Application-Centric Security Models

Slides:



Advertisements
Similar presentations
INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.
Advertisements

INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010
INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010
1 PANEL Solving the Access Control Puzzle: Finding the Pieces and Putting Them Together Ravi Sandhu Executive Director Endowed Professor June 2010
1 Speculations on the Future of Cyber Security in 2025 Prof. Ravi Sandhu Executive Director and Chief Scientist Institute for Cyber Security University.
1 Speculations on the Future of Cyber Security in 2025 Prof. Ravi Sandhu Executive Director January 2010
INSTITUTE FOR CYBER SECURITY 1 The PEI + UCON Framework for Application Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
Towards Secure Information Sharing Models for Community Cyber Security Ravi Sandhu, Ram Krishnan and Gregory B. White Institute for Cyber Security University.
INSTITUTE FOR CYBER SECURITY 1 The PEI Framework for Application-Centric Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for.
Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.
1 The Future of Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair © Ravi Sandhu.
Ram Krishnan PhD Candidate Dissertation Directors: Dr. Ravi Sandhu and Dr. Daniel Menascé Group-Centric Secure Information Sharing Models Dissertation.
1 Access Control Models Prof. Ravi Sandhu Executive Director and Endowed Chair January 25, 2013 & February 1, 2013
1 The Data and Application Security and Privacy (DASPY) Challenge Prof. Ravi Sandhu Executive Director and Endowed Chair 11/11/11
1 Grand Challenges in Data Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair
RBAC and Usage Control System Security. Role Based Access Control Enterprises organise employees in different roles RBAC maps roles to access rights After.
Future of Access Control: Attributes, Automation, Adaptation
1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.
Attribute-Based Access Control Models and Beyond
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.
1 The Future of Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair © Ravi Sandhu.
1 The Challenge of Data and Application Security and Privacy (DASPY) Ravi Sandhu Executive Director and Endowed Professor March 23, 2011
11 World-Leading Research with Real-World Impact! A Group-Centric Model for Collaboration with Expedient Insiders in Multilevel Systems Khalid Zaman Bijon,
INSTITUTE FOR CYBER SECURITY 1 Cyber Security: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security.
1 Institute for Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair February 4, 2015
INSTITUTE FOR CYBER SECURITY © Ravi Sandhu11 Group-Centric Information Sharing Ravi Sandhu Executive Director and Endowed Professor Institute for Cyber.
1 Grand Challenges in Authorization Systems Prof. Ravi Sandhu Executive Director and Endowed Chair November 14, 2011
1 The Future of Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair © Ravi Sandhu.
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
Lattice-Based Access Control Models Ravi S. Sandhu Colorado State University CS 681 Spring 2005 John Tesch.
11 World-Leading Research with Real-World Impact! Group-Centric Secure Information Sharing: A Lattice Interpretation Institute for Cyber Security Ravi.
INSTITUTE FOR CYBER SECURITY 1 The PEI Framework for Application-Centric Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for.
1 Group-Centric Models for Secure and Agile Information Sharing Ravi Sandhu Executive Director and Endowed Professor October 2010
INSTITUTE FOR CYBER SECURITY A Hybrid Enforcement Model for Group-Centric Secure Information Sharing (g-SIS) Co-authored with Ram Krishnan, PhD Candidate,
1 Group-Centric Models for Secure Information Sharing Prof. Ravi Sandhu Executive Director and Endowed Chair March 30, 2012
1 Group-Centric Models for Secure and Agile Information Sharing Ravi Sandhu Executive Director and Endowed Professor April 2010
INSTITUTE FOR CYBER SECURITY 1 Security Models: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security.
INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security.
1 © Ravi Sandhu OM-AM and PEI Prof. Ravi Sandhu. 2 © Ravi Sandhu THE OM-AM WAY Objectives Model Architecture Mechanism What? How? AssuranceAssurance.
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
A Conceptual Framework for Group-Centric Secure Information Sharing Ram Krishnan (George Mason University) Ravi Sandhu, Jianwei Niu, William Winsborough.
INSTITUTE FOR CYBER SECURITY 1 Enforcement Architecture and Implementation Model for Group-Centric Information Sharing © Ravi Sandhu Ram Krishnan (George.
Ram Krishnan (George Mason University) Ravi Sandhu, Jianwei Niu, William Winsborough (University of Texas at San Antonio) Foundations for Group-Centric.
1 The Authorization Leap from Rights to Attributes: Maturation or Chaos? Prof. Ravi Sandhu Executive Director and Endowed Chair SecurIT 2012 August 17,
1 Role-Based Access Control (RBAC) Prof. Ravi Sandhu Executive Director and Endowed Chair January 29, © Ravi.
INSTITUTE FOR CYBER SECURITY 1 Purpose-Centric Secure Information Sharing Ravi Sandhu Executive Director and Endowed Professor Institute for Cyber Security.
Institute for Cyber Security
Past, Present and Future
World-Leading Research with Real-World Impact!
Institute for Cyber Security (ICS) & Center for Security and Privacy Enhanced Cloud Computing (C-SPECC) Ravi Sandhu Executive Director Professor of.
Attribute-Based Access Control: Insights and Challenges
Executive Director and Endowed Chair
Institute for Cyber Security
Institute for Cyber Security
Institute for Cyber Security
Cyber Security Research: Applied and Basic Combined*
Attribute-Based Access Control: Insights and Challenges
Application-Centric Security
ASCAA Principles for Next-Generation Role-Based Access Control
Assured Information Sharing
Institute for Cyber Security
Cyber Security Research: A Personal Perspective
Cyber Security Research: Applied and Basic Combined*
Attribute-Based Access Control (ABAC)
Access Control Evolution and Prospects
Cyber Security R&D: A Personal Perspective
Access Control Evolution and Prospects
Presentation transcript:

