Institute for Cyber Security

Slides:



Advertisements
Similar presentations
1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010
Advertisements

INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010
INSTITUTE FOR CYBER SECURITY 1 The PEI Framework for Application-Centric Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for.
Future of Access Control: Attributes, Automation, Adaptation
1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.
Attribute-Based Access Control Models and Beyond
1 Plenary Panel on Cloud Security and Privacy: What is new and What needs to be done? Ravi Sandhu Executive Director and Endowed Professor December 2010.
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
1 Privacy and Access Control: How are These Two Concepts Related? Prof. Ravi Sandhu Executive Director and Endowed Chair SACMAT Panel June 3, 2015
11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.
INSTITUTE FOR CYBER SECURITY 1 Cyber Security: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security.
1 Institute for Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair February 4, 2015
1 Big Data Applications in Cloud and Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Professor UTSA COB Symposium on Big Data, Big Challenges.
1 Grand Challenges in Authorization Systems Prof. Ravi Sandhu Executive Director and Endowed Chair November 14, 2011
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
11 World-Leading Research with Real-World Impact! Group-Centric Secure Information Sharing: A Lattice Interpretation Institute for Cyber Security Ravi.
1 Group-Centric Models for Secure and Agile Information Sharing Ravi Sandhu Executive Director and Endowed Professor October 2010
1 Cloud Computing and Security Prof. Ravi Sandhu Executive Director and Endowed Chair April 19, © Ravi Sandhu.
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
1 Panel on Data Usage Management: Technology or Regulation? Prof. Ravi Sandhu Executive Director and Endowed Chair DUMA 2013 May 23, 2013
1 Security and Privacy in Human-Centric Computing and Big Data Management Prof. Ravi Sandhu Executive Director and Endowed Chair CODASPY 2013 February.
1 Open Discussion PSOSM 2012 Prof. Ravi Sandhu Executive Director and Endowed Chair © Ravi Sandhu.
1 Secure Cloud Computing: A Research Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair Texas Fresh Air Big Data and Data Analytics Conference.
INSTITUTE FOR CYBER SECURITY 1 Purpose-Centric Secure Information Sharing Ravi Sandhu Executive Director and Endowed Professor Institute for Cyber Security.
Institute for Cyber Security
Access Control Model for the Hadoop Ecosystem
Institute for Cyber Security
Past, Present and Future
Institute for Cyber Security
Institute for Cyber Security
Institute for Cyber Security
World-Leading Research with Real-World Impact!
What can Technologists learn from the History of the Internet?
Security and Privacy in the Networked World
An Access Control Perspective on the Science of Security
Institute for Cyber Security (ICS) & Center for Security and Privacy Enhanced Cloud Computing (C-SPECC) Ravi Sandhu Executive Director Professor of.
UTSA's New Center Center for Security and Privacy Enhanced Cloud Computing (C-SPECC) Ravi Sandhu Executive Director of ICS and C-SPECC Professor.
Attribute-Based Access Control: Insights and Challenges
Identity and Access Control in the
Executive Director and Endowed Chair
Cyber Security Research: Applied and Basic Combined*
On the Value of Access Control Models
Challenge-Response Authentication
Institute for Cyber Security
Institute for Cyber Security
ABAC Panel Prof. Ravi Sandhu Executive Director and Endowed Chair
Institute for Cyber Security
Attribute-Based Access Control (ABAC)
Cyber Security Research: Applied and Basic Combined*
Security and Privacy in the Age of the Internet of Things:
Intersection of Data, Policy and Privacy
Authentication and Authorization Federation
Attribute-Based Access Control: Insights and Challenges
Cyber Security and Privacy: An Optimist’s Perspective
Identity and Access Control in the
Big Data and Privacy Panel Prof. Ravi Sandhu
Executive Director and Endowed Chair
Challenge-Response Authentication
Application-Centric Security
Assured Information Sharing
Institute for Cyber Security
Cyber Security Research: A Personal Perspective
Cyber Security Research: Applied and Basic Combined*
Attribute-Based Access Control (ABAC)
Access Control Evolution and Prospects
Cyber Security R&D: A Personal Perspective
World-Leading Research with Real-World Impact!
Ph.D. Dissertation Defense
Access Control Evolution and Prospects
Presentation transcript:

Institute for Cyber Security Towards ABAC in Hadoop Ecosystem Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security, University of Texas at San Antonio ravi.sandhu@utsa.edu, www.profsandhu.com Ford EEIT & GDIA Big Data Access Control Symposium Dearborn, Michigan May 2, 2017 © Ravi Sandhu World-Leading Research with Real-World Impact!

