Institute for Cyber Security

Slides:



Advertisements
Similar presentations
INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.
Advertisements

INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
OWASP CLASP Overview.
Cyber-Identity, Authority and Trust in an Uncertain World
1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010
INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010
1 PANEL Solving the Access Control Puzzle: Finding the Pieces and Putting Them Together Ravi Sandhu Executive Director Endowed Professor June 2010
INSTITUTE FOR CYBER SECURITY 1 The PEI + UCON Framework for Application Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
1 The Challenge of Data and Application Security and Privacy (DASPY): Are We Up to It? Ravi Sandhu Executive Director and Endowed Professor February 21,
1 ACSAC 2002 © Mohammad al-Kahtani 2002 A Model for Attribute-Based User-Role Assignment Mohammad A. Al-Kahtani Ravi Sandhu George Mason University SingleSignOn.net,
Attribute Mutability in Usage Control July 26, 2004, IFIP WG11.3 Jaehong Park, University of Maryland University College Xinwen Zhang, George Mason University.
A New Modeling Paradigm for Dynamic Authorization in Multi-Domain Systems MMM-ACNS, September 13, 2007 Manoj Sastry, Ram Krishnan, Ravi Sandhu Intel Corporation,
INSTITUTE FOR CYBER SECURITY 1 The PEI Framework for Application-Centric Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for.
11 World-Leading Research with Real-World Impact! A Framework for Risk-Aware Role Based Access Control Khalid Zaman Bijon, Ram Krishnan and Ravi Sandhu.
1 Towards a Discipline of Mission-Aware Cloud Computing (A Position Paper) Ravi Sandhu Executive Director and Endowed Professor October 2010
Logical Model and Specification of Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University.
ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University.
Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.
Future Directions in Role-Based Access Control Models Ravi Sandhu Co-Founder and Chief Scientist SingleSignOn.Net & Professor of Information Technology.
Gail-Joon Ahn and Ravi Sandhu George Mason University Myong Kang and Joon Park Naval Research Laboratory Injecting RBAC to Secure a Web-based Workflow.
A Logic Specification for Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University SACMAT 2004.
Towards A Times-based Usage Control Model Baoxian Zhao 1, Ravi Sandhu 2, Xinwen Zhang 3, and Xiaolin Qin 4 1 George Mason University, Fairfax, VA, USA.
1 New Trends and Challenges in Computer Network Security Ravi Sandhu Executive Director and Endowed Professor September 2010
© 2006 Ravi Sandhu Cyber-Identity, Authority and Trust Systems Prof. Ravi Sandhu Professor of Information Security and Assurance Director,
ROLE-BASED ACCESS CONTROL: A MULTI-DIMENSIONAL VIEW Ravi Sandhu, Edward Coyne, Hal Feinstein and Charles Youman Seta Corporation McLean, VA Ravi Sandhu.
A THREE TIER ARCHITECTURE FOR ROLE-BASED ACCESS CONTROL Ravi Sandhu and Hal Feinstein Seta Corporation McLean, VA Ongoing NIST-funded project Other Project.
Engineering Authority and Trust in Cyberspace: The OM-AM and RBAC Way Prof. Ravi Sandhu George Mason University
0 - 0.
ALGEBRAIC EXPRESSIONS
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
ADDING INTEGERS 1. POS. + POS. = POS. 2. NEG. + NEG. = NEG. 3. POS. + NEG. OR NEG. + POS. SUBTRACT TAKE SIGN OF BIGGER ABSOLUTE VALUE.
SUBTRACTING INTEGERS 1. CHANGE THE SUBTRACTION SIGN TO ADDITION
MULT. INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
Addition Facts
|epcc| NeSC Workshop Open Issues in Grid Scheduling Ali Anjomshoaa EPCC, University of Edinburgh Tuesday, 21 October 2003 Overview of a Grid Scheduling.
ZMQS ZMQS
1 Cyber Security Research: A Personal Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair January 18, 2013
TQA CONCEPTS & CORE VALUES
© S Haughton more than 3?
Internal Control–Integrated Framework
Addition 1’s to 20.
25 seconds left…...
Test B, 100 Subtraction Facts
Week 1.
1 Unit 1 Kinematics Chapter 1 Day
1 Cloud Computing Prof. Ravi Sandhu Executive Director and Endowed Chair April 12, © Ravi Sandhu World-Leading.
1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.
11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.
INSTITUTE FOR CYBER SECURITY 1 Cyber Security: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security.
Institute for Cyber Security
Institute for Cyber Security
Institute for Cyber Security (ICS) & Center for Security and Privacy Enhanced Cloud Computing (C-SPECC) Ravi Sandhu Executive Director Professor of.
Attribute-Based Access Control: Insights and Challenges
Role-Based Access Control (RBAC)
On the Value of Access Control Models
Institute for Cyber Security
Institute for Cyber Security
ABAC Panel Prof. Ravi Sandhu Executive Director and Endowed Chair
Institute for Cyber Security
Cyber Security Research: Applied and Basic Combined*
Attribute-Based Access Control: Insights and Challenges
Assured Information Sharing
Institute for Cyber Security
Cyber Security Research: A Personal Perspective
Cyber Security Research: Applied and Basic Combined*
Attribute-Based Access Control (ABAC)
Access Control Evolution and Prospects
Cyber Security R&D: A Personal Perspective
Access Control Evolution and Prospects
Presentation transcript:

