The document proposes developing software to enable secure and authorized dynamic group resource management. It aims to implement attribute-based access control and dynamic delegation of access rights to address limitations in existing group-centric applications. The research plan involves three phases: literature review and requirements analysis; core implementation of access control and delegation features; and testing, performance analysis, and real-world deployment. The proposed software would facilitate secure collaboration and resource sharing for educational institutions and organizations.
1. Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST -
Islamabad
KTH
Applied
Information
Security
Lab
Secure & Authorized DynamicSecure & Authorized Dynamic
Group Resource ManagementGroup Resource Management
Principal Investigator: Dr Awais Shibli
Co-Principal Investigator: Dr. Abdul Ghafoor
2. Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST -
Islamabad
KTH
Applied
Information
Security
Lab
OutlineOutline
o Overview
o Objective
o Introduction
o Literature Survey
o Lack of Features
o Proposed Software
o Benefits of Software Solution
o Comparison of Proposed work with existing Group
Centric Application
o Contribution to National Economy
o Research Plan and Schedule
o Conclusion
3. Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST -
Islamabad
KTH
Applied
Information
Security
Lab
OverviewOverview
o Project Aims
o Research and development in the field of group
secure information sharing (g-SIS)
o Domain: Access Control in Group-Centric
Environment
o Organizational Outcomes
o To manage complex and dynamic group centric
tasks
o Secure resource sharing and management
o Requirement based authorization
o Delegation of rights in group environment
4. Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST -
Islamabad
KTH
Applied
Information
Security
Lab
ObjectivesObjectives
To motivate researcher to explore group secure
information sharing and implement an open source
product in which new access control models can be
integrated in future that provides a qualitative and
customizable product well known to industrial
standards.
5. Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST -
Islamabad
KTH
Applied
Information
Security
Lab
IntroductionIntroduction
o Group secure information sharing (g-SIS)
bring users and information together in form
of group to facilitate sharing.
o Recently introduce by Krishnan et al in
2009.
o Group centric environment requires
dynamic sharing of resources with an
authorized group of users.
6. Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST -
Islamabad
KTH
Applied
Information
Security
Lab
Literature SurveyLiterature Survey
o Architecture of group secure
information sharing environment:
o Super Distribution
oResources are encrypted once using a
shared key
oAny user machine compromise lead to all the
group resources exposure
o Micro Distribution
oResources are custom encrypted for each of
the group user
7. Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST -
Islamabad
KTH
Applied
Information
Security
Lab
Literature SurveyLiterature Survey
o Models for group secure information
sharing environment:
o Time-Based sharing model
oAuthorize users access resources of group
on temporal order
oAuthorization are based on the time users
joined the group
o Extended Model
oBased on the principle of sharing but
differentiate
oSelective information sharing with minimized
unauthorized access
o Typical Access Model
8. Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST -
Islamabad
KTH
Applied
Information
Security
Lab
Literature SurveyLiterature Survey
o Role Based Access Control
o Direct Role Delegation
oManually delegate role to the user
oNot feasible for large number of users in an
organization
o Attribute Based Role Delegation
oDelegator can restrict the way in which roles
can be further delegated.
oCascading and non-cascading revocation
also proposed.
o PBDM2
oAll role of a user are delegatable.
o Role-to-Role Model
9. Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST -
Islamabad
KTH
Applied
Information
Security
Lab
Lack of Features in g-SISLack of Features in g-SIS
o Dynamic access control
o Dynamic delegation of access rights
o Data Encryption
o Dynamic certificate PKI integration
o Dynamic creation and revocation of groups
10. Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST -
Islamabad
KTH
Applied
Information
Security
Lab
Proposed Software for g-SISProposed Software for g-SIS
o Uses Attribute Based Access Control
o Support XACML Authorization Architecture
PDP
PEPPEP
Subject Resource
Subject Attribute Authority
Resource Attribute
Authority
Environment AA
ABAC
Policy
Authority
Dynamic
Access
Control
Policy
Dynamic
Delegation
of Access
Rights Policy
Dynamic
Certificate
PKI
Encrypted
Data
Dynamic Creation
& Revocation of
groups
11. Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST -
Islamabad
KTH
Applied
Information
Security
Lab
Benefits of Software SolutionBenefits of Software Solution
o Facilitate educational institute , security
agencies, software houses, and research
community by providing group secure
communication.
