1 PANEL Solving the Access Control Puzzle: Finding the Pieces and Putting Them Together Ravi Sandhu Executive Director Endowed Professor June 2010

Slides:



Advertisements
Similar presentations
INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.
Advertisements

INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010
INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010
INSTITUTE FOR CYBER SECURITY 1 Industry-Academia Research Synergy: Fantasy or Reality? Ravi Sandhu Executive Director and Endowed Professor Institute for.
Institute for Cyber Security (ICS) Prof. Ravi Sandhu Executive Director and Lutcher Brown Endowed Chair
1 Speculations on the Future of Cyber Security in 2025 Prof. Ravi Sandhu Executive Director January 2010
INSTITUTE FOR CYBER SECURITY 1 The PEI + UCON Framework for Application Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
1 The Future of Cyber Security Prof. Ravi Sandhu Executive Director February © Ravi Sandhu.
Towards Secure Information Sharing Models for Community Cyber Security Ravi Sandhu, Ram Krishnan and Gregory B. White Institute for Cyber Security University.
Institute for Cyber Security ASCAA Principles for Next- Generation Role-Based Access Control Ravi Sandhu Executive Director & Endowed Professor Institute.
INSTITUTE FOR CYBER SECURITY 1 The PEI Framework for Application-Centric Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for.
Institute for Cyber Security
1 Towards a Discipline of Mission-Aware Cloud Computing (A Position Paper) Ravi Sandhu Executive Director and Endowed Professor October 2010
Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.
1 New Trends and Challenges in Computer Network Security Ravi Sandhu Executive Director and Endowed Professor September 2010
1 Cyber Security Research: A Personal Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair January 18, 2013
The RBAC96 Model Prof. Ravi Sandhu. 2 © Ravi Sandhu WHAT IS RBAC?  multidimensional  open ended  ranges from simple to sophisticated.
Future of Access Control: Attributes, Automation, Adaptation
1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.
1 Security and Trust Convergence: Attributes, Relations and Provenance Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown.
Attribute-Based Access Control Models and Beyond
1 Plenary Panel on Cloud Security and Privacy: What is new and What needs to be done? Ravi Sandhu Executive Director and Endowed Professor December 2010.
1 Institute for Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair February 4, 2015
1 Big Data Applications in Cloud and Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Professor UTSA COB Symposium on Big Data, Big Challenges.
1 Grand Challenges in Authorization Systems Prof. Ravi Sandhu Executive Director and Endowed Chair November 14, 2011
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
1 Group-Centric Models for Secure Information Sharing Prof. Ravi Sandhu Executive Director and Endowed Chair March 30, 2012
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
1 Panel on Data Usage Management: Technology or Regulation? Prof. Ravi Sandhu Executive Director and Endowed Chair DUMA 2013 May 23, 2013
1 Security and Privacy in Human-Centric Computing and Big Data Management Prof. Ravi Sandhu Executive Director and Endowed Chair CODASPY 2013 February.
1 Open Discussion PSOSM 2012 Prof. Ravi Sandhu Executive Director and Endowed Chair © Ravi Sandhu.
1 Role-Based Access Control (RBAC) Prof. Ravi Sandhu Executive Director and Endowed Chair January 29, © Ravi.
INSTITUTE FOR CYBER SECURITY 1 Purpose-Centric Secure Information Sharing Ravi Sandhu Executive Director and Endowed Professor Institute for Cyber Security.
Institute for Cyber Security
Institute for Cyber Security
Past, Present and Future
An Access Control Perspective on the Science of Security
Institute for Cyber Security (ICS) & Center for Security and Privacy Enhanced Cloud Computing (C-SPECC) Ravi Sandhu Executive Director Professor of.
Introduction and Basic Concepts
Authentication by Passwords
Attribute-Based Access Control: Insights and Challenges
Role-Based Access Control (RBAC)
Executive Director and Endowed Chair
Cyber Security Research: Applied and Basic Combined*
On the Value of Access Control Models
Institute for Cyber Security
Institute for Cyber Security
ABAC Panel Prof. Ravi Sandhu Executive Director and Endowed Chair
Institute for Cyber Security
Attribute-Based Access Control (ABAC)
Cyber Security Research: Applied and Basic Combined*
Security and Privacy in the Age of the Internet of Things:
Intersection of Data, Policy and Privacy
UTSA Cyber Security Ecosystem
Attribute-Based Access Control: Insights and Challenges
Cyber Security and Privacy: An Optimist’s Perspective
Big Data and Privacy Panel Prof. Ravi Sandhu
Executive Director and Endowed Chair
ASCAA Principles for Next-Generation Role-Based Access Control
Assured Information Sharing
Institute for Cyber Security
Cyber Security Research: A Personal Perspective
Cyber Security Research: Applied and Basic Combined*
Attribute-Based Access Control (ABAC)
Access Control Evolution and Prospects
Cyber Security R&D: A Personal Perspective
World-Leading Research with Real-World Impact!
Access Control Evolution and Prospects
Presentation transcript:

