Access Control Evolution and Prospects

Slides:



Advertisements
Similar presentations
INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
Advertisements

INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
INSTITUTE FOR CYBER SECURITY 1 The PEI Framework for Application-Centric Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for.
ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University.
Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.
ENGINEERING AUTHORITY AND TRUST IN CYBERSPACE: A ROLE-BASED APPROACH Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.
Lecture 8 Access Control (cont)
The RBAC96 Model Prof. Ravi Sandhu. 2 © Ravi Sandhu WHAT IS RBAC?  multidimensional  open ended  ranges from simple to sophisticated.
1 Access Control Models Prof. Ravi Sandhu Executive Director and Endowed Chair January 25, 2013 & February 1, 2013
1 The Future of Access Control: Attributes, Automation and Adaptation Prof. Ravi Sandhu Executive Director and Endowed Chair S&P Symposium IIT Kanpur March.
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
Future of Access Control: Attributes, Automation, Adaptation
1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.
1 Security and Trust Convergence: Attributes, Relations and Provenance Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown.
Attribute-Based Access Control Models and Beyond
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
1 Institute for Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair February 4, 2015
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
1 Grand Challenges in Authorization Systems Prof. Ravi Sandhu Executive Director and Endowed Chair November 14, 2011
1 The Authorization Leap from Rights to Attributes: Maturation or Chaos? Prof. Ravi Sandhu Executive Director and Endowed Chair SACMAT June 21, 2012
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
1 Group-Centric Models for Secure Information Sharing Prof. Ravi Sandhu Executive Director and Endowed Chair March 30, 2012
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
1 Security and Privacy in Human-Centric Computing and Big Data Management Prof. Ravi Sandhu Executive Director and Endowed Chair CODASPY 2013 February.
1 The Authorization Leap from Rights to Attributes: Maturation or Chaos? Prof. Ravi Sandhu Executive Director and Endowed Chair SecurIT 2012 August 17,
1 Role-Based Access Control (RBAC) Prof. Ravi Sandhu Executive Director and Endowed Chair January 29, © Ravi.
INSTITUTE FOR CYBER SECURITY 1 Purpose-Centric Secure Information Sharing Ravi Sandhu Executive Director and Endowed Professor Institute for Cyber Security.
Access Control Model SAM-5.
Role-Based Access Control (RBAC)
Institute for Cyber Security
Institute for Cyber Security
Past, Present and Future
Institute for Cyber Security
World-Leading Research with Real-World Impact!
An Access Control Perspective on the Science of Security
Institute for Cyber Security (ICS) & Center for Security and Privacy Enhanced Cloud Computing (C-SPECC) Ravi Sandhu Executive Director Professor of.
UTSA's New Center Center for Security and Privacy Enhanced Cloud Computing (C-SPECC) Ravi Sandhu Executive Director of ICS and C-SPECC Professor.
Introduction to Cyber Security
Institute for Cyber Security: Research Vision
Attribute-Based Access Control: Insights and Challenges
Role-Based Access Control (RBAC)
Executive Director and Endowed Chair
The Future of Access Control: Attributes, Automation and Adaptation
Cyber Security Research: Applied and Basic Combined*
On the Value of Access Control Models
Institute for Cyber Security
Institute for Cyber Security
ABAC Panel Prof. Ravi Sandhu Executive Director and Endowed Chair
Mandatory Access Control (MAC)
Institute for Cyber Security
Discretionary Access Control (DAC)
Attribute-Based Access Control (ABAC)
Cyber Security Research: Applied and Basic Combined*
Institute for Cyber Security: Research Vision
Security and Privacy in the Age of the Internet of Things:
Authentication and Authorization Federation
UTSA Cyber Security Ecosystem
Attribute-Based Access Control: Insights and Challenges
Identity and Access Control in the
Institute for Cyber Security Overview
Application-Centric Security
ASCAA Principles for Next-Generation Role-Based Access Control
Assured Information Sharing
Institute for Cyber Security
Institute for Cyber Security
Cyber Security Research: A Personal Perspective
Cyber Security Research: Applied and Basic Combined*
Attribute-Based Access Control (ABAC)
Cyber Security R&D: A Personal Perspective
Access Control Evolution and Prospects
Presentation transcript:

Access Control Evolution and Prospects Ravi Sandhu Executive Director Professor of Computer Science Lutcher Brown Chair in Cyber Security June 2019 ravi.sandhu@utsa.edu www.ics.utsa.edu www.profsandhu.com © Ravi Sandhu World-Leading Research with Real-World Impact!

Holistic Cyber Security Objectives POLICY ATTACKS What? Why? Enforce Enable Defend Respond PROTECT DETECT Complement How? Mechanisms © Ravi Sandhu World-Leading Research with Real-World Impact!

Access Control PEI Layers Idealized Enforceable (Approximate) Codeable © Ravi Sandhu World-Leading Research with Real-World Impact!

