11 World-Leading Research with Real-World Impact! Integrated Provenance Data for Access Control in Group-centric Collaboration Dang Nguyen, Jaehong Park.

Slides:



Advertisements
Similar presentations
INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.
Advertisements

Privacy-Enhancing Models and Mechanisms for Securing Provenance and its Use October 2010 Lead PI: Ravi Sandhu (UT San Antonio) PIs: Elisa Bertino (Purdue),
QUN NI 1, SHOUHUAI XU 2, ELISA BERTINO 1, RAVI SANDHU 2, AND WEILI HAN 3 1 PURDUE UNIVERSITY USA 2 UT SAN ANTONIO USA 3 FUDAN UNIVERSITY CHINA PRESENTED.
Towards Secure Information Sharing Models for Community Cyber Security Ravi Sandhu, Ram Krishnan and Gregory B. White Institute for Cyber Security University.
Institute for Cyber Security
Towards A Framework for Cyber Social Status Based Trusted Open Collaboration Oct. 9, 2010 Jaehong Park, Yuan Cheng, Ravi Sandhu Institute for Cyber Security.
11 World-Leading Research with Real-World Impact! A Lattice Interpretation of Group-Centric Collaboration with Expedient Insiders Khalid Zaman Bijon, Tahmina.
Presentation by Priyanka Sawarkar
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
A Provenance-based Access Control Model for Dynamic Separation of Duties July 10, 2013 PST 2013 Dang Nguyen, Jaehong Park, and Ravi Sandhu Institute for.
Adopting Provenance-based Access Control in OpenStack Cloud IaaS October, 2014 NSS Presentation Institute for Cyber Security University of Texas at San.
HP Quality Center Overview.
ADD UCEDD TA Institute Panel: The Future of UCEDD Accountability Lu Zeph, Ed.D. June 2, 2009.
A Provenance-based Access Control Model (PBAC) July 18, 2012 PST’12, Paris, France Jaehong Park, Dang Nguyen and Ravi Sandhu Institute for Cyber Security.
1 Grand Challenges in Data Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair
Provenance-based Access Control Models July 31, 2014 Dissertation Defense Dang Nguyen Institute for Cyber Security University of Texas at San Antonio 1.
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
Provenance in Open Distributed Information Systems Syed Imran Jami PhD Candidate FAST-NU.
Administration & Workflow
1 Security and Trust Convergence: Attributes, Relations and Provenance Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown.
1. Introduction OASIS Reference Model for Service Oriented Architecture 2. ECF 4.0 Architecture 2.1 Core vs. Profiles 2.2 Major Design Elements 2.3.
Attribute-Based Access Control Models and Beyond
1 Plenary Panel on Cloud Security and Privacy: What is new and What needs to be done? Ravi Sandhu Executive Director and Endowed Professor December 2010.
11 World-Leading Research with Real-World Impact! RT-Based Administrative Models for Community Cyber Security Information Sharing Ravi Sandhu, Khalid Zaman.
11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.
1 A Role Based Administration Model For Attribute Xin Jin, Ram Krishnan, Ravi Sandhu SRAS, Sep 19, 2012 World-Leading Research with Real-World Impact!
● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0.
11 World-Leading Research with Real-World Impact! A Group-Centric Model for Collaboration with Expedient Insiders in Multilevel Systems Khalid Zaman Bijon,
The Data Attribution Abdul Saboor PhD Research Student Model Base Development and Software Quality Assurance Research Group Freie.
INSTITUTE FOR CYBER SECURITY 1 Cyber Security: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security.
UTSA Amy(Yun) Zhang, Ram Krishnan, Ravi Sandhu Institute for Cyber Security University of Texas at San Antonio San Antonio, TX Nov 03, 2014 Presented.
1 Institute for Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair February 4, 2015
About Chris Welch Synergy – Global Reach. Local Service. - Cell Online - USA | South.
INSTITUTE FOR CYBER SECURITY © Ravi Sandhu11 Group-Centric Information Sharing Ravi Sandhu Executive Director and Endowed Professor Institute for Cyber.
11 World-Leading Research with Real-World Impact! Towards Provenance and Risk-Awareness in Social Computing Yuan Cheng, Dang Nguyen, Khalid Bijon, Ram.
