rbacDSL - slides from Code Generation 2014

•

0 gefällt mir•725 views

My slides from my talk at Code Generation 2014 in Cambridge, UK. rbacDSL is a text-based DSL for writing, verifying and correcting RBAC authorisation policies. It produces standard XACML policies that can be used with any XACML evaluation engine.

Technologie

rbacDSL: a DSL for Role-Based Access Control
Lionel Montrieux <lionel.montrieux@open.ac.uk>

The Open University, Milton Keynes, UK

Outline
• Background and overview (15 min.)
• Building an authorisation policy - live demo (20 min.)
• Try to think of a good example
• Bonus points for funny ones
• Current research and future directions (10 min.)

XACML - Policies
• <PolicySet> 
<PolicyCombinationAlgorithm/> 
<Policy> 
<RuleCombinationAlgorithm/> 
<Rule effect=“Permit|Deny”> 
<Target/> 
<Condition/> 
</Rule> 
</Policy> 
</PolicySet>

XACML - Requests
• <Request> 
<Subject/> 
<Resource/> 
<Action/> 
<Environment/> 
</Request>

How it started
• rbacUML and rbacDSML
• OCL constraints
• “model smells”
• ﬁxing incorrect models
• Rational Software Architect 8.0, UML proﬁles

Scenarios?
• Granted: user should be able to perform a list of actions
• Forbidden: !Granted
• User-Role: role should be assigned to at least one user
• Object-Role: role should allow one to perform a list of
actions on objects
• Object: at least one user should be able to perform an
action on an object

Demo time! https://github.com/lmcmontrieux/rbacDSL

Current (and past) research
• Automated model ﬁxing (the whole model) [Montrieux13]
• Adaptive access control - automated reaction to inside
threats [Bailey14]
• Dynamic access control - in progress

Future directions
• Attributes and conditions support
• User-speciﬁc scenarios
• XACML PAP connectors, LDAP connectors
• Dynamic access control features
• Bidirectional graph transformations

Any questions? email me: lionel.montrieux@open.ac.uk 
get the tool: https://github.com/lmcmontrieux/rbacDSL

References
• All publications I co-authored are available on http://oro.open.ac.uk/
view/person/lm25566.html and http://oro.open.ac.uk/view/
person/lmcm5.html
• [Sandhu00] Ravi S. Sandhu, David F. Ferraiolo, D. Richard Kuhn: The
NIST model for role-based access control: towards a uniﬁed standard.
ACM Workshop on Role-Based Access Control 2000:47-63
• XACML: eXtensible Access Control Modeling Language - OASIS -
https://www.oasis-open.org/committees/tc_home.php?
wg_abbrev=xacml
• Image on slide 6 re-created from http://www.xacml.info
• Images on slides 4 and 15 by J. Hardaway

Weitere ähnliche Inhalte

Andere mochten auch

$G:\Time Management$ $G:\Time Management$

G:\Time Management

clopo

Lilylovespearl

sweetmalhotra

Be a Hiring Machine: A Strategic Interview Guide

GravityPeople

Gc presentation for website 10 11-11

andrewtytla

Lilylovespearl

sweetmalhotra

Youth unemployment as one of the most pressing

guest97081e

Vocabulary instruction for academic success

GRAi9

Andere mochten auch (7)

$G:\Time Management$ $G:\Time Management$

G:\Time Management

Lilylovespearl

Be a Hiring Machine: A Strategic Interview Guide

Gc presentation for website 10 11-11

Lilylovespearl

Youth unemployment as one of the most pressing

Vocabulary instruction for academic success

Ähnlich wie rbacDSL - slides from Code Generation 2014

The tester's dilemmas

SQALab

Bart Knaack - The Truth About Model-Based Quality Improvements

TEST Huddle

Quontra Solutions is leading provider of IT career advice, Training and consulting services for IT Professional and corporates across USA. We train individuals or Corporate via online or class Room training in all IT tools and Technologies. We always strive to bring out innovative methods along with the traditional teaching techniques which enhance the overall experience of the students and teachers to extract the return on Investments, high efficiency and scalability. The company’s architecture is based on the insights from the marketplace, business analytics and strategies keeping intact the fundamental principles in mind, helps us to compete and win in today’s environment without changing any quality in training. The support, service and training provided by Quontra solutions for various customers assures a “stay up to date” easy transition from previous to current in terms of technology. Our advertisers and promoters are none other than the clients you have been associated with us for their training needs.. Email Id : info@quontrasolutions.co.uk Website: http://www.quontrasolutions.co.uk

Introduction to j2 ee patterns online training class

QUONTRASOLUTIONS

Supporting Change in Product Lines within the Context of Use Case-driven Deve...

