Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Laboratory of Information Integration, Security and Privacy ● University of North Carolina at Charlotte URL:www.sis.uncc.edu/LIISPSTECH 306, UNC Charlotte.

Published byAvice Hodges Modified over 8 years ago

Similar presentations

Presentation on theme: "The Laboratory of Information Integration, Security and Privacy ● University of North Carolina at Charlotte URL:www.sis.uncc.edu/LIISPSTECH 306, UNC Charlotte."— Presentation transcript:

1 The Laboratory of Information Integration, Security and Privacy ● University of North Carolina at Charlotte URL:www.sis.uncc.edu/LIISPSTECH 306, UNC Charlotte Secure Information Sharing within a Collaborative Environment DoE ECPI Project Gail-Joon Ahn UNC Charlotte

2 University Of North Carolina at Charlotte September 28, 2005The Laboratory of Information Integration, Security and Privacy Slide 2 Contents  Introduction  Motivation and Related Work  Our approach – Role-based Delegation : Concepts and Model – Other Supporting Mechanisms  Ongoing and Future work  Summary

3 University Of North Carolina at Charlotte September 28, 2005The Laboratory of Information Integration, Security and Privacy Slide 3 Access control is concerned with limiting the activity of legitimate users Security techniques WW W Mail Resources (O) DB User (S) File/ Dir Authentication Incident Handling Cryptography Intrusion Detection Auditing Who are you?What can you do?Vulnerabilities, where?How to detect attacks?Encipher/decipher codes?How to react to attacks? Access Control Reference Monitor

4 University Of North Carolina at Charlotte September 28, 2005The Laboratory of Information Integration, Security and Privacy Slide 4 Collaborative Environment  Selective information sharing is necessary  Information may be shared across organizational boundaries  It is impossible to fully predict what data should be shared, when and to whom  A mechanism must be provided for revoking the sharing when it is no longer needed Healthcare Information System Dr. Chen Dr. Jain Patient - Jennifer Specialist Clinic Dr. White Hospital A Community Relationship Authorization Authentication –Scalable authentication –Token-based Access Control –Role-based delegation –Interoperable access management Identity Management –Privacy Attribute Mgmt. –Identity Federation How can we share critical information in a secure manner ?

5 University Of North Carolina at Charlotte September 28, 2005The Laboratory of Information Integration, Security and Privacy Slide 5 Research Issues  Can we share information in a secure manner?  Do we need new security models for this environment?  What kind of security requirements/constraints/policies should be identified?  How can we specify them?  How can we enforce security policies over distributed domains?  What security architectures are needed?

6 University Of North Carolina at Charlotte September 28, 2005The Laboratory of Information Integration, Security and Privacy Slide 6 Our Approaches – Propose security model to address human- to-human delegation and revocation – Use authorization language to express and enforce delegation and revocation policies in this model – Identify security architectures and supporting components – Evaluate the feasibility and applicability of our approach

7 University Of North Carolina at Charlotte September 28, 2005The Laboratory of Information Integration, Security and Privacy Slide 7 Delegation Issues  Permanence – Type of delegation in terms of their time duration  Monotonicity – The state of the power that the delegating role member possesses after he or she delegates the role – Monotonic and non-monotonic  Totality – How completely the permissions assigned to a role are delegated  Administration – Who will be the actual administrator of the delegation?  Levels of delegation – Defines whether or not each delegation can be further delegated and for how many times  Multiple delegation – The number of users to whom a delegating role member can delegate at any given time – More effective if the delegation is temporary  Delegation Forms – Human-to-Human A user delegates his/her privileges to anther users – Human-to-Machine A user delegates his/her privileges to a system so that the system can access the resources on behalf of the user – Machine-to-Machine

8 University Of North Carolina at Charlotte September 28, 2005The Laboratory of Information Integration, Security and Privacy Slide 8 Role-based Delegation SEMANTICS RULE-BASED POLICY LANGUAGE RBAC96 ARTIFACTSFUNCTIONS ARBAC97RDM2000 URAPRARRADLGT FUNCTIONS Derivation Rules FUNCTIONSBASIC RULES UTILITY FUNCTIONS Available in ACM Transactions on Information and System Security, Vol.6, No.3

9 University Of North Carolina at Charlotte September 28, 2005The Laboratory of Information Integration, Security and Privacy Slide 9 ShareEnabler a) ShareEnabler Agent b) Administrative Policy Editor  Currently testing it on Grid and Scishare (P2P)

10 University Of North Carolina at Charlotte September 28, 2005The Laboratory of Information Integration, Security and Privacy Slide 10 Other Supporting Components  Role Engineering – Role identification – Meta-modeling System, permission, and domain  Role Administration – Structural analysis – Behavioral analysis

11 University Of North Carolina at Charlotte September 28, 2005The Laboratory of Information Integration, Security and Privacy Slide 11 Information flow types in RE  Forward Information Flow (FIF)  Backward Information Flow (BIF) “On Modeling System.centric Information for Role Engineer-ing,” Proc. of 8th ACM Symposium on Access Control Model and Technology, June 2-3, 2003, Como, Italy.

