NeuroLOG Security Policy proposal

Similar documents
DigitalPersona Altus. Solution Guide

Federated XDMoD Requirements

Ekran System v.6.0 Privileged User Accounts and Sessions (PASM)

These are suggestions not policy. It is one approach that may help us understand

Exam Name: TS: Upgrading from Windows Server 2003 MCSA to Windows Server 2008,Technology Specializations

F5 BIG-IQ Centralized Management: Licensing and Initial Setup. Version 5.1

Installing and Administering a Satellite Environment

Installing the Cisco Unified CallManager Customer Directory Plugin Release 4.3(1)

Owner of the content within this article is Written by Marc Grote

Oracle Database 11g: New Features for Oracle 9i DBAs

SafeConsole On-Prem Install Guide. version DataLocker Inc. July, SafeConsole. Reference for SafeConsole OnPrem

MOC 20411B: Administering Windows Server Course Overview

FUJITSU Cloud Service K5 - API Management Service Description

HP ArcSight Port and Protocol Information

BIG-IQ Centralized Management: Licensing and Initial Setup. Version 5.0

BusinessObjects Enterprise XI

SAML-Based SSO Solution

User guide User Guide CIPA Administration Console

Managing External Identity Sources

NeuroLOG WP1 Sharing Data & Metadata

User Guide CIPA Administration Console Open e-trustex

SafeConsole On-Prem Install Guide

FUJITSU Cloud Service K5 - API Management Service Description

SafeConsole On-Prem Install Guide

glite Grid Services Overview

Technical Overview. Version March 2018 Author: Vittorio Bertola

Oracle Enterprise Manager

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

Microsoft Dynamics CRM Installation (MB2-708)

Implementing Single-Sign-On(SSO) for APM UI

Overview of System Center 2012 R2 Configuration Manager

Implementing Microsoft Azure Infrastructure Solutions

F5 BIG-IQ Centralized Management: Authentication, Roles, and User Management. Version 5.4

One Identity Active Roles 7.3. Synchronization Service Administration Guide

Open mustard seed. Patrick Deegan, Ph.D. ID3

Oracle Database 12c R2: Managing Multitenant Architecture Ed 2

SECTION 10 EXCHANGE PROTOCOL

Authenticating Cisco VCS accounts using LDAP

Course : Planning and Administering SharePoint 2016

Working with AD RMS Clients

OnCommand Cloud Manager 3.2 Deploying and Managing ONTAP Cloud Systems

ACS 5.x: LDAP Server Configuration Example

Cisco Expressway Authenticating Accounts Using LDAP

Configuration Manager Active Directory Schema Extensions Are Not Required For Site Server

Embedded Web Server. Administrator's Guide

UNIT V *********************************************************************************************

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure

EnterSpace Data Sheet

Management Intranet: Integrating Web-based Network Management Applications

Siebel Application Deployment Manager Guide. Version 8.0, Rev. A April 2007

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

Contents Overview... 5 Downloading Primavera Gateway... 5 Primavera Gateway On-Premises Installation Prerequisites... 6

SOA S90-20A. SOA Security Lab. Download Full Version :

MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter One Introducing Windows Server 2008

Table of Contents About Ignotus AD Installer software... 2 Requirements for the Server Service... 2 Requirements for the Client Service...

A: PLANNING AND ADMINISTERING SHAREPOINT 2016

PROPOSAL OF WINDOWS NETWORK

Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP

ZL UA Exchange 2013 Archiving Configuration Guide

ISO/IEC TR Information technology Security techniques Guidelines for the use and management of Trusted Third Party services

Planning and Administering SharePoint 2016

EnterpriseTrack Reporting Data Model Configuration Guide Version 17

SQL Server AlwaysOn setup on ObserveIT environment

Q48: I noticed an amendment to the ASED BAA, what has changed? Q48: The due date for proposals has been extended from November 9 to November 28.

The NeuroLOG Platform Federating multi-centric neuroscience resources

Selecting Software Packages for Secure Database Installations

What s in Installing and Configuring Windows Server 2012 (70-410):

ANIXIS Password Reset

Security Digital Certificate Manager

This course provides students with the knowledge and skills to administer Windows Server 2012.

