Usage Control: UCON Ravi Sandhu. © Ravi Sandhu2 Problem Statement Traditional access control models are not adequate for todays distributed, network-

Slides:

Advertisements

Similar presentations

INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.

Advertisements

INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

Cyber-Identity, Authority and Trust in an Uncertain World

1 Formal Model and Analysis of Usage Control Dissertation defense Student: Xinwen Zhang Director: Ravi S. Sandhu Co-director: Francesco Parisi-Presicce.

Cyber-Identity, Authority and Trust in an Uncertain World

INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

Access Control Prof. Ravi Sandhu Executive Director and Endowed Chair

Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University

INSTITUTE FOR CYBER SECURITY 1 The PEI + UCON Framework for Application Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

Cyber-Identity and Authorization in an Uncertain World Ravi Sandhu Laboratory for Information Security Technology Department of Information.

© Ravi Sandhu Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology.

QUN NI 1, SHOUHUAI XU 2, ELISA BERTINO 1, RAVI SANDHU 2, AND WEILI HAN 3 1 PURDUE UNIVERSITY USA 2 UT SAN ANTONIO USA 3 FUDAN UNIVERSITY CHINA PRESENTED.

Attribute Mutability in Usage Control July 26, 2004, IFIP WG11.3 Jaehong Park, University of Maryland University College Xinwen Zhang, George Mason University.

INSTITUTE FOR CYBER SECURITY 1 The PEI Framework for Application-Centric Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for.

1 Safety Analysis of Usage Control (UCON) Authorization Model Xinwen Zhang, Ravi Sandhu, and Francesco Parisi-Presicce George Mason University AsiaCCS.

Towards Usage Control Models: Beyond Traditional Access Control 7 th SACMAT, June 3, 2002 Jaehong Park and Ravi Sandhu Laboratory for Information Security.

Institute for Cyber Security

A Usage-based Authorization Framework for Collaborative Computing Systems Xinwen Zhang George Mason University Masayuki Nakae NEC Corporation Michael J.

Logical Model and Specification of Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University.

Secure Dependable Stream Data Management Vana Kalogeraki (UC Riverside) Dimitrios Gunopulos (UC Riverside) Ravi Sandhu (UT San Antonio) Bhavani Thuraisingham.

1/25/ ISI-AIS Workshop1 TIUPAM: A Framework for Trustworthiness-centric Information Sharing Shouhuai Xu Univ. Texas at San Antonio Joint work with.

Usage Control: A Vision for Next Generation Access Control Oct 14, 2003 Ravi Sandhu and Jaehong Park ( Laboratory for Information Security.

A Logic Specification for Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University SACMAT 2004.

Towards A Times-based Usage Control Model Baoxian Zhao 1, Ravi Sandhu 2, Xinwen Zhang 3, and Xiaolin Qin 4 1 George Mason University, Fairfax, VA, USA.

© 2006 Ravi Sandhu Cyber-Identity, Authority and Trust Systems Prof. Ravi Sandhu Professor of Information Security and Assurance Director,

© Ravi Sandhu Security Issues in P2P Systems Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.

Atlas Server – A Tool for Atlas Mapping Altai State Technical University Public Fund Altai 21-st Century Barnaul, Russia Irina Mikhailidi.

© Scordias & Morris, 2005 Virtual Classroom Visits: Using Video Conferencing Technology to Enhance Teacher Education Dr. Margaret Scordias Pamela B. Morris,

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Enabling Social and Economic Behaviour based on Reliable Resource Metrics Gabriele Pierantoni, and Keith Rochford. Trinity College Dublin CGW 07 – Krakow.

1 Access Control Models Prof. Ravi Sandhu Executive Director and Endowed Chair January 25, 2013 & February 1, 2013

1 Grand Challenges in Data Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair

RBAC and Usage Control System Security. Role Based Access Control Enterprises organise employees in different roles RBAC maps roles to access rights After.

1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.

Attribute-Based Access Control Models and Beyond

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Nine –

11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.

Access, Usage and Activity Controls Mar. 30, 2012 UTSA CS6393 Jaehong Park Institute for Cyber Security University of Texas at San Antonio

Extended Role Based Access Control – Based Design and Implementation for a Secure Data Warehouse Dr. Bhavani Thuraisingham Srinivasan Iyer.

Access Control in Data Management Systems Dr. Bhavani Thuraisingham The University of Texas at Dallas Access Control and Policies in Data Management Systems.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Overview of Access and Information Protection

UCON M ODEL Huỳnh Châu Duy. OUTLINE UCON MODEL What? What for? When? Why? CORE MODELS 16 basic models Example COMPARISON Traditional access.

ACE BOF, IETF-89 London Authentication and Authorization for Constrained Environments (ACE) BOF Wed 09:00-11:30, Balmoral BOF Chairs: Kepeng Li, Hannes.

Mairéad Martin The University of Tennessee September 13, 2015 Federated Digital Rights Management.

Adaptive Trust Negotiation and Access Control Tatyana Ryutov, et.al. Presented by: Carlos Caicedo.

Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004.

R EUTERS 150 Y EARS David Parrott Reuters/Chief Technology Office 18 July 2001 Report on Reuters Response to MPEG-21 CfR Report to XACML Committee Face-to-Face.

Trust and Security for Next Generation Grids, Tutorial Usage Control for Next Generation Grids Introduction Philippe Massonet et al CETIC.

Extensible Access Control Framework for Cloud Applications KTH-SEECS Applied Information Security Lab SEECS NUST Implementation Perspective.

INSTITUTE FOR CYBER SECURITY A Hybrid Enforcement Model for Group-Centric Secure Information Sharing (g-SIS) Co-authored with Ram Krishnan, PhD Candidate,

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Policies September 7, 2010.

1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Policies June 2011.

1 Usage Control (UCON) or ABAC on Steroids Prof. Ravi Sandhu Executive Director and Endowed Chair February 26, 2016

Access Control in Data Management Systems

Attribute-Based Access Control (ABAC)

Institute for Cyber Security

Institute for Cyber Security

Institute for Cyber Security

Autonomous Aggregate Data Analytics in Untrusted Cloud

Federated Digital Rights Management

TIUPAM: A Framework for Trustworthiness-centric Information Sharing

Assured Information Sharing

Access Control in Data Management Systems

Institute for Cyber Security

Cyber Security Research: A Personal Perspective

Attribute-Based Access Control (ABAC)

Presentation transcript:

Usage Control: UCON Ravi Sandhu

© Ravi Sandhu2 Problem Statement Traditional access control models are not adequate for todays distributed, network- connected digital environment. Authorization only – No obligation or condition based control Decision is made before access – No ongoing control No consumable rights - No mutable attributes Rights are pre-defined and granted to subjects

© Ravi Sandhu3 Prior Work Problem-specific enhancement to traditional access control Digital Rights Management (DRM) mainly focus on intellectual property rights protection. Architecture and Mechanism level studies, Functional specification languages – Lack of access control model Trust Management Authorization for strangers access based on credentials

© Ravi Sandhu4 Prior Work Incrementally enhanced models Provisional authorization [Kudo & Hada, 2000] EACL [Ryutov & Neuman, 2001] Task-based Access Control [Thomas & Sandhu, 1997] Ponder [Damianou et al., 2001]

© Ravi Sandhu5 Problem Statement Traditional access control models are not adequate for todays distributed, network-connected digital environment. No access control models available for DRM. Recently enhanced models are not comprehensive enough to resolve various shortcomings. Need for a unified model that can encompass traditional access control models, DRM and other enhanced access control models from recent literature

© Ravi Sandhu6 Usage Control (UCON) Coverage Protection Objectives Sensitive information protection IPR protection Privacy protection Protection Architectures Server-side reference monitor Client-side reference monitor SRM & CRM

© Ravi Sandhu7 Building ABC Models Continuity Decision can be made during usage for continuous enforcement Mutability Attributes can be updated as side- effects of subjects actions

© Ravi Sandhu8 Examples Long-distance phone (pre-authorization with post-update) Pre-paid phone card (ongoing-authorization with ongoing-update) Pay-per-view (pre-authorization with pre- updates) Click Ad within every 30 minutes (ongoing- obligation with ongoing-updates) Business Hour (pre-/ongoing-condition)

© Ravi Sandhu9 Beyond the ABC Core Models