Attribute Mutability in Usage Control July 26, 2004, IFIP WG11.3 Jaehong Park, University of Maryland University College Xinwen Zhang, George Mason University.

Slides:



Advertisements
Similar presentations
INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.
Advertisements

INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
Cyber-Identity, Authority and Trust in an Uncertain World
1 Formal Model and Analysis of Usage Control Dissertation defense Student: Xinwen Zhang Director: Ravi S. Sandhu Co-director: Francesco Parisi-Presicce.
Privacy-Enhancing Models and Mechanisms for Securing Provenance and its Use October 2010 Lead PI: Ravi Sandhu (UT San Antonio) PIs: Elisa Bertino (Purdue),
Cyber-Identity, Authority and Trust in an Uncertain World
INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University
Cyber-Identity and Authorization in an Uncertain World Ravi Sandhu Laboratory for Information Security Technology Department of Information.
1 ACSAC 2002 © Mohammad al-Kahtani 2002 A Model for Attribute-Based User-Role Assignment Mohammad A. Al-Kahtani Ravi Sandhu George Mason University SingleSignOn.net,
© Ravi Sandhu Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology.
1 Framework for Role-Based Delegation Models (RBDMs) By: Ezedin S.Barka and Ravi Sandhu Laboratory Of Information Security Technology George Mason University.
A New Modeling Paradigm for Dynamic Authorization in Multi-Domain Systems MMM-ACNS, September 13, 2007 Manoj Sastry, Ram Krishnan, Ravi Sandhu Intel Corporation,
Stale-Safe Security Properties for Secure Information Sharing Ram Krishnan (GMU) Jianwei Niu (UT San Antonio) Ravi Sandhu (UT San Antonio) William Winsborough.
INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.
1 Safety Analysis of Usage Control (UCON) Authorization Model Xinwen Zhang, Ravi Sandhu, and Francesco Parisi-Presicce George Mason University AsiaCCS.
Towards Usage Control Models: Beyond Traditional Access Control 7 th SACMAT, June 3, 2002 Jaehong Park and Ravi Sandhu Laboratory for Information Security.
Towards a VMM-based Usage Control Framework for OS Kernel Integrity Protection Min Xu George Mason University Xuxian Jiang George Mason University Ravi.
11 World-Leading Research with Real-World Impact! A Framework for Risk-Aware Role Based Access Control Khalid Zaman Bijon, Ram Krishnan and Ravi Sandhu.
Institute for Cyber Security
© 2006 Ravi Sandhu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)
1 TRANSACTION CONTROL EXPRESSIONS (TCEs) Ravi Sandhu.
A Usage-based Authorization Framework for Collaborative Computing Systems Xinwen Zhang George Mason University Masayuki Nakae NEC Corporation Michael J.
Usage Control: UCON Ravi Sandhu. © Ravi Sandhu2 Problem Statement Traditional access control models are not adequate for todays distributed, network-
Logical Model and Specification of Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University.
ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University.
Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.
Institute for Cyber Security
Usage Control: A Vision for Next Generation Access Control Oct 14, 2003 Ravi Sandhu and Jaehong Park ( Laboratory for Information Security.
Future Directions in Role-Based Access Control Models Ravi Sandhu Co-Founder and Chief Scientist SingleSignOn.Net & Professor of Information Technology.
A Logic Specification for Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University SACMAT 2004.
Towards A Times-based Usage Control Model Baoxian Zhao 1, Ravi Sandhu 2, Xinwen Zhang 3, and Xiaolin Qin 4 1 George Mason University, Fairfax, VA, USA.
© 2006 Ravi Sandhu Cyber-Identity, Authority and Trust Systems Prof. Ravi Sandhu Professor of Information Security and Assurance Director,
A Role-Based Delegation Model and some extensions By: Ezedin S.Barka Ravi Sandhu George Mason University.
ROLE-BASED ACCESS CONTROL: A MULTI-DIMENSIONAL VIEW Ravi Sandhu, Edward Coyne, Hal Feinstein and Charles Youman Seta Corporation McLean, VA Ravi Sandhu.
A THREE TIER ARCHITECTURE FOR ROLE-BASED ACCESS CONTROL Ravi Sandhu and Hal Feinstein Seta Corporation McLean, VA Ongoing NIST-funded project Other Project.
© Ravi Sandhu Security Issues in P2P Systems Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.
Engineering Authority and Trust in Cyberspace: The OM-AM and RBAC Way Prof. Ravi Sandhu George Mason University
Cultural Heritage in REGional NETworks REGNET Auction System.
1 Introducing the Specifications of the Metro Ethernet Forum MEF 17 Service OAM Framework and Requirements February 2008.
CONFIDENTIAL DIGITAL WATERMARKING ALLIANCE. CONFIDENTIAL DIGITAL WATERMARKING ALLIANCE 2 Digital Watermarking Alliance Charter The Digital Watermarking.
Presented to: By: Date: Federal Aviation Administration Registry/Repository in a SOA Environment SOA Brown Bag #5 SWIM Team March 9, 2011.
0 - 0.
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
MULTIPLYING MONOMIALS TIMES POLYNOMIALS (DISTRIBUTIVE PROPERTY)
MULTIPLICATION EQUATIONS 1. SOLVE FOR X 3. WHAT EVER YOU DO TO ONE SIDE YOU HAVE TO DO TO THE OTHER 2. DIVIDE BY THE NUMBER IN FRONT OF THE VARIABLE.
SUBTRACTING INTEGERS 1. CHANGE THE SUBTRACTION SIGN TO ADDITION
MULT. INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
Addition Facts
Richmond House, Liverpool (1) 26 th January 2004.
Vision: A strong and capable civil society, cooperating and responsive to Cambodias development challenges 1.
ABC Technology Project
Twenty Questions Subject: Twenty Questions
Past Tense Probe. Past Tense Probe Past Tense Probe – Practice 1.
Addition 1’s to 20.
25 seconds left…...
Test B, 100 Subtraction Facts
Week 1.
RBAC and Usage Control System Security. Role Based Access Control Enterprises organise employees in different roles RBAC maps roles to access rights After.
Access, Usage and Activity Controls Mar. 30, 2012 UTSA CS6393 Jaehong Park Institute for Cyber Security University of Texas at San Antonio
Extended Role Based Access Control – Based Design and Implementation for a Secure Data Warehouse Dr. Bhavani Thuraisingham Srinivasan Iyer.
UCON M ODEL Huỳnh Châu Duy. OUTLINE UCON MODEL What? What for? When? Why? CORE MODELS 16 basic models Example COMPARISON Traditional access.
Lattice-Based Access Control Models Ravi S. Sandhu Colorado State University CS 681 Spring 2005 John Tesch.
Trust and Security for Next Generation Grids, Tutorial Usage Control for Next Generation Grids Introduction Philippe Massonet et al CETIC.
Extensible Access Control Framework for Cloud Applications KTH-SEECS Applied Information Security Lab SEECS NUST Implementation Perspective.
1 Usage Control (UCON) or ABAC on Steroids Prof. Ravi Sandhu Executive Director and Endowed Chair February 26, 2016
Attribute-Based Access Control (ABAC)
OM-AM and RBAC Ravi Sandhu*
ASCAA Principles for Next-Generation Role-Based Access Control
Assured Information Sharing
Presentation transcript:

