Presentation is loading. Please wait.

Presentation is loading. Please wait.

ReBAC in ABAC Tahmina Ahmed Department of Computer Science University of Texas at San Antonio 4/29/2016 1 Institute for Cyber Security World-Leading Research.

Published byAmos Barton Modified over 7 years ago

Similar presentations

Presentation on theme: "ReBAC in ABAC Tahmina Ahmed Department of Computer Science University of Texas at San Antonio 4/29/2016 1 Institute for Cyber Security World-Leading Research."— Presentation transcript:

1 ReBAC in ABAC Tahmina Ahmed Department of Computer Science University of Texas at San Antonio 4/29/2016 1 Institute for Cyber Security World-Leading Research with Real-World Impact! by

2 Outline Introduction and BackGround A Simple ReBAC Model Relationships in ABAC  Attribute Composition  Composite Attribute A Composite ABAC Model Comparison  Expressive Power  Complexity 2 World-Leading Research with Real-World Impact!

3 Using Relations For Controlling Access © Tahmina Ahmed World-Leading Research with Real-World Impact! 3 Access control for IOT A sample social graph A sample Provenance Graph (Park et al. 2012 )

4 Existing Access Control Models those use some kind of Relations for authorization policy Expression © Tahmina Ahmed World-Leading Research with Real-World Impact! 4 Social Beyond Social Provenance Based Access Control Uses Object’s Data Provenance Relation to access that object Uses social relationship to access OSN resources Uses social relationship/relationshi p between system entities to access resources in any system PBAC ReBAC

5 What Does ReBAC Mean? © Tahmina Ahmed World-Leading Research with Real-World Impact! 5 What does relationship based access control mean? What are the core characteristics of a ReBAC Model ?

6 A Simple ReBAC Model (SReBAC[p]) © Tahmina Ahmed World-Leading Research with Real-World Impact! 6 Commands addRelation deleteRelation access An Example Command Instantiation of SReBAC[3]

7 An Example of a Simple ReBAC Command Execution © Tahmina Ahmed World-Leading Research with Real-World Impact! 7

8 Expression of Relationship in ABAC © Tahmina Ahmed World-Leading Research with Real-World Impact! 8 AliceBob Carol Attribute Composition  Needs one attribute: friend  Policy Expression uses Attribute composition friend(Alice)={Bob} friend(friend(Alice))={Carol} Composite Attribute  Needs two attribute 1. friend 2. friendoffriend  Policy Expression uses direct attributes friend(Alice) ={Bob} friendoffriend(Alice)={Carol} friend

9 Is this enough to keep the end user as an attribute value for Composite Attribute? © Tahmina Ahmed World-Leading Research with Real-World Impact! 9 AliceBob Carol friend John friend friend(Alice) = {Bob, John} friendoffriend(Alice) = {Carol}

10 Is this enough to keep the end user as an attribute value for Composite Attribute? © Tahmina Ahmed World-Leading Research with Real-World Impact! 10 AliceBob Carol friend John friend After execution of deleteRelation(“Alice”, “Bob”) friend(Alice) = {John} friendoffriend(Alice) = ? So we need to keep the relationship path information as a value of a composite attribute. friendoffriend(Alice) = {Bob.Carol, John.Carol}----- Before Deletion friendoffriend(Alice) = {John.Carol} ------ After Deletion

11 A Composite ABAC Model : ABAC C [n,m] © Tahmina Ahmed World-Leading Research with Real-World Impact! 11

12 Comparison: Expressive Power Vs. Complexity © Tahmina Ahmed World-Leading Research with Real-World Impact! 12 SReBAC [p] : Can Express Authorization Policy upto level p ABAC C [n,m]: Can do n level attribute composition in authorization policy and has m -1 composite attributes. So ABAC C [n,m] can express Authorization Policy upto level n X m Expressive Power Comparison: So if p = n X m SReBAC [p] has same expressive power as ABAC C [n,m]

13 Comparison: Expressive Power Vs. Complexity © Tahmina Ahmed World-Leading Research with Real-World Impact! 13

14 Comparison: Expressive Power Vs. Complexity © Tahmina Ahmed World-Leading Research with Real-World Impact! 14

15 Questions/Comments 15 World-Leading Research with Real-World Impact!

Download ppt "ReBAC in ABAC Tahmina Ahmed Department of Computer Science University of Texas at San Antonio 4/29/2016 1 Institute for Cyber Security World-Leading Research."

Similar presentations

A Local-Optimization based Strategy for Cost-Effective Datasets Storage of Scientific Applications in the Cloud Many slides from authors’ presentation.

