View
219
Download
1
Tags:
Embed Size (px)
Citation preview
A Privacy Policy Enforcement System
Kaniz Fatema
David Chadwick Stijn Lievens
University of KentSchool of Computing
Canterbury, UK
Primelife IFIP
Summer School 2010
2-6 August
Helsingborg
Sweden
Organization of the presentation
1 Policy based authorisation
system
2 Privacy policy
3 Different authors of privacy
policy
4 Special features of the
proposed system
5 The proposed system
6 Use cases
7 Conclusions and Future Plans2
Policy based authorisation system Access to resource is
protected by policy.
1 Policy based authorisation system
2 Privacy Policy
3 Different Authors of Privacy Policy
4 Special features of the proposed system
5 The proposed system
5.1 The Application Independent PEP
5.2 The Credential Validation Service
5.3 The Master PDP5.4 Conflict Resolution
Policy5.5 Obligations Service
6 Use Cases
7 Conclusions and Future Plans
Authorisation system
PEP
PDP
1
2 3
4
3
Privacy Policy
1 Policy based authorisation system
2 Privacy Policy
3 Different Authors of Privacy Policy
4 Special features of the proposed system
5 The proposed system
5.1 The Application Independent PEP
5.2 The Credential Validation Service
5.3 The Master PDP5.4 Conflict Resolution
Policy5.5 Obligations Service
6 Use Cases
7 Conclusions and Future Plans
Not only defined by the organisation holding the personal data but also by the person or data subject who’s privacy is being protected.
It may contain consent, purpose, obligation such as e-mailing the data subject when his/her data is accessed or deleting the data after a certain amount of time. 4
Different Authors of Privacy Policy
Law ex- data protection act. Issuer ex- The Dr for medical
note, University authority is issuer of degree, data subject is the issuer of personal information such as personal choice.
Controller ex- the health insurance company holding medical record of the data subject, the facebook authority.
Data subject ex- who’s data is being accessed
1 Policy based authorisation system
2 Privacy Policy
3 Different Authors of Privacy Policy
4 Special features of the proposed system
5 The proposed system
5.1 The Application Independent PEP
5.2 The Credential Validation Service
5.3 The Master PDP5.4 Conflict Resolution
Policy5.5 Obligations Service
6 Use Cases
7 Conclusions and Future Plans 5
Special Features of the proposed
system
Multiple Policies
Sticky Policy Paradigm
Obligation enforcement
User Friendly Interface
Distributed Enforcement
Multiple Policy Languages
1 Policy based authorisation system
2 Privacy Policy
3 Different Authors of Privacy Policy
4 Special features of the proposed system
5 The proposed system
5.1 The Application Independent PEP
5.2 The Credential Validation Service
5.3 The Master PDP5.4 Conflict Resolution
Policy5.5 Obligations Service
6 Use Cases
7 Conclusions and Future Plans 6
The proposed system
1 Policy based authorisation system
2 Privacy Policy
3 Different Authors of Privacy Policy
4 Special features of the proposed system
5 The proposed system
5.1 The Application Independent PEP
5.2 The Credential Validation Service
5.3 The Master PDP5.4 Conflict Resolution
Policy5.5 Obligations Service
6 Use Cases
7 Conclusions and Future Plans
AppDepPEP
App IndepPEP
MasterPDP
2
Policy PDPPolicy
PDPPolicy PDP
3
4
5
1
6
CVS
Will EnforceConflictResolutionPolicy
Will evaluate eachpolicy according to the languages theysupport
Will EnforceApplication Independent Obligations
Will Enforce Authz Decisionsand Application Dependent Obligations
0. User’s request
Will validatepresentedcredentials and pull more
AAAA
AA
