Presentation is loading. Please wait.

Presentation is loading. Please wait.

Attribute-Based Access Control (ABAC)

Published byOskari Halonen Modified over 5 years ago

Similar presentations

Presentation on theme: "Attribute-Based Access Control (ABAC)"— Presentation transcript:

1 Attribute-Based Access Control (ABAC)
CS 6393 Lecture 4 Attribute-Based Access Control (ABAC) Prof. Ravi Sandhu Executive Director and Endowed Chair February 19, 2016 © Ravi Sandhu World-Leading Research with Real-World Impact!

2 Access Control Discretionary Access Control (DAC), 1970
Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? © Ravi Sandhu World-Leading Research with Real-World Impact! 2

3 Discuss Figs 2 and 3 of NIST SP 800-162
© Ravi Sandhu World-Leading Research with Real-World Impact!

4 ABAC Status 1990? 2016 ABAC still in pre/early phase Standard Adopted
Proposed Standard RBAC96 paper 1990? 2016 ABAC still in pre/early phase © Ravi Sandhu World-Leading Research with Real-World Impact! 4

5 ABAC is not New User (Identity) Attributes Public-keys +
Secured secrets © Ravi Sandhu World-Leading Research with Real-World Impact!

6 Identity Certificates
ABAC is not New User (Identity) X.500 Directory X.509 Identity Certificates Attributes Public-keys + Secured secrets Pre Internet, early 1990s © Ravi Sandhu World-Leading Research with Real-World Impact!

7 Identity Certificates
ABAC is not New User (Identity) X.509 Attribute Certificates X.509 Identity Certificates Attributes Public-keys + Secured secrets Post Internet, late 1990s © Ravi Sandhu World-Leading Research with Real-World Impact!

8 ABAC is not New SPKI Certificates Post Internet, late 1990s
User (Identity) Attributes Public-keys + Secured secrets SPKI Certificates Post Internet, late 1990s © Ravi Sandhu World-Leading Research with Real-World Impact!

9 ABAC is not New Anonymous Credentials Mature Internet, 2000s
User (Identity) Attributes Public-keys + Secured secrets Anonymous Credentials Mature Internet, 2000s © Ravi Sandhu World-Leading Research with Real-World Impact!

10 Authorization Decision
ABAC is not New Attributes Authorization Decision Action User Subject Object Context Policy Yes/No XACML Mature Internet, 2000s © Ravi Sandhu World-Leading Research with Real-World Impact!

11 Usage Control Models, early 2000s
ABAC is not New unified model integrating authorization obligation conditions and incorporating continuity of decisions mutability of attributes Usage Control Models, early 2000s ABAC on steroids © Ravi Sandhu World-Leading Research with Real-World Impact!

12 ABAC Status 1990? 2016 ABAC still in pre/early phase Standard Adopted
Proposed Standard RBAC96 paper 1990? 2016 ABAC still in pre/early phase © Ravi Sandhu World-Leading Research with Real-World Impact! 12

13 Can be configured to do simple forms of DAC, MAC, RBAC
ABACα Model Structure Policy Configuration Points Can be configured to do simple forms of DAC, MAC, RBAC © Ravi Sandhu World-Leading Research with Real-World Impact! 13

14 Discuss highlights of Jin 2012 paper
© Ravi Sandhu World-Leading Research with Real-World Impact!

15 RBAC Extensions 1,4 1, 2, 4, 5 1, 4, 5 4, 5 1, 2, 3, 4, 5 Give examples about what is excluded 4 1, 4, 5 1. Context Attributes 2. Subject attribute constraints policy are different at creation and modification time. 4. Policy Language 5. Meta-Attributes 3. Subject attributes constrained by attributes of subjects created by the same user. World-Leading Research with Real-World Impact! 15

16 Can be configured to do many
ABACβ Model Show abac-alpha Then for each type of extension, highlight the extensions to ABAC 23 and 24 integrated Can be configured to do many RBAC extensions 16

17 Ultimate Unified Model
Attributes Security Access Control Trust Risk Relationships Provenance © Ravi Sandhu World-Leading Research with Real-World Impact!

18 Application Domains Cloud computing Internet of Things ……….
© Ravi Sandhu World-Leading Research with Real-World Impact! 18

19 Discuss Fig 1 of Kandala 2011 paper
© Ravi Sandhu World-Leading Research with Real-World Impact!

20 Discuss Fig 1 and Table 1 of Hu 2015 paper
© Ravi Sandhu World-Leading Research with Real-World Impact!

21 Discuss Kuhn 2010 paper World-Leading Research with Real-World Impact!
© Ravi Sandhu World-Leading Research with Real-World Impact!

Download ppt "Attribute-Based Access Control (ABAC)"

Similar presentations

INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.

INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.
Cyber-Identity, Authority and Trust in an Uncertain World

Cyber-Identity, Authority and Trust in an Uncertain World
INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
INSTITUTE FOR CYBER SECURITY April 20081 Access Control and Semantic Web Technologies Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY April Access Control and Semantic Web Technologies Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.

Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.
1 Access Control Models Prof. Ravi Sandhu Executive Director and Endowed Chair January 25, 2013 & February 1, 2013

1 Access Control Models Prof. Ravi Sandhu Executive Director and Endowed Chair January 25, 2013 & February 1, 2013
1 The Future of Access Control: Attributes, Automation and Adaptation Prof. Ravi Sandhu Executive Director and Endowed Chair S&P Symposium IIT Kanpur March.

1 The Future of Access Control: Attributes, Automation and Adaptation Prof. Ravi Sandhu Executive Director and Endowed Chair S&P Symposium IIT Kanpur March.
Future of Access Control: Attributes, Automation, Adaptation

Future of Access Control: Attributes, Automation, Adaptation
1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.

1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.
1 Security and Trust Convergence: Attributes, Relations and Provenance Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown.

1 Security and Trust Convergence: Attributes, Relations and Provenance Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown.
Attribute-Based Access Control Models and Beyond

Attribute-Based Access Control Models and Beyond
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.

1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.

11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.
1 Institute for Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair February 4, 2015

1 Institute for Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair February 4, 2015
1 Grand Challenges in Authorization Systems Prof. Ravi Sandhu Executive Director and Endowed Chair November 14, 2011

1 Grand Challenges in Authorization Systems Prof. Ravi Sandhu Executive Director and Endowed Chair November 14, 2011
1 The Authorization Leap from Rights to Attributes: Maturation or Chaos? Prof. Ravi Sandhu Executive Director and Endowed Chair SACMAT June 21, 2012

1 The Authorization Leap from Rights to Attributes: Maturation or Chaos? Prof. Ravi Sandhu Executive Director and Endowed Chair SACMAT June 21, 2012
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.

1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
1 The Quest for Single-Sign On Prof. Ravi Sandhu Executive Director and Endowed Chair February 8, 2013 © Ravi Sandhu.

1 The Quest for Single-Sign On Prof. Ravi Sandhu Executive Director and Endowed Chair February 8, © Ravi Sandhu.
1 Cloud Computing and Security Prof. Ravi Sandhu Executive Director and Endowed Chair April 19, 2013 © Ravi Sandhu.

1 Cloud Computing and Security Prof. Ravi Sandhu Executive Director and Endowed Chair April 19, © Ravi Sandhu.
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.

1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.

Similar presentations

Ads by Google