Presentation is loading. Please wait.

Presentation is loading. Please wait.

ENGINEERING AUTHORITY AND TRUST IN CYBERSPACE: A ROLE-BASED APPROACH Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.

Similar presentations


Presentation on theme: "ENGINEERING AUTHORITY AND TRUST IN CYBERSPACE: A ROLE-BASED APPROACH Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University."— Presentation transcript:

1 ENGINEERING AUTHORITY AND TRUST IN CYBERSPACE: A ROLE-BASED APPROACH Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University

2 AUTHORIZATION, TRUST AND RISK u Information security management is fundamentally about managing l authorization and l trust so as to manage risk

3 ENGINEERING AUTHORITY & TRUST 4 LAYERS Policy Model Architecture Mechanism What? How?

4 ENGINEERING AUTHORITY & TRUST 4 LAYERS What? How? No information leakage Lattices (Bell-LaPadula) Security kernel Security labels Multilevel Security

5 ENGINEERING AUTHORITY & TRUST 4 LAYERS What? How? Policy neutral RBAC96 user-pull, server-pull, etc. certificates, tickets, PACs, etc. Role-Based Access Control (RBAC)

6 ROLE-BASED ACCESS CONTROL (RBAC) u A users permissions are determined by the users roles l rather than identity or clearance l roles can encode arbitrary attributes u multi-faceted u ranges from very simple to very sophisticated

7 RBAC SECURITY PRINCIPLES u least privilege u separation of duties u separation of administration and access u abstract operations

8 RBAC96 IEEE Computer Feb u Policy neutral u can be configured to do MAC l roles simulate clearances (ESORICS 96) u can be configured to do DAC l roles simulate identity (RBAC98)

9 RBAC96 FAMILY OF MODELS RBAC0 BASIC RBAC RBAC3 ROLE HIERARCHIES + CONSTRAINTS RBAC1 ROLE HIERARCHIES RBAC2 CONSTRAINTS

10 RBAC0 ROLES USER-ROLE ASSIGNMENT PERMISSION-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS

11 RBAC1 ROLES USER-ROLE ASSIGNMENT PERMISSION-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS ROLE HIERARCHIES

12 HIERARCHICAL ROLES Health-Care Provider Physician Primary-Care Physician Specialist Physician

13 EXAMPLE ROLE HIERARCHY Employee (E) Engineering Department (ED) Project Lead 1 (PL1) Engineer 1 (E1) Production 1 (P1) Quality 1 (Q1) Director (DIR) Project Lead 2 (PL2) Engineer 2 (E2) Production 2 (P2) Quality 2 (Q2) PROJECT 2PROJECT 1

14 RBAC3 ROLES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS ROLE HIERARCHIES CONSTRAINTS

15 ADMINISTRATIVE RBAC ROLES USERS PERMISSIONS... ADMIN ROLES ADMIN PERMISSIONS CONSTRAINTS

16 EXAMPLE ROLE HIERARCHY Employee (E) Engineering Department (ED) Project Lead 1 (PL1) Engineer 1 (E1) Production 1 (P1) Quality 1 (Q1) Director (DIR) Project Lead 2 (PL2) Engineer 2 (E2) Production 2 (P2) Quality 2 (Q2) PROJECT 2PROJECT 1

17 EXAMPLE ADMINISTRATIVE ROLE HIERARCHY Senior Security Officer (SSO) Department Security Officer (DSO) Project Security Officer 1 (PSO1) Project Security Officer 2 (PSO2)

18 RBAC PARAMETERS u RBAC has many facets, including l number of roles: large or small l flat roles versus hierarchical roles l permission-role review capability l static separation of duties l dynamic separation of duties l role-activation capability u at least 64 variations

19 NIST RBAC MODEL in progress u Level 1: flat RBAC l user-role review u Level 2: hierarchical RBAC l plus role hierarchies u Level 3: constrained RBAC l plus separation constraints u Level 4: true RBAC l plus permission-role review

20 CLASS I SYSTEMS ENFORCEMENT ARCHITECTURE ClientServer

21 CLASS I SYSTEMS ADMINISTRATION ARCHITECTURE Administrative Client Server2 Server1 ServerN Authorization Center

22 CLASS II SYSTEMS SERVER-PULL ClientServer Authorization Server Authentication Server

23 CLASS II SYSTEMS USER-PULL ClientServer Authorization Server Authentication Server

24 R&D IN INTERNET TIME u new technology needs to be developed and deployed continuously in the very short term u need focused applied research u need synergy between Universities and Industry


Download ppt "ENGINEERING AUTHORITY AND TRUST IN CYBERSPACE: A ROLE-BASED APPROACH Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University."

Similar presentations


Ads by Google