Application-Centric Security Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University of Texas at San Antonio June 2009 ravi.sandhu@utsa.edu www.profsandhu.com © Ravi Sandhu

Institute for Cyber Security (ICS) Founded 2007 Dr. Robert W. Gracy Vice President for Research Dr. Ravi Sandhu Executive Director, ICS Dr. George Perry Dean of the College of Science Center for Infrastructure Assurance and Security (CIAS) Dr. Gregory White Director ICS Labs Sponsored Research Projects Dr. Ravi Sandhu ICS Incubator Commercialization Dr. Ravi Ganesan Chief Scientist Dark Screen Exercises and Training National Collegiate Cyber Defense Competition Numerous projects from NSF, AFOSR, AFRL, ONR, with 10+ UTSA researchers in collaboration with 11 University partners Innovative incubation program based on a combination of sponsored research and spin-in/spin-out model © Ravi Sandhu 2

ICS Key Assets World leading security modeling and analysis research Role-Based Access Control (RBAC) Model (1996) Catalyzes dominance of RBAC in commercial systems Develops into a NIST/ANSI Standard (2004) Usage Control (UCON) Model (2004) Attribute-Based Access Control on Steroids Unifies numerous extensions/enhancements PEI Framework (2000, 2006) Policy, Enforcement, Implementation Models From what to how Group-Centric Information Sharing (2007) Sharing metaphor of meeting room Equivalently: mission centric Bring in partners from leading research universities as appropriate Ready to commercialize when appropriate © Ravi Sandhu 3

Application Context Our Basic Premise Corollary Reality There can be no security without application context Courtney’s Law (1970s, 1980s ??): You cannot say anything interesting (i.e. significant) about the security of a system except in the context of a particular application and environment Corollary There can be no security model without application context Reality Existing security models are application neutral Assumption is they can be readily “configured” or “policy- fied” to suit application context © Ravi Sandhu 4

Existing Security Models (1) Discretionary Access Control (DAC) Characteristic: Owner-based discretion Drawbacks: Classic formulation fails to distinguish copy from read Application context drives ownership and its delegation Lattice-Based Access Control (LBAC) Characteristic: One directional information flow in a lattice of security labels Also known as: Bell-LaPadula, Multi-Level Security, Mandatory Access Control (ignoring subtle differences) Many applications violate one directional information flow Many applications do not fit within preexisting security labels © Ravi Sandhu 5

