Transcript slides
Context Aware RBAC Model For Wearable
Devices And NoSQL Databases
•
•
•
•
Amit Bansal
Siddharth Pathak
Vijendra Rana
Vishal Shah
Guided By:
Dr. Csilla Farkas
Associate Professor
Roadmap:
■ Relational Database Management System
■ NoSQL Databases
■ Access Control Models
■ Wearable Devices
■ Proposed Solution
■ Wrap-up
RDBMS (Relational Database Management System)
What it is ?
• Stores Data In The Form Of Related Tables Using Keys Like Primary
Keys, Foreign Keys.
• Relational operators to manipulate the data.
• For Data Manipulation Mostly SQL(Standard Query Language) used
• Other vendors are MySQL server, db2, oracle and MySQL.
RDBMS
•efficient storage
•Simple to delete or
modify
Persistent
data
storage
Complex
queries
•certain tables can be
made confidential
Scalability
Complexity
Better
security
Hardware
performance
•Response time
•powerful servers
•more storage space
NoSQL (Not Only SQL)
• A non-relational and largely distributed database system
• A fast, portable, open-source RDBMS
• Support horizontal scaling
• Run on clusters of machines
• NoSQL does not prohibit structured query language.
• Example : Apache Cassandra, Google Big table
Why ?
• CAP theorem –
Confidentiality : data is written only once all other manipulation is stored
Availability : Data is available and responsive
Partition Tolerance : whole database not get affected due to some part
• Big data applications - store massive volumes of data
Types of NoSQL :
•represented as a graph
•elements are
interconnected
•Neo4j and Titan
•indexed key and a value
•schema-less
•least complex NoSQL
options
•Riak, Redis, BerkeleyDB
•store data tables as
sections of columns of
data
•HBase, Cassandra, Big
Table and HyperTable
Key-Value
store
Graph
database
Column
store
Document
database
•idea of key-value stores
•document is assigned a
unique key
•MongoDB and Couch DB
Why NoSQL over RDBMS ?
RDBMS
NoSQL
Access Control
Mechanism that provides selective restriction of
access to specific user.
Characteristics:
• Cannot be bypassed
• Enforce least-privilege
• Need-to-know restrictions
• Enforce organizational policy
• User identification and authentication
• Information specifying the access rights is
protected form modification
Existing Solutions for Access Control
DAC
Access
Control
MAC
RBAC
Mandatory Access Control
Classification
Label
Advantages
• Granularity of access.
• Only Administrator can grant
access
Clearance
Label
Compare
Object and
User
Clearance
Disadvantages
• Difficult to implement
• Not Agile
Discretionary Access Control
Considerations
•Every Object has
Owner
•Object owner has
total control over
access granted
Control
Mechanisms
•Security through
Views
•Stored
Procedures
•Grant and
Revoke
•Query
modification
Advantages
•Easy to use
•Easy to
administer
•Aligns to the
principle of least
privileges.
Role Based Access Control
Motivation
Components
Multi-user systems
Users
Multi-application systems
Roles
Multiple Roles for a User
Permissions
Multiple Permissions for User
Sessions
RBAC Workflow
Role
Hierarchy
Users
User
Assignment
Roles
Sessions
Permission
Assignment
Permissions
RBAC in NoSQL
Challenges
•Schema-less
•4 Database
Models
•No implicit User
Authentication
•Vendor Specific
Implemented
Basic
No Multiple
Role
Assignment
RBAC
Implemented
NA
Internet of Things (IoT):
Increase in the no of IoT devices globally:
Internet of Amazing Things:
Few Wearable Devices:
Data Flow Through IoT:
Security Concern
User
Fitness
Trainer
IOT Provider
Wearable
Devices
Roles
3rd Party
Vendors
DBA
Medical
Professional
How Can I provide Security?
Proposed Solution:
Context Aware RBAC Model for Wearable
Devices on NoSQL Databases
Work Flow:
Role
Hierarchy
Users
User
Assignment
Roles
Sessions
Permission
Assignment
Permissions
Context
Challenges:
Conflicting Roles
• Occurs when users have multiple roles.
• Check from the XACML configuration files to
see if access is allowed.
Separation of Duties
• Separate User Groups should be created that
have permission.
Sample Illustration:
ID
Purpose Time
Pulse Rate
Blood
Pressure
Distance
Potential Roles and Access:
User
Provider
Administrator
Medical Professional
3rd Party
Trainer
•All Data Fields
•ID, Purpose, Time, Location
•All Fields
•(Cannot View Raw Data)
•ID, Name, Pulse Rate, Calories
•Blood Pressure, Time
•DeviceID, ID, Other Columns
•(Depending upon User Authorization)
•Calories, ID, Pulse Rate, Time
Calories
Location Steps
DeviceID
Context in XACML :
Protection Object :
User U, Permission P, Session S, Role R, Tuple T, Column C,
Operation O;
When user has access to all columns:
Object = { U, R, S, T, ,O, P}
When user has access to some columns:
Object = { U, R, S, T{ Ci, Cj, ….}, O, P}
What is covered:
RDBMS Vs NoSQL
RBAC and its workflow
The Internet of things
Context aware RBAC for wearable device
Can be a solution
• Protection Object for proposal
•
•
•
•
Challenges Worth Noticing:
• Scaling
• People Awareness