Usage Control: A Vision for Next Generation Access Control Oct 14, 2003 Ravi Sandhu and Jaehong Park (www.list.gmu.edu) Laboratory for Information Security.

Slides:



Advertisements
Similar presentations
INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.
Advertisements

INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
Cyber-Identity, Authority and Trust in an Uncertain World
1 Formal Model and Analysis of Usage Control Dissertation defense Student: Xinwen Zhang Director: Ravi S. Sandhu Co-director: Francesco Parisi-Presicce.
© Ravi Sandhu The Secure Information Sharing Problem and Solution Approaches Ravi Sandhu Professor of Information Security and Assurance.
Cyber-Identity, Authority and Trust in an Uncertain World
INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University
Cyber-Identity and Authorization in an Uncertain World Ravi Sandhu Laboratory for Information Security Technology Department of Information.
© Ravi Sandhu Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology.
Attribute Mutability in Usage Control July 26, 2004, IFIP WG11.3 Jaehong Park, University of Maryland University College Xinwen Zhang, George Mason University.
A New Modeling Paradigm for Dynamic Authorization in Multi-Domain Systems MMM-ACNS, September 13, 2007 Manoj Sastry, Ram Krishnan, Ravi Sandhu Intel Corporation,
INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.
1 Safety Analysis of Usage Control (UCON) Authorization Model Xinwen Zhang, Ravi Sandhu, and Francesco Parisi-Presicce George Mason University AsiaCCS.
Towards Usage Control Models: Beyond Traditional Access Control 7 th SACMAT, June 3, 2002 Jaehong Park and Ravi Sandhu Laboratory for Information Security.
Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
Institute for Cyber Security
© 2006 Ravi Sandhu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)
A Usage-based Authorization Framework for Collaborative Computing Systems Xinwen Zhang George Mason University Masayuki Nakae NEC Corporation Michael J.
Usage Control: UCON Ravi Sandhu. © Ravi Sandhu2 Problem Statement Traditional access control models are not adequate for todays distributed, network-
Logical Model and Specification of Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University.
Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.
Institute for Cyber Security
ENGINEERING AUTHORITY AND TRUST IN CYBERSPACE: A ROLE-BASED APPROACH Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.
A Logic Specification for Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University SACMAT 2004.
Towards A Times-based Usage Control Model Baoxian Zhao 1, Ravi Sandhu 2, Xinwen Zhang 3, and Xiaolin Qin 4 1 George Mason University, Fairfax, VA, USA.
© 2006 Ravi Sandhu Cyber-Identity, Authority and Trust Systems Prof. Ravi Sandhu Professor of Information Security and Assurance Director,
© Ravi Sandhu Security Issues in P2P Systems Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.
© 2005 Ravi Sandhu Role Usage and Activation Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security.
OM-AM and RBAC Ravi Sandhu * Laboratory for Information Security Technology (LIST) George Mason University.
Engineering Authority and Trust in Cyberspace: The OM-AM and RBAC Way Prof. Ravi Sandhu George Mason University
1 Grand Challenges in Data Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair
RBAC and Usage Control System Security. Role Based Access Control Enterprises organise employees in different roles RBAC maps roles to access rights After.
1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.
Attribute-Based Access Control Models and Beyond
11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.
Access, Usage and Activity Controls Mar. 30, 2012 UTSA CS6393 Jaehong Park Institute for Cyber Security University of Texas at San Antonio
Extended Role Based Access Control – Based Design and Implementation for a Secure Data Warehouse Dr. Bhavani Thuraisingham Srinivasan Iyer.
UCON M ODEL Huỳnh Châu Duy. OUTLINE UCON MODEL What? What for? When? Why? CORE MODELS 16 basic models Example COMPARISON Traditional access.
Trust and Security for Next Generation Grids, Tutorial Usage Control for Next Generation Grids Introduction Philippe Massonet et al CETIC.
Extensible Access Control Framework for Cloud Applications KTH-SEECS Applied Information Security Lab SEECS NUST Implementation Perspective.
Windows Role-Based Access Control Longhorn Update
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Policies September 7, 2010.
12/13/20151 Computer Security Security Policies...
1 © Ravi Sandhu OM-AM and PEI Prof. Ravi Sandhu. 2 © Ravi Sandhu THE OM-AM WAY Objectives Model Architecture Mechanism What? How? AssuranceAssurance.
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Policies June 2011.
1 Usage Control (UCON) or ABAC on Steroids Prof. Ravi Sandhu Executive Director and Endowed Chair February 26, 2016
22 feb What is Access Control? Access control is the heart of security Definitions: * The ability to allow only authorized users, programs or.
Identity and Access Management
Access Control CSE 465 – Information Assurance Fall 2017 Adam Doupé
Institute for Cyber Security
World-Leading Research with Real-World Impact!
Attribute-Based Access Control (ABAC)
Institute for Cyber Security
Institute for Cyber Security
Institute for Cyber Security
Attribute-Based Access Control (ABAC)
OM-AM and RBAC Ravi Sandhu*
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
ASCAA Principles for Next-Generation Role-Based Access Control
Engineering Authority and Trust in Cyberspace: George Mason University
Assured Information Sharing
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Attribute-Based Access Control (ABAC)
Data and Applications Security Developments and Directions
Presentation transcript:

Usage Control: A Vision for Next Generation Access Control Oct 14, 2003 Ravi Sandhu and Jaehong Park ( Laboratory for Information Security Technology (LIST) George Mason University

© 2003 GMU LIST2 Problem Statement Traditional access control models are not adequate for todays distributed, network- connected digital environment. Authorization only – No obligation or condition based control Decision is made before access – No ongoing control No consumable rights - No mutable attributes Rights are pre-defined and granted to subjects

© 2003 GMU LIST3 Prior Work Problem-specific enhancement to traditional access control Digital Rights Management (DRM) mainly focus on intellectual property rights protection. Architecture and Mechanism level studies, Functional specification languages – Lack of access control model Trust Management Authorization for strangers access based on credentials

© 2003 GMU LIST4 Prior Work Incrementally enhanced models Provisional authorization [Kudo & Hada, 2000] EACL [Ryutov & Neuman, 2001] Task-based Access Control [Thomas & Sandhu, 1997] Ponder [Damianou et al., 2001]

© 2003 GMU LIST5 Problem Statement Traditional access control models are not adequate for todays distributed, network-connected digital environment. No access control models available for DRM. Recently enhanced models are not comprehensive enough to resolve various shortcomings. Need for a unified model that can encompass traditional access control models, DRM and other enhanced access control models from recent literature

© 2003 GMU LIST6 Usage Control (UCON) Coverage Protection Objectives Sensitive information protection IPR protection Privacy protection Protection Architectures Server-side reference monitor Client-side reference monitor SRM & CRM

© 2003 GMU LIST7 OM-AM layered Approach ABC core models for UCON

© 2003 GMU LIST8 Building ABC Models Continuity Decision can be made during usage for continuous enforcement Mutability Attributes can be updated as side- effects of subjects actions

© 2003 GMU LIST9 Examples Long-distance phone (pre-authorization with post-update) Pre-paid phone card (ongoing-authorization with ongoing-update) Pay-per-view (pre-authorization with pre- updates) Click Ad within every 30 minutes (ongoing- obligation with ongoing-updates) Business Hour (pre-/ongoing-condition)

© 2003 GMU LIST10 ABC Model Space 0(Immutable)1(pre)2(ongoing)3(post) preAYYNY onAYYYY preBYYNY onBYYYY preCYNNN onCYNNN N : Not applicable

© 2003 GMU LIST11 A Family of ABC Core Models

© 2003 GMU LIST12 UCON preA Online content distribution service Pay-per-view (pre-update) Metered payment (post-update)

