We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byJack Moran
Modified over 3 years ago
ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University
2 © Ravi Sandhu SECURITY OBJECTIVES INTEGRITY less studied AVAILABILITY least studied CONFIDENTIALITY most studied USAGE newest
3 © Ravi Sandhu SECURITY TECHNOLOGIES u Access Control u Cryptography u Audit and Intrusion Detection u Authentication u Assurance u Risk Analysis u
4 © Ravi Sandhu CRYPTOGRAPHY LIMITATIONS u Cryptography cannot protect confidentiality and integrity of l data, keys, software in end systems u Prevent or detect use of covert channels
5 © Ravi Sandhu AUDIT AND INTRUSION DETECTION LIMITATIONS u Intrusion detection cannot by itself l protect audit data and audit collection and analysis software l prevent security breaches l protect against covert channels
6 © Ravi Sandhu ACCESS CONTROL LIMITATIONS u Access control cannot by itself l protect data in transit or storage on an insecure medium l safeguard against misuse by authorized users l protect against covert channels
7 © Ravi Sandhu AUTHENTICATION LIMITATIONS u By itself authentication does very little but what it does is critical u pre-requisite for effective l cryptography l access control l intrusion detection
8 © Ravi Sandhu A MIX OF MUTUALLY SUPPORTIVE TECHNOLOGIES AUTHENTICATION INTRUSION DETECTION CRYPTOGRAPHY ACCESS CONTROL ASSURANCE RISK ANALYSIS SECURITY ENGINEERING & MANAGEMENT
9 © Ravi Sandhu CLASSICAL ACCESS CONTROL DOCTRINE u Lattice-based mandatory access control (MAC) l strong l too strong l not strong enough u Owner-based discretionary access control (DAC) l too weak l too confused
10 © Ravi Sandhu ISSUES IN LATTICE-BASED MAC u MAC enforces one-directional information flow in a lattice of security labels u can be used for aspects of l confidentiality l integrity l aggregation (Chinese Walls)
11 © Ravi Sandhu PROBLEMS WITH LATTICE- BASED MAC u does not protect against covert channels and inference l not strong enough u inappropriate l too strong
12 © Ravi Sandhu ISSUES IN OWNER-BASED DAC u negative rights u inheritance of rights l interaction between positive and negative rights u grant flag u delegation of identity u temporal and conditional authorization
13 © Ravi Sandhu PROBLEMS WITH OWNER- BASED DAC u does not control information flow l too weak u inappropriate in many situations l too weak l too confused
14 © Ravi Sandhu BEYOND OWNER-BASED DAC u separation between ability l to use a right l to grant a right u non-discretionary elements l user who can use a right should not be able to grant it and vice versa
15 © Ravi Sandhu NON-DISCRETIONARY (BEYOND LATTICE-BASED MAC) u control of administrative scope l rights that can be granted l to whom rights can be granted u rights that cannot be simultaneously granted to same user u rights that cannot be granted to too many users
16 © Ravi Sandhu WHAT IS THE POLICY IN NON- DISCRETIONARY ACCESS CONTROL? u Non-discretionary access control is a means to articulate policy u does not incorporate policy but does support security principles l least privilege l abstract operations l separation of duties
17 © Ravi Sandhu ISSUES IN NON-DISCRETIONARY ACCESS CONTROL u models for non-discretionary propagation of access rights u role-based access control (RBAC) u task-based authorization (TBA)
18 © Ravi Sandhu u HRU, 1976 u TAKE-GRANT, u SPM/ESPM, u TAM/ATAM, 1992 onwards NON-DISCRETIONARY PROPAGATION MODELS
19 © Ravi Sandhu NON-DISCRETIONARY PROPAGATION MODELS u type-based non-discretionary controls u rights that authorize propagation can be separate or closely related to right being propagated u testing for absence of rights is essential for dynamic separation policies
20 © Ravi Sandhu ROLE-BASED ACCESS CONTROL: RBAC 0 ROLES USER-ROLE ASSIGNMENT PERMISSION-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS
21 © Ravi Sandhu ROLE-BASED ACCESS CONTROL: RBAC 1 ROLES USER-ROLE ASSIGNMENT PERMISSION-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS ROLE HIERARCHIES
22 © Ravi Sandhu HIERARCHICAL ROLES Health-Care Provider Physician Primary-Care Physician Specialist Physician
23 © Ravi Sandhu HIERARCHICAL ROLES Engineer Hardware Engineer Software Engineer Supervising Engineer
24 © Ravi Sandhu ROLE-BASED ACCESS CONTROL: RBAC 3 ROLES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS ROLE HIERARCHIES CONSTRAINTS
25 © Ravi Sandhu RBAC MANAGEMENT ROLES USERS PERMISSIONS... ADMIN ROLES ADMIN PERMISSIONS CAN- MANAGE
26 © Ravi Sandhu RBAC MANAGEMENT S T1 T2 S3 T4 T5 P3 P ADMINISTRATIVE ROLE HIERARCHY CSO SO1SO2SO3 ROLE HIERARCHY
27 © Ravi Sandhu ROLES AND LATTICES u RBAC can enforce classical lattice- based MAC H L HR LR LW HW LATTICE ROLES
28 © Ravi Sandhu ROLES AND LATTICES u RBAC can accommodate variations of classical lattice-based MAC H L HR LR LW HW LATTICE ROLES
29 © Ravi Sandhu TASK-BASED AUTHORIZATION (TBA) u beyond subjects and objects u authorization is in context of some task u transient use-once permissions instead of long-lived use-many-times permissions
30 © Ravi Sandhu TRANSACTION CONTROL EXPRESSIONS (TCEs) u TCEs are an example of TBA prepare clerk; approve supervisor; issue clerk;
31 © Ravi Sandhu CONCLUSION u access control is important u there are many open issues
INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.