Provenance-based Access Control in Cloud IaaS August 23, 2013 Dissertation Proposal Dang Nguyen Institute for Cyber Security University of Texas at San.
On Data Provenance in Group-centric Secure Collaboration Oct. 17, 2011 CollaborateCom Jaehong Park, Dang Nguyen and Ravi Sandhu Institute for Cyber Security.
A User-to-User Relationship-based Access Control Model for Online Social Networks Yuan Cheng, Jaehong Park and Ravi Sandhu Institute for Cyber Security.
Georgia Institute of Technology CS 4320 Fall 2003.
11 World-Leading Research with Real-World Impact! Group-Centric Secure Information Sharing: A Lattice Interpretation Institute for Cyber Security Ravi.
1 Attribute-Aware Relationship-Based Access Control for Online Social Networks World-Leading Research with Real-World Impact! Yuan Cheng, Jaehong Park.
1 RABAC : Role-Centric Attribute-Based Access Control MMM-ACNS 2012 Xin Jin, Ravi Sandhu, Ram Krishnan University of Texas at San Antonio San Antonio,
1 Cloud Computing and Security Prof. Ravi Sandhu Executive Director and Endowed Chair April 19, © Ravi Sandhu.
Relationship-based Access Control for Online Social Networks: Beyond User-to-User Relationships Sep. 3, 2012 PASSAT 2012, Amsterdam, The Netherlands Yuan.
INSTITUTE FOR CYBER SECURITY A Hybrid Enforcement Model for Group-Centric Secure Information Sharing (g-SIS) Co-authored with Ram Krishnan, PhD Candidate,
1 Group-Centric Models for Secure Information Sharing Prof. Ravi Sandhu Executive Director and Endowed Chair March 30, 2012
Harvesting Social Knowledge from Folksonomies Harris Wu, Mohammad Zubair, Kurt Maly, Harvesting social knowledge from folksonomies, Proceedings of the.
Dealing with Data Conference 26 th August Capturing Datasets….. is only the half of it!
Dependency Path Patterns as the Foundation of Access Control in Provenance-aware Systems June 14, 2012 TaPP’12 Dang Nguyen, Jaehong Park and Ravi Sandhu.
Preserving User Privacy from Third-party Applications in Online Social Networks Yuan Cheng, Jaehong Park and Ravi Sandhu Institute for Cyber Security University.
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
A Conceptual Framework for Group-Centric Secure Information Sharing Ram Krishnan (George Mason University) Ravi Sandhu, Jianwei Niu, William Winsborough.
1 Panel on Data Usage Management: Technology or Regulation? Prof. Ravi Sandhu Executive Director and Endowed Chair DUMA 2013 May 23, 2013
1 Security and Privacy in Human-Centric Computing and Big Data Management Prof. Ravi Sandhu Executive Director and Endowed Chair CODASPY 2013 February.
1 Open Discussion PSOSM 2012 Prof. Ravi Sandhu Executive Director and Endowed Chair © Ravi Sandhu.
INSTITUTE FOR CYBER SECURITY 1 Enforcement Architecture and Implementation Model for Group-Centric Information Sharing © Ravi Sandhu Ram Krishnan (George.
ReBAC in ABAC Tahmina Ahmed Department of Computer Science University of Texas at San Antonio 4/29/ Institute for Cyber Security World-Leading Research.
1 Provenance-Based Access Control (PBAC) Prof. Ravi Sandhu Executive Director and Endowed Chair April 15, 2016
Extended ReBAC Administrative Models with Cascading Revocation and Provenance Support Yuan Cheng 1 , 2, Khalid Bijon 2, and Ravi Sandhu 1 Institute for.
Object-to-Object Relationship Based Access Control: Model and Multi-Cloud Demonstration Tahmina Ahmed, Farhan Patwa and Ravi Sandhu Department of Computer.
1 Cyber Security Major R&D Challenges Ram Krishnan Cyber Security Research Institute (CSRI) Cyber Security R&D Workshop.
INSTITUTE FOR CYBER SECURITY 1 Purpose-Centric Secure Information Sharing Ravi Sandhu Executive Director and Endowed Professor Institute for Cyber Security.
World-Leading Research with Real-World Impact!
Business Transformation
THE ORANGE BOOK Ravi Sandhu
Security and Privacy in the Age of the Internet of Things:
Intersection of Data, Policy and Privacy
Assured Information Sharing
IUC Records Retention Tool: Zasio’s Versatile Retention
World-Leading Research with Real-World Impact!
Presentation transcript:

