ABAC and ABE Policy Enforcement Mechanism (AAPEM)
Why we need it?
To manage authorization, ASCLEPIOS introduced and combined two access control mechanisms that were designed and implemented as the ABAC and ABE Policy Enforcement Mechanism (AAPEM). Firstly, this mechanism undertakes the attribute-based ABAC policy enforcement for yielding access control decisions on incoming requests by evaluating contextual information. Secondly, AAPEM, through its ABE service, is also able to perform encryption and decryption of SSE keys using attributes and context-aware policies.
AAPEM was developed to address the crucial medical systems requirements regarding the dynamic policy creation and the separation of concerns among policy definition and policy enforcement. The value of these characteristics can be presumed if we consider the capability of the ABAC Engine to enforce access control policies that can be altered even at run-time without having to perform any manual interventions at the medical system side.
The combination of ABAC and ABE resulted in a holistic authorization approach that can greatly serve the increased security requirements of modern cloud-based healthcare systems.
How does it work?
The attribute-based ABAC policy enforcement mechanism essentially refers to an access control method that permits or denies a subject’s request to perform certain operations on an object based on the subject’s assigned or perceived attribute values, the object, their environment, and the request itself. These attribute values express the current context of an incoming request that should be evaluated by the authorization engine against the specified policies that bare attributes-based conditions.
On the other hand, the attribute-based ABE service handles SSE keys encryption and decryption by safely retrieving them from KeyTray, while the ABE key of each user is generated by the Trusted Authority service and securely distributed as a Keycloak user attribute. This flow ensures that the ABE key is always up to date with the latest changes to a user’s attributes and readily available for any services that require it for ABE based encryption or decryption operations.
The combined approach of the two aforementioned services is implemented as a two-step process where first the relevant ABAC policies are enforced on access attempts to resources (either data or functionality), and subsequently, after getting ABAC permission, an ABE policy is evaluated before recovering the resource’s symmetric decryption key.