Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Conceptual Framework for Group-Centric Secure Information Sharing Ram Krishnan (George Mason University) Ravi Sandhu, Jianwei Niu, William Winsborough.

Published byEsther Shields Modified over 8 years ago

Similar presentations

Presentation on theme: "A Conceptual Framework for Group-Centric Secure Information Sharing Ram Krishnan (George Mason University) Ravi Sandhu, Jianwei Niu, William Winsborough."— Presentation transcript:

1 A Conceptual Framework for Group-Centric Secure Information Sharing Ram Krishnan (George Mason University) Ravi Sandhu, Jianwei Niu, William Winsborough (University of Texas at San Antonio) ASIACCS 2009, Sydney, Australia

2 Secure Information Sharing (SIS) A fundamental problem in cyber security – Share but protect Current approaches not satisfactory Classic models (DAC/MAC/RBAC) do not work Recent approaches Proprietary systems for Enterprise Rights Management Many solutions: IBM, CA, Oracle, Sun, Authentica, etc. Interoperability is a major issue Many languages have been standardized XrML, ODRL, XACML, etc. Primarily, dissemination or object centric 2

3 Dissemination Centric Sharing Attach attributes and policies to objects – Objects are associated with sticky policies – XrML, ODRL, XACML, etc. provide sticky policies 3 AliceBobCharlieRaviShashi Attribute + Policy Cloud Object Attribute + Policy Cloud Object Attribute + Policy Cloud Object Attribute + Policy Cloud Object Dissemination Chain with Sticky Policies on Objects Attribute Cloud

4 Group Centric Sharing (g-SIS) Advocates bringing users & objects together in a group – In practice, co-exists with dissemination centric sharing 4 Never Group Subject Leave Current Group Subject Past Group Subject Join Never Group Object Remove Current Group Object Past Group Object Add Two useful metaphors – Secure Meeting/Document Room Users’ access may depend on their participation period E.g. Program committee meeting, Collaborative Product Development, Merger and Acquisition, etc. – Subscription Model Access to content may depend on when the subscription began E.g. Magazine Subscription, Secure Multicast, etc.

5 Core g-SIS Properties JoinAdd Authz AddJoin Authz 1. Provenance: Authorization can only originate during a simultaneous period of membership 2. Bounded Authorization: Authorization cannot grow during non- membership periods 3. Persistence: Authorization cannot change if no group event occurs

6 g-SIS Operation Semantics 6 6 GROUP Authz (S,O,R)? Join Leave Add Remove Subjects Objects GROUP Authz (S,O,R)? Strict Join Strict Leave Liberal Add Liberal Remove Liberal Join Liberal Leave Strict Add Strict Remove Subjects Objects

7 Operation Semantics (Continued) 7 Strict Join (SJ): Only access objects added after Join time Liberal Join (LJ): Also access objects added before Join time Strict Leave (SL): Lose access to all objects Liberal Leave (LL): Retain authorizations held at Leave time

8 Operation Semantics (Continued) 8 Strict Add (SA): Only existing subjects at Add time are authorized Liberal Add (LA): No such restrictions Strict Remove (SR): All subjects lose access Liberal Remove (LR): Subjects who had authorization at Remove time can retain access

9 Family of g-SIS Models 9 Most Restrictive g-SIS Specification: Traditional Groups: Secure Multicast:

10 Conclusion & Future Work Group-centric Vs Dissemination-centric Focus on group operation semantics Lattice of g-SIS models Ongoing Work – Extension to other operations such as write, etc. – Multiple groups Investigate information flow Compare with Lattice Based Access Control models – Attribute Based Access Control in g-SIS 10

11 Thank You! 11 Comments & Questions Email: rkrishna@gmu.edurkrishna@gmu.edu Web: http://mason.gmu.edu/~rkrishnahttp://mason.gmu.edu/~rkrishna

12 Backup 12

13 Presentation Outline Secure Information Sharing (SIS) – Dissemination Vs Group Centric Group Centric SIS (g-SIS) g-SIS Core Properties g-SIS Operation Semantics Family of g-SIS Models Usage Scenarios Conclusions 13

14 g-SIS (continued) Never Group Subject Leave Current Group Subject Past Group Subject Join Never Group Object Remove Current Group Object Past Group Object Add Subject Membership States Object Membership States

15 Operation Semantics (Continued) 15

16 Re-visiting Metaphors Program Committee Meeting – Committee members initially enter room with LJ – Exit room with LL – Re-admitted with SJ if no access allowed to conversations during periods of absence LJ, on the other hand, will allow access Objects added with SA are accessible to existing members in the room 16

Download ppt "A Conceptual Framework for Group-Centric Secure Information Sharing Ram Krishnan (George Mason University) Ravi Sandhu, Jianwei Niu, William Winsborough."

Similar presentations

INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.

INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.
INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
Privacy-Enhancing Models and Mechanisms for Securing Provenance and its Use October 2010 Lead PI: Ravi Sandhu (UT San Antonio) PIs: Elisa Bertino (Purdue),

Privacy-Enhancing Models and Mechanisms for Securing Provenance and its Use October 2010 Lead PI: Ravi Sandhu (UT San Antonio) PIs: Elisa Bertino (Purdue),
INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
INSTITUTE FOR CYBER SECURITY April 20081 Access Control and Semantic Web Technologies Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY April Access Control and Semantic Web Technologies Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
ROWLBAC – Representing Role Based Access Control in OWL

ROWLBAC – Representing Role Based Access Control in OWL
1 PEI Models towards Scalable, Usable and High-assurance Information Sharing Ram Krishnan Laboratory for Information Security Technology George Mason University.

1 PEI Models towards Scalable, Usable and High-assurance Information Sharing Ram Krishnan Laboratory for Information Security Technology George Mason University.
Attribute Mutability in Usage Control July 26, 2004, IFIP WG11.3 Jaehong Park, University of Maryland University College Xinwen Zhang, George Mason University.

Attribute Mutability in Usage Control July 26, 2004, IFIP WG11.3 Jaehong Park, University of Maryland University College Xinwen Zhang, George Mason University.
A New Modeling Paradigm for Dynamic Authorization in Multi-Domain Systems MMM-ACNS, September 13, 2007 Manoj Sastry, Ram Krishnan, Ravi Sandhu Intel Corporation,

A New Modeling Paradigm for Dynamic Authorization in Multi-Domain Systems MMM-ACNS, September 13, 2007 Manoj Sastry, Ram Krishnan, Ravi Sandhu Intel Corporation,
Towards Secure Information Sharing Models for Community Cyber Security Ravi Sandhu, Ram Krishnan and Gregory B. White Institute for Cyber Security University.

Towards Secure Information Sharing Models for Community Cyber Security Ravi Sandhu, Ram Krishnan and Gregory B. White Institute for Cyber Security University.
Stale-Safe Security Properties for Secure Information Sharing Ram Krishnan (GMU) Jianwei Niu (UT San Antonio) Ravi Sandhu (UT San Antonio) William Winsborough.

Stale-Safe Security Properties for Secure Information Sharing Ram Krishnan (GMU) Jianwei Niu (UT San Antonio) Ravi Sandhu (UT San Antonio) William Winsborough.
Towards Usage Control Models: Beyond Traditional Access Control 7 th SACMAT, June 3, 2002 Jaehong Park and Ravi Sandhu Laboratory for Information Security.

Towards Usage Control Models: Beyond Traditional Access Control 7 th SACMAT, June 3, 2002 Jaehong Park and Ravi Sandhu Laboratory for Information Security.
A Usage-based Authorization Framework for Collaborative Computing Systems Xinwen Zhang George Mason University Masayuki Nakae NEC Corporation Michael J.

A Usage-based Authorization Framework for Collaborative Computing Systems Xinwen Zhang George Mason University Masayuki Nakae NEC Corporation Michael J.
A Logic Specification for Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University SACMAT 2004.

A Logic Specification for Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University SACMAT 2004.
Towards A Times-based Usage Control Model Baoxian Zhao 1, Ravi Sandhu 2, Xinwen Zhang 3, and Xiaolin Qin 4 1 George Mason University, Fairfax, VA, USA.

Towards A Times-based Usage Control Model Baoxian Zhao 1, Ravi Sandhu 2, Xinwen Zhang 3, and Xiaolin Qin 4 1 George Mason University, Fairfax, VA, USA.
11 World-Leading Research with Real-World Impact! A Lattice Interpretation of Group-Centric Collaboration with Expedient Insiders Khalid Zaman Bijon, Tahmina.

11 World-Leading Research with Real-World Impact! A Lattice Interpretation of Group-Centric Collaboration with Expedient Insiders Khalid Zaman Bijon, Tahmina.
Blogging at Memorial University Libraries The what, the why, the how, the who.

Blogging at Memorial University Libraries The what, the why, the how, the who.
Adopting Provenance-based Access Control in OpenStack Cloud IaaS October, 2014 NSS Presentation Institute for Cyber Security University of Texas at San.

Adopting Provenance-based Access Control in OpenStack Cloud IaaS October, 2014 NSS Presentation Institute for Cyber Security University of Texas at San.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Ram Krishnan PhD Candidate Dissertation Directors: Dr. Ravi Sandhu and Dr. Daniel Menascé Group-Centric Secure Information Sharing Models Dissertation.

Ram Krishnan PhD Candidate Dissertation Directors: Dr. Ravi Sandhu and Dr. Daniel Menascé Group-Centric Secure Information Sharing Models Dissertation.

Similar presentations

Ads by Google