Presentation is loading. Please wait.

Presentation is loading. Please wait.

Future of Access Control: Attributes, Automation, Adaptation

Published byMarjorie Marsh Modified over 9 years ago

Similar presentations

Presentation on theme: "Future of Access Control: Attributes, Automation, Adaptation"— Presentation transcript:

1 Future of Access Control: Attributes, Automation, Adaptation
Institute for Cyber Security Future of Access Control: Attributes, Automation, Adaptation Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber Security University of Texas at San Antonio PSG College of Technology, ICC3 Conference, Keynote December 19, 2013 © Ravi Sandhu World-Leading Research with Real-World Impact!

2 The Science, Engineering, and Business of Cyber Security
Institute for Cyber Security The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber Security University of Texas at San Antonio PSG College of Technology, ICC3 Conference, Keynote December 19, 2013 © Ravi Sandhu World-Leading Research with Real-World Impact!

3 Cyber Security Status MicroSecurity Not too bad
About as good as it is going to get Criminals can only defraud so many Big government/big business are real threats MacroSecurity New arena for researchers Highly asymmetric, includes offense, clandestine Dual goals: strong offense, strong defense Cyber should be controllable Nuclear, chemical, biological have been “controlled” © Ravi Sandhu World-Leading Research with Real-World Impact! 3

4 Cyber Security Status MicroSecurity Not too bad
About as good as it is going to get Criminals can only defraud so many Big government/big business are real threats MacroSecurity New arena for researchers Highly asymmetric, includes offense, clandestine Dual goals: strong offense, strong defense Cyber should be controllable Nuclear, chemical, biological have been “controlled” Run as fast as you can to stay in place © Ravi Sandhu World-Leading Research with Real-World Impact! 4

5 ≈ 2010 US Department of Defense epiphanies
21st Century Cyberspace ≈ 2010 US Department of Defense epiphanies A new domain akin to land, sea, air and space Have and use offensive cyber weapons Malware penetrations in highly classified networks Consumerization of cyberspace Anytime, Anywhere, Anything BYOD: Bring your own device BYOC: Bring your own cyberspace? Entanglement of cyber-physical-social space Just starting © Ravi Sandhu World-Leading Research with Real-World Impact! 5

6 Cyber Security Goal Enable system designers and operators to say:
This system is secure There is an infinite supply of low-hanging attacks Not attainable © Ravi Sandhu World-Leading Research with Real-World Impact! 6

7 Cyber Security Goal Enable system designers and operators to say:
This system is secure There is an infinite supply of low-hanging attacks Alternate goal: This system is as secure as possible More secure is always better Not attainable Not appropriate © Ravi Sandhu World-Leading Research with Real-World Impact! 7

8 Cyber Security Goal Enable system designers and operators to say:
This system is secure “enough” Mass scale, rather low assurance ATM network, On-line banking, E-commerce One of a kind, extremely high assurance US President’s nuclear football Many successful examples © Ravi Sandhu World-Leading Research with Real-World Impact! 8

9 Cyber Security Goal Enable system designers and operators to say:
This system is secure “enough” Mass scale, rather low assurance ATM network, On-line banking, E-commerce One of a kind, extremely high assurance US President’s nuclear football Many successful examples Science Engineering Business © Ravi Sandhu World-Leading Research with Real-World Impact! 9

10 Distinguishing Characteristics of Cyber/Cyber Security
Cyber Security Ecosystem Science Engineering Business Science explains the cause of observed phenomenon Distinguishing Characteristics of Cyber/Cyber Security Cyberspace is an entirely man-made domain Evolves rapidly and unpredictably Validation primarily with respect to future systems © Ravi Sandhu World-Leading Research with Real-World Impact! 10

11 Distinguishing Characteristics of Cyber/Cyber Security
Cyber Security Ecosystem Science Engineering Business Science explains the cause of observed phenomenon and enables better construction of future systems Distinguishing Characteristics of Cyber/Cyber Security Cyberspace is an entirely man-made domain Evolves rapidly and unpredictably Validation primarily with respect to future systems © Ravi Sandhu World-Leading Research with Real-World Impact! 11

12 Scientific Method: Natural Sciences
Hypothesis Prediction Experimentation Prediction Confirmed Falsified Hypothesis → Law Reject Hypothesis © Ravi Sandhu World-Leading Research with Real-World Impact! 12

13 Scientific Method: Natural Sciences
Paradigms Hypothesis Prediction Experimentation Prediction Confirmed Falsified Hypothesis → Law Reject Hypothesis © Ravi Sandhu World-Leading Research with Real-World Impact! 13

14 Heliocentric versus Geocentric
© Ravi Sandhu World-Leading Research with Real-World Impact! 14

15 Epicycles World-Leading Research with Real-World Impact! © Ravi Sandhu
15

16 Circles versus Ellipses
© Ravi Sandhu World-Leading Research with Real-World Impact! 16

17 Scientific Method: Cyber Sciences
Paradigms Science explains the cause of observed phenomenon and enables better construction of future systems Hypothesis Prediction Experimentation Prediction Confirmed Falsified Hypothesis → Law Reject Hypothesis © Ravi Sandhu World-Leading Research with Real-World Impact! 17

18 Science Quadrants Utility H Edison Pasteur Fundamental Understanding L
junk Bohr Donald Stokes, 1997 Pasteur’s Quadrant: Basic Science and Technological Innovation L © Ravi Sandhu World-Leading Research with Real-World Impact! 18

19 Cyber Science Quadrants
Utility H Jobs Cerf-Kahn Fundamental Understanding L H junk Turing L © Ravi Sandhu World-Leading Research with Real-World Impact! 19

