{"id":4676,"date":"2016-05-20T14:50:08","date_gmt":"2016-05-20T21:50:08","guid":{"rendered":"https:\/\/objectsecurity.com\/?p=4676"},"modified":"2024-06-27T12:39:23","modified_gmt":"2024-06-27T19:39:23","slug":"implementing-proximity-based-access-control-pbac-using-model-driven-security","status":"publish","type":"post","link":"https:\/\/objectsecurity.com\/implementing-proximity-based-access-control-pbac-using-model-driven-security\/","title":{"rendered":"Implementing Proximity-Based Access Control (PBAC) using Model-Driven Security"},"content":{"rendered":"<div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-1 fusion-flex-container has-pattern-background has-mask-background nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-content-wrap\" style=\"max-width:1872px;margin-left: calc(-4% \/ 2 );margin-right: calc(-4% \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-0 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-text fusion-text-1\"><p class=\"post-title entry-title\"><strong>A\u00a0particularly advanced and highly useful access control approach we have designed and implemented using Model-Driven Security (MDS) is Proximity-Based Access Control (PBAC) . The PABC\u00a0approach is a highly innovative access control method where information provided to a subject is determined need-to-know based on proximity attributes. It goes far beyond traditional devices access based on physical proximity:<\/strong><\/p>\n<p><b>Definition:\u00a0<\/b><b><u>Proximity-Based Access Control (PBAC)<\/u> <\/b>is access control using policies that are based on the relative proximity\/distance (calculated by a distance calculation function) between one or more proximity attributes associated with an accessor and one or more proximity attributes associated with an accessed resource. \u00a0PBAC is not just about physical proximity, but can involve many proximity dimensions: Geo-Location\/Geospatial; Organizational; Operational; Temporal; Business Process; Security; Risk; Social; Information etc.<\/p>\n<p class=\"post-title entry-title\">Rich, dynamic, contextual, and generic policies can be expressed and enforced if attribute and calculation services can be made available to the PBAC system: For example, geospatial proximity may not be calculated based on the physical location of the requesting user and the requested resource, but for example based on the geospatial area the user\u2019s assigned task pertains to, and the geospatial area the requested information resource pertains to: \u201cTeam leaders can access all resources which pertain to a geospatial area that overlaps at least 70% with the geospatial area associated with the requestor\u2019s assigned task\u201d. Or \u201ccrime analysts working on a task pertaining to a criminal can access all resources pertaining to criminals known to be within 2 hops proximity on the criminal social graph\u201d.<\/p>\n<p><b><u>PBAC needs Model-Driven Security (MDS)\u00a0<\/u><\/b>because of PBAC\u2019s complex policy implementation details \u2013 most conventional access control mechanisms do not support the features required to implement PBAC. Or it would be too cumbersome and error-prone to manually implement\/maintain generic PBAC policies using conventional access control mechanisms.<\/p>\n<p class=\"post-title entry-title\">Note that PBAC is an extension of Model-Driven Security\u00a0and Attribute-Based Access Control (ABAC). PBAC differs technically from non-PBAC Attribute-Based Access Control (ABAC) systems in that a relative distance calculation function exists between attributes associated with the requesting subject, the action and\/or the requested resource. OpenPMF MDS generates machine-enforceable access and logging rules that are enforced by OpenPMF\u2019s ABAC runtime infrastructure, consisting of Policy Access Points, Policy Decision Points, Policy Enforcement Points, Attribute Source Services, Calculation Services, and Mapper Services etc. OpenPMF typically deploys a PDP\/PEP\/PIP combination on each protected node for robustness and security reasons.<\/p>\n<p><b>ObjectSecurity\u00a0<a href=\"https:\/\/www.objectsecurity.com\/about-openpmf\/\" target=\"_blank\" rel=\"noopener noreferrer\">OpenPMF<\/a>\u2122<\/b> is by far the most advanced model-driven security\u00a0product in the market. MDS generates technical security policy rules and accreditation evidence from models, using model-driven approaches. \u00a0MDS is \u201cthe tool supported process of modelling security requirements at a high level of abstraction, and using other information sources available about the system (produced by other stakeholders). These inputs, which are expressed in Domain Specific Languages (DSL), are then transformed into enforceable security rules with as little human intervention as possible. It also includes the run-time security management (e.g. entitlements \/ authorizations), i.e. run-time enforcement of the policy on the protected IT systems, dynamic policy updates and the monitoring of policy violations.\u201d (source: Wikipedia, and <a href=\"https:\/\/www.objectsecurity.com\/blog\/\" target=\"_blank\" rel=\"noopener noreferrer\">this blog<\/a>)<\/p>\n<p>Please <a href=\"https:\/\/www.objectsecurity.com\/contact\/\">contact us<\/a> here if you would like to learn more about Proximity-Based Access Control\u00a0and how to implement it using MDS.