Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2004 Ravi Sandhu www.list.gmu.edu Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology.

Similar presentations


Presentation on theme: "© 2004 Ravi Sandhu www.list.gmu.edu Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology."— Presentation transcript:

1 © 2004 Ravi Sandhu Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University

2 © 2004 Ravi Sandhu 2 Outline Perspective on security Role Based Access Control (RBAC) Objective Model-Architecture Mechanism (OM-AM) Framework Usage Control (UCON) Discussion

3 © 2004 Ravi Sandhu PERSPECTIVE

4 © 2004 Ravi Sandhu 4 Security Conundrum Nobody knows WHAT security is Some of us do know HOW to implement pieces of it Result: hammers in search of nails

5 © 2004 Ravi Sandhu 5 Security Confusion INTEGRITY modification AVAILABILITY access CONFIDENTIALITY disclosure USAGE purpose electronic commerce, electronic business DRM, client-side controls

6 © 2004 Ravi Sandhu 6 Security Successes On-line banking On-line trading Automatic teller machines (ATMs) GSM phones Set-top boxes ……………………. Success is largely unrecognized by the security community

7 © 2004 Ravi Sandhu 7 Good enough security Exceeding good enough is not good You will pay a price in user convenience, ease of operation, cost, performance, availability, … There is no such thing as free security Determining good enough is hard Necessarily a moving target

8 © 2004 Ravi Sandhu 8 Good enough security EASY SECURE COST Security geeksReal-world users System owner whose security perception or reality of security end users operations staff help desk system cost operational cost opportunity cost cost of fraud Business models dominate security models

9 © 2004 Ravi Sandhu 9 Good enough security In many cases good enough is achievable at a pretty low threshold The entrepreneurial mindset In extreme cases good enough will require a painfully high threshold The academic mindset

10 © 2004 Ravi Sandhu 10 Good enough security RISKRISK COST H M L LMH Entrepreneurial mindset Academic mindset

11 © 2004 Ravi Sandhu ROLE-BASED ACCESS CONTROL (RBAC)

12 © 2004 Ravi Sandhu 12 MAC and DAC For 25 years access control has been divided into Mandatory Access Control (MAC) Discretionary Access Control (DAC) In the past 10 years RBAC has become a dominant force RBAC subsumes MAC and DAC

13 © 2004 Ravi Sandhu 13 Mandatory Access Control (MAC) TS S C U Information Flow Dominance Lattice of security labels

14 © 2004 Ravi Sandhu 14 Mandatory Access Control (MAC) Information Flow Dominance Lattice of security labels S,{A,B} S,{A] S,{B} S,{}

15 © 2004 Ravi Sandhu 15 Discretionary Access Control (DAC) The owner of a resource determines access to that resource The owner is often the creator of the resource Fails to distinguish read from copy

16 © 2004 Ravi Sandhu 16 RBAC96 model (Currently foundation of a NIST/ANSI/ISO standard) ROLES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS ROLE HIERARCHIES CONSTRAINTS

17 © 2004 Ravi Sandhu 17 RBAC SECURITY PRINCIPLES least privilege separation of duties separation of administration and access abstract operations

18 © 2004 Ravi Sandhu 18 HIERARCHICAL ROLES Health-Care Provider Physician Primary-Care Physician Specialist Physician

19 © 2004 Ravi Sandhu 19 Fundamental Theorem of RBAC RBAC can be configured to do MAC RBAC can be configured to do DAC RBAC is policy neutral

20 © 2004 Ravi Sandhu OM-AM (Objective/Model Architecture/Mechanism) Framework

21 © 2004 Ravi Sandhu 21 THE OM-AM WAY Objectives Model Architecture Mechanism What? How? AssuranceAssurance

22 © 2004 Ravi Sandhu 22 LAYERS AND LAYERS Multics rings Layered abstractions Waterfall model Network protocol stacks Napolean layers RoFi layers OM-AM etcetera

23 © 2004 Ravi Sandhu 23 OM-AM AND MANDATORY ACCESS CONTROL (MAC) What? How? No information leakage Lattices (Bell-LaPadula) Security kernel Security labels AssuranceAssurance

24 © 2004 Ravi Sandhu 24 OM-AM AND DISCRETIONARY ACCESS CONTROL (DAC) What? How? Owner-based discretion numerous ACLs, Capabilities, etc AssuranceAssurance

25 © 2004 Ravi Sandhu 25 OM-AM AND ROLE-BASED ACCESS CONTROL (RBAC) What? How? Objective neutral RBAC96, ARBAC97, etc. user-pull, server-pull, etc. certificates, tickets, PACs, etc. AssuranceAssurance

26 © 2004 Ravi Sandhu 26 RBAC96 model (Currently foundation of a NIST/ANSI/ISO standard) ROLES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS ROLE HIERARCHIES CONSTRAINTS

27 © 2004 Ravi Sandhu 27 Server-Pull Architecture ClientServer User-role Authorization Server

28 © 2004 Ravi Sandhu 28 User-Pull Architecture ClientServer User-role Authorization Server

29 © 2004 Ravi Sandhu 29 Proxy-Based Architecture ClientServer Proxy Server User-role Authorization Server

30 © 2004 Ravi Sandhu USAGE CONTROL (UCON)

31 © 2004 Ravi Sandhu 31 The UCON Vision: A unified model Traditional access control models are not adequate for todays distributed, network- connected digital environment. Authorization only – No obligation or condition based control Decision is made before access – No ongoing control No consumable rights - No mutable attributes Rights are pre-defined and granted to subjects

32 © 2004 Ravi Sandhu 32 OM-AM layered Approach

33 © 2004 Ravi Sandhu 33 Prior Work Problem-specific enhancement to traditional access control Digital Rights Management (DRM) –mainly focus on intellectual property rights protection. –Architecture and Mechanism level studies, Functional specification languages – Lack of access control model Trust Management –Authorization for strangers access based on credentials

34 © 2004 Ravi Sandhu 34 Prior Work Incrementally enhanced models Provisional authorization [Kudo & Hada, 2000] EACL [Ryutov & Neuman, 2001] Task-based Access Control [Thomas & Sandhu, 1997] Ponder [Damianou et al., 2001]

35 © 2004 Ravi Sandhu 35 Usage Control (UCON) Coverage Protection Objectives Sensitive information protection IPR protection Privacy protection Protection Architectures Server-side reference monitor (SRM) Client-side reference monitor (CRM) Both SRM and CRM

36 © 2004 Ravi Sandhu 36 Core UCON (Usage Control) Models ongoing prepost Continuity of decisions Mutability of attributes

37 © 2004 Ravi Sandhu 37 Examples Long-distance phone (pre-authorization with post- update) Pre-paid phone card (ongoing-authorization with ongoing-update) Pay-per-view (pre-authorization with pre-updates) Click Ad within every 30 minutes (ongoing- obligation with ongoing-updates) Business Hour (pre-/ongoing-condition)

38 © 2004 Ravi Sandhu 38 Beyond the UCON Core Models

39 © 2004 Ravi Sandhu DISCUSSION

40 © 2004 Ravi Sandhu 40 THE OM-AM WAY Objectives Model Architecture Mechanism What? How? AssuranceAssurance

41 © 2004 Ravi Sandhu 41 Good enough security RISKRISK COST H M L LMH Entrepreneurial mindset Academic mindset


Download ppt "© 2004 Ravi Sandhu www.list.gmu.edu Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology."

Similar presentations


Ads by Google