PEI Models: 3 Layers Security and system goals Necessarily Informal (objective policy) Necessarily Informal Formal/ quasi-formal Policy Models System block diagrams, protocol flows Enforcement Models Pseudo-code Implementation Models Actual Code © Ravi Sandhu World-Leading Research with Real-World Impact!

PEI Models: 3 Layers Security and system goals Necessarily Informal (objective policy) Necessarily Informal Formal/ quasi-formal Policy Models System block diagrams, protocol flows Enforcement Models Pseudo-code Implementation Models Actual Code © Ravi Sandhu World-Leading Research with Real-World Impact!

Multi-Layer Authorization Data and Objects Services Cluster Resources and Applications © Ravi Sandhu World-Leading Research with Real-World Impact!

World-Leading Research with Real-World Impact! Hadoop Ecosystem Enforcement Model Policy Manager : Apache Ranger, Apache Sentry Gateway : Apache Knox Ecosystem Service (ES) : Apache Hive, HDFS, Apache Storm, Apache Kafka, YARN © Ravi Sandhu World-Leading Research with Real-World Impact!

PEI Models: 3 Layers Security and system goals Necessarily Informal (objective policy) Necessarily Informal Formal/ quasi-formal Policy Models System block diagrams, protocol flows Enforcement Models Pseudo-code Implementation Models Actual Code © Ravi Sandhu World-Leading Research with Real-World Impact!

World-Leading Research with Real-World Impact! AC Model: Hadoop View Users (U), Groups (G) , Subjects (S) Hadoop Services (HS) : NameNode, YARN ResourceManager Hadoop Service Operations (OPHS) : access / communicate Objects (OB) : Files and Directories in HDFS Operations (OP) : read, write, execute © Ravi Sandhu World-Leading Research with Real-World Impact!

World-Leading Research with Real-World Impact! AC Model: Ranger View Ecosystem Service (ES) : Hive, HDFS, Kafka, HBase Objects (OB) : Files and Directories in HDFS; Tables, columns in Hive Operations (OP) : read, write, execute, select, create Tag : PII, top-secret © Ravi Sandhu World-Leading Research with Real-World Impact!

World-Leading Research with Real-World Impact! AC Model: Sentry View Roles (R) © Ravi Sandhu World-Leading Research with Real-World Impact!

AC Model: Consolidated View © Ravi Sandhu World-Leading Research with Real-World Impact!

Proposed OT-RBAC Model Object-Tagged RBAC © Ravi Sandhu World-Leading Research with Real-World Impact!

Adding Attributes to OT-RBAC © Ravi Sandhu World-Leading Research with Real-World Impact!

PEI Models: 3 Layers Security and system goals Necessarily Informal (objective policy) Necessarily Informal Formal/ quasi-formal Policy Models System block diagrams, protocol flows Enforcement Models Pseudo-code Implementation Models Actual Code © Ravi Sandhu World-Leading Research with Real-World Impact!

World-Leading Research with Real-World Impact! Publications Gupta, M., Patwa, F., and Sandhu, R.: Object-Tagged RBAC Model for the Hadoop Ecosystem. In: Proc. of 31st Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec), Philadelphia, PA, July 19-21, 2017. Available soon at http://www.profsandhu.com/conference_papers.htm Gupta, M., Patwa, F., Benson, J., and Sandhu, R.: Multi-layer Authorization Framework for a Representative Hadoop Ecosystem Deployment. In: Proc. of 22nd ACM Symposium on Access Control Models and Technologies (SACMAT), Indianapolis, IN, June 21-23, 2017. http://profsandhu.com/confrnc/misconf/sacmat17-maanak.pdf Sandhu, R.: The PEI Framework for Application-Centric Security. In: Proc. 5th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), Crystal City, Virginia, November 11-14, 2009. http://profsandhu.com/confrnc/misconf/collabcom09_pei.pdf © Ravi Sandhu World-Leading Research with Real-World Impact!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.