© 2003 GMU LIST13 UCON preA : pre-Authorizations Model UCON preA0 S, O, R, ATT(S), ATT(O) and preA (subjects, objects, rights, subject attributes, object attributes, and pre-authorizations respectively); allowed(s,o,r) preA(ATT(s),ATT(o),r) UCON preA1 preUpdate(ATT(s)),preUpdate(ATT(o)) UCON preA3 postUpdate(ATT(s)),postUpdate(ATT(o))

© 2003 GMU LIST14 UCON preA0 : MAC Example L is a lattice of security labels with dominance relation clearance: S L classification: O L ATT(S) = {clearance} ATT(O) = {classification} allowed(s,o,read) clearance(s) classification(o) allowed(s,o,write) clearance(s) classification(o)

© 2003 GMU LIST15 DAC in UCON: with ACL (UCON preA0 ) N is a set of identity names id : S N, one to one mapping ACL : O 2 N x R, n is authorized to do r to o ATT(S)= {id} ATT(O)= {ACL} allowed(s,o,r) (id(s),r) ACL(o)

© 2003 GMU LIST16 RBAC in UCON: RBAC 1 (UCON preA0 ) P = {(o,r)} ROLE is a partially ordered set of roles with dominance relation actRole: S 2 ROLE Prole: P 2 ROLE ATT(S) = {actRole} ATT(O) = {Prole} allowed(s,o,r) role actRole(s), role Prole(o,r), role role

© 2003 GMU LIST17 DRM in UCON: Pay-per-use with a pre-paid credit (UCON preA1 ) M is a set of money amount credit: S M value: O x R M ATT(s): {credit} ATT(o,r): {value} allowed(s,o,r) credit(s) value(o,r) preUpdate(credit(s)): credit(s) = credit(s) - value(o,r)

© 2003 GMU LIST18 UCON preA3 : DRM Example Membership-based metered payment M is a set of money amount ID is a set of membership identification numbers TIME is a current usage minute member: S ID expense: S M usageT: S TIME value: O x R M (a cost per minute of r on o) ATT(s): {member, expense, usageT} ATT(o,r): {valuePerMinute} allowed(s,o,r) member(s) postUpdate(expense(s)): expense(s) = expense(s) + (value(o,r) x usageT(s))

© 2003 GMU LIST19 UCON onA Pay-per-minutes (pre-paid Phone Card)

© 2003 GMU LIST20 UCON onA : ongoing-Authorizations Model UCON onA0 S, O, R, ATT(S), ATT(O) and onA; allowed(s,o,r) true; Stopped(s,o,r) onA(ATT(s),ATT(o),r) UCON onA1, UCON onA2, UCON onA3 preUpdate(ATT(s)),preUpdate(ATT(o)) onUpdate(ATT(s)),onUpdate(ATT(o)) postUpdate(ATT(s)),postUpdate(ATT(o)) Examples Certificate Revocation Lists revocation based on starting time, longest idle time, and total usage time

© 2003 GMU LIST21 UCON B Free Internet Service Provider Watch Ad window (no update) Click ad within every 30 minutes (ongoing update)

© 2003 GMU LIST22 UCON preB0 : pre-oBligations w/ no update S, O, R, ATT(S), and ATT(O); OBS, OBO and OB (obligation subjects, obligation objects, and obligation actions, respectively); preB and preOBL (pre-obligations predicates and pre-obligation elements, respectively); preOBL OBS x OBO x OB; preFulfilled: OBS x OBO x OB {true,false}; getPreOBL: S x O x R 2 preOBL, a function to select pre-obligations for a requested usage; preB(s,o,r) = (obs_i,obo_i,ob_i) getPreOBL(s,o,r) preFulfilled(obs i,obo i,ob i ); preB(s,o,r) = true by definition if getPreOBL(s,o,r)= ; allowed(s,o,r) preB(s,o,r). Example: License agreement for a whitepaper download

