Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Access Control Models Prof. Ravi Sandhu Executive Director and Endowed Chair January 25, 2013 & February 1, 2013

Published byJacey Goodson Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Access Control Models Prof. Ravi Sandhu Executive Director and Endowed Chair January 25, 2013 & February 1, 2013"— Presentation transcript:

1 1 Access Control Models Prof. Ravi Sandhu Executive Director and Endowed Chair January 25, 2013 & February 1, 2013 ravi.sandhu@utsa.edu www.profsandhu.com © Ravi Sandhu World-Leading Research with Real-World Impact! CS 6393 Lecture 2

2  Information needs to be protected  In motion  At rest  In use  Absolute security is impossible and unnecessary  Trying to approximate absolute security is a bad strategy  “Good enough” security is feasible and meaningful  Better than “good enough” is bad  Security is meaningless without application context  Cannot know we have “good enough” without this context  Models and abstractions are all important  Without a conceptual framework it is hard to separate “what needs to be done” from “how we do it” © Ravi Sandhu 2 World-Leading Research with Real-World Impact! Foundational Security Assumptions We are not very good at doing any of this

3 © Ravi Sandhu 3 World-Leading Research with Real-World Impact! PEI Models Idealized Enforceable (Approximate) Codeable At the policy layer security models are essentially access control models

4 © Ravi Sandhu 4 World-Leading Research with Real-World Impact! OM-AM (Older Version of PEI) Objectives Model Architecture Mechanism What? How? AssuranceAssurance

5 Access Control Models Discretionary Access Control (DAC)  Owner controls access but only to the original, not to copies Mandatory Access Control (MAC) Same as Lattice-Based Access Control (LBAC)  Access based on security labels  Labels propagate to copies Role-Based Access Control (RBAC)  Access based on roles  Can be configured to do DAC or MAC  Generalizes to Attribute-Based Access Control (ABAC) © Ravi Sandhu5 Numerous other models but only 3 successes

6 © Ravi Sandhu 6 World-Leading Research with Real-World Impact! DAC: ACCESS MATRIX MODEL U r w own V F SubjectsSubjects Objects (and Subjects) r w own G r rights P model

7 © Ravi Sandhu 7 World-Leading Research with Real-World Impact! ACCESS CONTROL LISTS (ACLs) F U:r U:w U:own G U:r V:r V:w V:own each column of the access matrix is stored with the object corresponding to that column E model

8 © Ravi Sandhu 8 World-Leading Research with Real-World Impact! CAPABILITY LISTS E model each row of the access matrix is stored with the subject corresponding to that row UF/r, F/w, F/own, G/r VG/r, G/w, G/own

9 © Ravi Sandhu 9 World-Leading Research with Real-World Impact! ACCESS CONTROL TRIPLES E model SubjectAccessObject UrF UwF UownF UrG VrG VwG VownG commonly used in relational database management systems

10 © Ravi Sandhu 10 World-Leading Research with Real-World Impact! DAC: TROJAN HORSE EXAMPLE File F A:r A:w File G B:r A:w B cannot read file F ACL

11 © Ravi Sandhu 11 World-Leading Research with Real-World Impact! DAC: TROJAN HORSE EXAMPLE File F A:r A:w File G B:r A:w B can read contents of file F copied to file G ACL A Program Goodies Trojan Horse executes read write

12 © Ravi Sandhu 12 World-Leading Research with Real-World Impact! LBAC: LATTICE STRUCTURES Unclassified Confidential Secret Top Secret can-flow dominance  P model

13 © Ravi Sandhu 13 World-Leading Research with Real-World Impact! LBAC: LATTICE STRUCTURES Hierarchical Classes with Compartments S, {A,B} {} {A}{B} S, TS, {A,B} {} {A} {B} TS, P model

14 © Ravi Sandhu 14 World-Leading Research with Real-World Impact! LBAC: LATTICE STRUCTURES SIMPLE-SECURITY Subject S can read object O only if label(S) dominates label(O) STAR-PROPERTY (LIBERAL) Subject S can write object O only if label(O) dominates label(S) STAR-PROPERTY (STRICT) Subject S can write object O only if label(O) equals label(S)

15 © Ravi Sandhu 15 World-Leading Research with Real-World Impact! EQUIVALENCE OF BLP AND BIBA P model HI (High Integrity) LI (Low Integrity)  BIBA LATTICE EQUIVALENT BLP LATTICE LI (Low Integrity) HI (High Integrity) Information flow downwardsInformation flow upwards

16 © Ravi Sandhu 16 World-Leading Research with Real-World Impact! EQUIVALENCE OF BLP AND BIBA P model Information flow downwardsInformation flow upwards HS (High Secrecy) LS (Low Secrecy)  BLP LATTICE EQUIVALENT BIBA LATTICE LS (Low Secrecy) HS (High Secrecy)

17 © Ravi Sandhu 17 World-Leading Research with Real-World Impact! COMBINATION OF DISTINCT LATTICES P model Information flow upwards HS LS LI HI GIVEN BLP BIBA  HS, LI HS, HI LS, LI LS, HI EQUIVALENT BLP LATTICE

18 © Ravi Sandhu 18 World-Leading Research with Real-World Impact! LBAC: LATTICE STRUCTURES Low User High Trojan Horse Infected Subject High User Low Trojan Horse Infected Subject COVERT CHANNEL Information is leaked unknown to the high user

19 © Ravi Sandhu 19 World-Leading Research with Real-World Impact! RBAC: Role-Based Access Control  Access is determined by roles  A user’s roles are assigned by security administrators  A role’s permissions are assigned by security administrators First emerged: mid 1970s First models: mid 1990s Is RBAC MAC or DAC or neither?  RBAC can be configured to do MAC  RBAC can be configured to do DAC  RBAC is policy neutral RBAC is neither MAC nor DAC!

