+ All Categories
Home > Technology > Enforcing RFID Data Visibility Restrictions using XACML security policies

Enforcing RFID Data Visibility Restrictions using XACML security policies

Date post: 05-Dec-2014
Category:

Technology
Upload: miguel-pardal
View: 701 times
Download: 5 times
Download Report this document
Share this document with a friend
Description:
Radio Frequency Identification (RFID) technology allows automatic data capture from tagged objects moving in a supply chain. This data can be very useful if it is used to answer traceability queries, however it is distributed across many different repositories, owned by different companies. Discovery Services (DS) are designed to assist in retrieving the RFID data relevant for traceability queries while enforcing sharing policies that are defined and required by participating companies to prevent sensitive data from being exposed. In this paper we define an interface for Supply Chain Authorization (SC-Az) and describe the implementation of two visibility restriction mechanisms based on Access Control Lists (ACLs) and Capabilities. Both approaches were converted to the standard eXtensible Access Control Markup Language (XACML) and their correctness and performance was evaluated for supply chains with increasing size.
13
Miguel Pardal, Enforcing RFID Data Visibility using XACML security policies Slide 1 Enforcing RFID Data Visibility Restrictions using XACML security policies Miguel Pardal, Mark Harrison, Sanjay Sarma, José Alves Marques Técnico Lisboa, University of Cambridge, Massachusetts Institute of Technology
Transcript
Page 1: Enforcing RFID Data Visibility Restrictions using XACML security policies

Miguel Pardal, Enforcing RFID Data Visibility using XACML security policies

Slide 1

Enforcing RFID Data Visibility Restrictions using XACML security policies

Miguel Pardal, Mark Harrison, Sanjay Sarma, José Alves Marques

Técnico Lisboa, University of Cambridge, Massachusetts Institute of Technology

Page 2: Enforcing RFID Data Visibility Restrictions using XACML security policies

Miguel Pardal, Enforcing RFID Data Visibility using XACML security policies

Traceability systems assessment framework

Slide 2

http://trakchain.net

Page 3: Enforcing RFID Data Visibility Restrictions using XACML security policies

Miguel Pardal, Enforcing RFID Data Visibility using XACML security policies

Each individual item takes a unique path...

Slide 3

Page 4: Enforcing RFID Data Visibility Restrictions using XACML security policies

Miguel Pardal, Enforcing RFID Data Visibility using XACML security policies

Traceability data security

Slide 4

Page 5: Enforcing RFID Data Visibility Restrictions using XACML security policies

Miguel Pardal, Enforcing RFID Data Visibility using XACML security policies

SCAz – Supply Chain Authorization Language

• Classical authorization mechanisms - EAC – Enumerated Access Control

• Access control lists

- CCT – Chain of Communication Tokens

Slide 5

Page 6: Enforcing RFID Data Visibility Restrictions using XACML security policies

Miguel Pardal, Enforcing RFID Data Visibility using XACML security policies

Externalized security

•Authentication

- SAML

•Message level (cryptographic) protection

- TLS

•Authorization

- XACML

Slide 6

Page 7: Enforcing RFID Data Visibility Restrictions using XACML security policies

Miguel Pardal, Enforcing RFID Data Visibility using XACML security policies

eXtensible Access Control Markup Language

Slide 7

Page 8: Enforcing RFID Data Visibility Restrictions using XACML security policies

Miguel Pardal, Enforcing RFID Data Visibility using XACML security policies

XACML request processing

Slide 8

Page 9: Enforcing RFID Data Visibility Restrictions using XACML security policies

Miguel Pardal, Enforcing RFID Data Visibility using XACML security policies

Performance assessment tool

Slide 9

Page 10: Enforcing RFID Data Visibility Restrictions using XACML security policies

Miguel Pardal, Enforcing RFID Data Visibility using XACML security policies

EAC processing time breakdown for request evaluation

Slide 10

Page 11: Enforcing RFID Data Visibility Restrictions using XACML security policies

Miguel Pardal, Enforcing RFID Data Visibility using XACML security policies

EAC and CCT evaluation time with increasing item numbers

Slide 11

Page 12: Enforcing RFID Data Visibility Restrictions using XACML security policies

Miguel Pardal, Enforcing RFID Data Visibility using XACML security policies

Contributions

• Data sharing policies

• XACML translation

• Correctness check

• Performance assessment

• Future work - Pharma pedigree case study

- Combine approaches in expressive language

- “Automatic” authorization • minimize admin burden for traceability data sharing

Slide 12

Page 13: Enforcing RFID Data Visibility Restrictions using XACML security policies

Miguel Pardal, Enforcing RFID Data Visibility using XACML security policies

Visit http://trakchain.net

Slide 13

Merci!