20 Cyber Security Quadrants
Utility H ?? ?? Fundamental Understanding L H junk ?? L © Ravi Sandhu World-Leading Research with Real-World Impact! 20

21 Access Control Decomposition
Policy Specification Policy Enforcement Policy Administration © Ravi Sandhu World-Leading Research with Real-World Impact! 21

22 Access Control Decomposition
Policy Specification Policy Enforcement Policy Reality Policy Administration © Ravi Sandhu World-Leading Research with Real-World Impact! 22

23 Access Control Discretionary Access Control (DAC), 1970
Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? © Ravi Sandhu World-Leading Research with Real-World Impact! 23

24 Access Control RBAC can be configured to do MAC or DAC
Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? RBAC can be configured to do MAC or DAC © Ravi Sandhu World-Leading Research with Real-World Impact! 24

25 Access Control Fixed Policy Flexible
Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? © Ravi Sandhu World-Leading Research with Real-World Impact! 25

26 Access Control Human Driven Automated Adaptive
Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? © Ravi Sandhu World-Leading Research with Real-World Impact! 26

27 Access Control Messy or Chaotic?
Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? Messy or Chaotic? © Ravi Sandhu World-Leading Research with Real-World Impact! 27

28 ABAC Model Structure Policy Configuration Points
© Ravi Sandhu World-Leading Research with Real-World Impact! 28

29 Usage Control Model (UCON)
unified model integrating authorization obligation conditions and incorporating continuity of decisions mutability of attributes © Ravi Sandhu 29

30 Risk Adaptive Access Control (RAdAC)
© Ravi Sandhu World-Leading Research with Real-World Impact! 30

31 The RBAC Story Standard Adopted Proposed Standard RBAC96 paper
© Ravi Sandhu World-Leading Research with Real-World Impact! 31

32 ABAC still in pre/early phase
ABAC Status Standard Adopted Proposed Standard RBAC96 paper 199x? 2013 ABAC still in pre/early phase © Ravi Sandhu World-Leading Research with Real-World Impact! 32

33 Access Control Prognosis
Cyber technologies and systems trends will drive pervasive adoption of ABAC ABAC deployment is going to be messy but need not be chaotic Researchers can facilitate ABAC adoption and reduce chaos by developing Models Theories Systems © Ravi Sandhu World-Leading Research with Real-World Impact! 33

Download ppt "Future of Access Control: Attributes, Automation, Adaptation"

Similar presentations

INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
INSTITUTE FOR CYBER SECURITY 1 Industry-Academia Research Synergy: Fantasy or Reality? Ravi Sandhu Executive Director and Endowed Professor Institute for.

INSTITUTE FOR CYBER SECURITY 1 Industry-Academia Research Synergy: Fantasy or Reality? Ravi Sandhu Executive Director and Endowed Professor Institute for.
Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.

Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.
1 Cyber Security Research: A Personal Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair January 18, 2013

1 Cyber Security Research: A Personal Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair January 18, 2013
1 Access Control Models Prof. Ravi Sandhu Executive Director and Endowed Chair January 25, 2013 & February 1, 2013

1 Access Control Models Prof. Ravi Sandhu Executive Director and Endowed Chair January 25, 2013 & February 1, 2013
1 The Data and Application Security and Privacy (DASPY) Challenge Prof. Ravi Sandhu Executive Director and Endowed Chair 11/11/11

1 The Data and Application Security and Privacy (DASPY) Challenge Prof. Ravi Sandhu Executive Director and Endowed Chair 11/11/11
1 Grand Challenges in Data Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair

1 Grand Challenges in Data Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair
1 The Future of Access Control: Attributes, Automation and Adaptation Prof. Ravi Sandhu Executive Director and Endowed Chair S&P Symposium IIT Kanpur March.

1 The Future of Access Control: Attributes, Automation and Adaptation Prof. Ravi Sandhu Executive Director and Endowed Chair S&P Symposium IIT Kanpur March.
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.

1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.

1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.
1 Security and Trust Convergence: Attributes, Relations and Provenance Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown.

1 Security and Trust Convergence: Attributes, Relations and Provenance Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown.
Attribute-Based Access Control Models and Beyond

Attribute-Based Access Control Models and Beyond
1 Plenary Panel on Cloud Security and Privacy: What is new and What needs to be done? Ravi Sandhu Executive Director and Endowed Professor December 2010.

1 Plenary Panel on Cloud Security and Privacy: What is new and What needs to be done? Ravi Sandhu Executive Director and Endowed Professor December 2010.
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.

1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
1 Cyber Security Grand Challenges and Prognosis Prof. Ravi Sandhu Executive Director and Endowed Chair

1 Cyber Security Grand Challenges and Prognosis Prof. Ravi Sandhu Executive Director and Endowed Chair
INSTITUTE FOR CYBER SECURITY 1 Cyber Security: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security.

INSTITUTE FOR CYBER SECURITY 1 Cyber Security: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security.
1 Institute for Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair February 4, 2015

1 Institute for Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair February 4, 2015
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.

1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
1 Challenges of Cyber Security Education at the Graduate Level Ravi Sandhu Executive Director and Endowed Professor Nov. 9, 2012

1 Challenges of Cyber Security Education at the Graduate Level Ravi Sandhu Executive Director and Endowed Professor Nov. 9, 2012
1 Big Data Applications in Cloud and Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Professor UTSA COB Symposium on Big Data, Big Challenges.

1 Big Data Applications in Cloud and Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Professor UTSA COB Symposium on Big Data, Big Challenges.

Similar presentations

Ads by Google