We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byMadeline Cahill
Modified over 3 years ago
© 2004 Ravi Sandhu The Safety Problem in Access Control HRU Model Ravi Sandhu Laboratory for Information Security Technology George Mason University
© 2004 Ravi Sandhu 2 The Access Matrix Model, Lampson 1971
© 2004 Ravi Sandhu 3 Access Control Models Authentication AuthorizationEnforcement who is trying to access a protected resource? who should be allowed to access which protected resources? who should be allowed to change the access? how does the system enforce the specified authorization Access Control ModelsAccess Control Architecture
© 2004 Ravi Sandhu 4 The OM-AM Way Objectives Models Architectures Mechanisms What? How? AssuranceAssurance
© 2004 Ravi Sandhu 5 The HRU (Harrison-Ruzzo-Ullman) Model, 1976 Ur w V F G r
© 2004 Ravi Sandhu 6 The HRU (Harrison-Ruzzo-Ullman) Model, 1976 Ur w V F r w own G r
© 2004 Ravi Sandhu 7 The HRU (Harrison-Ruzzo-Ullman) Model, 1976 Ur w V F r w own G r r
© 2004 Ravi Sandhu 8 HRU Commands and Operations command α(X1, X2,..., Xk) if rl in (Xs1, Xo1) and r2 in (Xs2, Xo2) and ri in (Xsi, Xoi) then op1; op2; … opn end enter r into (Xs, Xo) delete r from (Xs, Xo) create subject Xs create object Xo destroy subject Xs destroy object Xo
© 2004 Ravi Sandhu 9 HRU Examples
© 2004 Ravi Sandhu 10 HRU Examples
© 2004 Ravi Sandhu 11 HRU Examples
© 2004 Ravi Sandhu 12 HRU Examples
© 2004 Ravi Sandhu 13 The Safety Problem Given initial state protection scheme (HRU commands) Can r appear in a cell that exists in the initial state and does not contain r in the initial state? More specific question might be: can r appear in a specific cell [s,o]
© 2004 Ravi Sandhu 14 The Safety Problem Initial state: r in (o,o) and nowhere else
© 2004 Ravi Sandhu 15 Safety is Undecidable in HRU
© 2004 Ravi Sandhu 16 Safety is Undecidable in HRU
© 2004 Ravi Sandhu 17 Left Move
© 2004 Ravi Sandhu 18 Safety is Undecidable in HRU
© 2004 Ravi Sandhu 19 Right Move
© 2004 Ravi Sandhu 20 Right Move to New Cell
© 2004 Ravi Sandhu 21 Mono-operational systems Safety for mono-operational systems is NP-Complete
© 2004 Ravi Sandhu 22 Monotonic HRU command α(X1, X2,..., Xk) if rl in (Xs1, Xo1) and r2 in (Xs2, Xo2) and ri in (Xsi, Xoi) then op1; op2; … opn end enter r into (Xs, Xo) delete r from (Xs, Xo) create subject Xs create object Xo destroy subject Xs destroy object Xo
© 2004 Ravi Sandhu 23 Safety in HRU Undecidable in general HRU unable to find interesting decidable cases. Mono-operational: decidable but uninteresting and NP- complete Monotonic: undecidable Bi-conditional monotonic: undecidable Mono-conditional monotonic: decidable but uninteresting
© 2004 Ravi Sandhu 24 The Safety Problem in HRU HRU 1976: It would be nice if we could provide for protection systems an algorithm which decided safety for a wide class of systems, especially if it included all or most of the systems that people seriously contemplate. Unfortunately, our one result along these lines involves a class of systems called mono- operational, which are not terribly realistic. Our attempts to extend these results have not succeeded, and the problem of giving a decision algorithm for a class of protection systems as useful as the LR(k) class is to grammar theory appears very difficult. 2004: Considerable progress has been made but much remains to be done and practical application of known results is essentially non-existent. –Progress includes: Take-Grant Model (Jones, Lipton, Snyder, Denning, Bishop; late 79s early 80s), Schematic Protection Model (Sandhu, 80s), Typed Access Matrix Model (Sandhu, 1990s), Graph Transformations (Koch, Mancini, Parisi- Pressice 2000s)
© 2004 Ravi Sandhu A Perspective on Graphs and Access Control Models Ravi Sandhu Laboratory for Information Security Technology George.
© Ravi Sandhu HRU and TAM Ravi Sandhu Laboratory for Information Security Technology George Mason University
© 2004 Ravi Sandhu The Typed Access Matrix Model (TAM) and Augmented TAM (ATAM) Ravi Sandhu Laboratory for Information Security Technology.
© 2004 Ravi Sandhu The Schematic Protection Model (SPM) Ravi Sandhu Laboratory for Information Security Technology George Mason University.
Slide #2-1 Access Control Matrix and Safety Results CS461/ECE422 Computer Security I, Fall 2009 Based on slides provided by Matt Bishop for use with Computer.
© 2004 Ravi Sandhu Safety in Access Control Take-Grant (best viewed in slide-show mode) Ravi Sandhu Laboratory for Information Security.
1 September 14, 2006 Lecture 3 IS 2150 / TEL 2810 Introduction to Security.
2/1/20161 Computer Security Foundational Results.
A Logic Specification for Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University SACMAT 2004.
1 IS 2150 / TEL 2810 Introduction to Security James Joshi Associate Professor, SIS Lecture 4 September 18, 2012 Access Control Model Foundational Results.
Secure System Design and Access Control Nick Feamster CS 6262 Spring 2009.
Slide #3-1 Chapter 3: Foundational Results Overview Harrison-Ruzzo-Ullman result –Corollaries.
Engineering Authority and Trust in Cyberspace: The OM-AM and RBAC Way Prof. Ravi Sandhu George Mason University
© 2005 Ravi Sandhu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology.
Logical Model and Specification of Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University.
Analysis of Algorithms NP & NP-Complete Prof. Muhammad Saeed.
1 Closures of Relations Epp, section 10.? CS 202 Aaron Bloomfield.
© 2004 Ravi Sandhu Role-Based Access Control Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.
Slide #2-1 Chapter 2: Access Control Matrix Overview Access Control Matrix Model Protection State Transitions –Commands –Conditional Commands.
Information Assurance: A Personal Perspective Ravi Sandhu
Chapter 8 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
1 MySQL Access Privilege System. 2 What the Privilege System Does? The primary function of the MySQL privilege system is to authenticate a user connecting.
April 8, 2004ECS 235Slide #1 Overview Safety Question HRU Model Take-Grant Protection Model SPM, ESPM –Multiparent joint creation Expressive power Typed.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 16 October 14, 2004.
7- Sicurezza delle basi di dati. 2 Sommario 1 Database Security and Authorization 1.1 Introduction to Database Security Issues 1.2 Types of Security 1.3.
ALGEBRAIC EXPRESSIONS Step 1Write the problem. Step 2Substitute in the values for the unknown (variable). Step 3Use PEMDAS (remember to go left to right).
1 Access Control. 2 Objects and Subjects A multi-user distributed computer system offers access to objects such as resources (memory, printers), data.
ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University.
Chapter 7 Computer Security 1 Overview Important components of computer security: o User authentication – determine the identity of an individual accessing.
Access Control in Practice CS461/ECE422 Fall 2010.
© 2017 SlidePlayer.com Inc. All rights reserved.