Presentation is loading. Please wait.

Presentation is loading. Please wait.

INSTITUTE FOR CYBER SECURITY © Ravi Sandhu11 Group-Centric Information Sharing Ravi Sandhu Executive Director and Endowed Professor Institute for Cyber.

Published byTrevor Harper Modified over 8 years ago

Similar presentations

Presentation on theme: "INSTITUTE FOR CYBER SECURITY © Ravi Sandhu11 Group-Centric Information Sharing Ravi Sandhu Executive Director and Endowed Professor Institute for Cyber."— Presentation transcript:

1 INSTITUTE FOR CYBER SECURITY © Ravi Sandhu11 Group-Centric Information Sharing Ravi Sandhu Executive Director and Endowed Professor Institute for Cyber Security University of Texas at San Antonio www.ics.utsa.edu www.profsandhu.com

2 INSTITUTE FOR CYBER SECURITY Collaboration and Groups © Ravi Sandhu2 Group-Centric Information Sharing Collaboration Systems Rich area for theory and practice PC Meeting Merger and Acquisition Design Collaboration Trouble-shooting Collaboration Joint Proposal Research Collaboration …. Metaphor: Secure meeting room Metaphor: Subscription

3 INSTITUTE FOR CYBER SECURITY Collaboration & Information Sharing Collaboration requires Information Sharing  How else do you collaborate? Share but Differentiate  How much can we differentiate within a collaboration and still meaningfully call it a collaboration? 3 - Entirely bilateral sharing - Bilateral sharing with multi-step chains Too fragmented Too uniform - Equal access for all collaborators Where is the balance? © Ravi Sandhu

4 INSTITUTE FOR CYBER SECURITY 4 Where is the Balance? We have a proposal for Share but Differentiate “Equality” translates to the technical and semantic concept of a group with the metaphor of a secure meeting room  What is the semantics/policy of a secure meeting room? “Differentiation” translates to groups and sub-groups combined recursively … Groups within Groups within Groups … © Ravi Sandhu

5 INSTITUTE FOR CYBER SECURITY 5 Divide and Conquer Initial investigation: single group Read only: actually add, remove and read  We have some promising insights Read-Write:  Object model  Version constraints  Just starting to investigate Multiple groups  To be done © Ravi Sandhu

6 INSTITUTE FOR CYBER SECURITY Group-Centric Sharing © Ravi Sandhu6 GROUP Authz (S,O,R)? Join Leave AddRemove Subjects Objects GROUP Authz (S,O,R)? Strict Join Strict Leave Liberal Add Liberal Remove Liberal Join Liberal Leave Strict Add Strict Remove Subjects Objects

7 INSTITUTE FOR CYBER SECURITY Group-Centric Models © Ravi Sandhu7 Core Properties Level 1 Level 2 Core Properties  Required of any policy Additional Properties  Level 1 cannot violate Core  Level 2 cannot violate Level 1  …

8 INSTITUTE FOR CYBER SECURITY Core Properties © Ravi Sandhu8 GROUP Authz (S,O,R)? Join Leave Add Remove Subjects Objects (a) (b) (a) (b) 1. Overlapping Membership Property 2. Persistence Property 3. Liveness Properties 4. Safety Properties

9 INSTITUTE FOR CYBER SECURITY Level 1 Join Operations  Lossy Vs Lossless Lose existing authorization(s) on Join No lose on Join  Restorative Vs Non-Restorative Restore authorizations from past membership(s) No restoration from past Leave Operations  Gainful Vs Gainless Gain authorization(s) from past membership period No such gain  Restorative Vs Non-Restorative Restore authorization(s) from prior to Join No such restoration © Ravi Sandhu9 GROUP Authz (S,O,R)? Join Leave Add Remove Objects Subjects Level 1 properties for Add and Remove? Fix Level 1 Operations: Lossless Join, Gainless Leave Non-Restorative Join & Leave

10 INSTITUTE FOR CYBER SECURITY Level 2 © Ravi Sandhu10 Add after Join Add before Join Allow any combination of Level 2 operations

11 INSTITUTE FOR CYBER SECURITY 11 Read-Write Work in progress  Object Model  Version Constraint Model © Ravi Sandhu

12 INSTITUTE FOR CYBER SECURITY 12 Conclusion Principles:  Share but Differentiate  … Groups within Groups within Groups … Temporal aspect is critical for policy and semantics of groups for information sharing Partners in this venture  Ram Krishnan, Doctoral candidate, GMU  Jianwei Niu, Asst. Prof., UTSA CS & ICS  W. Winsborough, Assoc. Prof., UTSA CS & ICS © Ravi Sandhu

13 INSTITUTE FOR CYBER SECURITY Temporal Notation (Backup) © Ravi Sandhu13

Download ppt "INSTITUTE FOR CYBER SECURITY © Ravi Sandhu11 Group-Centric Information Sharing Ravi Sandhu Executive Director and Endowed Professor Institute for Cyber."

Similar presentations

INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.

INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.
INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
INSTITUTE FOR CYBER SECURITY 1 Industry-Academia Research Synergy: Fantasy or Reality? Ravi Sandhu Executive Director and Endowed Professor Institute for.

INSTITUTE FOR CYBER SECURITY 1 Industry-Academia Research Synergy: Fantasy or Reality? Ravi Sandhu Executive Director and Endowed Professor Institute for.
1 PANEL Solving the Access Control Puzzle: Finding the Pieces and Putting Them Together Ravi Sandhu Executive Director Endowed Professor June 2010

1 PANEL Solving the Access Control Puzzle: Finding the Pieces and Putting Them Together Ravi Sandhu Executive Director Endowed Professor June 2010
INSTITUTE FOR CYBER SECURITY 1 The PEI + UCON Framework for Application Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY 1 The PEI + UCON Framework for Application Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
Towards Secure Information Sharing Models for Community Cyber Security Ravi Sandhu, Ram Krishnan and Gregory B. White Institute for Cyber Security University.

Towards Secure Information Sharing Models for Community Cyber Security Ravi Sandhu, Ram Krishnan and Gregory B. White Institute for Cyber Security University.
Institute for Cyber Security ASCAA Principles for Next- Generation Role-Based Access Control Ravi Sandhu Executive Director & Endowed Professor Institute.

Institute for Cyber Security ASCAA Principles for Next- Generation Role-Based Access Control Ravi Sandhu Executive Director & Endowed Professor Institute.
Stale-Safe Security Properties for Secure Information Sharing Ram Krishnan (GMU) Jianwei Niu (UT San Antonio) Ravi Sandhu (UT San Antonio) William Winsborough.

Stale-Safe Security Properties for Secure Information Sharing Ram Krishnan (GMU) Jianwei Niu (UT San Antonio) Ravi Sandhu (UT San Antonio) William Winsborough.
Institute for Cyber Security

Institute for Cyber Security
11 World-Leading Research with Real-World Impact! A Lattice Interpretation of Group-Centric Collaboration with Expedient Insiders Khalid Zaman Bijon, Tahmina.

11 World-Leading Research with Real-World Impact! A Lattice Interpretation of Group-Centric Collaboration with Expedient Insiders Khalid Zaman Bijon, Tahmina.
Ram Krishnan PhD Candidate Dissertation Directors: Dr. Ravi Sandhu and Dr. Daniel Menascé Group-Centric Secure Information Sharing Models Dissertation.

Ram Krishnan PhD Candidate Dissertation Directors: Dr. Ravi Sandhu and Dr. Daniel Menascé Group-Centric Secure Information Sharing Models Dissertation.
1 The Data and Application Security and Privacy (DASPY) Challenge Prof. Ravi Sandhu Executive Director and Endowed Chair 11/11/11

1 The Data and Application Security and Privacy (DASPY) Challenge Prof. Ravi Sandhu Executive Director and Endowed Chair 11/11/11
1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.

1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.
Attribute-Based Access Control Models and Beyond

Attribute-Based Access Control Models and Beyond
1 Plenary Panel on Cloud Security and Privacy: What is new and What needs to be done? Ravi Sandhu Executive Director and Endowed Professor December 2010.

1 Plenary Panel on Cloud Security and Privacy: What is new and What needs to be done? Ravi Sandhu Executive Director and Endowed Professor December 2010.
11 World-Leading Research with Real-World Impact! A Group-Centric Model for Collaboration with Expedient Insiders in Multilevel Systems Khalid Zaman Bijon,

11 World-Leading Research with Real-World Impact! A Group-Centric Model for Collaboration with Expedient Insiders in Multilevel Systems Khalid Zaman Bijon,
INSTITUTE FOR CYBER SECURITY 1 Cyber Security: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security.

INSTITUTE FOR CYBER SECURITY 1 Cyber Security: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security.
UTSA Amy(Yun) Zhang, Ram Krishnan, Ravi Sandhu Institute for Cyber Security University of Texas at San Antonio San Antonio, TX 78249 Nov 03, 2014 Presented.

UTSA Amy(Yun) Zhang, Ram Krishnan, Ravi Sandhu Institute for Cyber Security University of Texas at San Antonio San Antonio, TX Nov 03, 2014 Presented.
1 Institute for Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair February 4, 2015

1 Institute for Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair February 4, 2015
1 Big Data Applications in Cloud and Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Professor UTSA COB Symposium on Big Data, Big Challenges.

1 Big Data Applications in Cloud and Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Professor UTSA COB Symposium on Big Data, Big Challenges.

Similar presentations

Ads by Google