Variousattributeauthorities / IdPs willissue credentials
ObligationsService
AppIndepObligation
ServiceAppIndepObligation
Service
78
9
1011
12
13
14 Will coordinate obligationenactment
will enactobligations
7
The Application Independent PEP
1 Policy based authorisation system
2 Privacy Policy
3 Different Authors of Privacy Policy
4 Special features of the proposed system
5 The proposed system
5.1 The Application Independent PEP
5.2 The Credential Validation Service
5.3 The Master PDP5.4 Conflict Resolution
Policy5.5 Obligations Service
6 Use Cases
7 Conclusions and Future Plans
AppDepPEP
App IndepPEP
MasterPDP
2
Policy PDPPolicy
PDPPolicy PDP
3
4
5
1
6
CVS
Will EnforceConflictResolutionPolicy
Will evaluate eachpolicy according to the languages theysupport
Will EnforceApplication Independent Obligations
Will Enforce Authz Decisionsand Application Dependent Obligations
0. User’s request
Will validatepresentedcredentials and pull more
AAAA
AA
Variousattributeauthorities / IdPs willissue credentials
ObligationsService
AppIndepObligation
ServiceAppIndepObligation
Service
78
9
1011
12
13
14 Will coordinate obligationenactment
will enactobligations
8
The Credential Validation Service
1 Policy based authorisation system
2 Privacy Policy
3 Different Authors of Privacy Policy
4 Special features of the proposed system
5 The proposed system
5.1 The Application Independent PEP
5.2 The Credential Validation Service
5.3 The Master PDP5.4 Conflict Resolution
Policy5.5 Obligations Service
6 Use Cases
7 Conclusions and Future Plans
AppDepPEP
App IndepPEP
MasterPDP
2
Policy PDPPolicy
PDPPolicy PDP
3
4
5
1
6
CVS
Will EnforceConflictResolutionPolicy
Will evaluate eachpolicy according to the languages theysupport
Will EnforceApplication Independent Obligations
Will Enforce Authz Decisionsand Application Dependent Obligations
0. User’s request
Will validatepresentedcredentials and pull more
AAAA
AA
Variousattributeauthorities / IdPs willissue credentials
ObligationsService
AppIndepObligation
ServiceAppIndepObligation
Service
78
9
1011
12
13
14 Will coordinate obligationenactment
will enactobligations
9
The Master PDP1 Policy based authorisation system
2 Privacy Policy
3 Different Authors of Privacy Policy
4 Special features of the proposed system
5 The proposed system
5.1 The Application Independent PEP
5.2 The Credential Validation Service
5.3 The Master PDP5.4 Conflict Resolution
Policy5.5 Obligations Service
6 Use Cases
7 Conclusions and Future Plans
AppDepPEP
App IndepPEP
MasterPDP
2
Policy PDPPolicy
PDPPolicy PDP
3
4
5
1
6
CVS
Will EnforceConflictResolutionPolicy
Will evaluate eachpolicy according to the languages theysupport
Will EnforceApplication Independent Obligations
Will Enforce Authz Decisionsand Application Dependent Obligations
0. User’s request
Will validatepresentedcredentials and pull more
AAAA
AA
Variousattributeauthorities / IdPs willissue credentials
ObligationsService
AppIndepObligation
ServiceAppIndepObligation
Service
78
9
1011
12
13
14 Will coordinate obligationenactment
will enactobligations
10
The Master PDP1 Policy based authorisation system
2 Privacy Policy
3 Different Authors of Privacy Policy
4 Special features of the proposed system
5 The proposed system
5.1 The Application Independent PEP
5.2 The Credential Validation Service
5.3 The Master PDP5.4 Conflict Resolution
Policy5.5 Obligations Service
6 Use Cases
7 Conclusions and Future Plans
It knows about what PDPs
are there in the system and
what language’s they
support.
It has a conflict resolution
policy to resolve conflicts
among the decisions
returned by the PDPs.