Access Control Fundamental Limits Copy control Inference Trusting humans vs trusting software Trusted computing base vulnerabilities Side channels and covert channels © Ravi Sandhu World-Leading Research with Real-World Impact!

Cryptography Symmetric Key Cryptography, 1977 Asymmetric Key Cryptography, 1996 BlockChain Applications, ???? © Ravi Sandhu World-Leading Research with Real-World Impact!

Access Control Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? © Ravi Sandhu World-Leading Research with Real-World Impact!

Discretionary Access Control (DAC) Core concept: Custodian of information determines access Core drawback: Does not protect copies Therefore OK for integrity but not for confidentiality Sophistication: Delegation of custody Denials or negative rights © Ravi Sandhu World-Leading Research with Real-World Impact!

Mandatory Access Control (MAC) Top Secret Secret Confidential Unclassified can-flow © Ravi Sandhu World-Leading Research with Real-World Impact!

Mandatory Access Control (MAC) Core concept: Extend control to copies by means of security labels Core drawback: Covert/side channels enable copies that bypass this control Inference not prevented Too strict Sophistication: Dynamic labels © Ravi Sandhu World-Leading Research with Real-World Impact!

Access Control Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? © Ravi Sandhu World-Leading Research with Real-World Impact!

Role-Based Access Control (RBAC) Primary-Care Physician Specialist Physician Physician Health-Care Provider © Ravi Sandhu World-Leading Research with Real-World Impact!

Role-Based Access Control (RBAC) Core concept: Roles determine everything Core drawback: Roles are a natural concept for human users But not so natural for: Information objects IoT things Contextual attributes Sophistication: Role hierarchies Role constraints © Ravi Sandhu World-Leading Research with Real-World Impact!

Role-Based Access Control (RBAC) Fundamental theorem of RBAC: RBAC can be configured to do DAC RBAC can be configured to do MAC © Ravi Sandhu World-Leading Research with Real-World Impact!

Access Control Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? © Ravi Sandhu World-Leading Research with Real-World Impact!

Attribute-Based Access Control (ABAC) Operation Access Decision? Yes/No Actor Target Context © Ravi Sandhu World-Leading Research with Real-World Impact!

Attribute-Based Access Control (ABAC) Core concept: Attributes determine everything Core drawback: Flexibility at the cost of complexity No fixed access decision rule Sophistication: Chained attributes Group attributes Distributed decision rules Automation Adaptation © Ravi Sandhu World-Leading Research with Real-World Impact!

Access Control Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? © Ravi Sandhu World-Leading Research with Real-World Impact!

ABAC Research Space 7. ABAC Design, Engineering and Applications 5. ABAC Policy Architectures and Languages 2. Core ABAC Models 3. Administrative ABAC Models 4. Extended 6. ABAC Enforcement Architectures 1. Foundational Principles and Theory © Ravi Sandhu World-Leading Research with Real-World Impact!

Core ABAC Models: ABACα Can be configured to do simple forms of DAC, MAC, RBAC (Jin, Krishnan, Sandhu 2012) © Ravi Sandhu World-Leading Research with Real-World Impact!

Core ABAC Models: ABACα Policy Configuration Points Can be configured to do simple forms of DAC, MAC, RBAC (Jin, Krishnan, Sandhu 2012) © Ravi Sandhu World-Leading Research with Real-World Impact!

Core ABAC Models: ABACβ Can further be configured to do many RBAC extensions (Jin, Krishnan, Sandhu 2014) © Ravi Sandhu World-Leading Research with Real-World Impact!

Administrative ABAC Models: HGABAC Hierarchical Group and Attribute Based Access Control (HGABAC) Introduces User and Object Groups Simplifies administration of attributes Servos and Osborn, 2015 © Ravi Sandhu World-Leading Research with Real-World Impact!

ABAC Applications: Cloud Enabled IoT Alsheri, Bhatt, Patwa, Benson, Sandhu 2016 onwards © Ravi Sandhu World-Leading Research with Real-World Impact!

Policy Architecture: Amazon AWS style © Ravi Sandhu World-Leading Research with Real-World Impact!

ABAC Research Space * * * * 7. ABAC Design, Engineering and Applications 5. ABAC Policy Architectures and Languages * 2. Core ABAC Models 3. Administrative ABAC Models 4. Extended 6. ABAC Enforcement Architectures * * 1. Foundational Principles and Theory © Ravi Sandhu World-Leading Research with Real-World Impact!

Extended ABAC Models: ReBAC versus ABAC ReBAC and ABAC are not that different (Tahmina, Sandhu 2017) © Ravi Sandhu World-Leading Research with Real-World Impact!

ABAC Enforcement Architecture: Federated ABAC Fisher 2015 NCCOE, NIST, Building Block © Ravi Sandhu World-Leading Research with Real-World Impact!

Foundations: Safety Analysis Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? Can subject s obtain a right r on object o? Current state? Some future state? Safety Complexity Ahmed, Rajkumar, Sandhu 2016 onwards © Ravi Sandhu World-Leading Research with Real-World Impact!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.