Access Control » History » Version 10
Suravi Regmi, 11/25/2025 09:38 PM
| 1 | 1 | Suravi Regmi | # Access Control + Policy Structure |
|---|---|---|---|
| 2 | |||
| 3 | 6 | Suravi Regmi | ## Access Control |
| 4 | 7 | Suravi Regmi |  |
| 5 | 6 | Suravi Regmi | --- |
| 6 | |||
| 7 | ## Policy |
||
| 8 | 1 | Suravi Regmi | Goal: limit data access to only authorized users based on terms of use and privacy risks |
| 9 | Default access: Data owner |
||
| 10 | 8 | Suravi Regmi | |
| 11 | WHO : the requester is (e.g. Adam) |
||
| 12 | WHAT: data is requested (e.g. ecg, glucometer) |
||
| 13 | WHERE : the data was recorded (e.g. gym) |
||
| 14 | WHEN: the data was generated (e.g. after 04/04/2023) |
||
| 15 |  |
||
| 16 | 7 | Suravi Regmi | |
| 17 | 6 | Suravi Regmi | |
| 18 | 9 | Suravi Regmi | Time-Based Enhancement Enables policies like " **Adam may access data generated from November 1, 2024 to April 1, 2025** ”. Dates need to be converted to unix timestamp before usage with the system. |
| 19 | 1 | Suravi Regmi | |
| 20 | 2 | Suravi Regmi | --- |
| 21 | 10 | Suravi Regmi | |
| 22 | |||
| 23 | Specification Detail |
||
| 24 | ----------------------- |
||
| 25 | ``` |
||
| 26 | GLOBAL OPTIONS REQUIRED TYPE |
||
| 27 | policy-id * int |
||
| 28 | requester-names * "ndn-name, ndn-name, ..." |
||
| 29 | attribute-policies 1+ |
||
| 30 | |||
| 31 | ATTRIBUTE-POLICIES REQUIRED TYPE |
||
| 32 | allow * list of attributes in NDN-name format |
||
| 33 | deny list of attributes in NDN-name format |
||
| 34 | ``` |
||
| 35 | ``` |
||
| 36 | requester-names |
||
| 37 | FUNCTION |
||
| 38 | specifies what users the access control policy should apply to |
||
| 39 | DATA TYPE |
||
| 40 | list of ndn-formatted names separated by spaces, commas, or both |
||
| 41 | list should be surrounded by quotes |
||
| 42 | if just a single name, no quotes are needed |
||
| 43 | NOTE: |
||
| 44 | incorrect formatting will result in inacurate outputs without warning from parser |
||
| 45 | |||
| 46 | attribute-policies |
||
| 47 | NOTE: stream names are treated as attributes |
||
| 48 | FUNCTION |
||
| 49 | allows for access control on the attribute level |
||
| 50 | specifies which attributes data requesters should be allowed or denied |
||
| 51 | REQUIREMENTS |
||
| 52 | must have "allow" section with at least one stream name |
||
| 53 | TYPE |
||
| 54 | each line within the "allow" and "deny" fields corresponds to a single attribute |
||
| 55 | ``` |
||
| 56 | |||
| 57 | Policy details |
||
| 58 | ------------- |
||
| 59 | |||
| 60 | the labels of attribute-policy-1, attribute-policy-2, etc. can be anything you want |
||
| 61 | |||
| 62 | ABE Policies are created for each of these sections independently and then combines them with OR, which is effectively the same as having separate policies with the same requester-names. |
||
| 63 | Combining these into a single policy allows for all specifications for a group of requesters to be written in a single policy. |
||
| 64 | |||
| 65 | Technical details |
||
| 66 | ---- |
||
| 67 | **Definitions** |
||
| 68 | |||
| 69 | "allowing" or "denying" an attribute refers to putting that attribute inside an "allow" or "deny" section. |
||
| 70 | Stream names and attributes are different in that attributes are data attributes unrelated to the stream name. |
||
| 71 | |||
| 72 | Stream names may be stream name prefixes. |
||
| 73 | For example, if a data stream is named `/one/two/three`, a prefix may be `/one/` or `/one/two/`. |
||
| 74 | Thinking about this as a tree, starting from the "root" prefix, "leaves" of a prefix refer to all data streams which have that prefix. |
||
| 75 | In this example, if there exists a stream `/one/two/four`, the leaves of prefix `/one/two/` are `/one/two/three` and `/one/two/four`. |
||
| 76 | |||
| 77 | Attributes are in the format `/.../ATTRIBUTE/<type>/<value>`. |
||
| 78 | For example, if data was created at the gym, it would have the `/.../ATTRIBUTE/location/gym` attribute. |
||
| 79 | |||
| 80 | When I refer to a set of names being added to the ABE policy, this means all elements in the set are concatenated with OR and then appended to the ABE policy with AND. |
||
| 81 | For example, if the existing ABE policy is `stream1`, adding the set of elements `["one", "two"]` results in `stream1 AND ("one" OR "two")` |
||
| 82 | |||
| 83 | **Assumptions and Implications** |
||
| 84 | |||
| 85 | The parser assumes that any single data packet is encrypted with exactly one attribute from each of the known types. |
||
| 86 | Therefore, if data is encrypted with new types, keys from new policies that allow or deny attributes from these types will deny access to previous data not encrypted with attributes of these new types. |
||
| 87 | |||
| 88 | **Calculations** |
||
| 89 | |||
| 90 | Note: *These are done separately for each individual "attribute-policy" section* |
||
| 91 | |||
| 92 | Allowed attributes are added to the policy. |
||
| 93 | |||
| 94 | Denied attributes of the same type are negated from the set of all attributes of that type and then added to the ABE policy. |
||
| 95 | |||
| 96 | All denied streams are negated from the set of all leaves of all allowed streams. |
||
| 97 | The leaves (data stream names) in the resulting set are added to the ABE policy |
||
| 98 | |||
| 99 | All time-based attributes are individually appended to the ABE policy with AND. |
||
| 100 | |||
| 101 | Comments |
||
| 102 | ------------ |
||
| 103 | ``` |
||
| 104 | DENY ALL ACCESS |
||
| 105 | ALLOW FROM GIVEN STREAMS |
||
| 106 | DENY FROM ALL BUT VALUE |
||
| 107 | DENY ALL ACCESS |
||
| 108 | ALLOW ALL TIME ACCORDING TO VALUE WITHIN GIVEN STREAMS |
||
| 109 | ``` |