11 World-Leading Research with Real-World Impact! Integrated Provenance Data for Access Control in Group-centric Collaboration Dang Nguyen, Jaehong Park and Ravi Sandhu Institute for Cyber Security University of Texas at San Antonio August 09, 2012 International Conference on Information Reuse and Integration Institute for Cyber Security

PROVENANCE-AWARE SYSTEM Provenance of a digital data object is defined as the documentation of its origin and all the processes that influence and lead to its current state. In a provenance-aware system, related provenance information of system transactions/events are captured, stored, and maintained. Provenance potentially provides many enhanced benefits: usage tracking, workflow control, versioning, trustworthiness, repeatabity, access control, etc. Provenance information may be more sensitive than the underlying data. World-Leading Research with Real-World Impact!

Is necessary: Integrity, Confidentiality, Availability, Privacy Our focus: Access Control. Two aspects: Provenance-based Access Control and Provenance Access Control. Provenance data naturally forms a Directed-Acyclic Graph (DAG), aligned with information flow and causality SECURE DIGITAL PROVENANCE World-Leading Research with Real-World Impact!

GROUP-CENTRIC COLLABORATION Difference in the incorporation of base model for PBAC in uni vs. multi-provenance systems. Group-centric collaboration provides secure information sharing. Support administrative and usage operations. Focus on usage operations such as: Add, Merge, Update, Create. World-Leading Research with Real-World Impact!

PBAC MODEL World-Leading Research with Real-World Impact!

OPEN PROVENANCE MODEL (OPM) World-Leading Research with Real-World Impact!

An object is created in org1 and modified locally into versions in accordance to the versioning system. At some point in time, a version of this object is added to a collaboration group cg1 so users from a different organization can participate in updating the object content (now represented as a different object with its own versions). Meanwhile, users in the org1 also perform updates on local versions. At some point, a version of the object from cg1 is merged back to the version tree of the original object in org1 A SIMPLIFIED SCENARIO

A SIMPLIFIED OPM SCENARIO World-Leading Research with Real-World Impact!

SAMPLE POLICIES/ DLIST (wasDerivedVersionOfCopyOf:: [g(Update).u]*.g(Add).u) (creatorOfOriginalVersionOf :: [g(Update).u]*.g(Add).u.[g(Update).u]*.g(Create).c) World-Leading Research with Real-World Impact! Req (ad1,merge,CG1.o2v3,Org1.o1v2) ? Req(au2.1,update,CG1.o2v3) ?

TAXONOMY OF APPROACHES World-Leading Research with Real-World Impact!

Three types of response, each require different additional information: 1.Y or N: (startingNode_new,dPath_new,rule_new) must be transmitted. 2. Resulting Nodes: (startingNode_new,dPath_new) must be transmitted. 3. Provenance Data Set: (startingNode_new) must be transmitted. CASCADING QUERY A reconstructed query from the local query. Can be transmitted and evaluated in remote system. World-Leading Research with Real-World Impact!

CASCADING QUERY RESPONSE ORG1CG1 (startingNode_new,dPath_new,rule_new) (startingNode_new,dPath_new) (startingNode_new) Y or N Resulting Nodes Provenance Data Set World-Leading Research with Real-World Impact!

STICKY PROVENANCE DATA The sticky provenance data of an object/version contains all the provenance information of that object/version up to the point in time when the information flow takes place. Allows a locally generated query to be fully evaluated for decision making. Demonstrate with a modified scenario next. World-Leading Research with Real-World Impact!

A “STICKY” SCENARIO World-Leading Research with Real-World Impact! SPD

A “STICKY” SCENARIO World-Leading Research with Real-World Impact! SPD CG1 Policy: No Update actions can be performed on a group version if the original organization object version had been updated

World-Leading Research with Real-World Impact! A “STICKIER” SCENARIO Should SPD(o3v1) contain: SPD(o2v1,o2v2) ? SPD(o2v1,o2v2) + SPD(o2v1) ?

CONCLUSION Demonstrated the incorporation of PBAC in a Group-centric collaboration environment. Identified the issue in a multi-provenance systems setting. Proposed two approaches to address such issue. World-Leading Research with Real-World Impact!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.