Transcript A Flexible Access Control Service for Java Mobile Code HPCC lab

A Flexible Access Control
Service for Java Mobile Code
HPCC lab
문정아
1. Introduction
MC (Mobile Code) Tech in Internet
Security Concern
 design & development
of comprehensive access control frameworks
Static & Dynamic
2. How To Control Mobile Code
- To control MC behavior
Development time control
 “Safe” programming languages
 Proof Carrying Code
Run-time access control mechanism
 Sandbox technique
 JDK 1.2 security architecture
 Safe-Tcl security framework
Simple access control lists (ACLs)
2. How To Control Mobile Code
- Lan-based solutions
(to separate policy from access control implementation)
Logic-based declarative languages
Procedural languages
Other languages
.
(combining procedural & declarative rules)
3. Flexible Access Control
Requirements for Mobile Code
In mobile applications, MA is automatic tasks
 retrieval , processing of patient records
Patient records retrieval initiated from Mobile
system
Strict controls on the interactions between MAs &
medical DB
3. Examples of healthcare applications
A patient’s primary physician is allowed to read
& modify the patient’s records;
A physician collaborating with the patient
primary physician can read (but not modify)
the records only if the patient has explicitly
authorized him;
A hospital nurse can view only the records
of patients currently in the ward where she is
on duty, and only during duty hours;
4. The Ponder Language for
Flexible Access Control Policies
For Policy specification
Expressiveness
Simplicity
Analysability
Policy
Authorisation
4.1. Authorisations
Ex>
auth+ RecordAccess {
subject
s = primary_physicians;
target
r = patient_records;
Action
view, modify;
When
member(s, r.caring_physicians());
}
4.1. Authorisations
Ex>
Type
auth+ RecordAccess(subject s, target t) {
action view, modify;
When member(s, r.caring_physicians());
}
inst
auth+ r1 = RecordAccess(hospital1/physicians,
hospital1/records);
r2 = RecordAccess(hospital2/paediatricians,
hospital2/child-records);
}
4.2. Filtering
Type
auth+ FilteredRecordAccess(subject s, target t) {
action view()
if containsExternalNodes(s.itinerary){
result = reject({“PatientName”, “Address”},
result);
}
}
4.3. Policy Groups and Roles
Type
role surgery_nurse (ward) extends nurse(ward) {
constraint
workHours = time.between(0800,1700);
Attended_patient(p) = member(p, ward) ;
inst
auth+ nurse_access{
action view(p);
target patient_records;
when workHours and attended_patient(p);
}
5. A Flexible Access Control
Service for Mobile Code
Policy Specification Component (PSC)
Policy Retrieval Component (PRC)
Permission Checking Component (PCC)
Filtering Executor Component (FEC)
5.1 The Java Access Control
Architecture
Java security architecture relies on
building components
Policy object
Class Loader
Access controller
Security manager
5.2 How to Map Ponder Policies
into Java
Policy
Editor
Analysis
Tool
Browser
Tool
Structuring
Tool
Policy
compiler
Analysis
Tool
Semantic
Analyzer
Code
Generator
Java Policies
5.3 The Enforcement
of Ponder Policies
MA loading
: permission assignment
MA access resource
: run-time permission evaluation
5.3 The Enforcement
of Ponder Policies
Permission assignment
Current agent execution env.
class loader
발견된 모든 policy를
Appropriate protection
Coordinate with
PRC
domain에 insert!!
5.3 The Enforcement
of Ponder Policies
Run-time permission evaluation
Proxy-based mechanism
 Incoming agents provides instead access proxies
& same resource interface.
Proxy coordinate with the PCC & FEC
 MCcheckPermission
MCfilter
5.4 Implementation Issues
MCcheckPermission
Call
Access Controller Class
checkPermission
PonderPermission
implies
5.4 Implementation Issues
i.e> in application MA calls new(FileInputStream(FileName))
JDK 1.2 package
FileInputStream
constructor
Solution
(to support constraints with java
& appropriate constraint checking):
Call
PonderFilePermission
Customisability property of the
java SecurityManager class.
( i.e. checkPermission method )
checkPermission
6. Conclusion
THANK YOU
FOR YOUR ATTENTION !