1 Grand Challenges in Authorization Systems Prof. Ravi Sandhu Executive Director and Endowed Chair November 14, 2011

Slides:



Advertisements
Similar presentations
INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.
Advertisements

INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
Cyber-Identity, Authority and Trust in an Uncertain World
INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
Access Control Prof. Ravi Sandhu Executive Director and Endowed Chair
ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University.
Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.
© 2006 Ravi Sandhu Cyber-Identity, Authority and Trust Systems Prof. Ravi Sandhu Professor of Information Security and Assurance Director,
OM-AM and RBAC Ravi Sandhu * Laboratory for Information Security Technology (LIST) George Mason University.
Engineering Authority and Trust in Cyberspace: The OM-AM and RBAC Way Prof. Ravi Sandhu George Mason University
The RBAC96 Model Prof. Ravi Sandhu. 2 © Ravi Sandhu WHAT IS RBAC?  multidimensional  open ended  ranges from simple to sophisticated.
1 Access Control Models Prof. Ravi Sandhu Executive Director and Endowed Chair January 25, 2013 & February 1, 2013
1 The Data and Application Security and Privacy (DASPY) Challenge Prof. Ravi Sandhu Executive Director and Endowed Chair 11/11/11
1 The Future of Access Control: Attributes, Automation and Adaptation Prof. Ravi Sandhu Executive Director and Endowed Chair S&P Symposium IIT Kanpur March.
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.
1 Security and Trust Convergence: Attributes, Relations and Provenance Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown.
Attribute-Based Access Control Models and Beyond
1 Plenary Panel on Cloud Security and Privacy: What is new and What needs to be done? Ravi Sandhu Executive Director and Endowed Professor December 2010.
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
1 Privacy and Access Control: How are These Two Concepts Related? Prof. Ravi Sandhu Executive Director and Endowed Chair SACMAT Panel June 3, 2015
INSTITUTE FOR CYBER SECURITY 1 Cyber Security: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security.
1 Institute for Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair February 4, 2015
1 Big Data Applications in Cloud and Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Professor UTSA COB Symposium on Big Data, Big Challenges.
1 Cloud Computing and Security Prof. Ravi Sandhu Executive Director and Endowed Chair April 19, © Ravi Sandhu.
1 Group-Centric Models for Secure Information Sharing Prof. Ravi Sandhu Executive Director and Endowed Chair March 30, 2012
INSTITUTE FOR CYBER SECURITY 1 Security Models: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security.
1 © Ravi Sandhu OM-AM and PEI Prof. Ravi Sandhu. 2 © Ravi Sandhu THE OM-AM WAY Objectives Model Architecture Mechanism What? How? AssuranceAssurance.
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
CSCE 201 Introduction to Information Security Fall 2010 Access Control Models.
1 Panel on Data Usage Management: Technology or Regulation? Prof. Ravi Sandhu Executive Director and Endowed Chair DUMA 2013 May 23, 2013
1 Cyber Security A Personal Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair January 15, 2016
1 Security and Privacy in Human-Centric Computing and Big Data Management Prof. Ravi Sandhu Executive Director and Endowed Chair CODASPY 2013 February.
1 Open Discussion PSOSM 2012 Prof. Ravi Sandhu Executive Director and Endowed Chair © Ravi Sandhu.
1 The Authorization Leap from Rights to Attributes: Maturation or Chaos? Prof. Ravi Sandhu Executive Director and Endowed Chair SecurIT 2012 August 17,
1 Role-Based Access Control (RBAC) Prof. Ravi Sandhu Executive Director and Endowed Chair January 29, © Ravi.
INSTITUTE FOR CYBER SECURITY 1 Purpose-Centric Secure Information Sharing Ravi Sandhu Executive Director and Endowed Professor Institute for Cyber Security.
Access Control Model SAM-5.
Access Control CSE 465 – Information Assurance Fall 2017 Adam Doupé
Role-Based Access Control (RBAC)
Past, Present and Future
An Access Control Perspective on the Science of Security
Institute for Cyber Security (ICS) & Center for Security and Privacy Enhanced Cloud Computing (C-SPECC) Ravi Sandhu Executive Director Professor of.
Introduction to Cyber Security
Attribute-Based Access Control: Insights and Challenges
Role-Based Access Control (RBAC)
Executive Director and Endowed Chair
Institute for Cyber Security
Institute for Cyber Security
ABAC Panel Prof. Ravi Sandhu Executive Director and Endowed Chair
Institute for Cyber Security
Discretionary Access Control (DAC)
Attribute-Based Access Control (ABAC)
Cyber Security Research: Applied and Basic Combined*
Security and Privacy in the Age of the Internet of Things:
Intersection of Data, Policy and Privacy
OM-AM and RBAC Ravi Sandhu*
Attribute-Based Access Control: Insights and Challenges
Big Data and Privacy Panel Prof. Ravi Sandhu
Application-Centric Security
ASCAA Principles for Next-Generation Role-Based Access Control
Engineering Authority and Trust in Cyberspace: George Mason University
Assured Information Sharing
Institute for Cyber Security
Cyber Security Research: A Personal Perspective
Cyber Security Research: Applied and Basic Combined*
Attribute-Based Access Control (ABAC)
Access Control Evolution and Prospects
Cyber Security R&D: A Personal Perspective
Access Control Evolution and Prospects
Presentation transcript:

1 Grand Challenges in Authorization Systems Prof. Ravi Sandhu Executive Director and Endowed Chair November 14, © Ravi Sandhu World-Leading Research with Real-World Impact! Institute for Cyber Security

Mutually Supportive Technologies © Ravi Sandhu 2 World-Leading Research with Real-World Impact! AUTHENTICATION INTRUSION DETECTION CRYPTOGRAPHY ACCESS CONTROL ASSURANCE RISK ANALYSIS SECURITY ENGINEERING & MANAGEMENT

Cyber Security Objectives © Ravi Sandhu 3 World-Leading Research with Real-World Impact! INTEGRITY modification AVAILABILITY access CONFIDENTIALITY disclosure

Cyber Security Objectives © Ravi Sandhu 4 World-Leading Research with Real-World Impact! INTEGRITY modification AVAILABILITY access CONFIDENTIALITY disclosure USAGE purpose

Cyber Security Objectives © Ravi Sandhu 5 World-Leading Research with Real-World Impact! INTEGRITY modification AVAILABILITY access CONFIDENTIALITY disclosure USAGE purpose USAGE

6 World-Leading Research with Real-World Impact! Authorization Systems © Ravi Sandhu Policy Specification Dynamics Agility Enforcement Grand Challenge arena

 Discretionary Access Control (DAC)  Owner controls access  But only to the original, not to copies  Mandatory Access Control (MAC)  Same as Lattice-Based Access Control (LBAC)  Access based on security labels  Labels propagate to copies  Role-Based Access Control (RBAC)  Access based on roles  Can be configured to do DAC or MAC  Generalizes to Attribute-Based Access Control (ABAC) © Ravi Sandhu 7 World-Leading Research with Real-World Impact! Access Control Models Numerous other models but only 3 successes: SO FAR

Discretionary Access Control © Ravi Sandhu 8 World-Leading Research with Real-World Impact! File F A:r A:w File G B:r A:w B cannot read file F A trusted not to copy F to G B cannot read file F A trusted not to copy F to G ACL

Discretionary Access Control © Ravi Sandhu 9 World-Leading Research with Real-World Impact! File F A:r A:w File G B:r A:w But trusting A does not stop Trojan Horses ACL A Program Goodies Trojan Horse executes read write

Mandatory Access Control © Ravi Sandhu 10 World-Leading Research with Real-World Impact! Unclassified Confidential Secret Top Secret can-flow dominance 

Mandatory Access Control © Ravi Sandhu 11 World-Leading Research with Real-World Impact! Low User High Trojan Horse Infected Subject High User Low Trojan Horse Infected Subject COVERT CHANNEL Information is leaked unknown to the high user

Role-Based Access Control © Ravi Sandhu 12 World-Leading Research with Real-World Impact!  Access is determined by roles  A user’s roles are assigned by security administrators  A role’s permissions are assigned by security administrators Is RBAC MAC or DAC or neither?  RBAC can be configured to do MAC  RBAC can be configured to do DAC  RBAC is policy neutral RBAC is neither MAC nor DAC!

Role-Based Access Control © Ravi Sandhu 13 World-Leading Research with Real-World Impact! ROLES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERS PERMISSIONS... SESSIONS ROLE HIERARCHIES CONSTRAINTS

Server Pull Enforcement Model © Ravi Sandhu 14 World-Leading Research with Real-World Impact! ClientServer User-role Authorization Server

Client Pull Enforcement Model © Ravi Sandhu 15 World-Leading Research with Real-World Impact! ClientServer User-role Authorization Server

 Trojan Horse  Covert Channels  Inference  Analog Hole  Assured Enforcement  Privelege Escalation  Policy Comprehension and Analysis © Ravi Sandhu 16 World-Leading Research with Real-World Impact! Tough Challenges Tough Challenges NOT EQUAL TO Grand Challenges

 How can we be “secure” while being “insecure”?  What is the value of access control when we know that ultimately it can be bypassed? © Ravi Sandhu 17 World-Leading Research with Real-World Impact! Grandest Challenge

18 World-Leading Research with Real-World Impact! Authorization Systems © Ravi Sandhu Policy Specification Dynamics Agility Enforcement Grand Challenge arena

 How do we determine the balance between too much and too little?  How do we enforce policies across multiple layers of the software stack?  How do we build dynamics into policy specifications and enforcement mechanisms?  How do we understand and control what we have done? © Ravi Sandhu 19 World-Leading Research with Real-World Impact! Grand Challenges

 Computer scientists could never have designed the web because they would have tried to make it work.  But the Web does “work.”  What does it mean for the Web to “work”? © Ravi Sandhu 20 World-Leading Research with Real-World Impact! Butler Lampson Paraphrased

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.