© 2003 GMU LIST23 UCON onB0 : ongoing-oBligations w/ no update S, O, R, ATT(S), ATT(O), OBS, OBO and OB; T, a set of time or event elements; onB and onOBL (on-obligations predicates and ongoing-obligation elements, respectively); onOBL OBS x OBO x OB x T; onFulfilled: OBS x OBO x OB x T {true,false}; getOnOBL: S x O x R 2 onOBL, a function to select ongoing- obligations for a requested usage; onB(s,o,r) = (obs_i,obo_i,ob_i, t_i) getOnOBL(s,o,r) onFulfilled(obs i,obo i,ob i,t i ); onB(s,o,r) = true by definition if getOnOBL(s,o,r)= ; allowed(s,o,r) true; Stopped(s,o,r) onB(s,o,r). Example: Free ISP with mandatory ad window

© 2003 GMU LIST24 UCON C Location check at the time of access request Accessible only during business hours

© 2003 GMU LIST25 UCON preC0 : pre-Condition model S, O, R, ATT(S), and ATT(O); preCON (a set of pre-condition elements); preConChecked: preCON {true,false}; getPreCON: S x O x R 2 preCON ; preC(s,o,r) = preCon_i getPreCON(s,o,r) preConChecked(preCon i ); allowed(s,o,r) preC(s,o,r). Example: location checks at the time of access requests

© 2003 GMU LIST26 UCON onC0 : ongoing-Condition model S, O, R, ATT(S), and ATT(O); onCON (a set of on-condition elements); onConChecked: onCON {true,false}; getOnCON: S x O x R 2 onCON ; onC(s,o,r) = onCon_i getOnCON(s,o,r) onConChecked(onCon i ); allowed(s,o,r) true; Stopped(s,o,r) onC(s,o,r) Example: accessible during office hour

© 2003 GMU LIST27 UCON ABC Free ISP Membership is required (pre-authorization) Have to click Ad periodically while connected (on-obligation, on-update) Free member: no evening connection (on-condition), no more than 50 connections (pre-update) or 100 hours usage per month (post-updates)

© 2003 GMU LIST28 ABC Models

© 2003 GMU LIST29 Beyond the ABC Core Models

© 2003 GMU LIST30 Conclusion Developed A family of ABC core models for Usage Control (UCON) to unify traditional access control models, DRM, and other modern enhanced models. ABC model integrates authorizations, obligations, conditions, as well as continuity and mutability properties.

© 2003 GMU LIST31 Future Research Enhance the model UCON administration or management Detail of update procedure in ABC model Delegation of usage rights Develop Architectures and Mechanisms Payment-based architectures CRM and SRM Architectures for multi-organizations (B2B) UCON Engineering Analysis of policy Designing/modeling rules and Attributes

© 2003 GMU LIST32 Publications Jaehong Park and Ravi Sandhu, The ABC Core Model for Usage Control: Integrating Authorizations, oBligations, and Conditions to appear on ACM Transactions on Information and System Security (TISSEC), 2004 Ravi Sandhu and Jaehong Park, Usage Control: A vision for Next Generation Access Control to appear on The Second International Workshop "Mathematical Methods, Models and Architectures for Computer Networks Security (MMM-ACNS), Sep Jaehong Park and Ravi Sandhu, Towards Usage Control Models: Beyond Traditional Access Control In Proceedings of 7 th ACM Symposium on Access Control Models and Technologies, Jun Jaehong Park and Ravi Sandhu, Originator Control in Usage Control In Proceedings of 3 rd International Workshop on Policies for Distributed Systems and Networks, pp , IEEE, Jun Jaehong Park, Ravi Sandhu, and James Schifalacqua, Security Architectures for Controlled Digital information Dissemination. In Proceedings of Annual Computer Security Applications Conference (ACSAC), pp , Dec. 2000

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.