ROLE-BASED ACCESS CONTROL: A MULTI-DIMENSIONAL VIEW Ravi Sandhu, Edward Coyne, Hal Feinstein and Charles Youman Seta Corporation McLean, VA Ravi Sandhu.
ISA 662 RBAC-MAC-DAC Prof. Ravi Sandhu. 2 © Ravi Sandhu RBAC96 ROLES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS ROLE.
The RBAC96 Model Prof. Ravi Sandhu. 2 © Ravi Sandhu WHAT IS RBAC? multidimensional open ended ranges from simple to sophisticated.
ROLE HIERARCHIES AND CONSTRAINTS FOR LATTICE- BASED ACCESS CONTROLS Ravi Sandhu George Mason University and SETA Corporation.
Future Directions in Role-Based Access Control Models Ravi Sandhu Co-Founder and Chief Scientist SingleSignOn.Net & Professor of Information Technology.
A THREE TIER ARCHITECTURE FOR ROLE-BASED ACCESS CONTROL Ravi Sandhu and Hal Feinstein Seta Corporation McLean, VA Ongoing NIST-funded project Other Project.
1 Grand Challenges in Authorization Systems Prof. Ravi Sandhu Executive Director and Endowed Chair November 14, 2011
PSSA Preparation. Question 1(no calculator) D Question 2 (no calculator)
1 Chapter 1 The Study of Body Function Image PowerPoint Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
© 2004 Ravi Sandhu Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology.
25 seconds left….. 24 seconds left….. 23 seconds left…..
Engineering Authority and Trust in Cyberspace: The OM-AM and RBAC Way Prof. Ravi Sandhu George Mason University
© 2004 Ravi Sandhu The Typed Access Matrix Model (TAM) and Augmented TAM (ATAM) Ravi Sandhu Laboratory for Information Security Technology.
Januar 2005 S M T O T F L
© 2012 National Heart Foundation of Australia. Slide 2.
Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University
©Brooks/Cole, 2001 Chapter 12 Derived Types-- Enumerated, Structure and Union.
McDonald’s calendar 2009 January
A Logic Specification for Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University SACMAT 2004.
SESSION LATTICE-BASED ACCESS CONTROL MODELS Ravi Sandhu George Mason University Fairfax, Virginia USA.
Jeopardy Topic 1Topic Q 1Q 6Q 11Q 16Q 21 Q 2Q 7Q 12Q 17Q 22 Q 3Q 8Q 13Q 18Q 23 Q 4Q 9Q 14Q 19Q 24 Q 5Q 10Q 15Q 20Q 25 Final Jeopardy.
Copyright © 2008 Cengage Learning Understanding Generalist Practice, 5e, Kirst-Ashman/Hull 1.
ENGINEERING AUTHORITY AND TRUST IN CYBERSPACE: A ROLE-BASED APPROACH Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.
FACTORING Think unfoil Work down, Show all steps ax 2 + bx + c.
SECURING CYBERSPACE: THE OM-AM, RBAC AND PKI ROADMAP Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University
1 TRANSACTION CONTROL EXPRESSIONS (TCEs) Ravi Sandhu.
1 Prof. Valter Bezerra Dantas
Factor P (8-5ab) 2. 4(d² + 4) 3. 3rs(2r – s) 4. 15cd(1 + 2cd) 5. 8(4a² + 3b²) 6. 12xy(3y – 4x) 7. 5x²y(6x + 7y) 8. 3cd²(3c² - 2d) 9. 15bc³(5b +
We will resume in: 25 Minutes We will resume in: 24 Minutes.
1 Role-Based Access Control (RBAC) Prof. Ravi Sandhu Executive Director and Endowed Chair January 29, © Ravi.
H to shape fully developed personality to shape fully developed personality for successful application in life for successful.
McDonalds Kalender Januar
© 2004 Ravi Sandhu A Perspective on Graphs and Access Control Models Ravi Sandhu Laboratory for Information Security Technology George.
Time for a BREAK! You have 45 Minutes. Time Left 44.
Murach's PHP and MySQL, C15© 2010, Mike Murach & Associates, Inc.Slide 1.
BIOLOGY AUGUST 2013 OPENING ASSIGNMENTS. AUGUST 7, 2013 Question goes here!
Chapter 11 Membrane Structure Essential Cell Biology Third Edition Copyright © Garland Science 2010.
Year 6 mental test 10 second questions Addition and Subtraction Addition.
Chapter 15 Intracellular Compartments and Transport Essential Cell Biology Third Edition Copyright © Garland Science 2010.
Access Control RBAC Database Activity Monitoring.
Logical Model and Specification of Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University.
© 2005 Ravi Sandhu Role Usage and Activation Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security.
Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination.
and 5. and and
ABC Technology Project Mrs. Kiddle. ABCs of Technology Word 1 Word 2 Word 3 Word 4 Word 5 Word 6 Word 7 Word 8 Word 9 Word 19 Word 20 Word 21 Word 22.
© 2017 SlidePlayer.com Inc. All rights reserved.