A Local-Optimization based Strategy for Cost-Effective Datasets Storage of Scientific Applications in the Cloud Many slides from authors’ presentation.
Adopting Provenance-based Access Control in OpenStack Cloud IaaS October, 2014 NSS Presentation Institute for Cyber Security University of Texas at San.

Adopting Provenance-based Access Control in OpenStack Cloud IaaS October, 2014 NSS Presentation Institute for Cyber Security University of Texas at San.
A Provenance-based Access Control Model (PBAC) July 18, 2012 PST’12, Paris, France Jaehong Park, Dang Nguyen and Ravi Sandhu Institute for Cyber Security.

A Provenance-based Access Control Model (PBAC) July 18, 2012 PST’12, Paris, France Jaehong Park, Dang Nguyen and Ravi Sandhu Institute for Cyber Security.
11 World-Leading Research with Real-World Impact! Integrated Provenance Data for Access Control in Group-centric Collaboration Dang Nguyen, Jaehong Park.

11 World-Leading Research with Real-World Impact! Integrated Provenance Data for Access Control in Group-centric Collaboration Dang Nguyen, Jaehong Park.
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.

1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
Future of Access Control: Attributes, Automation, Adaptation

Future of Access Control: Attributes, Automation, Adaptation
1 Security and Trust Convergence: Attributes, Relations and Provenance Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown.

1 Security and Trust Convergence: Attributes, Relations and Provenance Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown.
Attribute-Based Access Control Models and Beyond

Attribute-Based Access Control Models and Beyond
11 World-Leading Research with Real-World Impact! RT-Based Administrative Models for Community Cyber Security Information Sharing Ravi Sandhu, Khalid Zaman.

11 World-Leading Research with Real-World Impact! RT-Based Administrative Models for Community Cyber Security Information Sharing Ravi Sandhu, Khalid Zaman.
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.

1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
Chapter 5. Operations on Multiple R. V.'s 1 Chapter 5. Operations on Multiple Random Variables 0. Introduction 1. Expected Value of a Function of Random.

Chapter 5. Operations on Multiple R. V.'s 1 Chapter 5. Operations on Multiple Random Variables 0. Introduction 1. Expected Value of a Function of Random.
11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.

11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.
11 World-Leading Research with Real-World Impact! A Formal Model for Isolation Management in Cloud Infrastructure-as-a-Service Khalid Zaman Bijon, Ram.

11 World-Leading Research with Real-World Impact! A Formal Model for Isolation Management in Cloud Infrastructure-as-a-Service Khalid Zaman Bijon, Ram.
1 A Role Based Administration Model For Attribute Xin Jin, Ram Krishnan, Ravi Sandhu SRAS, Sep 19, 2012 World-Leading Research with Real-World Impact!

1 A Role Based Administration Model For Attribute Xin Jin, Ram Krishnan, Ravi Sandhu SRAS, Sep 19, 2012 World-Leading Research with Real-World Impact!
11 World-Leading Research with Real-World Impact! A Group-Centric Model for Collaboration with Expedient Insiders in Multilevel Systems Khalid Zaman Bijon,

11 World-Leading Research with Real-World Impact! A Group-Centric Model for Collaboration with Expedient Insiders in Multilevel Systems Khalid Zaman Bijon,
Institute for Cyber Security A Multi-Tenant RBAC Model for Collaborative Cloud Services Bo Tang, Qi Li and Ravi Sandhu Presented by Bo Tang at The 11 th.

Institute for Cyber Security A Multi-Tenant RBAC Model for Collaborative Cloud Services Bo Tang, Qi Li and Ravi Sandhu Presented by Bo Tang at The 11 th.
1 Institute for Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair February 4, 2015

1 Institute for Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair February 4, 2015
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.

1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
11 World-Leading Research with Real-World Impact! Towards Provenance and Risk-Awareness in Social Computing Yuan Cheng, Dang Nguyen, Khalid Bijon, Ram.

11 World-Leading Research with Real-World Impact! Towards Provenance and Risk-Awareness in Social Computing Yuan Cheng, Dang Nguyen, Khalid Bijon, Ram.
Provenance-based Access Control in Cloud IaaS August 23, 2013 Dissertation Proposal Dang Nguyen Institute for Cyber Security University of Texas at San.

Provenance-based Access Control in Cloud IaaS August 23, 2013 Dissertation Proposal Dang Nguyen Institute for Cyber Security University of Texas at San.

Similar presentations

Ads by Google