Attribute-Based Access Control Models and Beyond

Slides:



Advertisements
Similar presentations
INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.
Advertisements

INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
INSTITUTE FOR CYBER SECURITY April Access Control and Semantic Web Technologies Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
INSTITUTE FOR CYBER SECURITY 1 The PEI Framework for Application-Centric Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for.
Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.
1 Access Control Models Prof. Ravi Sandhu Executive Director and Endowed Chair January 25, 2013 & February 1, 2013
1 Grand Challenges in Data Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair
1 The Future of Access Control: Attributes, Automation and Adaptation Prof. Ravi Sandhu Executive Director and Endowed Chair S&P Symposium IIT Kanpur March.
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
Future of Access Control: Attributes, Automation, Adaptation
1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.
1 Security and Trust Convergence: Attributes, Relations and Provenance Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown.
1 Plenary Panel on Cloud Security and Privacy: What is new and What needs to be done? Ravi Sandhu Executive Director and Endowed Professor December 2010.
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
1 Privacy and Access Control: How are These Two Concepts Related? Prof. Ravi Sandhu Executive Director and Endowed Chair SACMAT Panel June 3, 2015
11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.
INSTITUTE FOR CYBER SECURITY 1 Cyber Security: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security.
1 Institute for Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair February 4, 2015
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
1 Big Data Applications in Cloud and Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Professor UTSA COB Symposium on Big Data, Big Challenges.
1 Grand Challenges in Authorization Systems Prof. Ravi Sandhu Executive Director and Endowed Chair November 14, 2011
1 The Authorization Leap from Rights to Attributes: Maturation or Chaos? Prof. Ravi Sandhu Executive Director and Endowed Chair SACMAT June 21, 2012
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
1 Cloud Computing and Security Prof. Ravi Sandhu Executive Director and Endowed Chair April 19, © Ravi Sandhu.
INSTITUTE FOR CYBER SECURITY A Hybrid Enforcement Model for Group-Centric Secure Information Sharing (g-SIS) Co-authored with Ram Krishnan, PhD Candidate,
1 Group-Centric Models for Secure Information Sharing Prof. Ravi Sandhu Executive Director and Endowed Chair March 30, 2012
INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security.
Application-Centric Security Models
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
1 Panel on Data Usage Management: Technology or Regulation? Prof. Ravi Sandhu Executive Director and Endowed Chair DUMA 2013 May 23, 2013
1 Security and Privacy in Human-Centric Computing and Big Data Management Prof. Ravi Sandhu Executive Director and Endowed Chair CODASPY 2013 February.
1 Open Discussion PSOSM 2012 Prof. Ravi Sandhu Executive Director and Endowed Chair © Ravi Sandhu.
1 Usage Control (UCON) or ABAC on Steroids Prof. Ravi Sandhu Executive Director and Endowed Chair February 26, 2016
1 The Authorization Leap from Rights to Attributes: Maturation or Chaos? Prof. Ravi Sandhu Executive Director and Endowed Chair SecurIT 2012 August 17,
1 Role-Based Access Control (RBAC) Prof. Ravi Sandhu Executive Director and Endowed Chair January 29, © Ravi.
INSTITUTE FOR CYBER SECURITY 1 Purpose-Centric Secure Information Sharing Ravi Sandhu Executive Director and Endowed Professor Institute for Cyber Security.
Role-Based Access Control (RBAC)
Institute for Cyber Security
Past, Present and Future
An Access Control Perspective on the Science of Security
Institute for Cyber Security (ICS) & Center for Security and Privacy Enhanced Cloud Computing (C-SPECC) Ravi Sandhu Executive Director Professor of.
Attribute-Based Access Control (ABAC)
Attribute-Based Access Control: Insights and Challenges
Role-Based Access Control (RBAC)
Executive Director and Endowed Chair
The Future of Access Control: Attributes, Automation and Adaptation
Cyber Security Research: Applied and Basic Combined*
On the Value of Access Control Models
Institute for Cyber Security
Institute for Cyber Security
ABAC Panel Prof. Ravi Sandhu Executive Director and Endowed Chair
Institute for Cyber Security
Attribute-Based Access Control (ABAC)
Cyber Security Research: Applied and Basic Combined*
Security and Privacy in the Age of the Internet of Things:
Intersection of Data, Policy and Privacy
Authentication and Authorization Federation
Attribute-Based Access Control: Insights and Challenges
Identity and Access Control in the
Application-Centric Security
ASCAA Principles for Next-Generation Role-Based Access Control
Assured Information Sharing
Institute for Cyber Security
Cyber Security Research: A Personal Perspective
Cyber Security Research: Applied and Basic Combined*
Attribute-Based Access Control (ABAC)
Access Control Evolution and Prospects
Cyber Security R&D: A Personal Perspective
Access Control Evolution and Prospects
Presentation transcript:

Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber Security University of Texas at San Antonio AsiaCCS Keynote Talk Singapore April 16, 2015 ravi.sandhu@utsa.edu, www.profsandhu.com, www.ics.utsa.edu © Ravi Sandhu World-Leading Research with Real-World Impact!

