11 World-Leading Research with Real-World Impact! A Group-Centric Model for Collaboration with Expedient Insiders in Multilevel Systems Khalid Zaman Bijon,

Slides:



Advertisements
Similar presentations
INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.
Advertisements

Towards Secure Information Sharing Models for Community Cyber Security Ravi Sandhu, Ram Krishnan and Gregory B. White Institute for Cyber Security University.
11 World-Leading Research with Real-World Impact! A Framework for Risk-Aware Role Based Access Control Khalid Zaman Bijon, Ram Krishnan and Ravi Sandhu.
Institute for Cyber Security
11 World-Leading Research with Real-World Impact! A Lattice Interpretation of Group-Centric Collaboration with Expedient Insiders Khalid Zaman Bijon, Tahmina.
Rasool Jalili; 2 nd semester ; Database Security, Sharif Uni. of Tech. The Jajodia & Sandhu model Jajodia & Sandhu (1991), a model for the application.
Lecture 8 Access Control (cont)
1 Access Control Models Prof. Ravi Sandhu Executive Director and Endowed Chair January 25, 2013 & February 1, 2013
11 World-Leading Research with Real-World Impact! Integrated Provenance Data for Access Control in Group-centric Collaboration Dang Nguyen, Jaehong Park.
1 The Data and Application Security and Privacy (DASPY) Challenge Prof. Ravi Sandhu Executive Director and Endowed Chair 11/11/11
Agenda Who is Secured What is Secured Logic and the Effective Permissions Guidelines and Best Practices.
Attribute-Based Access Control Models and Beyond
11 World-Leading Research with Real-World Impact! Constraints Specification for Virtual Resource Orchestration in Cloud IaaS Constraints Specification.
11 World-Leading Research with Real-World Impact! RT-Based Administrative Models for Community Cyber Security Information Sharing Ravi Sandhu, Khalid Zaman.
11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.
Secure Information and Resource Sharing in CloudSecure Information and Resource Sharing in Cloud References OSAC-SID Model [1]K. Harrison and G. White.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
11 World-Leading Research with Real-World Impact! A Formal Model for Isolation Management in Cloud Infrastructure-as-a-Service Khalid Zaman Bijon, Ram.
1 A Role Based Administration Model For Attribute Xin Jin, Ram Krishnan, Ravi Sandhu SRAS, Sep 19, 2012 World-Leading Research with Real-World Impact!
1 The Challenge of Data and Application Security and Privacy (DASPY) Ravi Sandhu Executive Director and Endowed Professor March 23, 2011
1 World-Leading Research with Real-World Impact! Authorization Federation in IaaS Multi Cloud Navid Pustchi, Ram Krishnan and Ravi Sandhu SCC 2015.
INSTITUTE FOR CYBER SECURITY 1 Cyber Security: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security.
UTSA Amy(Yun) Zhang, Ram Krishnan, Ravi Sandhu Institute for Cyber Security University of Texas at San Antonio San Antonio, TX Nov 03, 2014 Presented.
1 Institute for Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair February 4, 2015
1 Polyinstantiation. 2 Definition and need for polyinstantiation Sea View model Jajodia – Sandhu model.
INSTITUTE FOR CYBER SECURITY © Ravi Sandhu11 Group-Centric Information Sharing Ravi Sandhu Executive Director and Endowed Professor Institute for Cyber.
11 World-Leading Research with Real-World Impact! Towards Provenance and Risk-Awareness in Social Computing Yuan Cheng, Dang Nguyen, Khalid Bijon, Ram.
On Data Provenance in Group-centric Secure Collaboration Oct. 17, 2011 CollaborateCom Jaehong Park, Dang Nguyen and Ravi Sandhu Institute for Cyber Security.
1 Big Data Applications in Cloud and Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Professor UTSA COB Symposium on Big Data, Big Challenges.
1 Grand Challenges in Authorization Systems Prof. Ravi Sandhu Executive Director and Endowed Chair November 14, 2011
