FUNDAMENTAL CONCEPTS IN COMPUTER SECURITY

Slides:



Advertisements
Similar presentations
INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.
Advertisements

ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University.
Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.
RBAC and HIPAA Security Uday O. Ali Pabrai, CHSS, SCNA Chief Executive, HIPAA Academy.
Access Control CS461/ECE422 Fall Reading Material Chapter 4 through section 4.5 Chapters 23 and 24 – For the access control aspects of Unix and.
Operating System Security
The RBAC96 Model Prof. Ravi Sandhu. 2 © Ravi Sandhu WHAT IS RBAC?  multidimensional  open ended  ranges from simple to sophisticated.
Jan. 2014Dr. Yangjun Chen ACS Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )
Access Control Chapter 3 Part 3 Pages 209 to 227.
Access Control Methodologies
Access Control & Digital Rights Management KAIST KSE Uichin Lee.
Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.
Access Control Intro, DAC and MAC System Security.
Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.
Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Introduction to Computer Security ©2004 Matt Bishop.
Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 4: Access Control.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Role Based Access Control Models Presented By Ankit Shah 2 nd Year Master’s Student.
2  A system can protect itself in two ways: It can limit who can access the system. This requires the system to implement a two-step process of identification.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
Li Xiong CS573 Data Privacy and Security Access Control.
Switch off your Mobiles Phones or Change Profile to Silent Mode.
CSCE 201 Introduction to Information Security Fall 2010 Access Control.
1 Grand Challenges in Authorization Systems Prof. Ravi Sandhu Executive Director and Endowed Chair November 14, 2011
Li Xiong CS573 Data Privacy and Security Access Control.
Template Based Approach for Developing a Prototype of Role Based Security Systems Moinuddin Khaja Ghouse Masters Report, Final Defense Major Professor:
By: Nikhil Bendre Gauri Jape.  What is Identity?  Digital Identity  Attributes  Role  Relationship.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
12/13/20151 Computer Security Security Policies...
Academic Year 2014 Spring Academic Year 2014 Spring.
Access Control Status Report Group Name: ARC/SEC Source: Dragan Vujcic, Oberthur Technologies, Meeting Date: 09/12/2013 Agenda Item:
COEN 350: Network Security Authorization. Fundamental Mechanisms: Access Matrix Subjects Objects (Subjects can be objects, too.) Access Rights Example:
CSCE 201 Introduction to Information Security Fall 2010 Access Control Models.
Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.
Computer Security: Principles and Practice
Access Controls Mandatory Access Control by Sean Dalton December 5 th 2008.
PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.
Chapter 4 Access Control. Access Control Principles RFC 4949 defines computer security as: “Measures that implement and assure security services in a.
22 feb What is Access Control? Access control is the heart of security Definitions: * The ability to allow only authorized users, programs or.
Access control Presented by: Pius T. S. : Christian C. : Gabes K. : Ismael I. H. : Paulus N.
Introducing User’s Role concept Group Name: WG2(ARC) and WG4(SEC) Source: Shingo Fujimoto, FUJITSU, Meeting Date:
1 Role-Based Access Control (RBAC) Prof. Ravi Sandhu Executive Director and Endowed Chair January 29, © Ravi.
Chapter 5 : DataBase Security Lecture #1-Week 8 Dr.Khalid Dr. Mohannad Information Security CIT460 Information Security Dr.Khalid Dr. Mohannad 1.
Access Control in Cloud Security
Access Control Model SAM-5.
Access Control CSE 465 – Information Assurance Fall 2017 Adam Doupé
Phone Puzzler.
Protection and Security
Access Control Role-based models RBAC
An Access Control Perspective on the Science of Security
Attribute-Based Access Control: Insights and Challenges
Role-Based Access Control (RBAC)
Advanced System Security
Institute for Cyber Security
Attribute-Based Access Control (ABAC)
Cyber Security Research: Applied and Basic Combined*
OS Access Control Mauricio Sifontes.
Attribute-Based Access Control: Insights and Challenges
A Prologue to Enumerated Authorization Policy ABAC Model.
ASCAA Principles for Next-Generation Role-Based Access Control
Institute for Cyber Security
Cyber Security Research: A Personal Perspective
Cyber Security Research: Applied and Basic Combined*
Access Controls in Smart Cars: Needs and Solutions
Access Control What’s New?
Access Control Evolution and Prospects
Computer Security Security Policies
Chapter 4: Security Policies
Access Control Evolution and Prospects
Presentation transcript:

FUNDAMENTAL CONCEPTS IN COMPUTER SECURITY Dr. Shamik Sural Dept. of computer science & engineering Iit kharagpur

Agenda Basic Terminology Access Control Models Role-based Access Control New Access Control Techniques

Basic Terminology Confidentiality, Integrity, Availability Which one is more important Authentication and Authorization How are they different Assurance How to decide which software to use Threats and Attacks Different types of malicious intent

Evolution of Access Control Models DAC (1970) MAC RBAC (1995) ABAC (2010+)

Traditional Access Control Types Discretionary Access Control Model (DAC) Access to a resource determined by the owner of the resource Mandatory Access Control Model (MAC) Establishes access control by defining clearance levels of resources as well the requestors Requestor cannot read a resource whose clearance level is greater than that of the requestor Role Based Access Control (RBAC) Many requestors grouped to form roles Roles are assigned permissions Access control based on the role of requestor

RBAC Model

RBAC Model – User to Role Assignment Librarian Deputy Librarian Assistant Librarian (Acq.) Assistant Librarian (Circ.) Library Employee Member ABC 1 DEF GHI JKL MNO PQR STU VWX YZ

RBAC Model – Role to Permission Assignment App. Purch. Order New Book Waive Fine Issue Book Return Calc. Fine Declare Lost Request New Journal Sub. Approve New Recruit. Hire Interns View Catalog Librarian 1 Deputy Librarian AL (Acq.) AL (Circ.) Lib. Employee Member

RBAC Model –Role Hierarchy Librarian Deputy Librarian Assistant Librarian (Acquisition) Assistant Librarian (Circulation) Library Employee Member

RBAC Model – Effective Permission Assignment User App. Purch. Order New Book Waive Fine Issue Book Return Calc. Fine Declare Lost Request New Journal Sub. Approve New Recruit. Hire Interns View Catalog ABC 1 DEF GHI JKL MNO PQR STU VWX YZ

RBAC Model for Library Software Development Project Supervisor Role Software Engineer Role Hardware Engineer Role Project Member Role

Interesting Role Hierarchies Software Engineer’S Project Supervisor Role Hardware Engineer’S Private Role Private Role Software Engineer Role Hardware Engineer Role Project Member Role

Introduction to ABAC A more general form of access control. Covers DAC, MAC and RBAC Policies formulated based on general attributes of subjects rather than their identity or role or clearance level, etc. Environment conditions taken into considerations Flexible in terms of policy formulation and attribute update More on this next time 

THANK YOU

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.