Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.

Published byMarjory Shields Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber."— Presentation transcript:

1 1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber Security University of Texas at San Antonio Indraprastha Institute of Information Technology (IIIT), Delhi February 14, 2015 ravi.sandhu@utsa.edu, www.profsandhu.com, www.ics.utsa.edu © Ravi Sandhu World-Leading Research with Real-World Impact! Institute for Cyber Security

2 © Ravi Sandhu 2 World-Leading Research with Real-World Impact! Access Control Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ????

3 © Ravi Sandhu 3 World-Leading Research with Real-World Impact! The RBAC Story RBAC96 model NIST-ANSI Standard Proposed NIST-ANSI Standard Adopted Ludwig Fuchs, Gunther Pernul and Ravi Sandhu, Roles in Information Security-A Survey and Classification of the Research Area, Computers & Security, Volume 30, Number 8, Nov. 2011, pages 748-76

4 4 World-Leading Research with Real-World Impact! RBAC Shortcomings © Ravi Sandhu Constraints Hard Enough Impossible

5 5 © Ravi Sandhu World-Leading Research with Real-World Impact! ABAC is not New User (Identity) Attributes Public-keys + Secured secrets

6 6 © Ravi Sandhu World-Leading Research with Real-World Impact! ABAC is not New User (Identity) Attributes Public-keys + Secured secrets X.509 Identity Certificates X.500 Directory Pre Internet, early 1990s

7 7 © Ravi Sandhu World-Leading Research with Real-World Impact! ABAC is not New User (Identity) Attributes Public-keys + Secured secrets X.509 Identity Certificates X.509 Attribute Certificates Post Internet, late 1990s

8 8 © Ravi Sandhu World-Leading Research with Real-World Impact! ABAC is not New User (Identity) Attributes Public-keys + Secured secrets Post Internet, late 1990s SPKI Certificates

9 9 © Ravi Sandhu World-Leading Research with Real-World Impact! ABAC is not New User (Identity) Attributes Public-keys + Secured secrets Mature Internet, 2000s Anonymous Credentials

10 10 © Ravi Sandhu World-Leading Research with Real-World Impact! ABAC is not New Action User Subject Object Context Policy Authorization Decision Yes/No Attributes

11 11 © Ravi Sandhu World-Leading Research with Real-World Impact! ABAC is not New Action User Subject Object Context Policy Authorization Decision Yes/No Attributes Mature Internet, 2000s Usage Control XACML Attribute-Based Encryption

12 © Ravi Sandhu 12 World-Leading Research with Real-World Impact! ABAC Status RBAC96 paper Proposed Standard Adopted ABAC still in pre/early phase 1990? 2014

13  Attributes are name:value pairs  possibly chained  values can be complex data structures  Associated with  actions  users  subjects  objects  contexts  policies  Converted by policies into rights just in time  policies specified by security architects  attributes maintained by security administrators  but also possibly by users OR reputation and trust mechanisms  Inherently extensible © Ravi Sandhu 13 World-Leading Research with Real-World Impact! Attribute-Based Access Control (ABAC)

14 14 World-Leading Research with Real-World Impact! ABACα Model Structure © Ravi Sandhu Policy Configuration Points Can be configured to do DAC, MAC, RBAC

15 15 World-Leading Research with Real-World Impact! ABAC β Scope 3. Subject attributes constrained by attributes of subjects created by the same user. 5. Meta-Attributes 2. Subject attribute constraints policy are different at creation and modification time. 1. Context Attributes 4. Policy Language 1, 2, 4, 5 1, 4, 5 4, 5 1,4 1, 4, 5 1, 2, 3, 4, 5 4 4

16 16 ABAC β Model

17 17 © Ravi Sandhu World-Leading Research with Real-World Impact! Beyond ABAC Security Access Control Trust Risk Attributes Relationships Provenance

18  GURA model for user-attribute assignment  Safety analysis of ABAC α and ABAC β  Undecidable safety for ABAC models  Decidable safety for ABAC with finite fixed attributes  Constraints in ABAC  ABAC Cloud IaaS implementations (OpenStack)  Attribute Engineering  Attribute Mining  Unification of Attributes, Relationships and Provenance © Ravi Sandhu 18 World-Leading Research with Real-World Impact! ABAC Research at ICS

Download ppt "1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber."

Similar presentations

INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.

INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.
INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
INSTITUTE FOR CYBER SECURITY 1 The PEI Framework for Application-Centric Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for.

INSTITUTE FOR CYBER SECURITY 1 The PEI Framework for Application-Centric Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for.
Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.

Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.
1 Access Control Models Prof. Ravi Sandhu Executive Director and Endowed Chair January 25, 2013 & February 1, 2013

1 Access Control Models Prof. Ravi Sandhu Executive Director and Endowed Chair January 25, 2013 & February 1, 2013
1 The Future of Access Control: Attributes, Automation and Adaptation Prof. Ravi Sandhu Executive Director and Endowed Chair S&P Symposium IIT Kanpur March.

1 The Future of Access Control: Attributes, Automation and Adaptation Prof. Ravi Sandhu Executive Director and Endowed Chair S&P Symposium IIT Kanpur March.
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.

1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
Future of Access Control: Attributes, Automation, Adaptation

Future of Access Control: Attributes, Automation, Adaptation
1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.

1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.
1 Security and Trust Convergence: Attributes, Relations and Provenance Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown.

1 Security and Trust Convergence: Attributes, Relations and Provenance Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown.
Attribute-Based Access Control Models and Beyond

Attribute-Based Access Control Models and Beyond
1 Plenary Panel on Cloud Security and Privacy: What is new and What needs to be done? Ravi Sandhu Executive Director and Endowed Professor December 2010.

1 Plenary Panel on Cloud Security and Privacy: What is new and What needs to be done? Ravi Sandhu Executive Director and Endowed Professor December 2010.
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.

1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
1 Privacy and Access Control: How are These Two Concepts Related? Prof. Ravi Sandhu Executive Director and Endowed Chair SACMAT Panel June 3, 2015

1 Privacy and Access Control: How are These Two Concepts Related? Prof. Ravi Sandhu Executive Director and Endowed Chair SACMAT Panel June 3, 2015
11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.

11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.
1 A Role Based Administration Model For Attribute Xin Jin, Ram Krishnan, Ravi Sandhu SRAS, Sep 19, 2012 World-Leading Research with Real-World Impact!

1 A Role Based Administration Model For Attribute Xin Jin, Ram Krishnan, Ravi Sandhu SRAS, Sep 19, 2012 World-Leading Research with Real-World Impact!
INSTITUTE FOR CYBER SECURITY 1 Cyber Security: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security.

INSTITUTE FOR CYBER SECURITY 1 Cyber Security: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security.
1 Institute for Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair February 4, 2015

1 Institute for Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair February 4, 2015
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.

1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
1 Big Data Applications in Cloud and Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Professor UTSA COB Symposium on Big Data, Big Challenges.

1 Big Data Applications in Cloud and Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Professor UTSA COB Symposium on Big Data, Big Challenges.

Similar presentations

Ads by Google