Duration: 5 Days Course Code: M20764 Version: B Delivery Method: Elearning (Self-paced)

IBM. Security Digital Certificate Manager. IBM i 7.1

USER DOCUMENTATION. Shared Users File (SUF)

The provision of Calling Line Identification facilities and other related services over Electronic Communications Networks

Mobile and Remote Access Through Cisco Expressway

Manage SAML Single Sign-On

Payment Card Industry (PCI) Point-to-Point Encryption

ITTIA DB SQL Em bedded Dat abase and VxWorks

Lotus IBM WebShere Portal 6 Deployment and Administration.

COURSE OUTLINE MOC : PLANNING AND ADMINISTERING SHAREPOINT 2016

NeuroLOG Client User Guide

MOC 6421B: Configuring and Troubleshooting a Windows Server 2008 Network Infrastructure

Administering a SQL Database Infrastructure

Signe Certification Authority. Certification Policy Degree Certificates

Duration Level Technology Delivery Method Training Credits. Classroom ILT 5 Days Advanced SQL Server

Entrust Identification Server 7.0. Entrust Entitlements Server 7.0. Administration Guide. Document issue: 1.0. Date: June 2003

Installing and Configuring vcenter Support Assistant

TRUST IDENTITY. Trusted Relationships for Access Management: AND. The InCommon Model

Public Key Infrastructure

Course No. MCSA Days Instructor-led, Hands-on

ISO/TR TECHNICAL REPORT. Health informatics Interoperability and compatibility in messaging and communication standards Key characteristics

Internet Engineering Task Force (IETF) Request for Comments: 8000 Category: Standards Track. November 2016

Designing Database Solutions for Microsoft SQL Server (465)

Oracle Hospitality Cruise AffairWhere Security Guide Release E April 2017

Oracle Enterprise Manager. Description. Versions Supported. System Monitoring Plug-in Installation Guide for EMC CLARiiON System Release 5 (

OPC UA Configuration Manager PTC Inc. All Rights Reserved.

C IBM. IBM WebSphere App Server Network Deployment V8.0- Core Admin

Managed Administration Service (MAS): Hitachi ID Password Manager

MiContact Center Business Important Product Information for Customer GDPR Compliance Initiatives

Access Control in Federated Systems

Transcription:

Software technologies for integration of process, data and knowledge in medical imaging NeuroLOG Security Policy proposal Technical document Authors: J. Montagnat (I3S) D. Godard (Visioscopie) Summary: This document describes the security policy proposed to control the access to sensitive resources within the NeuroLOG project. It also drafts a possible implementation of this policy. http://neurolog.polytech.unice.fr

Document layout 1. Summary of proposed security...2 2. Security policy description...2 2.1. Users, administrators and groups...3 2.2. Files sharing across sites...4 2.3. Example...4 3. Operational set up...5 1. Summary of proposed security The policy described in the next section aims at fulfilling the security requirements of the NeuroLOG project for data access control. The proposed solution also intends to be as lightweight and easy to deploy as possible. To summarize, the main aspects of the proposed policy are: 1. The security policy is administrated locally on each site by one site administrator. There is no global administrator of the distributed platform. 2. All users are securely identified and registered into the system. The local site administrator 3. Data access is controlled at the level of groups of users. At least one group will be created for each site (by default all data registered into one site will be accessible to the site group only). As many additional groups may be created as needed. A group is created and owned by one site but known from the other sites: there is a single administrator for one group (the group local site administrator) but users from other sites may be registered into any group. A site administrator may decide which data is accessible to which group. 4. Accesses to local data will be traced individually in a non repudiable manner on each site. This policy ensures that each site controls its data: local data access is under the responsibility of the site administrator. However, groups containing users from different sites allow data sharing among different sites. 2. Security policy description Sensitive medical data will be deployed on different sites over the distributed NeuroLOG platform. The NeuroLOG Security Policy (NSP) aims at fulfilling two a priori antagonist roles: To make data exchanges among users from different site possible; To ensure that each site solely controls the access to the data it owns. To implement the NSP, all system users are authenticated through nonrepudiable nominative certificates. Each user is registered into one site (and thus known by the system) by the site administrator. Access to data is controlled at 2 / 5

