ReBAC in ABAC Tahmina Ahmed Department of Computer Science University of Texas at San Antonio 4/29/2016 1 Institute for Cyber Security World-Leading Research.

Slides:



Advertisements
Similar presentations
A Local-Optimization based Strategy for Cost-Effective Datasets Storage of Scientific Applications in the Cloud Many slides from authors’ presentation.
Advertisements

Adopting Provenance-based Access Control in OpenStack Cloud IaaS October, 2014 NSS Presentation Institute for Cyber Security University of Texas at San.
A Provenance-based Access Control Model (PBAC) July 18, 2012 PST’12, Paris, France Jaehong Park, Dang Nguyen and Ravi Sandhu Institute for Cyber Security.
11 World-Leading Research with Real-World Impact! Integrated Provenance Data for Access Control in Group-centric Collaboration Dang Nguyen, Jaehong Park.
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
Future of Access Control: Attributes, Automation, Adaptation
1 Security and Trust Convergence: Attributes, Relations and Provenance Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown.
Attribute-Based Access Control Models and Beyond
11 World-Leading Research with Real-World Impact! RT-Based Administrative Models for Community Cyber Security Information Sharing Ravi Sandhu, Khalid Zaman.
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
Chapter 5. Operations on Multiple R. V.'s 1 Chapter 5. Operations on Multiple Random Variables 0. Introduction 1. Expected Value of a Function of Random.
11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.
11 World-Leading Research with Real-World Impact! A Formal Model for Isolation Management in Cloud Infrastructure-as-a-Service Khalid Zaman Bijon, Ram.
1 A Role Based Administration Model For Attribute Xin Jin, Ram Krishnan, Ravi Sandhu SRAS, Sep 19, 2012 World-Leading Research with Real-World Impact!
11 World-Leading Research with Real-World Impact! A Group-Centric Model for Collaboration with Expedient Insiders in Multilevel Systems Khalid Zaman Bijon,
Institute for Cyber Security A Multi-Tenant RBAC Model for Collaborative Cloud Services Bo Tang, Qi Li and Ravi Sandhu Presented by Bo Tang at The 11 th.
1 Institute for Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair February 4, 2015
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
11 World-Leading Research with Real-World Impact! Towards Provenance and Risk-Awareness in Social Computing Yuan Cheng, Dang Nguyen, Khalid Bijon, Ram.
Provenance-based Access Control in Cloud IaaS August 23, 2013 Dissertation Proposal Dang Nguyen Institute for Cyber Security University of Texas at San.
1 Big Data Applications in Cloud and Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Professor UTSA COB Symposium on Big Data, Big Challenges.
11 World-Leading Research with Real-World Impact! Risk-Aware RBAC Sessions Khalid Zaman Bijon, Ram Krishnan and Ravi Sandhu Institute for Cyber Security.
Database Administration COMSATS INSTITUTE OF INFORMATION TECHNOLOGY, VEHARI.
A User-to-User Relationship-based Access Control Model for Online Social Networks Yuan Cheng, Jaehong Park and Ravi Sandhu Institute for Cyber Security.
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
Institute for Cyber Security Multi-Tenancy Authorization Models for Collaborative Cloud Services Bo Tang, Ravi Sandhu, and Qi Li Presented by Bo Tang ©
1 Attribute-Aware Relationship-Based Access Control for Online Social Networks World-Leading Research with Real-World Impact! Yuan Cheng, Jaehong Park.
1 RABAC : Role-Centric Attribute-Based Access Control MMM-ACNS 2012 Xin Jin, Ravi Sandhu, Ram Krishnan University of Texas at San Antonio San Antonio,
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #12 Secure Object Data Management.
Relationship-based Access Control for Online Social Networks: Beyond User-to-User Relationships Sep. 3, 2012 PASSAT 2012, Amsterdam, The Netherlands Yuan.
INSTITUTE FOR CYBER SECURITY A Hybrid Enforcement Model for Group-Centric Secure Information Sharing (g-SIS) Co-authored with Ram Krishnan, PhD Candidate,
Authorizing Slice Creation How ABAC Coordinates Distributed Authorization Alefiya Hussain 1.
Dependency Path Patterns as the Foundation of Access Control in Provenance-aware Systems June 14, 2012 TaPP’12 Dang Nguyen, Jaehong Park and Ravi Sandhu.
Preserving User Privacy from Third-party Applications in Online Social Networks Yuan Cheng, Jaehong Park and Ravi Sandhu Institute for Cyber Security University.
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
1 Security and Privacy in Human-Centric Computing and Big Data Management Prof. Ravi Sandhu Executive Director and Endowed Chair CODASPY 2013 February.
1 Open Discussion PSOSM 2012 Prof. Ravi Sandhu Executive Director and Endowed Chair © Ravi Sandhu.
1 Provenance-Based Access Control (PBAC) Prof. Ravi Sandhu Executive Director and Endowed Chair April 15, 2016
Extended ReBAC Administrative Models with Cascading Revocation and Provenance Support Yuan Cheng 1 , 2, Khalid Bijon 2, and Ravi Sandhu 1 Institute for.
Object-to-Object Relationship Based Access Control: Model and Multi-Cloud Demonstration Tahmina Ahmed, Farhan Patwa and Ravi Sandhu Department of Computer.
Institute for Cyber Security
Institute for Cyber Security An Attribute-Based Protection Model
Institute for Cyber Security
Institute for Cyber Security
Author Name 1, Author Name 2, & Author Name 3
Institute for Cyber Security
Institute for Cyber Security
World-Leading Research with Real-World Impact!
An Access Control Perspective on the Science of Security
Institute for Cyber Security (ICS) & Center for Security and Privacy Enhanced Cloud Computing (C-SPECC) Ravi Sandhu Executive Director Professor of.
Attribute-Based Access Control: Insights and Challenges
Cyber Security Research: Applied and Basic Combined*
On the Value of Access Control Models
Institute for Cyber Security
Institute for Cyber Security
Institute for Cyber Security
Attribute-Based Access Control (ABAC)
Cyber Security Research: Applied and Basic Combined*
Author Name 1, Author Name 2, & Author Name 3
Author Name 1, Author Name 2, & Author Name 3
Attribute-Based Access Control: Insights and Challenges
© The Author(s) Published by Science and Education Publishing.
Identity and Access Control in the
Assured Information Sharing
Institute for Cyber Security
Cyber Security Research: A Personal Perspective
Cyber Security Research: Applied and Basic Combined*
Access Control Evolution and Prospects
Author Name 1, Author Name 2, & Author Name 3
Access Control Evolution and Prospects
Presentation transcript:

ReBAC in ABAC Tahmina Ahmed Department of Computer Science University of Texas at San Antonio 4/29/ Institute for Cyber Security World-Leading Research with Real-World Impact! by

Outline Introduction and BackGround A Simple ReBAC Model Relationships in ABAC  Attribute Composition  Composite Attribute A Composite ABAC Model Comparison  Expressive Power  Complexity 2 World-Leading Research with Real-World Impact!

Using Relations For Controlling Access © Tahmina Ahmed World-Leading Research with Real-World Impact! 3 Access control for IOT A sample social graph A sample Provenance Graph (Park et al )

Existing Access Control Models those use some kind of Relations for authorization policy Expression © Tahmina Ahmed World-Leading Research with Real-World Impact! 4 Social Beyond Social Provenance Based Access Control Uses Object’s Data Provenance Relation to access that object Uses social relationship to access OSN resources Uses social relationship/relationshi p between system entities to access resources in any system PBAC ReBAC

What Does ReBAC Mean? © Tahmina Ahmed World-Leading Research with Real-World Impact! 5 What does relationship based access control mean? What are the core characteristics of a ReBAC Model ?

A Simple ReBAC Model (SReBAC[p]) © Tahmina Ahmed World-Leading Research with Real-World Impact! 6 Commands addRelation deleteRelation access An Example Command Instantiation of SReBAC[3]

An Example of a Simple ReBAC Command Execution © Tahmina Ahmed World-Leading Research with Real-World Impact! 7

Expression of Relationship in ABAC © Tahmina Ahmed World-Leading Research with Real-World Impact! 8 AliceBob Carol Attribute Composition  Needs one attribute: friend  Policy Expression uses Attribute composition friend(Alice)={Bob} friend(friend(Alice))={Carol} Composite Attribute  Needs two attribute 1. friend 2. friendoffriend  Policy Expression uses direct attributes friend(Alice) ={Bob} friendoffriend(Alice)={Carol} friend

Is this enough to keep the end user as an attribute value for Composite Attribute? © Tahmina Ahmed World-Leading Research with Real-World Impact! 9 AliceBob Carol friend John friend friend(Alice) = {Bob, John} friendoffriend(Alice) = {Carol}

Is this enough to keep the end user as an attribute value for Composite Attribute? © Tahmina Ahmed World-Leading Research with Real-World Impact! 10 AliceBob Carol friend John friend After execution of deleteRelation(“Alice”, “Bob”) friend(Alice) = {John} friendoffriend(Alice) = ? So we need to keep the relationship path information as a value of a composite attribute. friendoffriend(Alice) = {Bob.Carol, John.Carol}----- Before Deletion friendoffriend(Alice) = {John.Carol} After Deletion

A Composite ABAC Model : ABAC C [n,m] © Tahmina Ahmed World-Leading Research with Real-World Impact! 11

Comparison: Expressive Power Vs. Complexity © Tahmina Ahmed World-Leading Research with Real-World Impact! 12 SReBAC [p] : Can Express Authorization Policy upto level p ABAC C [n,m]: Can do n level attribute composition in authorization policy and has m -1 composite attributes. So ABAC C [n,m] can express Authorization Policy upto level n X m Expressive Power Comparison: So if p = n X m SReBAC [p] has same expressive power as ABAC C [n,m]

Comparison: Expressive Power Vs. Complexity © Tahmina Ahmed World-Leading Research with Real-World Impact! 13

Comparison: Expressive Power Vs. Complexity © Tahmina Ahmed World-Leading Research with Real-World Impact! 14

Questions/Comments 15 World-Leading Research with Real-World Impact!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.