o Manage access of dynamically created
groups
o Events, Tasks, Time, and Usages
o Dynamically created policy used for access
control and group management
o Provide secure environment based on well
known security standards
o Public Key infrastructure used for secure
12. Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST -
Islamabad
KTH
Applied
Information
Security
Lab
Comparison of our proposed work withComparison of our proposed work with
existing Group Centric Applicationsexisting Group Centric Applications
o Group Centric Resource Sharing
Application
o Open source software
o Focus on teaching related administrative tasks
o No comprehensive security features
o Based on stringent architecture and inherent
security bugs
o Proposed Software Application
o Provide encrypted data storage
o Provide dynamic time and event based resource
management
o Provide dynamic authorization of users on
encrypted data
13. Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST -
Islamabad
KTH
Applied
Information
Security
Lab
Contribution to National EconomyContribution to National Economy
o Provide facilities to researcher to enhance
their skills, learning and knowledge
o Address all organizational collaboration
concerns under one umbrella
o Processes
o Procedures and Policies
o Dynamic events and tasks
o User-to-User interaction
o Enabling secure resource sharing across
organizations
o Secure access to dynamic groups
14. Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST -
Islamabad
KTH
Applied
Information
Security
Lab
Research Plan and ScheduleResearch Plan and Schedule
o Project activities are divided into three
phases:
o Phase 1: Literature Survey, Software
Requirement, and Architecture
o Phase 2: Core Implementation
o Phase 3: Testing & Performance Analysis
15. Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST -
Islamabad
KTH
Applied
Information
Security
Lab
Phase One SchedulePhase One Schedule
Project Activities Phases
Number of
weeks needed
Start date End date
PHASE ONE: Literature Survey, Software Requirement, and Architecture
Literature survey in the field of
group-secure information sharing,
access control models, and access
rights delegation models
8
December 02,
2013
January 27,
2014
Secure resource sharing market
survey
4
January 28,
2014
February 25,
2014
Software requirement specification 4
February 26,
2014
March 26,
2014
Low and high level architecture
specification
4
March 27,
2014
April 24, 2014
Feasibility study of proposed
software
4 April 25, 2014 May 23, 2014
Software design specification of
proposed software
8 May 26, 2014 July 21, 2014
16. Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST -
Islamabad
KTH
Applied
Information
Security
Lab
Phase Two SchedulePhase Two Schedule
Project Activities Phases
Number of
weeks needed
Start date End date
PHASE TWO: Core Implementation
Implementation and testing of Attribute
Based Access Control (ABAC) policies
in XACML3.0
8 July 22, 2014
September 16,
2014
Implementation and testing of New
Target Matching Capabilities feature.
4
September 17,
2014
October15,
2014
Implementation and testing of Multiple
Decision Profile feature.
4
October 16,
2014
November 13,
2014
Implementation and testing of
Delegation Profile feature.
4
November 14,
2014
December 12,
2014
Integration and unit testing of
implemented access model and features
in a comprehensive frame of software
4
December 15,
2014
January 12,
2015
Expansion of software with extensible
features
4
January 13,
2015
February 10,
2015
Testing of software with feature of
access control and delegation of access
rights.
4
February 11,
2015
March 11, 2015
17. Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST -
Islamabad
KTH
Applied
Information
Security
Lab
Phase Three SchedulePhase Three Schedule
Project Activities Phases
Number of
weeks needed
Start date End date
PHASE THREE: Testing & Performance Analysis
Stress and load testing of software 6 March 12, 2015 April 23, 2015
Bug checking after module integration 6 April 24, 2015 June 05, 2015
Dynamic features testing of software 6 June 08, 2015 July 20, 2015
Deployment of software in real time
environment
6 July 21, 2015
September 01,
2015
Performance analysis of software 8
September 02,
2015
October 28,
2015
18. Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST -
Islamabad
KTH
Applied
Information
Security
Lab
ConclusionConclusion
The proposed software provide dynamic
group authorization, delegation of rights,
and management of resources for educational
institute when hosting an event as
conference. Also provide virtual classroom,
event and task based groups for requirement
based activities.
19. Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST -
Islamabad
KTH
Applied
Information
Security
Lab
Thank Yo u!Thank Yo u!