1 Group-Centric Models for Secure and Agile Information Sharing Ravi Sandhu Executive Director and Endowed Professor October 2010

Slides:



Advertisements
Similar presentations
Towards Secure Information Sharing Models for Community Cyber Security Ravi Sandhu, Ram Krishnan and Gregory B. White Institute for Cyber Security University.
Advertisements

Stale-Safe Security Properties for Secure Information Sharing Ram Krishnan (GMU) Jianwei Niu (UT San Antonio) Ravi Sandhu (UT San Antonio) William Winsborough.
© 2005 Ravi Sandhu Role Usage and Activation Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security.
1 The Future of Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair © Ravi Sandhu.
Ram Krishnan PhD Candidate Dissertation Directors: Dr. Ravi Sandhu and Dr. Daniel Menascé Group-Centric Secure Information Sharing Models Dissertation.
1 Access Control Models Prof. Ravi Sandhu Executive Director and Endowed Chair January 25, 2013 & February 1, 2013
1 The Data and Application Security and Privacy (DASPY) Challenge Prof. Ravi Sandhu Executive Director and Endowed Chair 11/11/11
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
Future of Access Control: Attributes, Automation, Adaptation
1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.
Attribute-Based Access Control Models and Beyond
1 Plenary Panel on Cloud Security and Privacy: What is new and What needs to be done? Ravi Sandhu Executive Director and Endowed Professor December 2010.
11 World-Leading Research with Real-World Impact! RT-Based Administrative Models for Community Cyber Security Information Sharing Ravi Sandhu, Khalid Zaman.
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.
1 Cyber Security Grand Challenges and Prognosis Prof. Ravi Sandhu Executive Director and Endowed Chair
1 The Future of Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair © Ravi Sandhu.
1 The Challenge of Data and Application Security and Privacy (DASPY) Ravi Sandhu Executive Director and Endowed Professor March 23, 2011
11 World-Leading Research with Real-World Impact! A Group-Centric Model for Collaboration with Expedient Insiders in Multilevel Systems Khalid Zaman Bijon,
INSTITUTE FOR CYBER SECURITY 1 Cyber Security: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security.
1 Institute for Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair February 4, 2015
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
INSTITUTE FOR CYBER SECURITY © Ravi Sandhu11 Group-Centric Information Sharing Ravi Sandhu Executive Director and Endowed Professor Institute for Cyber.
1 Big Data Applications in Cloud and Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Professor UTSA COB Symposium on Big Data, Big Challenges.
1 Grand Challenges in Authorization Systems Prof. Ravi Sandhu Executive Director and Endowed Chair November 14, 2011
1 The Future of Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair © Ravi Sandhu.
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
11 World-Leading Research with Real-World Impact! Group-Centric Secure Information Sharing: A Lattice Interpretation Institute for Cyber Security Ravi.
INSTITUTE FOR CYBER SECURITY 1 The PEI Framework for Application-Centric Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for.
1 Cloud Computing and Security Prof. Ravi Sandhu Executive Director and Endowed Chair April 19, © Ravi Sandhu.
INSTITUTE FOR CYBER SECURITY A Hybrid Enforcement Model for Group-Centric Secure Information Sharing (g-SIS) Co-authored with Ram Krishnan, PhD Candidate,
1 Group-Centric Models for Secure Information Sharing Prof. Ravi Sandhu Executive Director and Endowed Chair March 30, 2012
1 Group-Centric Models for Secure and Agile Information Sharing Ravi Sandhu Executive Director and Endowed Professor April 2010
INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security.
Application-Centric Security Models
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
A Conceptual Framework for Group-Centric Secure Information Sharing Ram Krishnan (George Mason University) Ravi Sandhu, Jianwei Niu, William Winsborough.
Authorization Policy Specification and Enforcement for Group-Centric Secure Information Sharing Ram Krishnan and Ravi Sandhu University of Texas at San.
1 Panel on Data Usage Management: Technology or Regulation? Prof. Ravi Sandhu Executive Director and Endowed Chair DUMA 2013 May 23, 2013
1 Security and Privacy in Human-Centric Computing and Big Data Management Prof. Ravi Sandhu Executive Director and Endowed Chair CODASPY 2013 February.
1 Open Discussion PSOSM 2012 Prof. Ravi Sandhu Executive Director and Endowed Chair © Ravi Sandhu.
1 Challenges of Cyber Security Education at the Graduate Level Ravi Sandhu Executive Director and Endowed Professor July 27, 2011
Ram Krishnan (George Mason University) Ravi Sandhu, Jianwei Niu, William Winsborough (University of Texas at San Antonio) Foundations for Group-Centric.
1 Role-Based Access Control (RBAC) Prof. Ravi Sandhu Executive Director and Endowed Chair January 29, © Ravi.
1 Secure Cloud Computing: A Research Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair Texas Fresh Air Big Data and Data Analytics Conference.
INSTITUTE FOR CYBER SECURITY 1 Purpose-Centric Secure Information Sharing Ravi Sandhu Executive Director and Endowed Professor Institute for Cyber Security.
Institute for Cyber Security
Institute for Cyber Security
Past, Present and Future
Institute for Cyber Security
An Access Control Perspective on the Science of Security
Institute for Cyber Security (ICS) & Center for Security and Privacy Enhanced Cloud Computing (C-SPECC) Ravi Sandhu Executive Director Professor of.
Attribute-Based Access Control: Insights and Challenges
Cyber Security Research: Applied and Basic Combined*
On the Value of Access Control Models
Institute for Cyber Security
Institute for Cyber Security
ABAC Panel Prof. Ravi Sandhu Executive Director and Endowed Chair
Institute for Cyber Security
Cyber Security Research: Applied and Basic Combined*
Security and Privacy in the Age of the Internet of Things:
Intersection of Data, Policy and Privacy
Attribute-Based Access Control: Insights and Challenges
Assured Information Sharing
Institute for Cyber Security
Cyber Security Research: A Personal Perspective
Cyber Security Research: Applied and Basic Combined*
Access Control Evolution and Prospects
Cyber Security R&D: A Personal Perspective
Access Control Evolution and Prospects
Presentation transcript:

1 Group-Centric Models for Secure and Agile Information Sharing Ravi Sandhu Executive Director and Endowed Professor October © Ravi Sandhu World-Leading Research with Real-World Impact! Institute for Cyber Security

2 Goal: 4 th Element  3 succesful access control models in 40+ years  Discretionary Access Control (DAC)  Mandatory Access Control (MAC)  Role-base Access Control (RBAC)  Crucial ingredients for success  Strong mathematical foundations  Strong intuitive foundations  Significant real-world deployment © Ravi Sandhu World-Leading Research with Real-World Impact!

3 What is the 4 th Element?  DAC – owner control  MAC – information flow  RBAC – organizational/social alignment  Dynamics/agility  Unconstrained DAC: too loose, too fine-grained  Group-centric conceived to fill this gap © Ravi Sandhu World-Leading Research with Real-World Impact!

4 Historical Aside on Dynamics/Agility  Harrison, Russo and Ullman 1976: HRU  dynamics leads to undecidable safety  Jones, Lipton, Snyder 1978: Take-Grant  simple models can be efficiently decidable  Sandhu, 1988, 1992: SPM, TAM  sophisticated models can be efficiently decidable © Ravi Sandhu World-Leading Research with Real-World Impact!

5 Secure Information Sharing (SIS) Goal: Share but protect  Containment challenge  Client containment  Ultimate assurance infeasible (e.g., the analog hole)  Appropriate assurance achievable  Server containment  Will typically have higher assurance than client containment  Policy challenge  How to construct meaningful, usable, agile SIS policy  How to develop an intertwined information and security model © Ravi Sandhu World-Leading Research with Real-World Impact!

