Modelling User Controlled Access Control
Speaker: Maneesh Mathai
Affiliation: University of Western Sydney
Time: Friday 16/12/2011 from 11:00 to 11:30
Venue: Access Grid UWS. Presented from Parramatta (EB.1.32), accessible from Campbelltown (26.1.50) and Penrith (Y239).
Abstract:
There are many operations that a computer system can perform, but not all of these operations need to be carried out by one user. In fact the computer system needs to restrict the operations of users or programs that are executed on behalf of users based on certain policies. The computer system can achieves this through access control.
The access control is implemented using a reference monitor which mediates all access attempts of the user on different objects of the system. A reference monitor is a concept that defines a set of design requirements on a reference validation mechanism. The access to an object by a user is governed by the reference monitor which relies on an authorization database, which is configured based on rules of the organization by a security administrator.
In an access control system, there is clear distinction between policies and mechanisms. Policies are high-level guidelines that determine how accesses is controlled and access decisions determined. Mechanisms are low-level software and hardware functions that can beconfigured to implement a policy.
As the Web systems have evolved with time, it has become exceedingly user-centric and user-driven. It has recently adopted a user centric identity model where authentication is delegated to third party Identity Providers (IdP) using such protocols as OpenID or Shibboleth. However, the Web systems still lacks a comparable access control solution for a complex system that delegates access control to its users. One such example of a system that needs to delegate access control to its basic user is the proposed Personally controlled electronic health record (PCEHR) [2] system by the National E-Health Transition Authority Ltd (NEHTA) of the Australian government.
So in a system, policies can evolve or change with the passage of time. In certain cases polices needs to be refined and implemented as a part of system functionality. In certain systems it becomes necessary to delegate access controls directly to the users. This research aims to create a meta model for access control, making it easier to change access control based on changing policies. The meta model will be designed based on the analysis carried out on the models that suit the scenarios identified for the PCEHR system.
Biography: Maneesh Mathai is a Master of Science (Honours) student in the School of Computing, Engineering and Mathematics, at the University of Western Sydney. He graduated from Mahatma Gandhi University, India, specializing in computer science in 2008. Previously, he worked as a Web developer, working closely with NGOs to develop an online platform that enables the print-impaired people to connect and share accessible content as well as build conversations and communities around the shared content. In addition, he has worked with medical practitioners to develop an online collaborative platform for the medical community to share multimedia contents. In his Masters research project he aims to identifying a computational models for context analysis and approaches for content aggregation. His research interests include Social Life Networking, Content Management Systems, Scenario analysis and Modelling information systems.
Mobile options: