Presentation is loading. Please wait.

Presentation is loading. Please wait.

Access Control Evolution and Prospects

Published byElsa Lehtonen Modified over 4 years ago

Similar presentations

Presentation on theme: "Access Control Evolution and Prospects"— Presentation transcript:

1 Access Control Evolution and Prospects
Ravi Sandhu Executive Director Professor of Computer Science Lutcher Brown Chair in Cyber Security October 2019 © Ravi Sandhu World-Leading Research with Real-World Impact!

2 Holistic Cyber Security
Objectives POLICY ATTACKS What? Why? Enforce Enable Defend Respond PROTECT DETECT Complement How? Mechanisms © Ravi Sandhu World-Leading Research with Real-World Impact!

3 Cyber Security Fundamental Technologies
Access Control: Authentication, Authorization Cryptography: Symmetric, Assymetric Detection: Signature, Zero Day Recovery/Recourse: Backups, Forensics Tolerance/Resilience: Mission Assurance ………. © Ravi Sandhu World-Leading Research with Real-World Impact!

4 Cyber Security Fundamental Limits
Copy control Inference Analog hole Trusting humans vs trusting software Trusted computing base vulnerabilities Side channels and covert channels ……………. © Ravi Sandhu World-Leading Research with Real-World Impact!

5 Cryptography Symmetric Key Cryptography, 1977
Asymmetric Key Cryptography, 1996 BlockChain Applications, ???? © Ravi Sandhu World-Leading Research with Real-World Impact!

6 Access Control PEI Layers
Assumes Successful Authentication Idealized Enforceable (Approximate) Codeable © Ravi Sandhu World-Leading Research with Real-World Impact!

7 Access Control Discretionary Access Control (DAC), 1970
Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? © Ravi Sandhu World-Leading Research with Real-World Impact!

8 Discretionary Access Control (DAC)
Core concept: Custodian of information determines access Core drawback: Does not protect copies Therefore OK for integrity but not for confidentiality Sophistication: Delegation of custody Denials or negative rights © Ravi Sandhu World-Leading Research with Real-World Impact!

9 Mandatory Access Control (MAC)
Top Secret Secret Confidential Unclassified can-flow © Ravi Sandhu World-Leading Research with Real-World Impact!

10 Mandatory Access Control (MAC)
Core concept: Extend control to copies by means of security labels Core drawback: Covert/side channels bypass MAC Inference not prevented Too strict Too reductionist Sophistication: Dynamic labels © Ravi Sandhu World-Leading Research with Real-World Impact!

11 Access Control Discretionary Access Control (DAC), 1970
Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? © Ravi Sandhu World-Leading Research with Real-World Impact!

12 Role-Based Access Control (RBAC)
Primary-Care Physician Specialist Physician Physician Health-Care Provider © Ravi Sandhu World-Leading Research with Real-World Impact!

13 Role-Based Access Control (RBAC)
Core concept: Roles determine everything Core drawback: Roles are a natural concept for human users But not so natural for: Information objects IoT things Contextual attributes Sophistication: Role hierarchies Role constraints © Ravi Sandhu World-Leading Research with Real-World Impact!

14 Role-Based Access Control (RBAC)
Fundamental theorem of RBAC: RBAC can be configured to do DAC RBAC can be configured to do MAC © Ravi Sandhu World-Leading Research with Real-World Impact!

15 Access Control Discretionary Access Control (DAC), 1970
Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? © Ravi Sandhu World-Leading Research with Real-World Impact!

16 Attribute-Based Access Control (ABAC)
Operation Access Decision? Yes/No Actor Target Context © Ravi Sandhu World-Leading Research with Real-World Impact!

17 Attribute-Based Access Control (ABAC)
Core concept: Attributes determine everything No fixed access decision rule Core drawback: Flexibility at the cost of complexity Sophistication: Chained attributes Group attributes Distributed decision rules Automation Adaptation © Ravi Sandhu World-Leading Research with Real-World Impact!

18 Access Control Discretionary Access Control (DAC), 1970
Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? © Ravi Sandhu World-Leading Research with Real-World Impact!

19 ABAC Research Space 7. ABAC Design, Engineering and Applications
5. ABAC Policy Architectures and Languages 2. Core ABAC Models 3. Administrative ABAC Models 4. Extended 6. ABAC Enforcement Architectures 1. Foundational Principles and Theory © Ravi Sandhu World-Leading Research with Real-World Impact!

20 Core ABAC Models: ABACβ
© Ravi Sandhu World-Leading Research with Real-World Impact!

21 Core ABAC Models: ABACβ
Policy Configuration Points Can be configured to do various forms of DAC, MAC, RBAC (Jin, Krishnan, Sandhu 2012) © Ravi Sandhu World-Leading Research with Real-World Impact!

22 Administrative ABAC Models: HGABAC
Hierarchical Group and Attribute Based Access Control (HGABAC) Introduces User and Object Groups Simplifies administration of attributes Servos and Osborn, 2015 © Ravi Sandhu World-Leading Research with Real-World Impact!

23 ABAC Applications: Cloud Enabled IoT
Alsheri, Bhatt, Patwa, Benson, Sandhu 2016 onwards © Ravi Sandhu World-Leading Research with Real-World Impact!

24 Policy Architecture: Amazon AWS style
© Ravi Sandhu World-Leading Research with Real-World Impact!

25 ABAC Enforcement Architecture: Federated ABAC
Fisher 2015 NCCOE, NIST, Building Block © Ravi Sandhu World-Leading Research with Real-World Impact!

26 Extended ABAC Models: ReBAC versus ABAC
ReBAC and ABAC are not that different (Tahmina, Sandhu 2017) © Ravi Sandhu World-Leading Research with Real-World Impact!

27 Foundations: Safety Analysis
Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? Can subject s obtain a right r on object o? Current state? Some future state? Safety Complexity Ahmed, Rajkumar, Sandhu 2016 onwards © Ravi Sandhu World-Leading Research with Real-World Impact!

Download ppt "Access Control Evolution and Prospects"

Similar presentations

INSTITUTE FOR CYBER SECURITY 1 The PEI Framework for Application-Centric Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for.

INSTITUTE FOR CYBER SECURITY 1 The PEI Framework for Application-Centric Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for.
ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University.

ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University.
Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.

Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.
Lecture 8 Access Control (cont)

Lecture 8 Access Control (cont)
The RBAC96 Model Prof. Ravi Sandhu. 2 © Ravi Sandhu WHAT IS RBAC?  multidimensional  open ended  ranges from simple to sophisticated.

The RBAC96 Model Prof. Ravi Sandhu. 2 © Ravi Sandhu WHAT IS RBAC?  multidimensional  open ended  ranges from simple to sophisticated.
1 Access Control Models Prof. Ravi Sandhu Executive Director and Endowed Chair January 25, 2013 & February 1, 2013

1 Access Control Models Prof. Ravi Sandhu Executive Director and Endowed Chair January 25, 2013 & February 1, 2013
1 The Future of Access Control: Attributes, Automation and Adaptation Prof. Ravi Sandhu Executive Director and Endowed Chair S&P Symposium IIT Kanpur March.

1 The Future of Access Control: Attributes, Automation and Adaptation Prof. Ravi Sandhu Executive Director and Endowed Chair S&P Symposium IIT Kanpur March.
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.

1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
Future of Access Control: Attributes, Automation, Adaptation

Future of Access Control: Attributes, Automation, Adaptation
1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.

1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.
1 Security and Trust Convergence: Attributes, Relations and Provenance Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown.

1 Security and Trust Convergence: Attributes, Relations and Provenance Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown.
Attribute-Based Access Control Models and Beyond

Attribute-Based Access Control Models and Beyond
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.

1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
1 Institute for Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair February 4, 2015

1 Institute for Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair February 4, 2015
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.

1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
1 Grand Challenges in Authorization Systems Prof. Ravi Sandhu Executive Director and Endowed Chair November 14, 2011

1 Grand Challenges in Authorization Systems Prof. Ravi Sandhu Executive Director and Endowed Chair November 14, 2011
1 The Authorization Leap from Rights to Attributes: Maturation or Chaos? Prof. Ravi Sandhu Executive Director and Endowed Chair SACMAT June 21, 2012

1 The Authorization Leap from Rights to Attributes: Maturation or Chaos? Prof. Ravi Sandhu Executive Director and Endowed Chair SACMAT June 21, 2012
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.

1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
1 Group-Centric Models for Secure Information Sharing Prof. Ravi Sandhu Executive Director and Endowed Chair March 30, 2012

1 Group-Centric Models for Secure Information Sharing Prof. Ravi Sandhu Executive Director and Endowed Chair March 30, 2012
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.

1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.

Similar presentations

Ads by Google