Enforcing RFID Data Visibility Restrictions using XACML security policies

496 views
419 views

Published on

Radio Frequency Identification (RFID) technology allows automatic data capture from tagged objects moving in a supply chain. This data can be very useful if it is used to answer traceability queries, however it is distributed across many different repositories, owned by different companies.
Discovery Services (DS) are designed to assist in retrieving the RFID data relevant for traceability queries while enforcing sharing policies that are defined and required by participating companies to prevent sensitive data from being exposed.
In this paper we define an interface for Supply Chain Authorization (SC-Az) and describe the implementation of two visibility restriction mechanisms based on Access Control Lists (ACLs) and Capabilities. Both approaches were converted to the standard eXtensible Access Control Markup Language (XACML) and their correctness and performance was evaluated for supply chains with increasing size.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
496
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Enforcing RFID Data Visibility Restrictions using XACML security policies

  1. 1. Enforcing RFID Data Visibility Restrictions using XACML security policies Miguel Pardal, Mark Harrison, Sanjay Sarma, José Alves MarquesTécnico Lisboa, University of Cambridge, Massachusetts Institute of Technology Miguel Pardal, Enforcing RFID Data Visibility using XACML security policies Slide 1
  2. 2. Traceability systems assessment framework http://trakchain.net Miguel Pardal, Enforcing RFID Data Visibility using XACML security policies Slide 2
  3. 3. Each individual item takes a unique path...Miguel Pardal, Enforcing RFID Data Visibility using XACML security policies Slide 3
  4. 4. Traceability data securityMiguel Pardal, Enforcing RFID Data Visibility using XACML security policies Slide 4
  5. 5. SCAz – Supply Chain Authorization Language • Classical authorization mechanisms - EAC – Enumerated Access Control • Access control lists - CCT – Chain of Communication Tokens Miguel Pardal, Enforcing RFID Data Visibility using XACML security policies Slide 5
  6. 6. Externalized security• Authentication - SAML• Message level (cryptographic) protection - TLS• Authorization - XACML Miguel Pardal, Enforcing RFID Data Visibility using XACML security policies Slide 6
  7. 7. eXtensible Access Control Markup Language Miguel Pardal, Enforcing RFID Data Visibility using XACML security policies Slide 7
  8. 8. XACML request processingMiguel Pardal, Enforcing RFID Data Visibility using XACML security policies Slide 8
  9. 9. Performance assessment toolMiguel Pardal, Enforcing RFID Data Visibility using XACML security policies Slide 9
  10. 10. EAC processing time breakdown for request evaluationMiguel Pardal, Enforcing RFID Data Visibility using XACML security policies Slide 10
  11. 11. EAC and CCT evaluation time with increasing item numbers Miguel Pardal, Enforcing RFID Data Visibility using XACML security policies Slide 11
  12. 12. Contributions • Data sharing policies • XACML translation • Correctness check • Performance assessment • Future work - Pharma pedigree case study - Combine approaches in expressive language - “Automatic” authorization • minimize admin burden for traceability data sharingMiguel Pardal, Enforcing RFID Data Visibility using XACML security policies Slide 12
  13. 13. Merci! Visit http://trakchain.net Miguel Pardal, Enforcing RFID Data Visibility using XACML security policies Slide 13

×