20 RBAC: RBAC96 Model ROLES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERS PERMISSIONS... SESSIONS ROLE HIERARCHIES CONSTRAINTS © Ravi Sandhu20 P model

21 The RBAC Story © Ravi Sandhu21 RBAC96 paper Proposed Standard Adopted

22 RBAC: SERVER PULL © Ravi Sandhu22 E model ClientServer User-role Authorization Server

23 RBAC: CLIENT PULL © Ravi Sandhu23 E model ClientServer User-role Authorization Server

24 RBAC: PROXY-BASED © Ravi Sandhu24 E model ClientServer Proxy Server User-role Authorization Server

25 UCON: Usage Control Scope © Ravi Sandhu25 Security Objectives Security Architectures

26 UCON: Usage Control Model © Ravi Sandhu26 unified model integrating authorization obligation conditions and incorporating continuity of decisions mutability of attributes UCON is ABAC on steroids

27 Application-Centric Security Models Our Basic Premise  There can be no security model without application context So how does one customize an application-centric security model?  Meaningfully combine the essential insights of  DAC, LBAC, RBAC, ABAC, UCON, etcetera  Directly address the application-specific trade-offs  Within the security objectives of confidentiality, integrity and availability  Across security, performance, cost and usability objectives  Separate the real-world concerns of  practical distributed systems and ensuing staleness and approximations (enforcement layer) from  policy concerns in a idealized environment (policy layer) © Ravi Sandhu27

28 © Ravi Sandhu 28 World-Leading Research with Real-World Impact! PEI Models Idealized Enforceable (Approximate) Codeable At the policy layer security models are essentially access control models

Download ppt "1 Access Control Models Prof. Ravi Sandhu Executive Director and Endowed Chair January 25, 2013 & February 1, 2013"

Similar presentations

INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.

INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.
INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
Cyber-Identity, Authority and Trust in an Uncertain World

Cyber-Identity, Authority and Trust in an Uncertain World
Cyber-Identity, Authority and Trust in an Uncertain World

Cyber-Identity, Authority and Trust in an Uncertain World
INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
Access Control Prof. Ravi Sandhu Executive Director and Endowed Chair

Access Control Prof. Ravi Sandhu Executive Director and Endowed Chair
Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.

Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.
LECTURE 1 ACCESS CONTROL Ravi Sandhu.

LECTURE 1 ACCESS CONTROL Ravi Sandhu.
© 2006 Ravi Sandhu www.list.gmu.edu Cyber-Identity, Authority and Trust Systems Prof. Ravi Sandhu Professor of Information Security and Assurance Director,

© 2006 Ravi Sandhu Cyber-Identity, Authority and Trust Systems Prof. Ravi Sandhu Professor of Information Security and Assurance Director,
OM-AM and RBAC Ravi Sandhu * www.list.gmu.edu Laboratory for Information Security Technology (LIST) George Mason University.

OM-AM and RBAC Ravi Sandhu * Laboratory for Information Security Technology (LIST) George Mason University.
Engineering Authority and Trust in Cyberspace: The OM-AM and RBAC Way Prof. Ravi Sandhu George Mason University www.list.gmu.edu.

Engineering Authority and Trust in Cyberspace: The OM-AM and RBAC Way Prof. Ravi Sandhu George Mason University
The RBAC96 Model Prof. Ravi Sandhu. 2 © Ravi Sandhu WHAT IS RBAC?  multidimensional  open ended  ranges from simple to sophisticated.

The RBAC96 Model Prof. Ravi Sandhu. 2 © Ravi Sandhu WHAT IS RBAC?  multidimensional  open ended  ranges from simple to sophisticated.
1 Grand Challenges in Data Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair

1 Grand Challenges in Data Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair
1 The Future of Access Control: Attributes, Automation and Adaptation Prof. Ravi Sandhu Executive Director and Endowed Chair S&P Symposium IIT Kanpur March.

1 The Future of Access Control: Attributes, Automation and Adaptation Prof. Ravi Sandhu Executive Director and Endowed Chair S&P Symposium IIT Kanpur March.
1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.

1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.
Attribute-Based Access Control Models and Beyond

Attribute-Based Access Control Models and Beyond
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.

1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
Li Xiong CS573 Data Privacy and Security Access Control.

Li Xiong CS573 Data Privacy and Security Access Control.
CS426Fall 2010/Lecture 191 Computer Security CS 426 Lecture 19 Discretionary Access Control.

CS426Fall 2010/Lecture 191 Computer Security CS 426 Lecture 19 Discretionary Access Control.
1 Institute for Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair February 4, 2015

1 Institute for Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair February 4, 2015

Similar presentations

Ads by Google