the group level: as many groups as needed may be created and data files are individually controlled by group. Complementary to the NSP, all data exported from a site will be anonymized and encrypted prior to transmission for protection as detailed in NeuroLOG deliverable 3. 2.1. Users, administrators and groups Each system operator, whether normal a user or an administrator, is identified by her/his individual X509 certificate. Such a certificate contains a non repudiable Distinguished Name (DN) similar to: /O=GRID-FR/C=FR/O=CNRS/OU=I3S/CN=Johan Montagnat This certificate thus identifies the user name and institution. Several credentials will be used in the NeuroLOG platform: login/password identification, CPS (Carte Professionnelle de Santé), SQL92 identifiers and grid certificates. The system will ensure the proper mapping of a single user DN to all these credentials to interoperate with the services. On each site, a single user gets the administrator privileges allowing her/him to: 1. Register or unregister other users into the local site. Only users with a valid certificate belonging to the local site may be registered. 2. Change the administrator privilege recipient. 3. Create groups and populate groups with user DNs. 4. Grant group access to individual data files. The site administrator is the warrant of the local site data control. On each site, as many groups as needed may be created by the system administrator. A group is a unique group identifying name associated to a list of users known by their DN. Note that a group may contain users from different sites (except for the site-specific group as detailed below). A registry service (see next section) will ensure the unicity of group names among different sites. Two groups will be automatically created on each site upon system installation: A site-specific group. All members registered to a site will belong to this group. By default all data registered to a site will be readable by members of the site group. No members of other sites can be registered into the site-specific group. An administrator group containing the administrator user. All data registered to a site will be readable and writable to the administrator group. No normal user can be added to this group. Thus, only the administrator has deletion capability over the site data. Other groups are created and populated without restrictions by the site administrator. The site administrator also grants group-based access to each data file. 3 / 5

2.2. Files sharing across sites A group is locally administrated by a single site administrator but users from different sites may be registered into a same group. Conversely, site administrators can grant access to their local files for groups owned by external sites. Thus, users belonging to different sites can share data from multiple sites upon joint authorization by the group administrator and the site file administrators. Each site controls the access to its files and the administrator is the warrant of the application of the site access control policy. 2.3. Example Let us consider as an example the deployment of two sites A and B as illustrated in Figure 1. Group G A Adm A Usr A1 Usr A2 Group G MS Usr B1 Adm B Group G B f A1 f A2 f A3 Access to group G MS f B1 f B2 f B3 Figure 1. Two-sites deployment example. Site A is administrated by Adm A and hosts users Usr A1 and Usr A2. Site B is administrated by Adm B and hosts user Usr B1. Upon deployment, the site specifics groups G A (containing Adm A, Usr A1 and Usr A2 ) and G B (containing Adm B and Usr B1 ) are created. Two singleton administrator groups G AdmA and G AdmB are also created. Suppose know that three files are registered into site A (f A1, f A2 and f A3 ) and into site B (f B1, f B2 and f B3 ). By default, all users of G A have read access to f A1, f A2 and f A3 and only G AdmA has deletion capability over these files. Suppose know that Adm A creates a group G MS for a working group of users. The DNs of users Usr A2 and Usr B1 are haded to G MS. Adm A grants access right to f A1 and f A2 for group G MS while Adm B grants access right to f B1 for the same group G MS. As a result, both Usr A2 and Usr B1 are able to access to f A1, f A2 and f B1. 4 / 5

3. Operational set up To implement the NSP described above, the administration services of the NeuroLOG sites will have to cooperate. A NeuroLOG registry will be set up to facilitate this operation. The registry main role will be to register all sites participating to the platform deployed. The registry will be contacted by NeuroLOG services to: register a new site; discover the participating sites; and create new groups. The registry is a centralized point of failure. Thus the system should depend as little as possible on it. With the proposed solution, it will be needed only upon site and groups creation which are believed to be rare events. In a long term it would make sense to replicate this service to ensure better fault tolerance. Upon a new site deployment, the registry will be contacted. It will register a unique site name, the site administration service host IP, the site administrator certificate, and the administrator email address. At any time the registry can be queried by one of the sites to discover the other sites registered: thus, the list of sites used e.g. by the Data Federator client can be updated. Furthermore, the registry will allocate a single site prefix to each site, thus ensuring the uniqueness of UIDs generated on each site. Upon group creation, the site registry will be contacted to register the new group. The registry can be queried at any time to discover existing groups by any participating site. 5 / 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback