Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber-Identity, Authority and Trust in an Uncertain World

Published byEric Fagan Modified over 10 years ago

Similar presentations

Presentation on theme: "Cyber-Identity, Authority and Trust in an Uncertain World"— Presentation transcript:

1 Cyber-Identity, Authority and Trust in an Uncertain World
Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University

2 Outline Perspective on security Role Based Access Control (RBAC)
Objective Model-Architecture Mechanism (OM-AM) Framework Usage Control (UCON)

3 Security Conundrum Nobody knows WHAT security is
Some of us do know HOW to implement pieces of it Result: hammers in search of nails

4 Security Confusion USAGE purpose INTEGRITY modification AVAILABILITY
electronic commerce, electronic business DRM, client-side controls INTEGRITY modification AVAILABILITY access CONFIDENTIALITY disclosure

5 Success is largely unrecognized by the security community
Security Successes On-line banking On-line trading Automatic teller machines (ATMs) GSM phones Set-top boxes ……………………. Success is largely unrecognized by the security community

6 Business models dominate
Good enough security Real-world users Security geeks SECURE EASY end users operations staff help desk whose security perception or reality of security System owner Business models dominate security models COST system solution operational cost opportunity cost cost of fraud

7 Good enough security COST L M H Entrepreneurial mindset H 1 2 3
Academic mindset R I S K 2 3 4 M L 3 4 5

8 RBAC96 model (Currently foundation of a NIST/ANSI/ISO standard)
ROLE HIERARCHIES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERS ROLES PERMISSIONS ... SESSIONS CONSTRAINTS

9 Fundamental Theorem of RBAC
RBAC can be configured to do MAC MAC is Mandatory Access Control as defined in the Orange Book RBAC can be configured to do DAC DAC is Discretionary Access Control as defined in the Orange Book RBAC is policy neutral

10 THE OM-AM WAY A What? s u Objectives r Model a n Architecture c
Mechanism How?

11 OM-AM AND MANDATORY ACCESS CONTROL (MAC)
u r a n c e What? How? No information leakage Lattices (Bell-LaPadula) Security kernel Security labels

12 OM-AM AND DISCRETIONARY ACCESS CONTROL (DAC)
u r a n c e What? How? Owner-based discretion numerous ACLs, Capabilities, etc

13 OM-AM AND ROLE-BASED ACCESS CONTROL (RBAC)
u r a n c e What? How? Objective neutral RBAC96, ARBAC97, etc. user-pull, server-pull, etc. certificates, tickets, PACs, etc.

14 RBAC96 Model ... ROLES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE USERS
SESSIONS ROLE HIERARCHIES CONSTRAINTS This is a somewhat busy slide It shows a bird’s eye view of RBAC There are many details that need to be debated and filled in Some of these will be discussed in the subsequent panel For our purpose the bird’s eye view will suffice

15 Server-Pull Architecture
Client Server User-role Authorization Server

16 User-Pull Architecture
Client Server User-role Authorization Server

17 Proxy-Based Architecture
Client Proxy Server Server User-role Authorization Server

18 Usage Control (UCON) Coverage
Protection Objectives Sensitive information protection IPR protection Privacy protection Protection Architectures Server-side reference monitor Client-side reference monitor SRM & CRM

19 Core UCON (Usage Control) Models
ongoing N/A Continuity Decision can be made during usage for continuous enforcement Mutability Attributes can be updated as side-effects of subjects’ actions

20 Examples Long-distance phone (pre-authorization with post-update)
Pre-paid phone card (ongoing-authorization with ongoing-update) Pay-per-view (pre-authorization with pre-updates) Click Ad within every 30 minutes (ongoing-obligation with ongoing-updates) Business Hour (pre-/ongoing-condition)

21 Good enough security COST Entrepreneurial Mindset 80% problem
soft, informal ordinary consumers L M H Academic Mindset 120% problem hard, informal techno-geeks H 1 2 3 R I S K 2 3 4 M L 3 4 5

Download ppt "Cyber-Identity, Authority and Trust in an Uncertain World"

Similar presentations

INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.

INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.
INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
1 Formal Model and Analysis of Usage Control Dissertation defense Student: Xinwen Zhang Director: Ravi S. Sandhu Co-director: Francesco Parisi-Presicce.

1 Formal Model and Analysis of Usage Control Dissertation defense Student: Xinwen Zhang Director: Ravi S. Sandhu Co-director: Francesco Parisi-Presicce.
Cyber-Identity, Authority and Trust in an Uncertain World

Cyber-Identity, Authority and Trust in an Uncertain World
INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University www.list.gmu.edu.

Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University
Cyber-Identity and Authorization in an Uncertain World Ravi Sandhu Laboratory for Information Security Technology www.list.gmu.edu Department of Information.

Cyber-Identity and Authorization in an Uncertain World Ravi Sandhu Laboratory for Information Security Technology Department of Information.
1 ACSAC 2002 © Mohammad al-Kahtani 2002 A Model for Attribute-Based User-Role Assignment Mohammad A. Al-Kahtani Ravi Sandhu George Mason University SingleSignOn.net,

1 ACSAC 2002 © Mohammad al-Kahtani 2002 A Model for Attribute-Based User-Role Assignment Mohammad A. Al-Kahtani Ravi Sandhu George Mason University SingleSignOn.net,
© 2004 Ravi Sandhu www.list.gmu.edu The Schematic Protection Model (SPM) Ravi Sandhu Laboratory for Information Security Technology George Mason University.

© 2004 Ravi Sandhu The Schematic Protection Model (SPM) Ravi Sandhu Laboratory for Information Security Technology George Mason University.
© 2004-5 Ravi Sandhu www.list.gmu.edu Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology.

© Ravi Sandhu Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology.
© 2004 Ravi Sandhu www.list.gmu.edu The Safety Problem in Access Control HRU Model Ravi Sandhu Laboratory for Information Security Technology George Mason.

© 2004 Ravi Sandhu The Safety Problem in Access Control HRU Model Ravi Sandhu Laboratory for Information Security Technology George Mason.
1 Framework for Role-Based Delegation Models (RBDMs) By: Ezedin S.Barka and Ravi Sandhu Laboratory Of Information Security Technology George Mason University.

1 Framework for Role-Based Delegation Models (RBDMs) By: Ezedin S.Barka and Ravi Sandhu Laboratory Of Information Security Technology George Mason University.
© 2004 Ravi Sandhu www.list.gmu.edu A Perspective on Graphs and Access Control Models Ravi Sandhu Laboratory for Information Security Technology George.

© 2004 Ravi Sandhu A Perspective on Graphs and Access Control Models Ravi Sandhu Laboratory for Information Security Technology George.
Attribute Mutability in Usage Control July 26, 2004, IFIP WG11.3 Jaehong Park, University of Maryland University College Xinwen Zhang, George Mason University.

Attribute Mutability in Usage Control July 26, 2004, IFIP WG11.3 Jaehong Park, University of Maryland University College Xinwen Zhang, George Mason University.
Managing Cyber-Identity, Authorization and Trust (and their inter-relationships) Prof. Ravi Sandhu Laboratory for Information Security Technology George.

Managing Cyber-Identity, Authorization and Trust (and their inter-relationships) Prof. Ravi Sandhu Laboratory for Information Security Technology George.
INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.

INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.
1 Safety Analysis of Usage Control (UCON) Authorization Model Xinwen Zhang, Ravi Sandhu, and Francesco Parisi-Presicce George Mason University AsiaCCS.

1 Safety Analysis of Usage Control (UCON) Authorization Model Xinwen Zhang, Ravi Sandhu, and Francesco Parisi-Presicce George Mason University AsiaCCS.
Towards Usage Control Models: Beyond Traditional Access Control 7 th SACMAT, June 3, 2002 Jaehong Park and Ravi Sandhu Laboratory for Information Security.

Towards Usage Control Models: Beyond Traditional Access Control 7 th SACMAT, June 3, 2002 Jaehong Park and Ravi Sandhu Laboratory for Information Security.
Towards a VMM-based Usage Control Framework for OS Kernel Integrity Protection Min Xu George Mason University Xuxian Jiang George Mason University Ravi.

Towards a VMM-based Usage Control Framework for OS Kernel Integrity Protection Min Xu George Mason University Xuxian Jiang George Mason University Ravi.
Institute for Cyber Security

Institute for Cyber Security

Similar presentations

Ads by Google