Presentation is loading. Please wait.

Presentation is loading. Please wait.

Attribute-Based Access Control (ABAC)

Published byYuliana Susman Modified over 5 years ago

Similar presentations

Presentation on theme: "Attribute-Based Access Control (ABAC)"— Presentation transcript:

1 Attribute-Based Access Control (ABAC)
CS 5323 Attribute-Based Access Control (ABAC) Prof. Ravi Sandhu Executive Director and Endowed Chair Lecture 10 © Ravi Sandhu World-Leading Research with Real-World Impact!

2 Access Control Fixed policy Discretionary Access Control (DAC), 1970
Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? Flexible policy © Ravi Sandhu World-Leading Research with Real-World Impact! 2

3 RBAC Shortcomings Constraints Hard Enough Impossible
© Ravi Sandhu World-Leading Research with Real-World Impact! 3

4 The RBAC Story NIST-ANSI Standard Adopted NIST-ANSI Standard Proposed
model Ludwig Fuchs, Gunther Pernul and Ravi Sandhu, Roles in Information Security-A Survey and Classification of the Research Area, Computers & Security, Volume 30, Number 8, Nov. 2011, pages © Ravi Sandhu World-Leading Research with Real-World Impact! 4

5 ABAC Status 1990? 2017 ABAC still in pre/early phase Standard Adopted
Proposed Standard RBAC96 paper 1990? 2017 ABAC still in pre/early phase © Ravi Sandhu World-Leading Research with Real-World Impact! 5

6 ABAC is not New User (Identity) Attributes Public-keys +
Secured secrets © Ravi Sandhu World-Leading Research with Real-World Impact!

7 Identity Certificates
ABAC is not New User (Identity) X.500 Directory X.509 Identity Certificates Attributes Public-keys + Secured secrets Pre Internet, early 1990s © Ravi Sandhu World-Leading Research with Real-World Impact!

8 Identity Certificates
ABAC is not New User (Identity) X.509 Attribute Certificates X.509 Identity Certificates Attributes Public-keys + Secured secrets Post Internet, late 1990s © Ravi Sandhu World-Leading Research with Real-World Impact!

9 ABAC is not New SPKI Certificates Post Internet, late 1990s
User (Identity) Attributes Public-keys + Secured secrets SPKI Certificates Post Internet, late 1990s © Ravi Sandhu World-Leading Research with Real-World Impact!

10 ABAC is not New Anonymous Credentials Mature Internet, 2000s
User (Identity) Attributes Public-keys + Secured secrets Anonymous Credentials Mature Internet, 2000s © Ravi Sandhu World-Leading Research with Real-World Impact!

11 Authorization Decision
ABAC is not New Attributes Authorization Decision Action User Subject Object Context Policy Yes/No XACML Mature Internet, 2000s © Ravi Sandhu World-Leading Research with Real-World Impact!

12 ABACα and ABACβ Models World-Leading Research with Real-World Impact!
© Ravi Sandhu World-Leading Research with Real-World Impact!

13 Just sufficient mechanism to do simple forms of DAC, MAC, RBAC
ABACα Model Structure Policy Configuration Points Just sufficient mechanism to do simple forms of DAC, MAC, RBAC © Ravi Sandhu World-Leading Research with Real-World Impact! 13

14 ABACα Authorization Policy
DAC MAC RBAC0 RBAC1 © Ravi Sandhu World-Leading Research with Real-World Impact! 14

15 ABACα Subject Attribute Constraints
MAC creation modification FALSE RBAC0 RBAC1

16 ABACα Object Attribute Constraints
DAC Creation Modification MAC Creation Modification FALSE

17 Can be configured to do many but not all RBAC extensions
ABACβ Model Show abac-alpha Then for each type of extension, highlight the extensions to ABAC 23 and 24 integrated Can be configured to do many but not all RBAC extensions 17

18 Roles and Attributes World-Leading Research with Real-World Impact!
© Ravi Sandhu World-Leading Research with Real-World Impact!

19 Roles and Attributes Attribute- Centric Dynamic Roles Role- Centric
Role is just another attribute. Nothing special about it. Dynamic Roles Compute user roles from user attributes Role- Centric Attributes constrain permissions of roles for each user © Ravi Sandhu World-Leading Research with Real-World Impact! 19

20 User-Role Assignment Problem
Hard Enough Impossible Constraints © Ravi Sandhu World-Leading Research with Real-World Impact! 20

21 Beyond Attributes World-Leading Research with Real-World Impact!
© Ravi Sandhu World-Leading Research with Real-World Impact!

22 Access Control Fixed policy Discretionary Access Control (DAC), 1970
Mandatory Access Control (MAC), 1970 Relationship Based Access Control (ReBAC), 2008 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? Flexible policy © Ravi Sandhu World-Leading Research with Real-World Impact! 22

23 Access Control Fixed policy Discretionary Access Control (DAC), 1970
Mandatory Access Control (MAC), 1970 Relationship Based Access Control (ReBAC), 2008 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? Flexible policy © Ravi Sandhu World-Leading Research with Real-World Impact! 23

Download ppt "Attribute-Based Access Control (ABAC)"

Similar presentations

INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.

INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.
INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
Cyber-Identity, Authority and Trust in an Uncertain World

Cyber-Identity, Authority and Trust in an Uncertain World
INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.

Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.
ENGINEERING AUTHORITY AND TRUST IN CYBERSPACE: A ROLE-BASED APPROACH Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.

ENGINEERING AUTHORITY AND TRUST IN CYBERSPACE: A ROLE-BASED APPROACH Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.
The RBAC96 Model Prof. Ravi Sandhu. 2 © Ravi Sandhu WHAT IS RBAC?  multidimensional  open ended  ranges from simple to sophisticated.

The RBAC96 Model Prof. Ravi Sandhu. 2 © Ravi Sandhu WHAT IS RBAC?  multidimensional  open ended  ranges from simple to sophisticated.
1 Access Control Models Prof. Ravi Sandhu Executive Director and Endowed Chair January 25, 2013 & February 1, 2013

1 Access Control Models Prof. Ravi Sandhu Executive Director and Endowed Chair January 25, 2013 & February 1, 2013
1 The Future of Access Control: Attributes, Automation and Adaptation Prof. Ravi Sandhu Executive Director and Endowed Chair S&P Symposium IIT Kanpur March.

1 The Future of Access Control: Attributes, Automation and Adaptation Prof. Ravi Sandhu Executive Director and Endowed Chair S&P Symposium IIT Kanpur March.
Future of Access Control: Attributes, Automation, Adaptation

Future of Access Control: Attributes, Automation, Adaptation
1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.

1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.
Attribute-Based Access Control Models and Beyond

Attribute-Based Access Control Models and Beyond
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.

1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
Li Xiong CS573 Data Privacy and Security Access Control.

Li Xiong CS573 Data Privacy and Security Access Control.
1 Institute for Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair February 4, 2015

1 Institute for Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair February 4, 2015
CSCE 201 Introduction to Information Security Fall 2010 Access Control.

CSCE 201 Introduction to Information Security Fall 2010 Access Control.
1 Grand Challenges in Authorization Systems Prof. Ravi Sandhu Executive Director and Endowed Chair November 14, 2011

1 Grand Challenges in Authorization Systems Prof. Ravi Sandhu Executive Director and Endowed Chair November 14, 2011
1 The Authorization Leap from Rights to Attributes: Maturation or Chaos? Prof. Ravi Sandhu Executive Director and Endowed Chair SACMAT June 21, 2012

1 The Authorization Leap from Rights to Attributes: Maturation or Chaos? Prof. Ravi Sandhu Executive Director and Endowed Chair SACMAT June 21, 2012
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.

1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
1 The Quest for Single-Sign On Prof. Ravi Sandhu Executive Director and Endowed Chair February 8, 2013 © Ravi Sandhu.

1 The Quest for Single-Sign On Prof. Ravi Sandhu Executive Director and Endowed Chair February 8, © Ravi Sandhu.

Similar presentations

Ads by Google