11
The Master PDP1 Policy based authorisation system
2 Privacy Policy
3 Different Authors of Privacy Policy
4 Special features of the proposed system
5 The proposed system
5.1 The Application Independent PEP
5.2 The Credential Validation Service
5.3 The Master PDP5.4 Conflict Resolution
Policy5.5 Obligations Service
6 Use Cases
7 Conclusions and Future Plans 12
Conflict Resolution Policy (CRP)
1 Policy based authorisation system
2 Privacy Policy
3 Different Authors of Privacy Policy
4 Special features of the proposed system
5 The proposed system
5.1 The Application Independent PEP
5.2 The Credential Validation Service
5.3 The Master PDP5.4 Conflict Resolution
Policy5.5 Obligations Service
6 Use Cases
7 Conclusions and Future Plans
Each Conflict Resolution Rule(CRR) has –
-A condition- A Decision Combining Rule (DCR)- optionally a precedence rule- an author- a time of creation
Each DCR can have the following value
- First applicable- Specific Subject Overrides- Specific Resource Overrides- Deny Overrides- Grant Overrides 13
Conflict Resolution Policy (CRP)
1 Policy based authorisation system
2 Privacy Policy
3 Different Authors of Privacy Policy
4 Special features of the proposed system
5 The proposed system
5.1 The Application Independent PEP
5.2 The Credential Validation Service
5.3 The Master PDP5.4 Conflict Resolution
Policy5.5 Obligations Service
6 Use Cases
7 Conclusions and Future Plans
Each PDP can return 5 different answers1.Grant2.Deny3.NotApplicable4.BTG (Break The Glass)5.Indeterminate
The precedence of answers for deny override is Deny>Indeterminate>BTG>Grant>NotApplicable
The precedence of results for grant override is Grant>BTG>Indeterminate>Deny>NotApplicable 14
Obligations Service1 Policy based authorisation system
2 Privacy Policy
3 Different Authors of Policy
4 Special features of the proposed system
5 The proposed system
5.1 The Application Independent PEP
5.2 The Credential Validation Service
5.3 The Master PDP5.4 Conflict Resolution
Policy5.5 Obligations Service
6 Use Cases
7 Conclusions and Future Plans
AppDepPEP
App IndepPEP
MasterPDP
2
Policy PDPPolicy
PDPPolicy PDP
3
4
5
1
6
CVS
Will EnforceConflictResolutionPolicy
Will evaluate eachpolicy according to the languages theysupport
Will EnforceApplication Independent Obligations
Will Enforce Authz Decisionsand Application Dependent Obligations
0. User’s request
Will validatepresentedcredentials and pull more
AAAA
AA
Variousattributeauthorities / IdPs willissue credentials
ObligationsService
AppIndepObligation
ServiceAppIndepObligation
Service
78
9
1011
12
13
14 Will coordinate obligationenactment
will enactobligations
15
Use cases1 Policy based authorisation system
2 Privacy Policy
3 Different Authors of Privacy Policy
4 Special features of the proposed system
5 The proposed system
5.1 The Application Independent PEP
5.2 The Credential Validation Service
5.3 The Master PDP5.4 Conflict Resolution
Policy5.5 Obligations Service
6 Use Cases
7 Conclusions and Future Plans
The person does registration with a Health Service Provider to get the service. During registration s/he fills up a form where s/he gives his/her consent about who can access the medical data for what purpose. Also he fills up a tick box for his DCR. This form is application dependent. The filled form is converted into low level PDP policy and a PDP is started. When a request comes for seeing the data the CRR defined by authors are consulted one by one. Law has a CRR saying if resource = medical data, DCR= denyOverrides.So the DCR is denyOverrides. All the PDPs are consulted and if any PDP returns deny the final answer is deny.
16
Use cases1 Policy based authorisation system
2 Privacy Policy
3 Different Authors of Privacy Policy
4 Special features of the proposed system
5 The proposed system
5.1 The Application Independent PEP
5.2 The Credential Validation Service
5.3 The Master PDP5.4 Conflict Resolution
Policy5.5 Obligations Service
6 Use Cases
7 Conclusions and Future Plans
The system is initialised with Law and Controller PDP
AppDep PEP
AppInd PEP
Master PDP
Law PDP
Control-ler PDP
AppDep PEP
AppInd PEP
Master PDP
Law PDP
Control-ler PDP
Data subjectPDP
The Data subject PDP is started with the person’s policy
17
Conclusions and Future Work
1 Policy based authorisation system
2 Privacy Policy
3 Different Authors of Privacy Policy
4 Special features of the proposed system
5 The proposed system
5.1 The Application Independent PEP
5.2 The Credential Validation Service
5.3 The Master PDP5.4 Conflict Resolution
Policy5.5 Obligations Service
6 Use Cases
7 Conclusions and Future Plans
The system is being implemented in Java as part of the EC TAS³ Integrated Project (www.tas3.eu).
The first beta version is available for download from the PERMIS web site http://sec.cs.kent.ac.uk/permis/downloads/Level3/standalone.shtml
Our next step is to implement the complete Master PDP and conflict resolution policy. Also we need to ensure the distributed enforcement of the sticky policy paradigm. 18
?Questions please…
Thank You19