We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byJeremiah Snyder
Modified over 2 years ago
© 2004 Ravi Sandhu A Perspective on Graphs and Access Control Models Ravi Sandhu Laboratory for Information Security Technology George Mason University
© 2004 Ravi Sandhu 2 Outline A perspective on security A perspective on access control The safety problem in access control Looking ahead Discussion
© 2004 Ravi Sandhu 3 Security Confusion INTEGRITY modification AVAILABILITY access CONFIDENTIALITY disclosure USAGE purpose electronic commerce, electronic business digital rights management, client- side controls
© 2004 Ravi Sandhu 4 Good enough security EASY SECURE COST Security geeksReal-world users System owner whose security perception or reality of security end users operations staff help desk system cost operational cost opportunity cost cost of fraud Business models will dominate security models
© 2004 Ravi Sandhu 5 Good enough security RISKRISK COST H M L LMH Entrepreneurial mindset Academic mindset
© 2004 Ravi Sandhu 6 Access Control Models Authentication AuthorizationEnforcement who is trying to access a protected resource? who should be allowed to access which protected resources? who should be allowed to change the access? how does the system enforce the specified authorization Access Control ModelsAccess Control Architecture
© 2004 Ravi Sandhu 7 The OM-AM Way Objectives Models Architectures Mechanisms What? How? AssuranceAssurance
© 2004 Ravi Sandhu 8 Access Control Status Ten years ago Emphasis on –Cryptography and intrusion detection –Access control relegated to back burner Ravi Sandhu, Access Control: The Neglected Frontier. Proc. First Australasian Conference on Information Security and Privacy, LNCS, Today Strong industry interest Growing need Growing research
© 2004 Ravi Sandhu 9 Safety in Access Control Authentication AuthorizationEnforcement who is trying to access a protected resource? who should be allowed to access which protected resources? who should be allowed to change the access? how does the system enforce the specified authorization Access Control ModelsAccess Control Architecture The Safety Problem
© 2004 Ravi Sandhu 10 The HRU (Harrison-Ruzzo-Ullman) Model, 1976 Ur w V F G r
© 2004 Ravi Sandhu 11 The HRU (Harrison-Ruzzo-Ullman) Model, 1976 UF r, w VG r
© 2004 Ravi Sandhu 12 The HRU (Harrison-Ruzzo-Ullman) Model, 1976 UF r, w VG r
© 2004 Ravi Sandhu 13 HRU Commands and Operations command α(X1, X2,..., Xk) if rl in (Xs1, Xo1) and r2 in (Xs2, Xo2) and ri in (Xsi, Xoi) then op1; op2; … opn end enter r into (Xs, Xo) delete r from (Xs, Xo) create subject Xs create object Xo destroy subject Xs destroy object Xo
© 2004 Ravi Sandhu 14 HRU as Graph Rules (from Koch et al 2002)
© 2004 Ravi Sandhu 15 Safety in HRU (late 1970s) Safety Problem: Is there a reachable state with edge labeled z from X to Y? Undecidable in general HRU unable to find interesting decidable cases. Mono-operational: decidable but uninteresting Monotonic: undecidable Bi-conditional monotonic: undecidable Mono-conditional monotonic: decidable but uninteresting
© 2004 Ravi Sandhu 16 The Safety Problem HRU 1976: It would be nice if we could provide for protection systems an algorithm which decided safety for a wide class of systems, especially if it included all or most of the systems that people seriously contemplate. Unfortunately, our one result along these lines involves a class of systems called mono- operational, which are not terribly realistic. Our attempts to extend these results have not succeeded, and the problem of giving a decision algorithm for a class of protection systems as useful as the LR(k) class is to grammar theory appears very difficult. 2004: Considerable progress has been made but much remains to be done and practical application of known results is essentially non-existent. –Progress includes: Take-Grant Model (Jones, Lipton, Snyder, Denning, Bishop; late 79s early 80s), Schematic Protection Model (Sandhu, 80s), Typed Access Matrix Model (Sandhu, 1990s), Graph Transformations (Koch, Mancini, Parisi- Pressice 2000s)
© 2004 Ravi Sandhu 17 Safety with Types Typed Access Matrix or TAM model (Sandhu 1992) Safety is polynomial-decidable for monotonic ternary TAM with acyclic create-graph Typed Graphs (Koch et al 2002) Safety is decidable for transformations that are either expanding or deleting The given algorithm is exponential but actual complexity remains an open question
© 2004 Ravi Sandhu 18 The Take-Grant Model (late 70s, early 80s) AB t (a) B/t Є dom(A) AB g (b) B/g Є dom(A) Original graph representation, late 70s