Institute for Cyber Security An Attribute Based Framework for Risk-Adaptive Access Control Models Ravi Sandhu Executive Director and Endowed Professor August 2011 ravi.sandhu@utsa.edu www.profsandhu.com www.ics.utsa.edu Joint work with Savith Kandala and Venkata Bhamidipati © Ravi Sandhu World-Leading Research with Real-World Impact!

RAdAC Concepts Access to resources are automatically (or semi-automatically) granted based on: Purpose for the access request, Security risk, and Situational Factors Motivating Example: Displaying a classified document… © Ravi Sandhu World-Leading Research with Real-World Impact! 2

Benefits of Abstract Models Core Characteristics of RAdAC Outline Benefits of Abstract Models Core Characteristics of RAdAC Components of RAdAC Model Mapping RAdAC to UCON Extending UCON Principles to RAdAC and Modified UCON Model © Ravi Sandhu World-Leading Research with Real-World Impact! 3

Benefits of Abstract Models Proposed at the Policy Layer Do not lay out enforcement and implementation details Successful practice – DAC, MAC and RBAC Provides a formal and structural foundation © Ravi Sandhu World-Leading Research with Real-World Impact! 4

Core Characteristics of RAdAC Reference – Robert McGraw, NIST Privilege Management Workshop, 2009 Operational Need Security Risk Situational Factors Heuristics Adaptable Access Control Policies © Ravi Sandhu World-Leading Research with Real-World Impact! 5

RAdAC Model World-Leading Research with Real-World Impact! © Ravi Sandhu World-Leading Research with Real-World Impact! 6

Operational Need / Purpose © Ravi Sandhu World-Leading Research with Real-World Impact! 7

Operational Need / Purpose Purpose (Operational Need) The reason for the user’s access request Can manifest as: A user’s membership in a role An authority is attesting to a user’s need to access the object Examples: Health Care – Emergency treatment Energy – Impending power emergency Banking – Consent to access acct info. © Ravi Sandhu World-Leading Research with Real-World Impact! 8

Security Risk World-Leading Research with Real-World Impact! © Ravi Sandhu World-Leading Research with Real-World Impact! 9

Attribute Providers and Level of Assurance Security Risk Users Devices Objects Operations Connections Attribute Providers and Level of Assurance Security risk evaluation be based on risk associated with each of these components, as well as a composite risk. © Ravi Sandhu World-Leading Research with Real-World Impact! 10

Situational Factors World-Leading Research with Real-World Impact! © Ravi Sandhu World-Leading Research with Real-World Impact! 11

Environmental or system oriented decision factors Situational Factors Environmental or system oriented decision factors Global Situational Factors Example : National terrorist threat level, Enterprise under cyber attack Local Situational Factors Example: location, current local time for accessible time period (e.g., business hours), current location for accessible location checking (e.g., area code, connection origination point) © Ravi Sandhu World-Leading Research with Real-World Impact! 12

Access History World-Leading Research with Real-World Impact! © Ravi Sandhu World-Leading Research with Real-World Impact! 13

Heuristics can be used to Access History Access History Provides two functions updates the object access history repository with the attributes in the access request and the access control decision provides input for future access decisions Heuristics can be used to Fine-tune access control policies Improve future access decisions Inputs the access decisions © Ravi Sandhu World-Leading Research with Real-World Impact! 14

Adaptable Access Control Policies © Ravi Sandhu World-Leading Research with Real-World Impact! 15

Adaptable Access Control Policies Adaptable access control policies can be defined based on all the components Overrides Automatic Semi-Automatic Manual © Ravi Sandhu World-Leading Research with Real-World Impact! 16

UCON Model World-Leading Research with Real-World Impact! © Ravi Sandhu World-Leading Research with Real-World Impact! 17

Extending UCON Principles to RAdAC Mapping RAdAC to UCON Key missing features Subject definition Access History Risk Evaluation Extending UCON Principles to RAdAC © Ravi Sandhu World-Leading Research with Real-World Impact! 18

Modified UCON Model World-Leading Research with Real-World Impact! © Ravi Sandhu World-Leading Research with Real-World Impact! 19

Conclusion and Future Work Purely focused on the abstract models The modified UCON model with the decomposed subject definition and the added functions of access history and risk evaluation is most suitable for modeling and implementing the RAdAC concept. Future Work: Enforcement and implementation Defining architecture, protocols and mechanisms for the proposed RAdAC model © Ravi Sandhu World-Leading Research with Real-World Impact! 20

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.