Presentation is loading. Please wait.

Presentation is loading. Please wait.

Engineering Authority and Trust in Cyberspace: George Mason University

Published byIlker Kurtar Modified over 5 years ago

Similar presentations

Presentation on theme: "Engineering Authority and Trust in Cyberspace: George Mason University"— Presentation transcript:

1 Engineering Authority and Trust in Cyberspace: George Mason University
The OM-AM and RBAC Way Prof. Ravi Sandhu George Mason University

2 AUTHORIZATION, TRUST AND RISK
Information security is fundamentally about managing authorization and trust so as to manage risk

3 THE OM-AM WAY A What? s u Objectives r Model a n Architecture c
Mechanism How?

4 LAYERS AND LAYERS Multics rings Layered abstractions Waterfall model
Network protocol stacks Napolean layers RoFi layers OM-AM etcetera

5 OM-AM AND MANDATORY ACCESS CONTROL (MAC)
u r a n c e What? How? No information leakage Lattices (Bell-LaPadula) Security kernel Security labels

6 OM-AM AND DISCRETIONARY ACCESS CONTROL (DAC)
u r a n c e What? How? Owner-based discretion numerous ACLs, Capabilities, etc

7 OM-AM AND ROLE-BASED ACCESS CONTROL (RBAC)
u r a n c e What? How? Objective neutral RBAC96, ARBAC97, etc. user-pull, server-pull, etc. certificates, tickets, PACs, etc.

8 DISTRIBUTED RBAC (DRBAC) CASE STUDY
Approximately a dozen physical sites Approximately 2-3 simulation models/site Fewer than 100 roles structured in a very shallow hierarchy A subset of roles is used in any single simulation model Fewer than 100 users A user uses only one role at a time Convenient but not critical Moderate rate of change

9 DISTRIBUTED RBAC (DRBAC) CASE STUDY
Permission-role assignment Locally determined at each simulation model User-role assignment A user can be assigned to a role if and only if all simulation models using that role agree A user is revoked from a role if and only if any simulation model using that role revokes the user

10 DISTRIBUTED RBAC (DRBAC) CASE STUDY
Each simulation model has a security administrator role authorized to carry out these administrative tasks A simulation model can assign permissions to a role X at any time even if X is previously unused in that simulation model Consequently any simulation model can revoke any user from any role!

11 RBAC3 ... ROLE HIERARCHIES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE
USERS ROLES PERMISSIONS ... SESSIONS This is a somewhat busy slide It shows a bird’s eye view of RBAC There are many details that need to be debated and filled in Some of these will be discussed in the subsequent panel For our purpose the bird’s eye view will suffice CONSTRAINTS

12 MODEL CUSTOMIZATION Each session has a single role
SM = {sm1, …, smk}, simulation models OP = {op1, …, opl}, operations P= SM X OP, permissions SMA = {sma1, …, smk}, administrative roles R  SMA =  Admin: SM  SMA

13 MODEL CUSTOMIZATION Can formalize the administrative rules given earlier For each simulation model designate a unique user to be the chief security administrator who is authorized to assign and revoke users from the security administrator role for that model

14 DRBAC ARCHITECTURES Permission-role Permission-role administration
Enforced locally at each simulation model Permission-role administration May need to communicate to other simulation models User-role See following slides User-role administration Centralized or decentralized

15 SERVER MIRROR Client Server User-role Authorization Server

16 SERVER-PULL Client Server User-role Authorization Server

17 USER-PULL Client Server User-role Authorization Server

18 PROXY-BASED Client Proxy Server Server User-role Authorization Server

19 THE OM-AM WAY A What? s u Objectives r Model a n Architecture c
Mechanism How?

Download ppt "Engineering Authority and Trust in Cyberspace: George Mason University"

Similar presentations

Cyber-Identity, Authority and Trust in an Uncertain World

Cyber-Identity, Authority and Trust in an Uncertain World
Cyber-Identity, Authority and Trust in an Uncertain World

Cyber-Identity, Authority and Trust in an Uncertain World
INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University www.list.gmu.edu.

Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University
Cyber-Identity and Authorization in an Uncertain World Ravi Sandhu Laboratory for Information Security Technology www.list.gmu.edu Department of Information.

Cyber-Identity and Authorization in an Uncertain World Ravi Sandhu Laboratory for Information Security Technology Department of Information.
© 2004-5 Ravi Sandhu www.list.gmu.edu Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology.

© Ravi Sandhu Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology.
© 2004 Ravi Sandhu www.list.gmu.edu Role-Based Access Control Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.

© 2004 Ravi Sandhu Role-Based Access Control Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.
INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.

INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.
Role-Based Access Control Prof. Ravi Sandhu George Mason University and NSD Security SACMAT 2003.

Role-Based Access Control Prof. Ravi Sandhu George Mason University and NSD Security SACMAT 2003.
© 2006 Ravi Sandhu www.list.gmu.edu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)

© 2006 Ravi Sandhu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)
ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University.

ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University.
SECURING CYBERSPACE: THE OM-AM, RBAC AND PKI ROADMAP Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University

SECURING CYBERSPACE: THE OM-AM, RBAC AND PKI ROADMAP Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University
How to do Discretionary Access Control Using Roles Ravi Sandhu Qamar Munawer.

How to do Discretionary Access Control Using Roles Ravi Sandhu Qamar Munawer.
Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.

Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.
Future Directions in Role-Based Access Control Models Ravi Sandhu Co-Founder and Chief Scientist SingleSignOn.Net & Professor of Information Technology.

Future Directions in Role-Based Access Control Models Ravi Sandhu Co-Founder and Chief Scientist SingleSignOn.Net & Professor of Information Technology.
ENGINEERING AUTHORITY AND TRUST IN CYBERSPACE: A ROLE-BASED APPROACH Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.

ENGINEERING AUTHORITY AND TRUST IN CYBERSPACE: A ROLE-BASED APPROACH Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.
© 2006 Ravi Sandhu www.list.gmu.edu Cyber-Identity, Authority and Trust Systems Prof. Ravi Sandhu Professor of Information Security and Assurance Director,

© 2006 Ravi Sandhu Cyber-Identity, Authority and Trust Systems Prof. Ravi Sandhu Professor of Information Security and Assurance Director,
ROLE-BASED ACCESS CONTROL: A MULTI-DIMENSIONAL VIEW Ravi Sandhu, Edward Coyne, Hal Feinstein and Charles Youman Seta Corporation McLean, VA Ravi Sandhu.

ROLE-BASED ACCESS CONTROL: A MULTI-DIMENSIONAL VIEW Ravi Sandhu, Edward Coyne, Hal Feinstein and Charles Youman Seta Corporation McLean, VA Ravi Sandhu.
© 2005 Ravi Sandhu www.list.gmu.edu Permissions and Inheritance (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology.

© 2005 Ravi Sandhu Permissions and Inheritance (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology.
© 2005 Ravi Sandhu www.list.gmu.edu Role Usage and Activation Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security.

© 2005 Ravi Sandhu Role Usage and Activation Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security.

Similar presentations

Ads by Google