Lionel Briand

Automated and Scalable Solutions for Software Testing: The Essential Role of ...

Lionel Briand

Towards agile formal methods The main goal of this work is to overcome the aforementioned limitations by enabling automated decision gates in performance testing of microservices that allow requirements traceability. We seek to achieve this goal by endowing common agile practices used in microservice performance testing, with the ability to automatically learn and then formally verify a performance model of the System Under Test (SUT) to achieve strong assurances of quality. Even if the separation between agile and formal methods increased over the years, we support the claim that formal methods are at a stage where they can be effectively incorporated into agile methods to give them rigorous engineering foundations and make them systematic and effective with strong guarantees.

SFScon 21 - Matteo Camilli - Performance assessment of microservices with str...

South Tyrol Free Software Conference

The WSO2 Identity Server - An answer to your common XACML dilemmas

WSO2

The WSO2 Identity Server - An answer to your common XACML dilemmas

sureshattanayake

The WSO2 Identity Server - An answer to your common XACML dilemmas

sureshattanayake

Making Model-Driven Verification Practical and Scalable: Experiences and Less...

Lionel Briand

Ähnlich wie rbacDSL - slides from Code Generation 2014 (10)

The tester's dilemmas

Bart Knaack - The Truth About Model-Based Quality Improvements

Introduction to j2 ee patterns online training class

Supporting Change in Product Lines within the Context of Use Case-driven Deve...

Automated and Scalable Solutions for Software Testing: The Essential Role of ...

SFScon 21 - Matteo Camilli - Performance assessment of microservices with str...

The WSO2 Identity Server - An answer to your common XACML dilemmas

Making Model-Driven Verification Practical and Scalable: Experiences and Less...

Mehr von Lionel Montrieux

Reusable Self-Adaptation through Bidirectional Programming

Lionel Montrieux

Self-Adaptive Cloud Infrastructures with Bidirectional Programming

Lionel Montrieux

Self-Adaptive Federated Authorisation Infrastructures

Lionel Montrieux

Bidirectional Programming for Self-adaptive Software

Lionel Montrieux

Model-Based Analysis of Role-Based Access Control

Lionel Montrieux

rbacUML at CodeGeneration 2012

Lionel Montrieux

Open University CRC Students conference 2010

Lionel Montrieux

Security Analysis for Evolvable Software

Lionel Montrieux

Mehr von Lionel Montrieux (8)

Reusable Self-Adaptation through Bidirectional Programming

Self-Adaptive Cloud Infrastructures with Bidirectional Programming

Self-Adaptive Federated Authorisation Infrastructures

Bidirectional Programming for Self-adaptive Software

Model-Based Analysis of Role-Based Access Control

rbacUML at CodeGeneration 2012

Open University CRC Students conference 2010

Security Analysis for Evolvable Software

Kürzlich hochgeladen

Accelerating FinTech Innovation: Unleashing API Economy and GenAI Vasa Krishnan, Chief Technology Officer - FinResults Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

apidays

Corporate and higher education. Two industries that, in the past, have had a clear divide with very little crossover. The difference in goals, learning styles and objectives paved the way for differing learning technologies platforms to evolve. Now, those stark lines are blurring as both sides are discovering they have content that’s relevant to the other. Join Tammy Rutherford as she walks through the pros and cons of corporate and higher ed collaborating. And the challenges of these different technology platforms working together for a brighter future.

Corporate and higher education May webinar.pptx

Rustici Software

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

GenAI Risks & Security Meetup 01052024.pdf

lior mazor

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

Scalable LLM APIs for AI and Generative AI Application Development Ettikan Karuppiah, Director/Technologist - NVIDIA Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...

apidays

MS Copilot expands with MS Graph connectors

Nanddeep Nachan

Whatsapp Number Escorts Call girls 8617370543 Available 24x7 Navi Mumbai Call Girls Service Offer Genuine VIP Model Escorts Call Girls in Your Budget. Navi Mumbai Call Girls Service Provide Real Call Girls Number. Make Your Sexual Pleasure Memorable with Our Navi Mumbai Call Girls at Affordable Price. Top VIP Escorts Call Girls, High Profile Independent Escorts Call Girls, Housewife Women Escorts Call Girl, College Girls Escorts Call Girls, Russian Escorts Call girls Service in Your Budget.

Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model

Deepika Singh

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

ICT role in 21st century education and its challenges

rafiqahmad00786416

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

DBX First Quarter 2024 Investor Presentation

Dropbox

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the deployment of external web forms using Jotform for Bonterra Impact Management. This solution can be customized to your organization’s needs and deployed to support the common use cases below: - Intake and consent - Assessments - Surveys - Applications - Program registration Interested in deploying web form automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Jeffrey Haguewood

In the thrilling conclusion to 2023, ransomware groups had a banner year, really outdoing themselves in the "make everyone's life miserable" department. LockBit 3.0 took gold in the hacking olympics, followed by the plucky upstarts Clop and ALPHV/BlackCat. Apparently, 48% of organizations were feeling left out and decided to get in on the cyber attack action. Business services won the "most likely to get digitally mugged" award, with education and retail nipping at their heels. Hackers expanded their repertoire beyond boring old encryption to the much more exciting world of extortion. The US, UK and Canada took top honors in the "countries most likely to pay up" category. Bitcoins were the currency of choice for discerning hackers, because who doesn't love untraceable money?

Ransomware_Q4_2023. The report. [EN].pdf

Overkill Security

Kürzlich hochgeladen (20)

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

Corporate and higher education May webinar.pptx

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

GenAI Risks & Security Meetup 01052024.pdf

presentation ICT roal in 21st century education

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

Powerful Google developer tools for immediate impact! (2023-24 C)

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...

MS Copilot expands with MS Graph connectors

Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

ICT role in 21st century education and its challenges

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

DBX First Quarter 2024 Investor Presentation

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Ransomware_Q4_2023. The report. [EN].pdf

rbacDSL - slides from Code Generation 2014

1. rbacDSL: a DSL for Role-Based Access Control Lionel Montrieux <lionel.montrieux@open.ac.uk> The Open University, Milton Keynes, UK

2. Outline • Background and overview (15 min.) • Building an authorisation policy - live demo (20 min.) • Try to think of a good example • Bonus points for funny ones • Current research and future directions (10 min.)

3. Background

4. Authentication, Authorisation

5. RBAC [Sandhu00]

6. XACML architecture

7. XACML - Policies • <PolicySet>  <PolicyCombinationAlgorithm/>  <Policy>  <RuleCombinationAlgorithm/>  <Rule effect=“Permit|Deny”>  <Target/>  <Condition/>  </Rule>  </Policy>  </PolicySet>

8. XACML - Requests • <Request>  <Subject/>  <Resource/>  <Action/>  <Environment/>  </Request>

9. How it started • rbacUML and rbacDSML • OCL constraints • “model smells” • ﬁxing incorrect models • Rational Software Architect 8.0, UML proﬁles

10. Scenarios? • Granted: user should be able to perform a list of actions • Forbidden: !Granted • User-Role: role should be assigned to at least one user • Object-Role: role should allow one to perform a list of actions on objects • Object: at least one user should be able to perform an action on an object

11. Demo time! https://github.com/lmcmontrieux/rbacDSL

12. Current research and future directions

13. Current (and past) research • Automated model ﬁxing (the whole model) [Montrieux13] • Adaptive access control - automated reaction to inside threats [Bailey14] • Dynamic access control - in progress

14. Future directions • Attributes and conditions support • User-speciﬁc scenarios • XACML PAP connectors, LDAP connectors • Dynamic access control features • Bidirectional graph transformations

15. Any questions? email me: lionel.montrieux@open.ac.uk  get the tool: https://github.com/lmcmontrieux/rbacDSL

16. References • All publications I co-authored are available on http://oro.open.ac.uk/ view/person/lm25566.html and http://oro.open.ac.uk/view/ person/lmcm5.html • [Sandhu00] Ravi S. Sandhu, David F. Ferraiolo, D. Richard Kuhn: The NIST model for role-based access control: towards a uniﬁed standard. ACM Workshop on Role-Based Access Control 2000:47-63 • XACML: eXtensible Access Control Modeling Language - OASIS - https://www.oasis-open.org/committees/tc_home.php? wg_abbrev=xacml • Image on slide 6 re-created from http://www.xacml.info • Images on slides 4 and 15 by J. Hardaway

rbacDSL - slides from Code Generation 2014

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Andere mochten auch

Andere mochten auch (7)

Ähnlich wie rbacDSL - slides from Code Generation 2014

Ähnlich wie rbacDSL - slides from Code Generation 2014 (10)

Mehr von Lionel Montrieux

Mehr von Lionel Montrieux (8)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

rbacDSL - slides from Code Generation 2014