ICARUS Data Safeguarding: Access Policies Challenges

Access control is the method that defines and enforces the selective restriction of access to critical or valuable resources, encompassing authorization mechanisms (in a narrower view) and authentication mechanisms (from a broader view). At a higher level, an access control mechanism is composed by two core parts, namely the access policy lifecycle management and the access policy enforcement. An access policy is the rule based on which access to any type of resource of the ICARUS platform such as data, services, tools, any kind of system resources, as well as all other relevant objects is defined. The access policy enforcement is realised by employing the access policies on an authorisation engine that implements the access control mechanism by enforcing the access policies to prevent unauthorised access to these resources.

ICARUS Access Control with ABAC

In literature, many access control mechanisms are available such as the Role-base Access Control (RBAC) or Organisation-based Access (OrBAC) Control, the Rule-based Access Control (RAC) and the Attributed-Based Access Control (ABAC). Within the context of ICARUS, the ABAC is leveraged which is considered the most suitable solution for promoting information sharing between diverse and disparate organizations. In detail, the ICARUS Access Control mechanism adheres to the XACML version 3.0 standard which enables the data providers to protect and share their data assets without any prior knowledge of the potential individual data consumers with dynamically enforced arbitrary attributes in the access policies. In the XACML, the access policies are based on XML and the authorization decisions are taken by considering different attributes of the subject and the resource, while also different actions and the corresponding environment are effectively modelled.

Access Control Challenges

However, the effective and efficient access control comes with several challenges which should be properly assessed and addressed in order to effectively protect the resources while at the same time ensure the undisrupted access to resources to the ones who have legitimate access.

Access Policy Lifecycle Management

One of the major challenges is the effective change management in data access policies. At first, the access policy is specified after fully understanding the needs of the owner and then this policy is deployed and enforced. However, usually new needs emerge hence it expected that this initially defined access policy is changed (updated) or even revoked.

Thus, an effective access policy lifecycle management is required, capable of keep track and updating instantly each access policy deployed on the access control mechanism. Moreover, the access control mechanism needs to be constantly updated once changes occur, ensuring that undesired behavior is avoided during runtime at all costs. In this case where multiple policies are changed and deployed simultaneously, the conflict detection and resolution may not be a trivial exercise.

Defining Effective Policies

Another challenge is related to proper definition of an access policy. Determining and continuously monitoring who is granted access to which resources, how the resources are granted access and under which conditions is not an easy task. The administrators and the owner should be given the proper overview of the resources and the applied access policies on the resources in order to able to assess that the designed access policies, especially in the case where multiple access policies are combined, are the desired and the proper ones and if any access control holes are identified they are as quickly as possible handled.

Furthermore, big data is usually composed by a variety of data in structured, unstructured or semi-structure format. Access control over the diverse data can be become cumbersome and unmanageable if proper access policies are not defined addressing the different granularities and the large volume of data included in big data applications. ABAC and the XACML effectively support such kind of parameterization, however the large number of attributes included in the access control policies usually increases the complexity and sustainability of the access policy lifecycle management.

Getting Locked Out by Mistake

The purpose of the access control is to guarantee that any kind of resource is only accessed by the legitimate owners or consumers who the owners have given access to these resources (based on legitimate data contracts). However, this whole model relies on the proper definition of the access policies from the owners or administrator of the resources. Another challenge that is raised from this aspect, is what is the proper way to enable the owners or administrators to effectively define the access policies and avoid undesired disclosure due to misunderstanding or misconfiguration of the underlying access policies. While the administrators are usually experienced users, this is not always the case with resource owners that are utilising a big data platform. Hence, the proper user interface and guidance with multiple and easy to understand explanations and suggestions should be considered to avoid this situation.

Access control is one the three key mechanisms adopted in ICARUS for the safeguarding of data. If you want to have an overview of the overall ICARUS Data Safeguarding approach, read our relevant blogpost.

Blog post authored by UBITECH.

Image by Pete Linforth from Pixabay