11 World-Leading Research with Real-World Impact! Risk-Aware RBAC Sessions Khalid Zaman Bijon, Ram Krishnan and Ravi Sandhu Institute for Cyber Security.
Lattice-Based Access Control Models Ravi S. Sandhu Colorado State University CS 681 Spring 2005 John Tesch.
11 World-Leading Research with Real-World Impact! Group-Centric Secure Information Sharing: A Lattice Interpretation Institute for Cyber Security Ravi.
INSTITUTE FOR CYBER SECURITY 1 The PEI Framework for Application-Centric Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for.
1 Group-Centric Models for Secure and Agile Information Sharing Ravi Sandhu Executive Director and Endowed Professor October 2010
1 RABAC : Role-Centric Attribute-Based Access Control MMM-ACNS 2012 Xin Jin, Ravi Sandhu, Ram Krishnan University of Texas at San Antonio San Antonio,
INSTITUTE FOR CYBER SECURITY A Hybrid Enforcement Model for Group-Centric Secure Information Sharing (g-SIS) Co-authored with Ram Krishnan, PhD Candidate,
1 Group-Centric Models for Secure Information Sharing Prof. Ravi Sandhu Executive Director and Endowed Chair March 30, 2012
1 Group-Centric Models for Secure and Agile Information Sharing Ravi Sandhu Executive Director and Endowed Professor April 2010
Access Control MAC. CSCE Farkas 2 Lecture 17 Reading assignments Required for access control classes:  Ravi Sandhu and P. Samarati, Access Control:
INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security.
Application-Centric Security Models
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
CSCE 201 Introduction to Information Security Fall 2010 Access Control Models.
A Conceptual Framework for Group-Centric Secure Information Sharing Ram Krishnan (George Mason University) Ravi Sandhu, Jianwei Niu, William Winsborough.
Authorization Policy Specification and Enforcement for Group-Centric Secure Information Sharing Ram Krishnan and Ravi Sandhu University of Texas at San.
CS426Fall 2010/Lecture 211 Computer Security CS 426 Lecture 21 The Bell LaPadula Model.
1 Panel on Data Usage Management: Technology or Regulation? Prof. Ravi Sandhu Executive Director and Endowed Chair DUMA 2013 May 23, 2013
Security Models Xinming Ou. Security Policy vs. Security Goals In a mandatory access control system, the system defines security policy to achieve security.
1 Security and Privacy in Human-Centric Computing and Big Data Management Prof. Ravi Sandhu Executive Director and Endowed Chair CODASPY 2013 February.
1 Open Discussion PSOSM 2012 Prof. Ravi Sandhu Executive Director and Endowed Chair © Ravi Sandhu.
Database Security. Introduction to Database Security Issues (1) Threats to databases Loss of integrity Loss of availability Loss of confidentiality To.
Database Security Database System Implementation CSE 507 Some slides adapted from Navathe et. Al.
INSTITUTE FOR CYBER SECURITY 1 Enforcement Architecture and Implementation Model for Group-Centric Information Sharing © Ravi Sandhu Ram Krishnan (George.
Ram Krishnan (George Mason University) Ravi Sandhu, Jianwei Niu, William Winsborough (University of Texas at San Antonio) Foundations for Group-Centric.
Extended ReBAC Administrative Models with Cascading Revocation and Provenance Support Yuan Cheng 1 , 2, Khalid Bijon 2, and Ravi Sandhu 1 Institute for.
1 Cyber Security Major R&D Challenges Ram Krishnan Cyber Security Research Institute (CSRI) Cyber Security R&D Workshop.
INSTITUTE FOR CYBER SECURITY 1 Purpose-Centric Secure Information Sharing Ravi Sandhu Executive Director and Endowed Professor Institute for Cyber Security.
Database System Implementation CSE 507
Access Control CSE 465 – Information Assurance Fall 2017 Adam Doupé
Institute for Cyber Security
Institute for Cyber Security
Institute for Cyber Security
Past, Present and Future
Prosunjit Biswas, Ravi Sandhu and Ram Krishnan
Executive Director and Endowed Chair
Mandatory Access Control (MAC)
The Jajodia & Sandhu model
Assured Information Sharing
The Jajodia & Sandhu model
Presentation transcript:

11 World-Leading Research with Real-World Impact! A Group-Centric Model for Collaboration with Expedient Insiders in Multilevel Systems Khalid Zaman Bijon, Ravi Sandhu, Ram Krishnan Institute for Cyber Security University of Texas at San Antonio May 22, 2012 International Symposium on Security in Collaboration Technologies and Systems Institute for Cyber Security

Who are expedient insiders?  Any outside Collaborators, i.e. Domain specialists, cyber- security experts, etc. Difference with respect to true insiders  Transient rather than persistent  Information sharing is based on need-to-consult basis  Less commitment than long time employees Expedient Insiders What are the Challenges? 1.Information selection for collaboration 2.Restrict unnecessary access 3. Import results World-Leading Research with Real-World Impact! 2

3 Assign to a place in existing organizational structure Collaboration Process #1 World-Leading Research with Real-World Impact! Unclassified Classified Top Secret Secret Outside Collaborators Sharing more information than necessary Open to more true-insiders than necessary

Individual Sharing Collaboration World-Leading Research with Real-World Impact! Collaboration Process #2 Unclassified Classified Top Secret Secret Outside Collaborators Scalability is the main Issue! 4

55 World-Leading Research with Real-World Impact! Group Centric Collaboration Collaboration Group with Expedient Insider Outside Collaborators Organization Just Right Sharing Scalable

Group Centric Collab. (cont.) World-Leading Research with Real-World Impact! 6 Object-Version Model write creates a new version Security classification of versions (same?) User-Subject Model User: human in the system Subject: Programs/processes on behalf of user Operational aspect Administrative aspect Subject Model Read-Only Subject (can not write object but read from multiple groups) Read-Write Subject (can write but limited read capability) Membership Management True Insider: Regular employee Expedient Insider: Collaborators, Consultants Group Lifecycle Objects Management Lattice Structure G-SIS specification

True Insiders Vs Expedient Insiders World-Leading Research with Real-World Impact! 7 True InsidersExpedient Insiders 1. Simultaneously hold membership in multiple groups and organization 1. Can get membership to multiple groups but not in organization 2. Retain the same organization clearance when joining a new group 2. Assigned a single clearance for every group they join 3. Can access all objects that - Satisfy dominance relation - in organization or joined groups 3. Can access all objects that - Satisfy dominance relation - in joined groups only

Operational Semantics World-Leading Research with Real-World Impact! 8 Join Insider Join Outsider Leave Insider Leave Expedient Insider Remove Version Merge Version Collaboration Group CreateRWInCG Subject CreateRWInOrg Subject CreateRO Subject Create Object Read Version Update Version Kill Subject Administrative Model Operational Model Add Version Organization Establish/Disband Group Import Version TS S C U S U C U S C U S C U S C U S C U S C S S C S U C S S C U CreateRWInCG Subject CreateRWInOrg Subject CreateRO Subject Create Object Read Version Update Version Kill Subject Outside Consultants

Read-Only Vs Read-Write Subject World-Leading Research with Real-World Impact! 9 Read OnlyRead Write 1. Can not write, read is restricted by BLP simple security property 1. Can read and write, however, write is restricted by BLP strict * property 2. User determines the security clearance (<= user’s clearance) 3. Can read objects across groups 3. restricted within the same group it was created 4. Can not create new object 4. Can create new object and object inherits its clearance 5. Read operation does not create new object versions 5. Only a write operation always create a new version of the respective object, however, does not change the classification of the version

Merge Vs Import Operation World-Leading Research with Real-World Impact! 10 Merge Add Import Organization Collaboration Group New object MergeImport 1. Can applicable only to previously added version 1. Only to the newly created versions 2. Does not create new objects 2. Always creates a new object 3. Does not change the object classification 3. New object inherits classification from importing one

Attribute Specification World-Leading Research with Real-World Impact! 11

Join Insider operation could modify clearance  A manager of the organization could be a group director, etc. Add object operation could modify classification  A secret object might get top secret classification in collaboration group Add object could sanitize information  Organization might not want to share actual object Possible Enhancement World-Leading Research with Real-World Impact! 12

Advantage of Group Centric Collaboration Model Selective information sharing Controlled flow back of results Does not interfere with the main lattice structure Easier to manage collaborations Conclusion & Future Work World-Leading Research with Real-World Impact! 13 Future Work Collaboration group with multiple organizations, expedient insiders, etc.  Merging different organization’s structures A novel method to manage expedient-insider collaboration in multi level systems

Thank You

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.