Institute for Cyber Security

Slides:



Advertisements
Similar presentations
INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.
Advertisements

INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
INSTITUTE FOR CYBER SECURITY April Access Control and Semantic Web Technologies Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
1 PANEL Solving the Access Control Puzzle: Finding the Pieces and Putting Them Together Ravi Sandhu Executive Director Endowed Professor June 2010
Institute for Cyber Security
Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.
Institute for Cyber Security
1 Access Control Models Prof. Ravi Sandhu Executive Director and Endowed Chair January 25, 2013 & February 1, 2013
1 The Future of Access Control: Attributes, Automation and Adaptation Prof. Ravi Sandhu Executive Director and Endowed Chair S&P Symposium IIT Kanpur March.
Future of Access Control: Attributes, Automation, Adaptation
1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.
1 Security and Trust Convergence: Attributes, Relations and Provenance Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown.
Attribute-Based Access Control Models and Beyond
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.
1 Institute for Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair February 4, 2015
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
1 Grand Challenges in Authorization Systems Prof. Ravi Sandhu Executive Director and Endowed Chair November 14, 2011
1 The Authorization Leap from Rights to Attributes: Maturation or Chaos? Prof. Ravi Sandhu Executive Director and Endowed Chair SACMAT June 21, 2012
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
1 Cloud Computing and Security Prof. Ravi Sandhu Executive Director and Endowed Chair April 19, © Ravi Sandhu.
INSTITUTE FOR CYBER SECURITY A Hybrid Enforcement Model for Group-Centric Secure Information Sharing (g-SIS) Co-authored with Ram Krishnan, PhD Candidate,
1 Group-Centric Models for Secure Information Sharing Prof. Ravi Sandhu Executive Director and Endowed Chair March 30, 2012
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
1 Panel on Data Usage Management: Technology or Regulation? Prof. Ravi Sandhu Executive Director and Endowed Chair DUMA 2013 May 23, 2013
1 Security and Privacy in Human-Centric Computing and Big Data Management Prof. Ravi Sandhu Executive Director and Endowed Chair CODASPY 2013 February.
1 Open Discussion PSOSM 2012 Prof. Ravi Sandhu Executive Director and Endowed Chair © Ravi Sandhu.
1 The Authorization Leap from Rights to Attributes: Maturation or Chaos? Prof. Ravi Sandhu Executive Director and Endowed Chair SecurIT 2012 August 17,
1 Role-Based Access Control (RBAC) Prof. Ravi Sandhu Executive Director and Endowed Chair January 29, © Ravi.
INSTITUTE FOR CYBER SECURITY 1 Purpose-Centric Secure Information Sharing Ravi Sandhu Executive Director and Endowed Professor Institute for Cyber Security.
Presented By: Smriti Bhatt
Institute for Cyber Security
Institute for Cyber Security
Institute for Cyber Security
Past, Present and Future
Institute for Cyber Security
World-Leading Research with Real-World Impact!
Security and Privacy in the Networked World
An Access Control Perspective on the Science of Security
Institute for Cyber Security (ICS) & Center for Security and Privacy Enhanced Cloud Computing (C-SPECC) Ravi Sandhu Executive Director Professor of.
Attribute-Based Access Control (ABAC)
Attribute-Based Access Control: Insights and Challenges
Role-Based Access Control (RBAC)
Identity and Access Control in the
Executive Director and Endowed Chair
The Future of Access Control: Attributes, Automation and Adaptation
Cyber Security Research: Applied and Basic Combined*
On the Value of Access Control Models
Institute for Cyber Security
ABAC Panel Prof. Ravi Sandhu Executive Director and Endowed Chair
Institute for Cyber Security
Attribute-Based Access Control (ABAC)
Cyber Security Research: Applied and Basic Combined*
Security and Privacy in the Age of the Internet of Things:
Intersection of Data, Policy and Privacy
Authentication and Authorization Federation
Attribute-Based Access Control: Insights and Challenges
Identity and Access Control in the
Executive Director and Endowed Chair
ASCAA Principles for Next-Generation Role-Based Access Control
Assured Information Sharing
Institute for Cyber Security
Cyber Security Research: A Personal Perspective
Cyber Security Research: Applied and Basic Combined*
Attribute-Based Access Control (ABAC)
Access Control Evolution and Prospects
Cyber Security R&D: A Personal Perspective
Ph.D. Dissertation Defense
Access Control Evolution and Prospects
Presentation transcript:

Institute for Cyber Security Attribute-Based Access Control: Insights and Challenges Prof. Ravi Sandhu Executive Director and Endowed Chair DBSec Taipei, Taiwan August 8, 2017 ravi.sandhu@utsa.edu www.profsandhu.com www.ics.utsa.edu © Ravi Sandhu World-Leading Research with Real-World Impact!

