ASCLEPIOS Models and Policies Editors (AMPLE)
Why we need it?
For example, AMPLE can be used to create an access control policy for the case of healthcare professionals who want to access their patients’ sensitive Electronic Health Records (EHRs) if and only if the following criteria are met: i) the professional is located in the hospital, ii) the professional is connected via the hospital’s WiFi, iii) the patient is located in the hospital at the specific time period of access request, and finally iv) her access request is conducted in working days and hours. For this policy to be realized, we have created a model of contextual attributes which includes among others: Subject (the requestor), Object (the requested sensitive information), DateTime, Location, and Connectivity (the device type, the connection type, the connection security, and the connection metrics). By having in our disposal the above mentioned attributes, we can use them as background knowledge for creating the corresponding policy.
How does it work?
AMPLE uses contextual attributes to support the definition of access control rules. Contextual attributes may characterize the requestor, the resource to be accessed, the environment or even the request itself. The attributes that can be used have been formally defined in a common vocabulary called Context-Aware Security Model (CASM) that is stored in AMPLE’s internal repository and can be configured or extended using the editing capabilities of AMPLE. The CASM’s attribute values are used both for the creation of the user CP-ABE Keys as well as the evaluation of the requestor’s context in the ABAC Enforcement engine (AAPEM). Last, AMPLE provides ABAC and ABE policy validation capabilities, according to a number of policy developer defined rules for checking policy correctness, completeness or for security awareness.