12 University Of North Carolina at Charlotte September 28, 2005The Laboratory of Information Integration, Security and Privacy Slide 12 RolePartner

13 University Of North Carolina at Charlotte September 28, 2005The Laboratory of Information Integration, Security and Privacy Slide 13 Ongoing and Future Works  Ongoing related projects are – Marriage with Wireless Communication and Collaborative Delegation Supported by NSF & DoE CAREER Award ACM TISSEC Vol.6 /No.3 2003, IEEE ITCC 2004 – Private Attribute Management Supported by Bank of America IEEE IPCCC and DEXA 2004 – Role Engineering Methodology Collaboration with NIST ACM SACMAT 2003, ACM SAC 2003 – Vulnerabilities in Collaborative Systems Supported by SPAWAR  Our future research includes – Another type of delegation Permission-centric delegation Role-role delegation – Specification of constraints related to delegation – Correctness and convergence of rule derivations – Distribute and manage rules across organizational boundaries

14 University Of North Carolina at Charlotte September 28, 2005The Laboratory of Information Integration, Security and Privacy Slide 14 Other Applicable Domains Information sharing in Military domain  – Robotic warfare may be a reality by the year 2025. – Battlefield robots need to communicate each other for their mission. They should be able to share information in a secure manner Official DOD Photo  Proactive protection for Critical Infrastructures –Critical infrastructures need to share information each other because one incidents in a critical infrastructure may cause severe damages to other infrastructures due to interdependencies between critical infrastructures

15 University Of North Carolina at Charlotte September 28, 2005The Laboratory of Information Integration, Security and Privacy Slide 15 Summary  First attempt to propose a systematic role-based delegation model  We have – articulated issues in delegation – specified this model with rule-based language – implemented a role-based delegation framework to manage information sharing in the healthcare information system System components, System architecture, System implementation Highlighted features: rule management and context constraints  Acknowledgement – Supported by Department of Energy CAREER award (DE- FG02-03ER25565) and National Science Foundation (IIS- 0242393)

Download ppt "The Laboratory of Information Integration, Security and Privacy ● University of North Carolina at Charlotte URL:www.sis.uncc.edu/LIISPSTECH 306, UNC Charlotte."

Similar presentations

1 Framework for Role-Based Delegation Models (RBDMs) By: Ezedin S.Barka and Ravi Sandhu Laboratory Of Information Security Technology George Mason University.

1 Framework for Role-Based Delegation Models (RBDMs) By: Ezedin S.Barka and Ravi Sandhu Laboratory Of Information Security Technology George Mason University.
Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
© 2006 Open Grid Forum OGF19 Federated Identity Rule-based data management Wed 11:00 AM Mountain Laurel Thurs 11:00 AM Bellflower.

© 2006 Open Grid Forum OGF19 Federated Identity Rule-based data management Wed 11:00 AM Mountain Laurel Thurs 11:00 AM Bellflower.
© 2012 Open Grid Forum Simplifying Inter-Clouds October 10, 2012 Hyatt Regency Hotel Chicago, Illinois, USA.

© 2012 Open Grid Forum Simplifying Inter-Clouds October 10, 2012 Hyatt Regency Hotel Chicago, Illinois, USA.
The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte.

The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte.
Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.

Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.
Formalizing Security Requirements for Grids Syed Naqvi 1,2, Philippe Massonet 1, Alvaro Arenas 2 1 Centre of Excellence in Information and Communication.

Formalizing Security Requirements for Grids Syed Naqvi 1,2, Philippe Massonet 1, Alvaro Arenas 2 1 Centre of Excellence in Information and Communication.
PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Access Control RBAC Database Activity Monitoring.

Access Control RBAC Database Activity Monitoring.
Access Control Methodologies

Access Control Methodologies
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works

Security Controls – What Works
Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.

Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.
XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.

XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.
Military Technical Academy Bucharest, 2006 SECURITY FOR GRID INFRASTRUCTURES - Grid Trust Model - ADINA RIPOSAN Department of Applied Informatics.

Military Technical Academy Bucharest, 2006 SECURITY FOR GRID INFRASTRUCTURES - Grid Trust Model - ADINA RIPOSAN Department of Applied Informatics.
Identity Federation in Healthcare Networks Xiaohui Chen Department of Computer Science University of Virginia.

Identity Federation in Healthcare Networks Xiaohui Chen Department of Computer Science University of Virginia.
Overview FAA IT & ISS R&D: Security Today Security Tomorrow Marshall Potter Chief Scientist for Information Technology Federal Aviation Administration.

Overview FAA IT & ISS R&D: Security Today Security Tomorrow Marshall Potter Chief Scientist for Information Technology Federal Aviation Administration.
“A Service-enabled Access Control Model for Distributed Data” Mark Turner, Philip Woodall Pennine Forum - 16 th September 2004.

“A Service-enabled Access Control Model for Distributed Data” Mark Turner, Philip Woodall Pennine Forum - 16 th September 2004.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

Similar presentations

Ads by Google