Policy-Mechanism Policy What? Mechanism How? © Ravi Sandhu World-Leading Research with Real-World Impact! 2

Access Control Evolution Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? © Ravi Sandhu World-Leading Research with Real-World Impact! 3

Access Control Evolution Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? Born 1990s © Ravi Sandhu World-Leading Research with Real-World Impact! 4

Access Control Evolution Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 Relationship Based Access Control (ReBAC) ???? Role Based Access Control (RBAC), 1995 Provenance Based Access Control (PBAC) ???? Born mid 2000s Born late 2000s Attribute Based Access Control (ABAC), ???? Born 1990s © Ravi Sandhu World-Leading Research with Real-World Impact! 5

ABAC = Final Word? NO!! Never!! Is ABAC the right word for the moment? Certainly a strong candidate Already too late? ReBAC (relationship-based access control) not ABAC Big Data, Analytics and AI will take care of everything What is lacking in ABAC? Usage Control (UCON) concepts of attribute mutability, enforcement and obligation continuity, and post-obligations Task-Based Access Control Risk-Based Access Control Policy-Based Access Control ……………. © Ravi Sandhu World-Leading Research with Real-World Impact! 6

The ABAC Challenge ABAC is orders of magnitude more complex than anything that has been an Access Control winner so far (DAC, MAC, RBAC) We need the complexity, but need to manage it If Google can index the web, we can do ABAC!! Cloud-enabled IoT may be the killer app © Ravi Sandhu World-Leading Research with Real-World Impact! 7

ABAC Research Agenda 7. ABAC Design, Engineering and Applications 3. Administrative ABAC Models 4. Extended ABAC Models 5. ABAC Policy Architectures and Languages 6. ABAC Enforcement Architectures 2. Core ABAC Models 1. Foundational Principles and Theory Based on RBAC experience © Ravi Sandhu World-Leading Research with Real-World Impact! 8

ABAC Research Agenda 2. Core ABAC Models 7. ABAC Design, Engineering and Applications 3. Administrative ABAC Models 4. Extended ABAC Models 5. ABAC Policy Architectures and Languages 6. ABAC Enforcement Architectures 2. Core ABAC Models 1. Foundational Principles and Theory © Ravi Sandhu World-Leading Research with Real-World Impact! 9

Can be configured to do simple forms of DAC, MAC, RBAC 2. Core ABAC Models: ABACα Policy Configuration Points Can be configured to do simple forms of DAC, MAC, RBAC Jin, Krishnan, Sandhu 2012 © Ravi Sandhu World-Leading Research with Real-World Impact! 10

Can further be configured to do many 2. Core ABAC Models: ABACβ Can further be configured to do many RBAC extensions Jin, Krishnan, Sandhu 2014 © Ravi Sandhu World-Leading Research with Real-World Impact! 11

2. Core ABAC Models: HGABAC U: User UG: User-Group S: Subject UA: User Attributes O: Object OG: Object-Group OA: Object Attributes OP: Operations Hierarchical Group and Attribute Based Access Control (HGABAC) Introduces the notion of User and Object Groups Core advantage is simplified administration of attributes User and Objects are assigned set of attributes in one go as compared to single assignment at a time. Servos and Osborn, 2015 © Ravi Sandhu World-Leading Research with Real-World Impact!