Access Control Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? © Ravi Sandhu World-Leading Research with Real-World Impact! 2

PEI Models Idealized Enforceable (Approximate) Codeable © Ravi Sandhu World-Leading Research with Real-World Impact! 3

Access Control Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? © Ravi Sandhu World-Leading Research with Real-World Impact! 4

Access Control Fixed policy Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? Flexible policy © Ravi Sandhu World-Leading Research with Real-World Impact! 5

Access Control Enterprise Oriented Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? Beyond Enterprise © Ravi Sandhu World-Leading Research with Real-World Impact! 6

Access Control Administration Driven Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? Automated Adaptive © Ravi Sandhu World-Leading Research with Real-World Impact! 7

RBAC96 Model Constraints © Ravi Sandhu World-Leading Research with Real-World Impact! 8

Fundamental Theorem of RBAC RBAC can be configured to do MAC RBAC can be configured to do DAC RBAC is policy neutral RBAC is neither MAC nor DAC! © Ravi Sandhu World-Leading Research with Real-World Impact! 9

RBAC Shortcomings Constraints Hard Enough Impossible © Ravi Sandhu World-Leading Research with Real-World Impact! 10

The RBAC Story NIST-ANSI Standard Adopted NIST-ANSI Standard Proposed model Ludwig Fuchs, Gunther Pernul and Ravi Sandhu, Roles in Information Security-A Survey and Classification of the Research Area, Computers & Security, Volume 30, Number 8, Nov. 2011, pages 748-76 © Ravi Sandhu World-Leading Research with Real-World Impact! 11

ABAC Status 1990? 2015 ABAC still in pre/early phase Standard Adopted Proposed Standard RBAC96 paper 1990? 2015 ABAC still in pre/early phase © Ravi Sandhu World-Leading Research with Real-World Impact! 12

ABAC is not New User (Identity) Attributes Public-keys + Secured secrets © Ravi Sandhu World-Leading Research with Real-World Impact!

Identity Certificates ABAC is not New User (Identity) X.500 Directory X.509 Identity Certificates Attributes Public-keys + Secured secrets Pre Internet, early 1990s © Ravi Sandhu World-Leading Research with Real-World Impact!

Identity Certificates ABAC is not New User (Identity) X.509 Attribute Certificates X.509 Identity Certificates Attributes Public-keys + Secured secrets Post Internet, late 1990s © Ravi Sandhu World-Leading Research with Real-World Impact!

ABAC is not New SPKI Certificates Post Internet, late 1990s User (Identity) Attributes Public-keys + Secured secrets SPKI Certificates Post Internet, late 1990s © Ravi Sandhu World-Leading Research with Real-World Impact!

ABAC is not New Anonymous Credentials Mature Internet, 2000s User (Identity) Attributes Public-keys + Secured secrets Anonymous Credentials Mature Internet, 2000s © Ravi Sandhu World-Leading Research with Real-World Impact!

Authorization Decision ABAC is not New Attributes Authorization Decision Action User Subject Object Context Policy Yes/No XACML Mature Internet, 2000s © Ravi Sandhu World-Leading Research with Real-World Impact!

ABAC is not New Usage Control Models, early 2000s unified model integrating authorization obligation conditions and incorporating continuity of decisions mutability of attributes Usage Control Models, early 2000s © Ravi Sandhu World-Leading Research with Real-World Impact!

ABAC Status 1990? 2015 ABAC still in pre/early phase Standard Adopted Proposed Standard RBAC96 paper 1990? 2015 ABAC still in pre/early phase © Ravi Sandhu World-Leading Research with Real-World Impact! 20

Access Control Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? © Ravi Sandhu World-Leading Research with Real-World Impact! 21

Can be configured to do simple forms of DAC, MAC, RBAC ABACα Model Structure Policy Configuration Points Can be configured to do simple forms of DAC, MAC, RBAC © Ravi Sandhu World-Leading Research with Real-World Impact! 22

RBAC Extensions 1,4 1, 2, 4, 5 1, 4, 5 4, 5 1, 2, 3, 4, 5 Give examples about what is excluded 4 1, 4, 5 1. Context Attributes 2. Subject attribute constraints policy are different at creation and modification time. 4. Policy Language 5. Meta-Attributes 3. Subject attributes constrained by attributes of subjects created by the same user. World-Leading Research with Real-World Impact! 23

Can be configured to do many ABACβ Model Show abac-alpha Then for each type of extension, highlight the extensions to ABAC 23 and 24 integrated Can be configured to do many RBAC extensions 24

SOME RESEARCH CHALLENGES © Ravi Sandhu World-Leading Research with Real-World Impact!

Ultimate Unified Model Attributes Security Access Control Trust Risk Relationships Provenance © Ravi Sandhu World-Leading Research with Real-World Impact!

Expressive Power Idealized Enforceable (Approximate) Codeable © Ravi Sandhu World-Leading Research with Real-World Impact! 27

Safety Analysis Idealized Enforceable (Approximate) Codeable © Ravi Sandhu World-Leading Research with Real-World Impact! 28

Attribute and Policy Engineering Show abac-alpha Then for each type of extension, highlight the extensions to ABAC 23 and 24 integrated 29

Application Domains Cloud computing Internet of Things ………. © Ravi Sandhu World-Leading Research with Real-World Impact! 30

Access Control Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? © Ravi Sandhu World-Leading Research with Real-World Impact! 31

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.