Recommended
OASIS XACML XML DSig Profile

OASIS XACML XML DSig Profile

Documents

REST Profile of XACML v3.0 Version 1 - OASISdocs.oasis-open.org/xacml/xacml-rest/v1.0/xacml-rest-v1...1.5.2 Cloud Computing..... 7 1.5.3 REST ..... 8 1.5.4 RESTful Authorization as

REST Profile of XACML v3.0 Version 1 - OASISdocs.oasis-open.org/xacml/xacml-rest/v1.0/xacml-rest-v1...1.5.2 Cloud Computing..... 7 1.5.3 REST ..... 8 1.5.4 RESTful Authorization as

Documents

XACML Data Loss Prevention / Network Access Control (DLP ...docs.oasis-open.org/xacml/xacml-3.0-dlp-nac/v1.0/cs01/…  · Web viewTraffic flows between devices according to defined

XACML Data Loss Prevention / Network Access Control (DLP ...docs.oasis-open.org/xacml/xacml-3.0-dlp-nac/v1.0/cs01/…  · Web viewTraffic flows between devices according to defined

Documents

JSON Profile of XACML 3.0 Version 1 - OASISdocs.oasis-open.org/xacml/xacml-json-http/v1.0/... · 4 The XACML architecture promotes a loose coupling between the component that enforces

JSON Profile of XACML 3.0 Version 1 - OASISdocs.oasis-open.org/xacml/xacml-json-http/v1.0/... · 4 The XACML architecture promotes a loose coupling between the component that enforces

Documents

XACML - XML Amsterdam2011

XACML - XML Amsterdam2011

Technology

International Trade: Rules of Origin/67531/metadc... · enforcing trade remedies (such as antidumping and countervailing duties) or quantitative restrictions (tariff quotas), and

International Trade: Rules of Origin/67531/metadc... · enforcing trade remedies (such as antidumping and countervailing duties) or quantitative restrictions (tariff quotas), and

Documents

XACML v3.0 Administration and Delegation Profile Version 1docs.oasis-open.org/xacml/3.0/administration/v1.0/csprd02/xacml-3.… · xacml-3.0-administration-v1-spec-cs-01-en 10 August

XACML v3.0 Administration and Delegation Profile Version 1docs.oasis-open.org/xacml/3.0/administration/v1.0/csprd02/xacml-3.… · xacml-3.0-administration-v1-spec-cs-01-en 10 August

Documents

2 eXtensible Access Control Markup Language 3 …docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0...2 eXtensible Access Control Markup Language 3 (XACML) Version 2.0 4 OASIS

2 eXtensible Access Control Markup Language 3 …docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0...2 eXtensible Access Control Markup Language 3 (XACML) Version 2.0 4 OASIS

Documents

XACML Briefing for PMRM TC

XACML Briefing for PMRM TC

Documents

Fine-grained authorization with XACML

Fine-grained authorization with XACML

Technology

Natural Language XACML - soph-ware.com

Natural Language XACML - soph-ware.com

Documents

eXtensible Access Control Markup Language (XACML) Version ...docs.oasis-open.org/xacml/3.0/errata01/os/xacml-3.0-cor…  · Web viewThe system entity that evaluates applicable policy

eXtensible Access Control Markup Language (XACML) Version ...docs.oasis-open.org/xacml/3.0/errata01/os/xacml-3.0-cor…  · Web viewThe system entity that evaluates applicable policy

Documents

SAML 2.0 profile of XACML - OASISdocs.oasis-open.org/xacml/access_control-xacml-2.0-saml... · 2004. 12. 10. · This profile defines how to use SAML 2.0 to protect, transport, and

SAML 2.0 profile of XACML - OASISdocs.oasis-open.org/xacml/access_control-xacml-2.0-saml... · 2004. 12. 10. · This profile defines how to use SAML 2.0 to protect, transport, and

Documents

A Non-technical User-Oriented Display Notation for XACML ...afelty/dist/mcetech09.pdf · function. We have developed and implemented such tool, based on XACML. The XACML is an important

A Non-technical User-Oriented Display Notation for XACML ...afelty/dist/mcetech09.pdf · function. We have developed and implemented such tool, based on XACML. The XACML is an important

Documents

Administrative Policies in XACML

Administrative Policies in XACML

Documents

XACML v3.0 Related and Nested Entities Profile ... - OASISdocs.oasis-open.org/xacml/xacml-3.0-related... · OASIS takes no position regarding the validity or scope of any intellectual

XACML v3.0 Related and Nested Entities Profile ... - OASISdocs.oasis-open.org/xacml/xacml-3.0-related... · OASIS takes no position regarding the validity or scope of any intellectual

Documents

JSON Profile of XACML 3.0 Version 1.0 - OASISdocs.oasis-open.org/xacml/xacml-json-http/v1.0/cs... · Web viewThe order of the objects and values in XACML does not matter. Therefore,

JSON Profile of XACML 3.0 Version 1.0 - OASISdocs.oasis-open.org/xacml/xacml-json-http/v1.0/cs... · Web viewThe order of the objects and values in XACML does not matter. Therefore,

Documents

XACML MAP Authorization Profile Version 1 - OASISdocs.oasis-open.org/xacml/xacml-map-authz/v1.0/cs01/xacml-map-a… · XACML MAP Authorization Profile Version 1.0. Edited by Richard

XACML MAP Authorization Profile Version 1 - OASISdocs.oasis-open.org/xacml/xacml-map-authz/v1.0/cs01/xacml-map-a… · XACML MAP Authorization Profile Version 1.0. Edited by Richard

Documents