© 2006 Ravi Sandhu www.list.gmu.edu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)

Slides:



Advertisements
Similar presentations
TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST
Advertisements

INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.
INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
Cyber-Identity, Authority and Trust in an Uncertain World
© Ravi Sandhu The Secure Information Sharing Problem and Solution Approaches Ravi Sandhu Professor of Information Security and Assurance.
Cyber-Identity, Authority and Trust in an Uncertain World
INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University
Cyber-Identity and Authorization in an Uncertain World Ravi Sandhu Laboratory for Information Security Technology Department of Information.
1 The Challenge of Data and Application Security and Privacy (DASPY): Are We Up to It? Ravi Sandhu Executive Director and Endowed Professor February 21,
Peer-to-Peer Access Control Architecture Using Trusted Computing Technology Ravi Sandhu and Xinwen Zhang George Mason University SACMAT05, June 1--3, 2005,
1 PEI Models towards Scalable, Usable and High-assurance Information Sharing Ram Krishnan Laboratory for Information Security Technology George Mason University.
© 2004 Ravi Sandhu The Schematic Protection Model (SPM) Ravi Sandhu Laboratory for Information Security Technology George Mason University.
© Ravi Sandhu Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology.
1 Framework for Role-Based Delegation Models (RBDMs) By: Ezedin S.Barka and Ravi Sandhu Laboratory Of Information Security Technology George Mason University.
Information Assurance: A Personal Perspective
INSTITUTE FOR CYBER SECURITY 1 The PEI Framework for Application-Centric Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for.
INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.
1 Safety Analysis of Usage Control (UCON) Authorization Model Xinwen Zhang, Ravi Sandhu, and Francesco Parisi-Presicce George Mason University AsiaCCS.
ACCESS-CONTROL MODELS
ISA 662 Internet Security Protocols Kerberos Prof. Ravi Sandhu.
Towards Usage Control Models: Beyond Traditional Access Control 7 th SACMAT, June 3, 2002 Jaehong Park and Ravi Sandhu Laboratory for Information Security.
Towards a VMM-based Usage Control Framework for OS Kernel Integrity Protection Min Xu George Mason University Xuxian Jiang George Mason University Ravi.
Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
Institute for Cyber Security
Logical Model and Specification of Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University.
ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University.
SECURING CYBERSPACE: THE OM-AM, RBAC AND PKI ROADMAP Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University
Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.
A Logic Specification for Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University SACMAT 2004.
© Ravi Sandhu HRU and TAM Ravi Sandhu Laboratory for Information Security Technology George Mason University
© 2006 Ravi Sandhu Cyber-Identity, Authority and Trust Systems Prof. Ravi Sandhu Professor of Information Security and Assurance Director,
© 2004 Ravi Sandhu The Typed Access Matrix Model (TAM) and Augmented TAM (ATAM) Ravi Sandhu Laboratory for Information Security Technology.
ROLE-BASED ACCESS CONTROL: A MULTI-DIMENSIONAL VIEW Ravi Sandhu, Edward Coyne, Hal Feinstein and Charles Youman Seta Corporation McLean, VA Ravi Sandhu.
© Ravi Sandhu Introduction to Information Security Ravi Sandhu.
© Ravi Sandhu Security Issues in P2P Systems Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.
© 2005 Ravi Sandhu Permissions and Inheritance (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology.
OM-AM and RBAC Ravi Sandhu * Laboratory for Information Security Technology (LIST) George Mason University.
Engineering Authority and Trust in Cyberspace: The OM-AM and RBAC Way Prof. Ravi Sandhu George Mason University
PKI Introduction Ravi Sandhu 2 © Ravi Sandhu 2002 CRYPTOGRAPHIC TECHNOLOGY PROS AND CONS SECRET KEY SYMMETRIC KEY Faster Not scalable No digital signatures.
Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination.
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
0 - 0.
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
Addition Facts
Computer Security CIS326 Dr Rachel Shipsey.
Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha.
1 Cyber Security Research: A Personal Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair January 18, 2013
Trusted System Elements and Examples CS461/ECE422 Fall 2011.
Squares and Square Root WALK. Solve each problem REVIEW:
Addition 1’s to 20.
25 seconds left…...
Week 1.
1 The Future of Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair © Ravi Sandhu.
1 The Future of Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair © Ravi Sandhu.
1 Grand Challenges in Authorization Systems Prof. Ravi Sandhu Executive Director and Endowed Chair November 14, 2011
1 The Future of Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair © Ravi Sandhu.
1 © Ravi Sandhu OM-AM and PEI Prof. Ravi Sandhu. 2 © Ravi Sandhu THE OM-AM WAY Objectives Model Architecture Mechanism What? How? AssuranceAssurance.
INSTITUTE FOR CYBER SECURITY 1 Enforcement Architecture and Implementation Model for Group-Centric Information Sharing © Ravi Sandhu Ram Krishnan (George.
Access Control CSE 465 – Information Assurance Fall 2017 Adam Doupé
Past, Present and Future
OM-AM and RBAC Ravi Sandhu*
Application-Centric Security
Engineering Authority and Trust in Cyberspace: George Mason University
Cyber Security Research: A Personal Perspective
Access Control Evolution and Prospects
Cyber Security R&D: A Personal Perspective
Access Control Evolution and Prospects
Presentation transcript:

© 2006 Ravi Sandhu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher) Kumar Ranganathan (Intel System Research Center, Bangalore) Xinwen Zhang (George Mason University) * PEI: Policy, Enforcement, Implementation

© 2005 Ravi Sandhu 2 Three Megatrends Fundamental changes in Cyber-security goals Cyber-security threats Cyber-security technology

© 2005 Ravi Sandhu 3 Cyber-security goals have changedCyber-security goals electronic commerce information sharing etcetera multi-party security objectives fuzzy objectives INTEGRITY modification AVAILABILITY access CONFIDENTIALITY disclosure USAGE purpose USAGE

© 2005 Ravi Sandhu 4 Cyber-security attacks have changed The professionals have moved in Hacking for fun and fame Hacking for cash, espionage and sabotage

© 2005 Ravi Sandhu 5 Basic premise Software alone cannot provide an adequate foundation for trust Old style Trusted Computing (1970 – 1990s) Multics system Capability-based computers –Intel 432 vis a vis Intel 8086 Trust with security kernel based on military-style security labels –Orange Book, eliminate trust from applications Whats new (2000s) Hardware and cryptography-based root of trust –Ubiquitous availability –Trust within a platform –Trust across platforms Rely on trust in applications –No Trojan Horses or –Mitigate Trojan Horses and bugs by legal and reputational recourse Cyber-security technology has changed Massive paradigm shift Prevent information leakage by binding information to Trusted Viewers on the client

© 2005 Ravi Sandhu 6 PEI Models Framework Cannot do security without analyzing the application space in business terms Cannot do security without understanding the target platform and its limitations Divide and conquer AND confront and deal with issues at the correct layer }

© 2005 Ravi Sandhu 7 What is Information Sharing The mother of all security problems Share but protect Requires controls on the client Server-side controls do not scale to high assurance Different from Retail DRM (Digital Rights Management) Enterprise DRM Integrity of information on the client can be crypto- guaranteed to very high assurance by digital signatures. Guarantee of confidentiality on the client needs mechanisms beyond crypto alone.

© 2005 Ravi Sandhu 8 Classic Approaches to Information Sharing Discretionary Access Control (DAC), Lampson 1971 Fundamentally broken Controls access to the original but not to copies (or extracts) Mandatory Access Control (MAC), Bell-LaPadula 1971 Solves the problem for coarse-grained sharing –Thorny issues of covert channels, inference, aggregation remain but can be confronted Does not scale to fine-grained sharing –Super-exponential explosion of security labels is impractical –Fallback to DAC for fine-grained control (as per the Orange Book) is pointless Originator Control (ORCON), Graubart 1989 Propagated access control lists: let copying happen but propagate ACLs to copies (or extracts) Park and Sandhu 2002 discuss an approach based on Trusted Viewers

© 2005 Ravi Sandhu 9 PEI Models Framework

© 2005 Ravi Sandhu 10 Scoping Information Sharing: Big Issues Secure information sharing rather than Digital Rights Management (DRM) Sensitivity of information content is the issue not revenue potential of retail entertainment content Open system as opposed to closed Enterprise DRM Read-only versus read-write secure information sharing Read-only is a useful subset Avoids some of the complexities of read-write such as –Extraction of pieces of information –Aggregation of several sources –Version control –Ability to overwrite versus annotate Content-independent authorization versus content-dependent authorization Content-independent is a useful subset Content-dependent is more complex since it requires Trusted Viewers to parse and understand the content

© 2005 Ravi Sandhu 11 PEI Models Framework

© 2005 Ravi Sandhu 12 Scoping Information Sharing One Decomposition at the Policy Layer Password based Device based Credential based Just one possibility Determined by business objectives

© 2005 Ravi Sandhu 13 Scoping Information Sharing: Detailed Issues Detailed issues include Revocation Policy Usage Policy Re-dissemination Policy Distribution Policy Accessibility Policy

© 2005 Ravi Sandhu 14 PEI Models Framework

© 2005 Ravi Sandhu 15 Password-based encryption: traditional approach Insecure due to off-line dictionary attacks GuessVerify

© 2005 Ravi Sandhu 16 Trusted Viewer Seal with Password Authentication

© 2005 Ravi Sandhu 17 Trusted Viewer Seal with Password Authentication and Encryption

© 2005 Ravi Sandhu 18 Trusted Viewer Seal with Device Encryption

© 2005 Ravi Sandhu 19 Trusted Viewer Seal with Credential Authentication

© 2005 Ravi Sandhu 20 Trusted Viewer Seal with Credential Encryption

© 2005 Ravi Sandhu 21 PEI Models Framework

© 2005 Ravi Sandhu 22 Trusted Viewer Seal with Password Authentication On-line password guessing Need a throttling mechanism Many possibilities

© 2006 Ravi Sandhu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher) Kumar Ranganathan (Intel System Research Center, Bangalore) Xinwen Zhang (George Mason University) * PEI: Policy, Enforcement, Implementation Questions ??

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.