6 Community Cyber Security © Ravi Sandhu World-Leading Research with Real-World Impact! Core Group Incident Group Open Group Conditional Membership Automatic Membership Administered Membership Filtered RW Administered Membership Filtered RW Administered Membership Domain Experts

7 Community Cyber Security © Ravi Sandhu World-Leading Research with Real-World Impact! Core Group Incident Groups Open Group g1 g2 g3 Automatic Membership Conditional Membership Read Subordination Write Subordination Domain Experts Administered Membership

8 A Family of g-SIS Models © Ravi Sandhu World-Leading Research with Real-World Impact!  We have achieved a deep, formal understanding of isolated, undifferentiated groups  Next challenge: extend the theory to connected, differentiated groups

9 Formal Models Development © Ravi Sandhu World-Leading Research with Real-World Impact! Formal stateless behavioral model Formal stateful enforceable model Formal stateful enforceable model with latencies, disconnected operations etc Provable security properties Proof of equivalence Proof of safe equivalence

10 g-SIS Model Components  Operational aspects  Group operation semantics o Add, Join, Leave, Remove, etc o Multicast group is one example  Object model o Read-only o Read-Write (no versioning vs versioning)  User-subject model o Read-only Vs read-write  Policy specification  Administrative aspects  Authorization to create group, user join/leave, object add/remove, etc. © Ravi Sandhu World-Leading Research with Real-World Impact! Users Objects Group Authz (u,o,r)? join leave add remove

11 Core Properties  Authorization Persistence  Authorization cannot change unless some group event occurs © Ravi Sandhu World-Leading Research with Real-World Impact!

12 The π-system Specification © Ravi Sandhu World-Leading Research with Real-World Impact!

13 Sample Stateful Specification © Ravi Sandhu World-Leading Research with Real-World Impact! Authz (s,o,r) -> Add-TS(o) > Join-TS(s) & Leave-TS(s) = NULL & Remove-TS(o) = NULL

14 Summary © Ravi Sandhu World-Leading Research with Real-World Impact!  The 4 th element, crucial for dynamic/agile secure information sharing  Discretionary Access Control (DAC)  Mandatory Access Control (MAC)  Role-base Access Control (RBAC)  Group-centric Secure Information Sharing (g-SIS)  Crucial ingredients for success  Strong mathematical foundations  Strong intuitive foundations  Significant real-world deployment

15 Publications © Ravi Sandhu World-Leading Research with Real-World Impact!  Ram Krishnan, Jianwei Niu, Ravi Sandhu and William Winsborough, “Group-Centric Secure Information Sharing Models for Isolated Groups.” ACM Transactions on Information and System Security, accepted with minor revision.  Ravi Sandhu, Ram Krishnan and Gregory White, “Towards Secure Information Sharing Models for Community Cyber Security.” In Proceedings 5 th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), Chicago, Illinois, October 9-12,  Ravi Sandhu, Ram Krishnan, Jianwei Niu and William Winsborough, “Group-Centric Models for Secure and Agile Information Sharing.” In Proceedings 5th International Conference, on Mathematical Methods, Models, and Architectures for Computer Network Security, MMM-ACNS 2010, St. Petersburg, Russia, September 8-10, 2010, pages Published as Springer Lecture Notes in Computer Science Vol. 6258, Computer Network Security (Igor Kotenko and Victor Skormin, editors),  Ram Krishnan, Ravi Sandhu, Jianwei Niu and William Winsborough, “Towards a Framework for Group-Centric Secure Collaboration.” In Proc. 5th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), Crystal City, Virginia, November 11-14, 2009, pages  Ram Krishnan and Ravi Sandhu, “A Hybrid Enforcement Model for Group-Centric Secure Information Sharing.” Proc. IEEE International Conference on Computational Science and Engineering (CSE-09), Vancouver, Canada, August , 2009, pages  Ram Krishnan, Ravi Sandhu, Jianwei Niu and William Winsborough, “Formal Models for Group-Centric Secure Information Sharing.” Proc. 14th ACM Symposium on Access Control Models and Technologies (SACMAT), Stresa, Italy, June 3-5, 2009, pages  Ram Krishnan, Ravi Sandhu, Jianwei Niu and William Winsborough, “A Conceptual Framework for Group-Centric Secure Information Sharing.” Proc. 4th ACM Symposium on Information, Computer and Communications Security (AsiaCCS), Sydney, Australia, March 10-12, 2009, pages  Ram Krishnan, Jianwei Niu, Ravi Sandhu and William Winsborough, “Stale-Safe Security Properties for Group-Based Secure Information Sharing.” Proc. 6th ACM-CCS Workshop on Formal Methods in Security Engineering (FMSE), Alexandria, Virginia, October 27, 2008, pages