UCON M ODEL 51000448 - Huỳnh Châu Duy. OUTLINE UCON MODEL What? What for? When? Why? CORE MODELS 16 basic models Example COMPARISON Traditional access.

Slides:



Advertisements
Similar presentations
INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.
Advertisements

INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
Cyber-Identity, Authority and Trust in an Uncertain World
1 Formal Model and Analysis of Usage Control Dissertation defense Student: Xinwen Zhang Director: Ravi S. Sandhu Co-director: Francesco Parisi-Presicce.
Cyber-Identity, Authority and Trust in an Uncertain World
INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University
INSTITUTE FOR CYBER SECURITY 1 The PEI + UCON Framework for Application Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
Cyber-Identity and Authorization in an Uncertain World Ravi Sandhu Laboratory for Information Security Technology Department of Information.
Attribute Mutability in Usage Control July 26, 2004, IFIP WG11.3 Jaehong Park, University of Maryland University College Xinwen Zhang, George Mason University.
1 Safety Analysis of Usage Control (UCON) Authorization Model Xinwen Zhang, Ravi Sandhu, and Francesco Parisi-Presicce George Mason University AsiaCCS.
Towards Usage Control Models: Beyond Traditional Access Control 7 th SACMAT, June 3, 2002 Jaehong Park and Ravi Sandhu Laboratory for Information Security.
Institute for Cyber Security
A Usage-based Authorization Framework for Collaborative Computing Systems Xinwen Zhang George Mason University Masayuki Nakae NEC Corporation Michael J.
Usage Control: UCON Ravi Sandhu. © Ravi Sandhu2 Problem Statement Traditional access control models are not adequate for todays distributed, network-
Logical Model and Specification of Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University.
Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.
Usage Control: A Vision for Next Generation Access Control Oct 14, 2003 Ravi Sandhu and Jaehong Park ( Laboratory for Information Security.
A Logic Specification for Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University SACMAT 2004.
Towards A Times-based Usage Control Model Baoxian Zhao 1, Ravi Sandhu 2, Xinwen Zhang 3, and Xiaolin Qin 4 1 George Mason University, Fairfax, VA, USA.
© 2006 Ravi Sandhu Cyber-Identity, Authority and Trust Systems Prof. Ravi Sandhu Professor of Information Security and Assurance Director,
ContentGuard An Intellectual Property Company IPED Conference November 1, 2007 Presented By Eddie Chen CONTENTGUARD.
1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
High Performance Computing Course Notes Grid Computing.
1 Grand Challenges in Data Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair
RBAC and Usage Control System Security. Role Based Access Control Enterprises organise employees in different roles RBAC maps roles to access rights After.
1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.
Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.
Mandatory Flow Control Bismita Srichandan. Outline Mandatory Flow Control Models Information Flow Control Lattice Model Multilevel Models –The Bell-LaPadula.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
Access, Usage and Activity Controls Mar. 30, 2012 UTSA CS6393 Jaehong Park Institute for Cyber Security University of Texas at San Antonio
Extended Role Based Access Control – Based Design and Implementation for a Secure Data Warehouse Dr. Bhavani Thuraisingham Srinivasan Iyer.
1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo
Overview of Access and Information Protection
Mairéad Martin The University of Tennessee September 13, 2015 Federated Digital Rights Management.
Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.
Improved Access Point Selection MobiSys2006. Outline INTRODUCTION FIELD STUDY VIRGIL EVALUATION CONCLUSION.
Trust and Security for Next Generation Grids, Tutorial Usage Control for Next Generation Grids Introduction Philippe Massonet et al CETIC.
11 Usage policies for end point access control  XACML is Oasis standard to express enterprise security policies with a common XML based policy language.
Secure Operating System. Mandatory Protection Systems Problem of discretionary access control: untrusted processes can modify protection states Mandatory.
ADV. NETWORK SECURITY CODY WATSON What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protections of External Resources.
Extensible Access Control Framework for Cloud Applications KTH-SEECS Applied Information Security Lab SEECS NUST Implementation Perspective.
Windows Role-Based Access Control Longhorn Update
INSTITUTE FOR CYBER SECURITY A Hybrid Enforcement Model for Group-Centric Secure Information Sharing (g-SIS) Co-authored with Ram Krishnan, PhD Candidate,
Privilege Management Chapter 22.
Interconnecting Autonomous Medical Domains Gritzalis, S.Gritzalis, S. ; Belsis, P. ; Katsikas, S.K. ; Univ. of the Aegean, Samos Belsis, P.Katsikas, S.K.
Access Controls Mandatory Access Control by Sean Dalton December 5 th 2008.
Chapter 4 Access Control. Access Control Principles RFC 4949 defines computer security as: “Measures that implement and assure security services in a.
1 Usage Control (UCON) or ABAC on Steroids Prof. Ravi Sandhu Executive Director and Endowed Chair February 26, 2016
22 feb What is Access Control? Access control is the heart of security Definitions: * The ability to allow only authorized users, programs or.
Identity and Access Management
FUNDAMENTAL CONCEPTS IN COMPUTER SECURITY
Past, Present and Future
CompTIA Security+ Study Guide (SY0-401)
Attribute-Based Access Control (ABAC)
Institute for Cyber Security
Institute for Cyber Security
Institute for Cyber Security
Cyber Security Research: Applied and Basic Combined*
Federated Digital Rights Management
OM-AM and RBAC Ravi Sandhu*
OS Access Control Mauricio Sifontes.
ASCAA Principles for Next-Generation Role-Based Access Control
Assured Information Sharing
Institute for Cyber Security
Cyber Security Research: A Personal Perspective
Access Control What’s New?
Attribute-Based Access Control (ABAC)
Presentation transcript:

UCON M ODEL Huỳnh Châu Duy

OUTLINE UCON MODEL What? What for? When? Why? CORE MODELS 16 basic models Example COMPARISON Traditional access control DRM CONCLUSION

UCON MODEL WHAT?WHEN? WHAT FOR? WHY?

TRADITIONAL ACCESS CONTROL Mandatory Access Control (MAC) Discretionary Access Control (DAC) Role Based Access Control (RBAC) Focus in a closed system environment Not adequate for today’s distributed, network- connected digital environment. Authorization only Decision is made before access No consumable rights Rights are pre-defined and granted to subjects

DIGITAL RIGHT MANAGEMENT(DRM) Controlling and tracking access to and use of digital information objects at client-side. Mainly focus on intellectual property rights protection. Lack of access control model.

PROBLEM

UCON MODEL WHAT?WHEN? WHAT FOR? WHY?

UCON ABC MODEL COMPONENTS

Subjects Attributes Consumer Subjects Provider Subjects Identifiee Subjects Objects Attributes Rights

WHAT IS UCON ABC MODEL? OBLIGATIONS AUTHORIZATIONS CONDITIONS

AUTHORIZATIONS Functional predicates that have to be evaluated for usage decision. Return whether the subject(requester) is allowed to perform the requested rights on the object. Authorizations can be either pre-authorizations (preA) or ongoing-authorizations (onA).

OBLIGATIONS Functional predicates that verify mandatory requirements a subject has to perform before or during a usage exercise. Obligations can be either pre-obligations (preB) or ongoing-obligations (onB)

CONDITIONS Environmental or system-oriented decision factors. Unlike authorizations or obligations, condition variables cannot be mutable. Evaluation of conditions cannot update any subject or object attributes.

OUTLINE UCON MODEL What? What for? When? Why? CORE MODELS 16 basic models Example COMPARISON Traditional access control DRM CONCLUSION

CORE MODEL The 16 basic UCON ABC models 0 immutable 1 pre_update 2 ongoing_update 3 post_update preAYYNY onAYYYY preBYYNY onBYYYY preCYNNN onCYNNN

CORE MODEL AUTHORIZATIONS preA onA

CORE MODEL preA preA0 preA1 preA3 Example : - Pay-per-view (preUpdate) - Metered payment (postUpdate)

CORE MODEL onA onA0 onA1 onA2 onA3 Example : Pay-per-Minutes

CORE MODEL OBLIGATIONS preB onB

CORE MODEL preB preB0 preB1 preB3 Example : Free Internet Service

CORE MODEL onB onB0 onB1 onB2 onB3

CORE MODEL CONDITIONS preC onC

CORE MODEL Example : Healthcare Education Long-distance phone Pre-paid phone card Click Ad within every 30 minutes Business Hour

OUTLINE UCON MODEL What? What for? When? Why? CORE MODELS 16 basic models Example COMPARISON Traditional access control DRM CONCLUSION

COMPARISON Traditional Access Control RBAC MAC DAC UCON MODEL Authorizations Obligations Conditions

COMPARISON DRM pay-per-use multiple credits UCON MODEL Authorizations Obligations Conditions

OUTLINE UCON MODEL What? What for? When? Why? CORE MODELS 16 basic models Example COMPARISON Traditional access control DRM CONCLUSION

CONSLUSION UCON ABC leaves open the architecture and mechanisms for providing trusted attributes.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.