ABAC Research Agenda 7. ABAC Design, Engineering and Applications 3. Administrative ABAC Models 4. Extended ABAC Models 5. ABAC Policy Architectures and Languages 6. ABAC Enforcement Architectures 2. Core ABAC Models 1. Foundational Principles and Theory © Ravi Sandhu World-Leading Research with Real-World Impact! 13

3. Administrative ABAC Models: GURA and GURAG Jin, Krishnan, Sandhu, 2012 Gupta, Sandhu, 2016 © Ravi Sandhu World-Leading Research with Real-World Impact! 14

ABAC Research Agenda 7. ABAC Design, Engineering and Applications 3. Administrative ABAC Models 4. Extended ABAC Models 5. ABAC Policy Architectures and Languages 6. ABAC Enforcement Architectures 2. Core ABAC Models 1. Foundational Principles and Theory © Ravi Sandhu World-Leading Research with Real-World Impact! 15

4. Extended ABAC Models: UCON unified model integrating authorization obligation conditions and incorporating continuity of decisions mutability of attributes Usage Control Models, early 2000s Park, Sandhu, Pretschner © Ravi Sandhu World-Leading Research with Real-World Impact! 16

4. Extended ABAC Models: ReBAC versus ABAC Equivalence of ReBAC and ABAC Structural Variants © Ravi Sandhu World-Leading Research with Real-World Impact! 17

4. Extended ABAC Models: ReBAC versus ABAC Non-Equivalence of ReBAC and ABAC Variants © Ravi Sandhu World-Leading Research with Real-World Impact! 18

1. Foundational Principles and Theory ABAC Research Agenda 7. ABAC Design, Engineering and Applications 3. Administrative ABAC Models 4. Extended ABAC Models 5. ABAC Policy Architectures and Languages 6. ABAC Enforcement Architectures 2. Core ABAC Models 1. Foundational Principles and Theory © Ravi Sandhu World-Leading Research with Real-World Impact! 19

1. Foundations: Safety A single infinite attribute with no creation leads to undecidable safety. Rajkumar 2012 Pre_UCON with finite attributes and unbounded creation has decidable safety. Rajkumar, Sandhu 2016 ABACα has decidable safety. Ahmed, Sandhu 2017 GURA has decidable safety/reachability. Jin, Krishnan, Sandhu 2017 © Ravi Sandhu World-Leading Research with Real-World Impact! 20

Architectures and Languages ABAC Research Agenda 7. ABAC Design, Engineering and Applications 3. Administrative ABAC Models 4. Extended ABAC Models 5. ABAC Policy Architectures and Languages 6. ABAC Enforcement Architectures 2. Core ABAC Models 1. Foundational Principles and Theory © Ravi Sandhu World-Leading Research with Real-World Impact! 21

5. Policy Architecture: Centralized ABACα style Policy Configuration Points © Ravi Sandhu World-Leading Research with Real-World Impact! 22

5. Policy Architecture: Diffused AWS style © Ravi Sandhu World-Leading Research with Real-World Impact! 23

6. ABAC Enforcement Architectures ABAC Research Agenda 7. ABAC Design, Engineering and Applications 3. Administrative ABAC Models 4. Extended ABAC Models 5. ABAC Policy Architectures and Languages 6. ABAC Enforcement Architectures 2. Core ABAC Models 1. Foundational Principles and Theory © Ravi Sandhu World-Leading Research with Real-World Impact! 24

6. ABAC Enforcement Architecture: Federated ABAC Fisher 2015 NCCOE, NIST, Building Block © Ravi Sandhu World-Leading Research with Real-World Impact! 25

7. ABAC Design, Engineering and Applications ABAC Research Agenda 7. ABAC Design, Engineering and Applications 3. Administrative ABAC Models 4. Extended ABAC Models 5. ABAC Policy Architectures and Languages 6. ABAC Enforcement Architectures 2. Core ABAC Models 1. Foundational Principles and Theory © Ravi Sandhu World-Leading Research with Real-World Impact! 26

7. ABAC Applications: Cloud IaaS Cloud Computing IaaS Single tenant Multi tenant Multi cloud Jin, Tang, Dang, Bijon, Pustchi, Zhang, Biswas, Ahmed, Cheng, Patwa, Krishnan, Sandhu 2012 onwards © Ravi Sandhu World-Leading Research with Real-World Impact! 27

7. ABAC Applications: Cloud Enabled IoT Alsheri, Bhatt, Patwa, Benson, Sandhu 2016 onwards © Ravi Sandhu World-Leading Research with Real-World Impact! 28

ABAC Research Agenda 7. ABAC Design, Engineering and Applications 3. Administrative ABAC Models 4. Extended ABAC Models 5. ABAC Policy Architectures and Languages 6. ABAC Enforcement Architectures 2. Core ABAC Models 1. Foundational Principles and Theory © Ravi Sandhu World-Leading Research with Real-World Impact! 29

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.