1 PANEL Solving the Access Control Puzzle: Finding the Pieces and Putting Them Together Ravi Sandhu Executive Director Endowed Professor June © Ravi Sandhu World-Leading Research with Real-World Impact! Institute for Cyber Security

2 Questions 1. A research direction or area within the access control space that you think merits more attention; 2. Another research direction or area within this space that you feel has been sufficiently mined and can be set aside, or for which you think that isolated research has reached a point of diminishing returns; 3. Two or more research directions that you think should be studied jointly or have good potential for synergy. © Ravi Sandhu World-Leading Research with Real-World Impact!

3 Questions 1. A research direction or area within the access control space that you think merits more attention; 2. Another research direction or area within this space that you feel has been sufficiently mined and can be set aside, or for which you think that isolated research has reached a point of diminishing returns; 3. Two or more research directions that you think should be studied jointly or have good potential for synergy. © Ravi Sandhu World-Leading Research with Real-World Impact! Automation

4 Questions 1. A research direction or area within the access control space that you think merits more attention; 2. Another research direction or area within this space that you feel has been sufficiently mined and can be set aside, or for which you think that isolated research has reached a point of diminishing returns; 3. Two or more research directions that you think should be studied jointly or have good potential for synergy. © Ravi Sandhu World-Leading Research with Real-World Impact! Automation SELinux

5 Questions 1. A research direction or area within the access control space that you think merits more attention; 2. Another research direction or area within this space that you feel has been sufficiently mined and can be set aside, or for which you think that isolated research has reached a point of diminishing returns; 3. Two or more research directions that you think should be studied jointly or have good potential for synergy. © Ravi Sandhu World-Leading Research with Real-World Impact! Automation SELinux Access Control meets Mission Assurance or Mission-Aware Access Control

6 Automation Computers excel at automation. Thats why they were invented. Users have zero interest in configuring access control. Value of fine-grained access control and least privilege are oversold. Why cant access control systems: Time out privileges automatically Automatically renew Limit usage rates to human versus machine Provide meaningful review Meaningfully combine core ideas of LBAC (MAC), DAC, RBAC, UCON (including ABAC) Be usable by application developers let alone end users © Ravi Sandhu World-Leading Research with Real-World Impact!

7 SELinux Simply mashing LBAC (MAC), DAC, RBAC, DTE produces a mess versus a thing of beauty Principles reinforced by failure of SELinux to achieve them: Simple things should be simple to do Overly complex things should never be done Multi-user OSs are passe. We are in the age of multi-device and multi-OS users! Start with a coherent model before rushing into implementation. Think P (Policy), E (Enforcement), I (Implementation) Forget about DTE © Ravi Sandhu World-Leading Research with Real-World Impact!

8 Mission-Aware Access Control How to put intelligence into access control across P (Policy), E (Enforcement), I (Implementation) so mission needs can be taken into account in adapting access control automatically with minimal human intervention © Ravi Sandhu World-Leading Research with Real-World Impact!