Existing Security Models (2) Role-Based Access Control (RBAC) Characteristic: Role is central, administration is simple Drawbacks: Need to define the roles for each application/environment Lack of standardized roles results in lack of interoperability Too open: can be configured to do DAC or LBAC Attribute-Based Access Control (ABAC) Characteristic: subsume security labels, roles and more as attributes and enforce attribute-based policies All the RBAC drawbacks on steroids Administrative complexity © Ravi Sandhu 6

Usage Control Model (UCON) unified model integrating authorization obligation conditions and incorporating continuity of decisions mutability of attributes UCON is Attribute-Based Access Control on Steroids © Ravi Sandhu 7

Usage Control Model (UCON) DAC LBAC RBAC ABAC … and many, many others UCON ABAC on steroids Simple, familiar, usable and effective use cases demonstrate the need for UCON Automatic Teller Machines CAPTCHAs at Public web sites End User Licencse Agreements Terms of Usage for WiFi in Hotels, Airports Rate limits on call center workers © Ravi Sandhu 8

Application-Centric Security Models Our Basic Premise There can be no security model without application context So how does one customize an application-centric security model? Meaningfully combine the essential insights of DAC, LBAC, RBAC, ABAC, UCON, etcetera Directly address the application-specific trade-offs Within the security objectives of confidentiality, integrity and availability Across security, performance, cost and usability objectives Separate the real-world concerns of practical distributed systems and ensuing staleness and approximations (enforcement layer) from policy concerns in a idealized environment (policy layer) © Ravi Sandhu 9

PEI Models: 3 Layers/5 Layers Idealized Enforceable (Approximate) Codeable © Ravi Sandhu 10

Dissemination-Centric Sharing Extensive research in the last two decades ORCON, DRM, ERM, XrML, ODRL, etc. Copy/usage control has received major attention Manageability problem largely unaddressed Alice Bob Charlie Eve Susie Attribute + Policy Cloud Object Dissemination Chain with Sticky Policies on Objects Attribute Cloud © Ravi Sandhu 11

Group-Centric Sharing (g-SIS) Brings users & objects together in a group Focuses on manageability using groups Co-exists with dissemination-centric Two metaphors Secure Meeting Room (E.g. Program committee) Subscription Model (E.g. Secure multicast) Operational aspects Group characteristics E.g. Are there any core properties? Group operation semantics E.g. What is authorized by join, add, etc.? Read-only Vs Read-Write Administrative aspects E.g. Who authorizes join, add, etc.? May be application dependant Multiple groups Inter-group relationship Group Authz (u,o,r)? join leave add remove Users Objects © Ravi Sandhu 12

g-SIS Operation Semantics GROUP Authz (u,o,r)? join leave add remove Users Objects © Ravi Sandhu 13

g-SIS Operation Semantics GROUP Authz (u,o,r)? Strict Join Strict Leave Liberal Add Liberal Remove Liberal Join LiberalLeave Strict Add Remove Users Objects © Ravi Sandhu 14

Family of g-SIS Policy Models This specification entails core properties. Traditional Groups: <LJ, SL, LA, SR> Secure Multicast: <SJ, LL, LA, *> Most Restrictive g-SIS Specification: © Ravi Sandhu 15 15

g-SIS Enforcement Model 3.2 Set Leave-TS (s) 4.2 Add o to ORL CC: Control Center GA: Group Administrator CC 4.1 Object Remove (o) 5.1 Request Refresh 5.2 Update Attributes 3.1 Subject Leave (s) 1. Read Objects … Group Subjects GA TRM TRM TRM Subject Attributes: {id, Join-TS, Leave-TS, ORL, gKey} ORL: Object Revocation List gKey: Group Key Object Attributes: {id, Add-TS} Refresh Time (RT): TRM contacts CC to update attributes © Ravi Sandhu 16 16

From Policy to Enforcement Additional Trusted/Semi-Trusted Servers Approximate Enforcement Finally, the Implementation layer models spell out protocol details and details of TRM algorithms © Ravi Sandhu 17

Conclusion Application-Centric Security Models require State-of-the-art approaches such as UCON, PEI Mix-and-match essential ideas of DAC, LBAC, RBAC, UCON Relevance to cyber range Cyber range is itself a new application and technology Group based information sharing is a good fit for information sharing within the cyber range Cyber range capabilities will need to support next generation security models Cyber range capabilities will need to support application-centric security models ….. © Ravi Sandhu 18