Presentation is loading. Please wait.

Presentation is loading. Please wait.

ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University.

Similar presentations


Presentation on theme: "ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University."— Presentation transcript:

1 ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University

2 2 © Ravi Sandhu SECURITY OBJECTIVES INTEGRITY less studied AVAILABILITY least studied CONFIDENTIALITY most studied USAGE newest

3 3 © Ravi Sandhu SECURITY TECHNOLOGIES u Access Control u Cryptography u Audit and Intrusion Detection u Authentication u Assurance u Risk Analysis u

4 4 © Ravi Sandhu CRYPTOGRAPHY LIMITATIONS u Cryptography cannot protect confidentiality and integrity of l data, keys, software in end systems u Prevent or detect use of covert channels

5 5 © Ravi Sandhu AUDIT AND INTRUSION DETECTION LIMITATIONS u Intrusion detection cannot by itself l protect audit data and audit collection and analysis software l prevent security breaches l protect against covert channels

6 6 © Ravi Sandhu ACCESS CONTROL LIMITATIONS u Access control cannot by itself l protect data in transit or storage on an insecure medium l safeguard against misuse by authorized users l protect against covert channels

7 7 © Ravi Sandhu AUTHENTICATION LIMITATIONS u By itself authentication does very little but what it does is critical u pre-requisite for effective l cryptography l access control l intrusion detection

8 8 © Ravi Sandhu A MIX OF MUTUALLY SUPPORTIVE TECHNOLOGIES AUTHENTICATION INTRUSION DETECTION CRYPTOGRAPHY ACCESS CONTROL ASSURANCE RISK ANALYSIS SECURITY ENGINEERING & MANAGEMENT

9 9 © Ravi Sandhu CLASSICAL ACCESS CONTROL DOCTRINE u Lattice-based mandatory access control (MAC) l strong l too strong l not strong enough u Owner-based discretionary access control (DAC) l too weak l too confused

10 10 © Ravi Sandhu ISSUES IN LATTICE-BASED MAC u MAC enforces one-directional information flow in a lattice of security labels u can be used for aspects of l confidentiality l integrity l aggregation (Chinese Walls)

11 11 © Ravi Sandhu PROBLEMS WITH LATTICE- BASED MAC u does not protect against covert channels and inference l not strong enough u inappropriate l too strong

12 12 © Ravi Sandhu ISSUES IN OWNER-BASED DAC u negative rights u inheritance of rights l interaction between positive and negative rights u grant flag u delegation of identity u temporal and conditional authorization

13 13 © Ravi Sandhu PROBLEMS WITH OWNER- BASED DAC u does not control information flow l too weak u inappropriate in many situations l too weak l too confused

14 14 © Ravi Sandhu BEYOND OWNER-BASED DAC u separation between ability l to use a right l to grant a right u non-discretionary elements l user who can use a right should not be able to grant it and vice versa

15 15 © Ravi Sandhu NON-DISCRETIONARY (BEYOND LATTICE-BASED MAC) u control of administrative scope l rights that can be granted l to whom rights can be granted u rights that cannot be simultaneously granted to same user u rights that cannot be granted to too many users

16 16 © Ravi Sandhu WHAT IS THE POLICY IN NON- DISCRETIONARY ACCESS CONTROL? u Non-discretionary access control is a means to articulate policy u does not incorporate policy but does support security principles l least privilege l abstract operations l separation of duties

17 17 © Ravi Sandhu ISSUES IN NON-DISCRETIONARY ACCESS CONTROL u models for non-discretionary propagation of access rights u role-based access control (RBAC) u task-based authorization (TBA)

18 18 © Ravi Sandhu u HRU, 1976 u TAKE-GRANT, u SPM/ESPM, u TAM/ATAM, 1992 onwards NON-DISCRETIONARY PROPAGATION MODELS

19 19 © Ravi Sandhu NON-DISCRETIONARY PROPAGATION MODELS u type-based non-discretionary controls u rights that authorize propagation can be separate or closely related to right being propagated u testing for absence of rights is essential for dynamic separation policies

20 20 © Ravi Sandhu ROLE-BASED ACCESS CONTROL: RBAC 0 ROLES USER-ROLE ASSIGNMENT PERMISSION-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS

21 21 © Ravi Sandhu ROLE-BASED ACCESS CONTROL: RBAC 1 ROLES USER-ROLE ASSIGNMENT PERMISSION-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS ROLE HIERARCHIES

22 22 © Ravi Sandhu HIERARCHICAL ROLES Health-Care Provider Physician Primary-Care Physician Specialist Physician

23 23 © Ravi Sandhu HIERARCHICAL ROLES Engineer Hardware Engineer Software Engineer Supervising Engineer

24 24 © Ravi Sandhu ROLE-BASED ACCESS CONTROL: RBAC 3 ROLES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS ROLE HIERARCHIES CONSTRAINTS

25 25 © Ravi Sandhu RBAC MANAGEMENT ROLES USERS PERMISSIONS... ADMIN ROLES ADMIN PERMISSIONS CAN- MANAGE

26 26 © Ravi Sandhu RBAC MANAGEMENT S T1 T2 S3 T4 T5 P3 P ADMINISTRATIVE ROLE HIERARCHY CSO SO1SO2SO3 ROLE HIERARCHY

27 27 © Ravi Sandhu ROLES AND LATTICES u RBAC can enforce classical lattice- based MAC H L HR LR LW HW LATTICE ROLES

28 28 © Ravi Sandhu ROLES AND LATTICES u RBAC can accommodate variations of classical lattice-based MAC H L HR LR LW HW LATTICE ROLES

29 29 © Ravi Sandhu TASK-BASED AUTHORIZATION (TBA) u beyond subjects and objects u authorization is in context of some task u transient use-once permissions instead of long-lived use-many-times permissions

30 30 © Ravi Sandhu TRANSACTION CONTROL EXPRESSIONS (TCEs) u TCEs are an example of TBA prepare clerk; approve supervisor; issue clerk;

31 31 © Ravi Sandhu CONCLUSION u access control is important u there are many open issues


Download ppt "ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University."

Similar presentations


Ads by Google