Attribute Mutability in Usage Control July 26, 2004, IFIP WG11.3 Jaehong Park, University of Maryland University College Xinwen Zhang, George Mason University Ravi Sandhu, NSD Security and George Mason University

2 Traditional Access Control: Limitations Traditional access control models are not adequate for todays distributed, network- connected digital environment. Authorization only – No obligation or condition based control Decision is made before access – No ongoing control No consumable rights - No mutable attributes Rights are pre-defined and granted to subjects Not for Digital Rights Management (DRM).

3 Usage Control (UCON) UCON is a general purpose, conceptual framework that covers broader perspective than access control UCON model is a unified model that encompasses traditional access control models, DRM and other enhanced access control models from recent literature UCON ABC is a family of core models for Usage Control

4 Usage Control (UCON) Coverage Protection Objectives Sensitive information protection IPR protection Privacy protection Protection Architectures Server-side reference monitor Client-side reference monitor SRM & CRM

5 OM-AM layered Approach Model examples: Access Matrix, Lattice-based model, Role-base access control model UCON ABC core model for usage control

6 UCON ABC Model Components: 3 Decision Factors & 2 Properties Continuity Property Decision can be made during usage for continuous enforcement Mutability Property Attributes can be updated as side-effects of subjects actions

7 UCON preA Model: Pre-Authorization S, O, R, ATT(S), ATT(O) and preA (subjects, objects, rights, subject attributes, object attributes, and pre-authorizations respectively); allowed(s,o,r) preA(ATT(s),ATT(o),r); preUpdate(ATT(s)), preUpdate(ATT(o)), postUpdate(ATT(s)), postUpdate(ATT(o))

