We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byMadeline Cahill
Modified over 2 years ago
© 2004 Ravi Sandhu The Safety Problem in Access Control HRU Model Ravi Sandhu Laboratory for Information Security Technology George Mason University
© 2004 Ravi Sandhu 2 The Access Matrix Model, Lampson 1971
© 2004 Ravi Sandhu 3 Access Control Models Authentication AuthorizationEnforcement who is trying to access a protected resource? who should be allowed to access which protected resources? who should be allowed to change the access? how does the system enforce the specified authorization Access Control ModelsAccess Control Architecture
© 2004 Ravi Sandhu 4 The OM-AM Way Objectives Models Architectures Mechanisms What? How? AssuranceAssurance
© 2004 Ravi Sandhu 5 The HRU (Harrison-Ruzzo-Ullman) Model, 1976 Ur w V F G r
© 2004 Ravi Sandhu 6 The HRU (Harrison-Ruzzo-Ullman) Model, 1976 Ur w V F r w own G r
© 2004 Ravi Sandhu 7 The HRU (Harrison-Ruzzo-Ullman) Model, 1976 Ur w V F r w own G r r
© 2004 Ravi Sandhu 8 HRU Commands and Operations command α(X1, X2,..., Xk) if rl in (Xs1, Xo1) and r2 in (Xs2, Xo2) and ri in (Xsi, Xoi) then op1; op2; … opn end enter r into (Xs, Xo) delete r from (Xs, Xo) create subject Xs create object Xo destroy subject Xs destroy object Xo
© 2004 Ravi Sandhu 9 HRU Examples
© 2004 Ravi Sandhu 10 HRU Examples
© 2004 Ravi Sandhu 11 HRU Examples
© 2004 Ravi Sandhu 12 HRU Examples
© 2004 Ravi Sandhu 13 The Safety Problem Given initial state protection scheme (HRU commands) Can r appear in a cell that exists in the initial state and does not contain r in the initial state? More specific question might be: can r appear in a specific cell [s,o]
© 2004 Ravi Sandhu 14 The Safety Problem Initial state: r in (o,o) and nowhere else
© 2004 Ravi Sandhu 15 Safety is Undecidable in HRU
© 2004 Ravi Sandhu 16 Safety is Undecidable in HRU
© 2004 Ravi Sandhu 17 Left Move
© 2004 Ravi Sandhu 18 Safety is Undecidable in HRU
© 2004 Ravi Sandhu 19 Right Move
© 2004 Ravi Sandhu 20 Right Move to New Cell
© 2004 Ravi Sandhu 21 Mono-operational systems Safety for mono-operational systems is NP-Complete
© 2004 Ravi Sandhu 22 Monotonic HRU command α(X1, X2,..., Xk) if rl in (Xs1, Xo1) and r2 in (Xs2, Xo2) and ri in (Xsi, Xoi) then op1; op2; … opn end enter r into (Xs, Xo) delete r from (Xs, Xo) create subject Xs create object Xo destroy subject Xs destroy object Xo
© 2004 Ravi Sandhu 23 Safety in HRU Undecidable in general HRU unable to find interesting decidable cases. Mono-operational: decidable but uninteresting and NP- complete Monotonic: undecidable Bi-conditional monotonic: undecidable Mono-conditional monotonic: decidable but uninteresting
© 2004 Ravi Sandhu 24 The Safety Problem in HRU HRU 1976: It would be nice if we could provide for protection systems an algorithm which decided safety for a wide class of systems, especially if it included all or most of the systems that people seriously contemplate. Unfortunately, our one result along these lines involves a class of systems called mono- operational, which are not terribly realistic. Our attempts to extend these results have not succeeded, and the problem of giving a decision algorithm for a class of protection systems as useful as the LR(k) class is to grammar theory appears very difficult. 2004: Considerable progress has been made but much remains to be done and practical application of known results is essentially non-existent. –Progress includes: Take-Grant Model (Jones, Lipton, Snyder, Denning, Bishop; late 79s early 80s), Schematic Protection Model (Sandhu, 80s), Typed Access Matrix Model (Sandhu, 1990s), Graph Transformations (Koch, Mancini, Parisi- Pressice 2000s)
© 2004 Ravi Sandhu A Perspective on Graphs and Access Control Models Ravi Sandhu Laboratory for Information Security Technology George.
© Ravi Sandhu HRU and TAM Ravi Sandhu Laboratory for Information Security Technology George Mason University
© 2004 Ravi Sandhu The Typed Access Matrix Model (TAM) and Augmented TAM (ATAM) Ravi Sandhu Laboratory for Information Security Technology.
© 2004 Ravi Sandhu The Schematic Protection Model (SPM) Ravi Sandhu Laboratory for Information Security Technology George Mason University.
© 2004 Ravi Sandhu Safety in Access Control Take-Grant (best viewed in slide-show mode) Ravi Sandhu Laboratory for Information Security.
Secure System Design and Access Control Nick Feamster CS 6262 Spring 2009.
A Logic Specification for Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University SACMAT 2004.
Logical Model and Specification of Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University.
© 2005 Ravi Sandhu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology.
Engineering Authority and Trust in Cyberspace: The OM-AM and RBAC Way Prof. Ravi Sandhu George Mason University
© 2004 Ravi Sandhu Role-Based Access Control Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.
Information Assurance: A Personal Perspective Ravi Sandhu
Analysis of Algorithms NP & NP-Complete Prof. Muhammad Saeed.
7- Sicurezza delle basi di dati. 2 Sommario 1 Database Security and Authorization 1.1 Introduction to Database Security Issues 1.2 Types of Security 1.3.
Chapter 8 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
On the Expressive Power of the Unary Transformation Model by Ravi Sandhu Srinivas Ganta Center for Secure Information Systems George Mason University.
1 Access Control. 2 Objects and Subjects A multi-user distributed computer system offers access to objects such as resources (memory, printers), data.
ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University.
Computer Science 1 CSC 405 Introduction to Computer Security Topic 5. Trusted Operating Systems -- Part I.
© Ravi Sandhu The Secure Information Sharing Problem and Solution Approaches Ravi Sandhu Professor of Information Security and Assurance.
Intelligent Architectures for Electronic Commerce Part 1.5: Symbolic Reasoning Agents.
Ethical Issues Raised by Current Research on Drug Addiction Dr Tom Walker Centre for Professional Ethics Keele University United Kingdom.
CSE 373 Data Structures and Algorithms Lecture 12: Trees IV (AVL Trees)
ALGEBRAIC EXPRESSIONS Step 1Write the problem. Step 2Substitute in the values for the unknown (variable). Step 3Use PEMDAS (remember to go left to right).
© Ravi Sandhu Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology.
Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University
Architectural Design IS301 – Software Engineering Lecture # 14 – M. E. Kabay, PhD, CISSP Dept of Computer Information Systems Norwich University.
Chapter 1 Review 1.__________________ is the study of how people seek to satisfy their needs and wants by making choices. 2.A physical object such as a.
1 LECTURE 1 ACCESS CONTROL Ravi Sandhu. 2 OUTLINE Access matrix model Access control lists versus Capabilities Content and context-based controls Discretionary.
The Relational Model and Normalization (1) IS 240 – Database Management Lecture #7 – Prof. M. E. Kabay, PhD, CISSP Norwich University
© 2016 SlidePlayer.com Inc. All rights reserved.