<\/p>\n<\/div><\/div><\/div><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":9,"featured_media":4668,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[90,91],"tags":[],"class_list":["post-4676","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education","category-model-driven-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Implementing Proximity-Based Access Control (PBAC) using Model-Driven Security - ObjectSecurity<\/title>\n<meta name=\"robots\" content=\"noindex, follow\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/objectsecurity.com\\\/implementing-proximity-based-access-control-pbac-using-model-driven-security\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/objectsecurity.com\\\/implementing-proximity-based-access-control-pbac-using-model-driven-security\\\/\"},\"author\":{\"name\":\"Ulrich Lang\",\"@id\":\"https:\\\/\\\/objectsecurity.com\\\/#\\\/schema\\\/person\\\/3468948fd539bb291b676a906cf17335\"},\"headline\":\"Implementing Proximity-Based Access Control (PBAC) using Model-Driven Security\",\"datePublished\":\"2016-05-20T21:50:08+00:00\",\"dateModified\":\"2024-06-27T19:39:23+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/objectsecurity.com\\\/implementing-proximity-based-access-control-pbac-using-model-driven-security\\\/\"},\"wordCount\":1350,\"image\":{\"@id\":\"https:\\\/\\\/objectsecurity.com\\\/implementing-proximity-based-access-control-pbac-using-model-driven-security\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/objectsecurity.com\\\/wp-content\\\/uploads\\\/2024\\\/04\\\/abstract-1278077_1920-600x337-1.png?fit=600%2C337&ssl=1\",\"articleSection\":[\"Education\",\"Model-Driven Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/objectsecurity.com\\\/implementing-proximity-based-access-control-pbac-using-model-driven-security\\\/\",\"url\":\"https:\\\/\\\/objectsecurity.com\\\/implementing-proximity-based-access-control-pbac-using-model-driven-security\\\/\",\"name\":\"Implementing Proximity-Based Access Control (PBAC) using Model-Driven Security - ObjectSecurity\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/objectsecurity.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/objectsecurity.com\\\/implementing-proximity-based-access-control-pbac-using-model-driven-security\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/objectsecurity.com\\\/implementing-proximity-based-access-control-pbac-using-model-driven-security\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/objectsecurity.com\\\/wp-content\\\/uploads\\\/2024\\\/04\\\/abstract-1278077_1920-600x337-1.png?fit=600%2C337&ssl=1\",\"datePublished\":\"2016-05-20T21:50:08+00:00\",\"dateModified\":\"2024-06-27T19:39:23+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/objectsecurity.com\\\/#\\\/schema\\\/person\\\/3468948fd539bb291b676a906cf17335\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/objectsecurity.com\\\/implementing-proximity-based-access-control-pbac-using-model-driven-security\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/objectsecurity.com\\\/implementing-proximity-based-access-control-pbac-using-model-driven-security\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/objectsecurity.com\\\/implementing-proximity-based-access-control-pbac-using-model-driven-security\\\/#primaryimage\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/objectsecurity.com\\\/wp-content\\\/uploads\\\/2024\\\/04\\\/abstract-1278077_1920-600x337-1.png?fit=600%2C337&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/objectsecurity.com\\\/wp-content\\\/uploads\\\/2024\\\/04\\\/abstract-1278077_1920-600x337-1.png?fit=600%2C337&ssl=1\",\"width\":600,\"height\":337},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/objectsecurity.com\\\/implementing-proximity-based-access-control-pbac-using-model-driven-security\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/objectsecurity.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Implementing Proximity-Based Access Control (PBAC) using Model-Driven Security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/objectsecurity.com\\\/#website\",\"url\":\"https:\\\/\\\/objectsecurity.com\\\/\",\"name\":\"ObjectSecurity\",\"description\":\"OT\\\/ICS Asset Binary Vulnerability Analysis and Reporting\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/objectsecurity.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/objectsecurity.com\\\/#\\\/schema\\\/person\\\/3468948fd539bb291b676a906cf17335\",\"name\":\"Ulrich Lang\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1becd5ccdeae7ade89a377820868a7789a2e3978f998ef8cb6d5b817c9a63a45?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1becd5ccdeae7ade89a377820868a7789a2e3978f998ef8cb6d5b817c9a63a45?