobile Code) Tech in Internet

Security Concern design & development

of comprehensive access control frameworks

Static & Dynamic

1. Introduction

2. How To Control Mobile Code- To control MC behavior

Development time control “Safe” programming languages Proof Carrying Code

Run-time access control mechanism Sandbox technique JDK 1.2 security architecture Safe-Tcl security framework

Simple access control lists (ACLs)

.

2. How To Control Mobile Code- Lan-based solutions

(to separate policy from access control implementation)

Logic-based declarative languages

Procedural languages

Other languages (combining procedural & declarative rules)

3. Flexible Access Control Requirements for Mobile Code

In mobile applications, MA is automatic tasks retrieval , processing of patient records

Patient records retrieval initiated from Mobile system

Strict controls on the interactions between MAs & medical DB

A patient’s primary physician is allowed to read & modify the patient’s records;

A physician collaborating with the patient primary physician can read (but not modify) the records only if the patient has explicitly authorized him;

A hospital nurse can view only the records of patients currently in the ward where she is on duty, and only during duty hours;

3. Examples of healthcare applications

4. The Ponder Language for Flexible Access Control Policies

For Policy specification

Expressiveness

Simplicity

Analysability

Policy

Authorisation

Ex>auth+ RecordAccess {

subject s = primary_physicians;target r = patient_records;Action view, modify;When member(s, r.caring_physicians());

}

4.1. Authorisations

4.1. Authorisations

Ex>Typeauth+ RecordAccess(subject s, target t) {

action view, modify;When member(s, r.caring_physicians());

}inst

auth+ r1 = RecordAccess(hospital1/physicians, hospital1/records);

r2 = RecordAccess(hospital2/paediatricians, hospital2/child-records);

}

4.2. Filtering

Typeauth+ FilteredRecordAccess(subject s, target t) {

action view()if containsExternalNodes(s.itinerary){result = reject({“PatientName”, “Address”},

result);}

}

4.3. Policy Groups and Roles

Typerole surgery_nurse (ward) extends nurse(ward) {

constraint workHours = time.between(0800,1700); Attended_patient(p) = member(p, ward) ;

instauth+ nurse_access{ action view(p); target patient_records; when workHours and attended_patient(p);

}

5. A Flexible Access Control Service for Mobile Code

Policy Specification Component (PSC)

Policy Retrieval Component (PRC)

Permission Checking Component (PCC)

Filtering Executor Component (FEC)

5.1 The Java Access Control Architecture

Java security architecture relies on building components

Policy object

Class Loader

Access controller

Security manager

5.2 How to Map Ponder Policies into Java

PolicyEditor

Policycompiler

AnalysisTool

BrowserTool

StructuringTool

AnalysisTool

SemanticAnalyzer

CodeGenerator

Java PoliciesJava Policies

5.3 The Enforcement of Ponder Policies

MA loading: permission assignment

MA access resource : run-time permission evaluation

5.3 The Enforcement of Ponder Policies

Permission assignmentPermission assignment

Current agent execution env.Current agent execution env.

class loader

PRC

Coordinate with

발견된 모든 policy 를

Appropriate protection dom

ain 에 insert!!

발견된 모든 policy 를

Appropriate protection dom

ain 에 insert!!

5.3 The Enforcement of Ponder Policies

Run-time permission evaluationRun-time permission evaluation

Proxy-based mechanism Incoming agents provides instead access proxies

& same resource interface.

Proxy coordinate with the PCC & FEC MCcheckPermissionMCfilter

5.4 Implementation Issues

MCcheckPermission

Access Controller ClassAccess Controller Class

checkPermission

PonderPermissionPonderPermission

implies

Call

5.4 Implementation Issues

i.e> in application MA calls new(FileInputStream(FileName))i.e> in application MA calls new(FileInputStream(FileName))

JDK 1.2 packageJDK 1.2 package

FileInputStream

constructor

PonderFilePermissionPonderFilePermission

checkPermission

Call

Solution (to support constraints with java

& appropriate constraint checkin

g):

Customisability property of the jav

a SecurityManager class.

( i.e. checkPermission method )

Solution (to support constraints with java

& appropriate constraint checkin

g):

Customisability property of the jav

a SecurityManager class.

( i.e. checkPermission method )

6. Conclusion

THANK YOU FOR YOUR ATTENTION !