5Success is largely unrecognized by the security community Security SuccessesOn-line bankingOn-line tradingAutomatic teller machines (ATMs)GSM phonesSet-top boxes…………………….Success is largely unrecognizedby the security community
6Business models dominate Good enough securityReal-world usersSecurity geeksSECUREEASYend usersoperations staffhelp deskwhose securityperception or reality of securitySystem ownerBusiness models dominatesecurity modelsCOSTsystem solutionoperational costopportunity costcost of fraud
7Good enough security COST L M H Entrepreneurial mindset H 1 2 3 AcademicmindsetRISK234ML345
8RBAC96 model (Currently foundation of a NIST/ANSI/ISO standard) ROLE HIERARCHIESUSER-ROLEASSIGNMENTPERMISSIONS-ROLEASSIGNMENTUSERSROLESPERMISSIONS...SESSIONSCONSTRAINTS
9Fundamental Theorem of RBAC RBAC can be configured to do MACMAC is Mandatory Access Control as defined in the Orange BookRBAC can be configured to do DACDAC is Discretionary Access Control as defined in the Orange BookRBAC is policy neutral
10THE OM-AM WAY A What? s u Objectives r Model a n Architecture c MechanismHow?
11OM-AM AND MANDATORY ACCESS CONTROL (MAC) uranceWhat?How?No information leakageLattices (Bell-LaPadula)Security kernelSecurity labels
12OM-AM AND DISCRETIONARY ACCESS CONTROL (DAC) uranceWhat?How?Owner-based discretionnumerousACLs, Capabilities, etc
13OM-AM AND ROLE-BASED ACCESS CONTROL (RBAC) uranceWhat?How?Objective neutralRBAC96, ARBAC97, etc.user-pull, server-pull, etc.certificates, tickets, PACs, etc.
14RBAC96 Model ... ROLES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE USERS SESSIONSROLE HIERARCHIESCONSTRAINTSThis is a somewhat busy slideIt shows a bird’s eye view of RBACThere are many details that need to be debated and filled inSome of these will be discussed in the subsequent panelFor our purpose the bird’s eye view will suffice
18Usage Control (UCON) Coverage Protection ObjectivesSensitive information protectionIPR protectionPrivacy protectionProtection ArchitecturesServer-side reference monitorClient-side reference monitorSRM & CRM
19Core UCON (Usage Control) Models ongoingN/AContinuityDecision can be made during usage for continuous enforcementMutabilityAttributes can be updated as side-effects of subjects’ actions
20Examples Long-distance phone (pre-authorization with post-update) Pre-paid phone card (ongoing-authorization with ongoing-update)Pay-per-view (pre-authorization with pre-updates)Click Ad within every 30 minutes (ongoing-obligation with ongoing-updates)Business Hour (pre-/ongoing-condition)