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1becd5ccdeae7ade89a377820868a7789a2e3978f998ef8cb6d5b817c9a63a45?s=96&d=mm&r=g\",\"caption\":\"Ulrich Lang\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Implementing Proximity-Based Access Control (PBAC) using Model-Driven Security - ObjectSecurity","robots":{"index":"noindex","follow":"follow"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/objectsecurity.com\/implementing-proximity-based-access-control-pbac-using-model-driven-security\/#article","isPartOf":{"@id":"https:\/\/objectsecurity.com\/implementing-proximity-based-access-control-pbac-using-model-driven-security\/"},"author":{"name":"Ulrich Lang","@id":"https:\/\/objectsecurity.com\/#\/schema\/person\/3468948fd539bb291b676a906cf17335"},"headline":"Implementing Proximity-Based Access Control (PBAC) using Model-Driven Security","datePublished":"2016-05-20T21:50:08+00:00","dateModified":"2024-06-27T19:39:23+00:00","mainEntityOfPage":{"@id":"https:\/\/objectsecurity.com\/implementing-proximity-based-access-control-pbac-using-model-driven-security\/"},"wordCount":1350,"image":{"@id":"https:\/\/objectsecurity.com\/implementing-proximity-based-access-control-pbac-using-model-driven-security\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/objectsecurity.com\/wp-content\/uploads\/2024\/04\/abstract-1278077_1920-600x337-1.png?fit=600%2C337&ssl=1","articleSection":["Education","Model-Driven Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/objectsecurity.com\/implementing-proximity-based-access-control-pbac-using-model-driven-security\/","url":"https:\/\/objectsecurity.com\/implementing-proximity-based-access-control-pbac-using-model-driven-security\/","name":"Implementing Proximity-Based Access Control (PBAC) using Model-Driven Security - ObjectSecurity","isPartOf":{"@id":"https:\/\/objectsecurity.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/objectsecurity.com\/implementing-proximity-based-access-control-pbac-using-model-driven-security\/#primaryimage"},"image":{"@id":"https:\/\/objectsecurity.com\/implementing-proximity-based-access-control-pbac-using-model-driven-security\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/objectsecurity.com\/wp-content\/uploads\/2024\/04\/abstract-1278077_1920-600x337-1.png?fit=600%2C337&ssl=1","datePublished":"2016-05-20T21:50:08+00:00","dateModified":"2024-06-27T19:39:23+00:00","author":{"@id":"https:\/\/objectsecurity.com\/#\/schema\/person\/3468948fd539bb291b676a906cf17335"},"breadcrumb":{"@id":"https:\/\/objectsecurity.com\/implementing-proximity-based-access-control-pbac-using-model-driven-security\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/objectsecurity.com\/implementing-proximity-based-access-control-pbac-using-model-driven-security\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/objectsecurity.com\/implementing-proximity-based-access-control-pbac-using-model-driven-security\/#primaryimage","url":"https:\/\/i0.wp.com\/objectsecurity.com\/wp-content\/uploads\/2024\/04\/abstract-1278077_1920-600x337-1.png?fit=600%2C337&ssl=1","contentUrl":"https:\/\/i0.wp.com\/objectsecurity.com\/wp-content\/uploads\/2024\/04\/abstract-1278077_1920-600x337-1.png?fit=600%2C337&ssl=1","width":600,"height":337},{"@type":"BreadcrumbList","@id":"https:\/\/objectsecurity.com\/implementing-proximity-based-access-control-pbac-using-model-driven-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/objectsecurity.com\/"},{"@type":"ListItem","position":2,"name":"Implementing Proximity-Based Access Control (PBAC) using Model-Driven Security"}]},{"@type":"WebSite","@id":"https:\/\/objectsecurity.com\/#website","url":"https:\/\/objectsecurity.com\/","name":"ObjectSecurity","description":"OT\/ICS Asset Binary Vulnerability Analysis and Reporting","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/objectsecurity.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/objectsecurity.com\/#\/schema\/person\/3468948fd539bb291b676a906cf17335","name":"Ulrich Lang","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/1becd5ccdeae7ade89a377820868a7789a2e3978f998ef8cb6d5b817c9a63a45?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/1becd5ccdeae7ade89a377820868a7789a2e3978f998ef8cb6d5b817c9a63a45?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1becd5ccdeae7ade89a377820868a7789a2e3978f998ef8cb6d5b817c9a63a45?s=96&d=mm&r=g","caption":"Ulrich Lang"}}]}},"jetpack_featured_media_url":"https:\/\/i0.wp.com\/objectsecurity.com\/wp-content\/uploads\/2024\/04\/abstract-1278077_1920-600x337-1.png?fit=600%2C337&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/objectsecurity.com\/wp-json\/wp\/v2\/posts\/4676","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/objectsecurity.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/objectsecurity.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/objectsecurity.com\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/objectsecurity.com\/wp-json\/wp\/v2\/comments?post=4676"}],"version-history":[{"count":2,"href":"https:\/\/objectsecurity.com\/wp-json\/wp\/v2\/posts\/4676\/revisions"}],"predecessor-version":[{"id":4745,"href":"https:\/\/objectsecurity.com\/wp-json\/wp\/v2\/posts\/4676\/revisions\/4745"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/objectsecurity.com\/wp-json\/wp\/v2\/media\/4668"}],"wp:attachment":[{"href":"https:\/\/objectsecurity.com\/wp-json\/wp\/v2\/media?parent=4676"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/objectsecurity.com\/wp-json\/wp\/v2\/categories?post=4676"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/objectsecurity.com\/wp-json\/wp\/v2\/tags?post=4676"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}