8 Attributes in Usage Control Attributes are information or properties associated with subjects or objects E.g., ID, Role, Clearance/classification, membership, credit, etc. Subject Attributes and Object Attributes are used for authorization decision Attributes may have to be updated Immutable Attributes: Attribute updates can be made by administrative actions Mutable Attributes: attributes can be modified as side effects of usage

9 Attribute Management Taxonomy Our Focus

10 Attribute Management: Admin-controlled vs. System-controlled Admin-controlled (Immutable) Updates involve administrative decisions and actions Admin can be security officer, user (self, non- self) System-controlled (Mutable) Updates are made as side effects of users usage on objects. Our focus is here

11 Mutable Attributes Temporary Attributes (stateless) Alive only for a single usage Exist only in mutable attributes E.g., Usage start time, last active time, etc. Persistent Attributes (stateful) Live for multiple usage decisions Exist in both mutable and immutable attributes E.g., Total usage hours, user credit balance, etc. Utilization of temporary attributes is a design decision and can be eliminated in some cases. Temporary subject attributes can be stored as a form of elements of persistent object attributes

12 Mutability Variations Mutability for Exclusive/Inclusive Attributes E.g., Dynamic SOD, Chinese Wall policy Consumable/creditable Attributes E.g., Limited # of Usage, payment, mileage, etc Immediate Revocation To support continuous control throughout usages Obligation Attribute update as a result of obligation fulfillment Dynamic Confinement E.g., High Watermark in MAC

13 Mutability for Exclusive/Inclusive Attributes Object-based DSOD ID is a set of identification number. T is a set of object type name. ROLE is a partially ordered set of role names. uid : S ID, sRole : S 2 ROLE, type : O T prepareId : O ID, issueId : O ID, R : issue; prepare ATT(s) = {uid, sRole}, ATT(o) = {type, prepareId, issueId} allowed(s, o, prepare) type(o) = `check, sRole(s) `purchaseClerk preUpdate(prepareId(o)) : prepareId(o) = uid(s) allowed(s, o, issue) type(o) = `check, sRole(s) `accountClerk, uid(s) prepareId(o) preUpdate(issueId(o)) : issueId(o) = uid(s)

14 Mutability for Consumable/Creditable Attributes Mutability for consumable attributes, limited CD burnings N is a set of natural number, available : O N, ATT(o) : {available} allowed(s, o, burn) available(o) 1 preUpdate(available(o)): available(o) = available(o) - 1

15 Mutability for Immediate Revocation Long-distance call using Pre-paid phonecard N is a set of natural number, value : O N cardBal : S N, allowedT : S N, usageT : S N ATT(s) : {cardBal, allowedT, usageT}, ATT(o) : {value} allowed(s, o, connect) cardBal(s) value(o) stopped(s, o, connect) usageT (s) > allowedT(s) preUpdate(allowedT(s)) : allowedT (s) = cardBal(s)=value(o) onUpdate(usageT (s)) : usageT (s) + 1 postUpdate(cardBal(s)) : cardBal(s) - (usageT(s) × value(o))

16 Mutability for Obligation License agreements for first time users only OBS = S, OBO = {license_agreement}, OB = {agree} registered : S {yes, no}, ATT(s) = {registered} getPreOBL(s, o, r) = (s, license_agreement, agree), if registered(s) =no; Ø, if registered(s) =yes. allowed(s, o, r) preFulfilled(getPreOBL(s, o, r)) preUpdate(registered(s)) : registered(s) = `yes {

17 Mutability for Dynamic Confinement MAC policies with high watermark property L is a lattice of security labels with dominance relation clearance : S L, maxClearance : S L, classification : O L ATT(S) = {clearance, maxClearance}, ATT(O) = {classification} allowed(s, o, read) maxClearance(s) classification(o) preUpdate(clearance(s)) : clearance(s) = LUB(clearance(s), classification(o))

18 Discussion Mutability variations are not mutually exclusive Multiple mutability variations can be used in a single example. Updates can be made on either subject attributes or object attributes In some cases, a policy can be realized by utilizing either subject attributes or object attributes

19 Conclusions and Future Works Consolidated analysis of Attributes and Attribute mutability in a single framework of usage control Temporary and persistent attributes Taxonomy of attribute management Mutable attributes and variations of mutability Mutability with continuity property Future research Attribute management for admin-controlled attribute updates (immutable attributes) Further study on attribute mutability

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.