A Conceptual Framework for Group-Centric Secure Information Sharing Ram Krishnan (George Mason University) Ravi Sandhu, Jianwei Niu, William Winsborough.

Slides:

Advertisements

Similar presentations

INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.

Advertisements

INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

Privacy-Enhancing Models and Mechanisms for Securing Provenance and its Use October 2010 Lead PI: Ravi Sandhu (UT San Antonio) PIs: Elisa Bertino (Purdue),

INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY April Access Control and Semantic Web Technologies Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

ROWLBAC – Representing Role Based Access Control in OWL

1 PEI Models towards Scalable, Usable and High-assurance Information Sharing Ram Krishnan Laboratory for Information Security Technology George Mason University.

Attribute Mutability in Usage Control July 26, 2004, IFIP WG11.3 Jaehong Park, University of Maryland University College Xinwen Zhang, George Mason University.

A New Modeling Paradigm for Dynamic Authorization in Multi-Domain Systems MMM-ACNS, September 13, 2007 Manoj Sastry, Ram Krishnan, Ravi Sandhu Intel Corporation,

Towards Secure Information Sharing Models for Community Cyber Security Ravi Sandhu, Ram Krishnan and Gregory B. White Institute for Cyber Security University.

Stale-Safe Security Properties for Secure Information Sharing Ram Krishnan (GMU) Jianwei Niu (UT San Antonio) Ravi Sandhu (UT San Antonio) William Winsborough.

Towards Usage Control Models: Beyond Traditional Access Control 7 th SACMAT, June 3, 2002 Jaehong Park and Ravi Sandhu Laboratory for Information Security.

A Usage-based Authorization Framework for Collaborative Computing Systems Xinwen Zhang George Mason University Masayuki Nakae NEC Corporation Michael J.

A Logic Specification for Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University SACMAT 2004.

Towards A Times-based Usage Control Model Baoxian Zhao 1, Ravi Sandhu 2, Xinwen Zhang 3, and Xiaolin Qin 4 1 George Mason University, Fairfax, VA, USA.

11 World-Leading Research with Real-World Impact! A Lattice Interpretation of Group-Centric Collaboration with Expedient Insiders Khalid Zaman Bijon, Tahmina.

Blogging at Memorial University Libraries The what, the why, the how, the who.

Adopting Provenance-based Access Control in OpenStack Cloud IaaS October, 2014 NSS Presentation Institute for Cyber Security University of Texas at San.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Ram Krishnan PhD Candidate Dissertation Directors: Dr. Ravi Sandhu and Dr. Daniel Menascé Group-Centric Secure Information Sharing Models Dissertation.

11 World-Leading Research with Real-World Impact! Integrated Provenance Data for Access Control in Group-centric Collaboration Dang Nguyen, Jaehong Park.

Secure Cyber Incident Information Sharing UTSA Team Leads Dr. Ram Krishnan, Assistant Professor, ECE Dr. Ravi Sandhu, Executive Director, ICS April 30,

Attribute-Based Access Control Models and Beyond

Dynasis Secure Group Information Sharing System ADVISOR: DR. AWAIS SHIBLI CO-ADVISOR: DR. ABDUL GHAFOOR GROUP MEMBERS: MANSOOR AHMED SAIF ULLAH YASIR.

11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.

Secure Information and Resource Sharing in CloudSecure Information and Resource Sharing in Cloud References OSAC-SID Model [1]K. Harrison and G. White.

Software Architecture April-10Confidential Proprietary Master Data Management mainly inspired from Enterprise Master Data Management – An SOA approach.

American Assembly for Men in Nursing Lavoy Bray, RN MEd Vice President, AAMN Co-Chair Membership and New Chapter Committee.

1 A Role Based Administration Model For Attribute Xin Jin, Ram Krishnan, Ravi Sandhu SRAS, Sep 19, 2012 World-Leading Research with Real-World Impact!

● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0.

11 World-Leading Research with Real-World Impact! A Group-Centric Model for Collaboration with Expedient Insiders in Multilevel Systems Khalid Zaman Bijon,

Catalyst 2002 SAML InterOp July 15, 2002 Prateek Mishra San Francisco Netegrity.

INSTITUTE FOR CYBER SECURITY 1 Cyber Security: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security.

UTSA Amy(Yun) Zhang, Ram Krishnan, Ravi Sandhu Institute for Cyber Security University of Texas at San Antonio San Antonio, TX Nov 03, 2014 Presented.

INSTITUTE FOR CYBER SECURITY © Ravi Sandhu11 Group-Centric Information Sharing Ravi Sandhu Executive Director and Endowed Professor Institute for Cyber.

11 World-Leading Research with Real-World Impact! Towards Provenance and Risk-Awareness in Social Computing Yuan Cheng, Dang Nguyen, Khalid Bijon, Ram.

Secure Cyber Incident Information Sharing UTSA Team Leads Dr. Ram Krishnan, Assistant Professor, ECE Dr. Ravi Sandhu, Professor (CS) and Executive Director.

Archiving s. How to Manage Auto-Archive in Outlook Your Microsoft Outlook mailbox grows as you create and receive items. To manage the space.

On Data Provenance in Group-centric Secure Collaboration Oct. 17, 2011 CollaborateCom Jaehong Park, Dang Nguyen and Ravi Sandhu Institute for Cyber Security.

Lattice-Based Access Control Models Ravi S. Sandhu Colorado State University CS 681 Spring 2005 John Tesch.

11 World-Leading Research with Real-World Impact! Group-Centric Secure Information Sharing: A Lattice Interpretation Institute for Cyber Security Ravi.

INSTITUTE FOR CYBER SECURITY 1 The PEI Framework for Application-Centric Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for.

OT Connections is AOTA’s new online community which allows occupational therapists, occupational therapy assistants and students to connect with each.

Steve Allen Marc Greco Michael Dennis. 

1 Group-Centric Models for Secure and Agile Information Sharing Ravi Sandhu Executive Director and Endowed Professor October 2010

Resource Description and Access Deirdre Kiorgaard Australian Committee on Cataloguing Representative to the Joint Steering Committee for the Development.

1 RABAC : Role-Centric Attribute-Based Access Control MMM-ACNS 2012 Xin Jin, Ravi Sandhu, Ram Krishnan University of Texas at San Antonio San Antonio,

G ROUP C ENTRIC I NFORMATION SHARING U SING H IERARCHICAL M ODEL By Amit Mahale Advisor: Dr Tim Finin Co-Advisor: Dr Anupam Joshi 1.

INSTITUTE FOR CYBER SECURITY A Hybrid Enforcement Model for Group-Centric Secure Information Sharing (g-SIS) Co-authored with Ram Krishnan, PhD Candidate,

1 Group-Centric Models for Secure Information Sharing Prof. Ravi Sandhu Executive Director and Endowed Chair March 30, 2012

1 Group-Centric Models for Secure and Agile Information Sharing Ravi Sandhu Executive Director and Endowed Professor April 2010

INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security.

Access Management 2.0: UMA for the #UMAam20 for questions 20 March 2014 tinyurl.com/umawg for slides, recording, and more 1.

Application-Centric Security Models

XACML eXtensible Access Control Markup Language XML World September San Francisco, CA Simon Y. Blackwell Chairperson, XACML Technical Committee.

1 Nallawilli Technology Origins from the Darug Nation located west of Sydney It means to “sit down and listen to one another” A storytelling legacy behind.

Introducing WI Proposal about Authorization Architecture and Policy Group Name: WG4 Source: Wei Zhou, Datang, Meeting Date: Agenda Item:

Introducing WI Proposal about Authorization Architecture and Policy Group Name: WG4 Source: Wei Zhou, Datang, Meeting Date: Agenda Item:

Preserving User Privacy from Third-party Applications in Online Social Networks Yuan Cheng, Jaehong Park and Ravi Sandhu Institute for Cyber Security University.

1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.

Authorization Policy Specification and Enforcement for Group-Centric Secure Information Sharing Ram Krishnan and Ravi Sandhu University of Texas at San.

INSTITUTE FOR CYBER SECURITY 1 Enforcement Architecture and Implementation Model for Group-Centric Information Sharing © Ravi Sandhu Ram Krishnan (George.

Ram Krishnan (George Mason University) Ravi Sandhu, Jianwei Niu, William Winsborough (University of Texas at San Antonio) Foundations for Group-Centric.

INSTITUTE FOR CYBER SECURITY 1 Purpose-Centric Secure Information Sharing Ravi Sandhu Executive Director and Endowed Professor Institute for Cyber Security.

Institute for Cyber Security An Attribute-Based Protection Model

Past, Present and Future

Institute for Cyber Security

Prosunjit Biswas, Ravi Sandhu and Ram Krishnan

Beyond Proof-of-compliance: Security Analysis in Trust Management

Assured Information Sharing

Presentation transcript:

A Conceptual Framework for Group-Centric Secure Information Sharing Ram Krishnan (George Mason University) Ravi Sandhu, Jianwei Niu, William Winsborough (University of Texas at San Antonio) ASIACCS 2009, Sydney, Australia

Secure Information Sharing (SIS) A fundamental problem in cyber security – Share but protect Current approaches not satisfactory Classic models (DAC/MAC/RBAC) do not work Recent approaches Proprietary systems for Enterprise Rights Management Many solutions: IBM, CA, Oracle, Sun, Authentica, etc. Interoperability is a major issue Many languages have been standardized XrML, ODRL, XACML, etc. Primarily, dissemination or object centric 2

Dissemination Centric Sharing Attach attributes and policies to objects – Objects are associated with sticky policies – XrML, ODRL, XACML, etc. provide sticky policies 3 AliceBobCharlieRaviShashi Attribute + Policy Cloud Object Attribute + Policy Cloud Object Attribute + Policy Cloud Object Attribute + Policy Cloud Object Dissemination Chain with Sticky Policies on Objects Attribute Cloud

Group Centric Sharing (g-SIS) Advocates bringing users & objects together in a group – In practice, co-exists with dissemination centric sharing 4 Never Group Subject Leave Current Group Subject Past Group Subject Join Never Group Object Remove Current Group Object Past Group Object Add Two useful metaphors – Secure Meeting/Document Room Users’ access may depend on their participation period E.g. Program committee meeting, Collaborative Product Development, Merger and Acquisition, etc. – Subscription Model Access to content may depend on when the subscription began E.g. Magazine Subscription, Secure Multicast, etc.

Core g-SIS Properties JoinAdd Authz AddJoin Authz 1. Provenance: Authorization can only originate during a simultaneous period of membership 2. Bounded Authorization: Authorization cannot grow during non- membership periods 3. Persistence: Authorization cannot change if no group event occurs

g-SIS Operation Semantics 6 6 GROUP Authz (S,O,R)? Join Leave Add Remove Subjects Objects GROUP Authz (S,O,R)? Strict Join Strict Leave Liberal Add Liberal Remove Liberal Join Liberal Leave Strict Add Strict Remove Subjects Objects

Operation Semantics (Continued) 7 Strict Join (SJ): Only access objects added after Join time Liberal Join (LJ): Also access objects added before Join time Strict Leave (SL): Lose access to all objects Liberal Leave (LL): Retain authorizations held at Leave time

Operation Semantics (Continued) 8 Strict Add (SA): Only existing subjects at Add time are authorized Liberal Add (LA): No such restrictions Strict Remove (SR): All subjects lose access Liberal Remove (LR): Subjects who had authorization at Remove time can retain access

Family of g-SIS Models 9 Most Restrictive g-SIS Specification: Traditional Groups: Secure Multicast:

Conclusion & Future Work Group-centric Vs Dissemination-centric Focus on group operation semantics Lattice of g-SIS models Ongoing Work – Extension to other operations such as write, etc. – Multiple groups Investigate information flow Compare with Lattice Based Access Control models – Attribute Based Access Control in g-SIS 10

Thank You! 11 Comments & Questions Web:

Backup 12

Presentation Outline Secure Information Sharing (SIS) – Dissemination Vs Group Centric Group Centric SIS (g-SIS) g-SIS Core Properties g-SIS Operation Semantics Family of g-SIS Models Usage Scenarios Conclusions 13

g-SIS (continued) Never Group Subject Leave Current Group Subject Past Group Subject Join Never Group Object Remove Current Group Object Past Group Object Add Subject Membership States Object Membership States

Operation Semantics (Continued) 15

Re-visiting Metaphors Program Committee Meeting – Committee members initially enter room with LJ – Exit room with LL – Re-admitted with SJ if no access allowed to conversations during periods of absence LJ, on the other hand, will allow access Objects added with SA are accessible to existing members in the room 16