© 2004 Ravi Sandhu 19 The Take-Grant Model (late 70s, early 80s) AB t (a) B/t Є dom(A) AB g (b) B/g Є dom(A) Lockman-Minsky representation, 1982
© 2004 Ravi Sandhu 20 Creation in Take-Grant A A tg (a) The Original View A A tg (b) The Lockman-Minsky View
© 2004 Ravi Sandhu 21 Reversal of Take-Grant Flow: case t AB t A tg g t
© 2004 Ravi Sandhu 22 Reversal of Take-Grant Flow: case g AB g A tg g t, g
© 2004 Ravi Sandhu 23 Reversal of Grant-Only Flow AB g A gg g g
© 2004 Ravi Sandhu 24 Non-Reversal of Take-Only Flow AB t A tt t
© 2004 Ravi Sandhu 25 Safety in more recent (and practical) models RBAC96 (foundation of a new NIST/ANSI/ISO standard) Safety is undecidable in general –Sandhu, Munawer, Crampton, 1998 Decidable cases exist –Li, Mitchell, Winsborough, Solworth, Sloan, 2000s UCON (Usage Control Models) Safety is undecidable in general Decidable cases exist –Park, Sandhu, Zhang, Parisi-Pressice 2000s
© 2004 Ravi Sandhu 26 Looking ahead Security lags information technology applications Information technology applications are moving extremely rapidly The need for decentralized and automatic authorization is growing very rapidly The safety problem of access control remains a critical path problem Challenges –Develop new real-world relevant theory –Apply old and new theory Can theory of graph transformations help us?
© 2004 Ravi Sandhu 27 RBAC96 model (Currently foundation of a NIST/ANSI/ISO standard) ROLES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS ROLE HIERARCHIES CONSTRAINTS
© 2004 Ravi Sandhu 28 UCON (Usage Control) Models ongoingN/A
© 2004 Ravi Sandhu The Safety Problem in Access Control HRU Model Ravi Sandhu Laboratory for Information Security Technology George Mason.
© Ravi Sandhu HRU and TAM Ravi Sandhu Laboratory for Information Security Technology George Mason University
Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University
© 2004 Ravi Sandhu Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology.
© Ravi Sandhu Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology.
© 2004 Ravi Sandhu Safety in Access Control Take-Grant (best viewed in slide-show mode) Ravi Sandhu Laboratory for Information Security.
Information Assurance: A Personal Perspective Ravi Sandhu
© 2004 Ravi Sandhu The Typed Access Matrix Model (TAM) and Augmented TAM (ATAM) Ravi Sandhu Laboratory for Information Security Technology.
ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University.
© 2004 Ravi Sandhu Role-Based Access Control Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.
© 2005 Ravi Sandhu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology.
A Logic Specification for Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University SACMAT 2004.
© 2004 Ravi Sandhu The Schematic Protection Model (SPM) Ravi Sandhu Laboratory for Information Security Technology George Mason University.
Logical Model and Specification of Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University.
© 2006 Ravi Sandhu Cyber-Identity, Authority and Trust Systems Prof. Ravi Sandhu Professor of Information Security and Assurance Director,
Engineering Authority and Trust in Cyberspace: The OM-AM and RBAC Way Prof. Ravi Sandhu George Mason University
Secure System Design and Access Control Nick Feamster CS 6262 Spring 2009.
7- Sicurezza delle basi di dati. 2 Sommario 1 Database Security and Authorization 1.1 Introduction to Database Security Issues 1.2 Types of Security 1.3.
Cyber-Identity and Authorization in an Uncertain World Ravi Sandhu Laboratory for Information Security Technology Department of Information.
Chapter 8 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
© 2006 Ravi Sandhu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)
1 LECTURE 1 ACCESS CONTROL Ravi Sandhu. 2 OUTLINE Access matrix model Access control lists versus Capabilities Content and context-based controls Discretionary.
SECURING CYBERSPACE: THE OM-AM, RBAC AND PKI ROADMAP Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University
© Ravi Sandhu The Secure Information Sharing Problem and Solution Approaches Ravi Sandhu Professor of Information Security and Assurance.
COS Web Application Architectures Lecture 10 Access Control.
Copyright: ©2005 by Elsevier Inc. All rights reserved. 1 Author: Graeme C. Simsion and Graham C. Witt Chapter 10 Logical Database Design.
©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 6 Slide 1 Chapter 6 Requirements Engineering Process.
Towards Usage Control Models: Beyond Traditional Access Control 7 th SACMAT, June 3, 2002 Jaehong Park and Ravi Sandhu Laboratory for Information Security.
Computer Science 1 CSC 405 Introduction to Computer Security Topic 5. Trusted Operating Systems -- Part I.
© 2016 SlidePlayer.com Inc. All rights reserved.