Presentation is loading. Please wait.

Presentation is loading. Please wait.

Institute for Cyber Security

Published byRegina Day Modified over 6 years ago

Similar presentations

Presentation on theme: "Institute for Cyber Security"— Presentation transcript:

1 Institute for Cyber Security
Towards ABAC in Hadoop Ecosystem Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security, University of Texas at San Antonio Ford EEIT & GDIA Big Data Access Control Symposium Dearborn, Michigan May 2, 2017 © Ravi Sandhu World-Leading Research with Real-World Impact!

2 PEI Models: 3 Layers Security and system goals Necessarily Informal
(objective policy) Necessarily Informal Formal/ quasi-formal Policy Models System block diagrams, protocol flows Enforcement Models Pseudo-code Implementation Models Actual Code © Ravi Sandhu World-Leading Research with Real-World Impact!

3 PEI Models: 3 Layers Security and system goals Necessarily Informal
(objective policy) Necessarily Informal Formal/ quasi-formal Policy Models System block diagrams, protocol flows Enforcement Models Pseudo-code Implementation Models Actual Code © Ravi Sandhu World-Leading Research with Real-World Impact!

4 Multi-Layer Authorization
Data and Objects Services Cluster Resources and Applications © Ravi Sandhu World-Leading Research with Real-World Impact!

5 World-Leading Research with Real-World Impact!
Hadoop Ecosystem Enforcement Model Policy Manager : Apache Ranger, Apache Sentry Gateway : Apache Knox Ecosystem Service (ES) : Apache Hive, HDFS, Apache Storm, Apache Kafka, YARN © Ravi Sandhu World-Leading Research with Real-World Impact!

6 PEI Models: 3 Layers Security and system goals Necessarily Informal
(objective policy) Necessarily Informal Formal/ quasi-formal Policy Models System block diagrams, protocol flows Enforcement Models Pseudo-code Implementation Models Actual Code © Ravi Sandhu World-Leading Research with Real-World Impact!

7 World-Leading Research with Real-World Impact!
AC Model: Hadoop View Users (U), Groups (G) , Subjects (S) Hadoop Services (HS) : NameNode, YARN ResourceManager Hadoop Service Operations (OPHS) : access / communicate Objects (OB) : Files and Directories in HDFS Operations (OP) : read, write, execute © Ravi Sandhu World-Leading Research with Real-World Impact!

8 World-Leading Research with Real-World Impact!
AC Model: Ranger View Ecosystem Service (ES) : Hive, HDFS, Kafka, HBase Objects (OB) : Files and Directories in HDFS; Tables, columns in Hive Operations (OP) : read, write, execute, select, create Tag : PII, top-secret © Ravi Sandhu World-Leading Research with Real-World Impact!

9 World-Leading Research with Real-World Impact!
AC Model: Sentry View Roles (R) © Ravi Sandhu World-Leading Research with Real-World Impact!

10 AC Model: Consolidated View
© Ravi Sandhu World-Leading Research with Real-World Impact!

11 Proposed OT-RBAC Model
Object-Tagged RBAC © Ravi Sandhu World-Leading Research with Real-World Impact!

12 Adding Attributes to OT-RBAC
© Ravi Sandhu World-Leading Research with Real-World Impact!

13 PEI Models: 3 Layers Security and system goals Necessarily Informal
(objective policy) Necessarily Informal Formal/ quasi-formal Policy Models System block diagrams, protocol flows Enforcement Models Pseudo-code Implementation Models Actual Code © Ravi Sandhu World-Leading Research with Real-World Impact!

14 World-Leading Research with Real-World Impact!
Publications Gupta, M., Patwa, F., and Sandhu, R.: Object-Tagged RBAC Model for the Hadoop Ecosystem. In: Proc. of 31st Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec), Philadelphia, PA, July 19-21, Available soon at Gupta, M., Patwa, F., Benson, J., and Sandhu, R.: Multi-layer Authorization Framework for a Representative Hadoop Ecosystem Deployment. In: Proc. of 22nd ACM Symposium on Access Control Models and Technologies (SACMAT), Indianapolis, IN, June 21-23, Sandhu, R.: The PEI Framework for Application-Centric Security. In: Proc. 5th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), Crystal City, Virginia, November 11-14, © Ravi Sandhu World-Leading Research with Real-World Impact!

Download ppt "Institute for Cyber Security"

Similar presentations

1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010

1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010
INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010

1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010
INSTITUTE FOR CYBER SECURITY 1 The PEI Framework for Application-Centric Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for.

INSTITUTE FOR CYBER SECURITY 1 The PEI Framework for Application-Centric Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for.
Future of Access Control: Attributes, Automation, Adaptation

Future of Access Control: Attributes, Automation, Adaptation
1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.

1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.
Attribute-Based Access Control Models and Beyond

Attribute-Based Access Control Models and Beyond
1 Plenary Panel on Cloud Security and Privacy: What is new and What needs to be done? Ravi Sandhu Executive Director and Endowed Professor December 2010.

1 Plenary Panel on Cloud Security and Privacy: What is new and What needs to be done? Ravi Sandhu Executive Director and Endowed Professor December 2010.
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.

1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
1 Privacy and Access Control: How are These Two Concepts Related? Prof. Ravi Sandhu Executive Director and Endowed Chair SACMAT Panel June 3, 2015

1 Privacy and Access Control: How are These Two Concepts Related? Prof. Ravi Sandhu Executive Director and Endowed Chair SACMAT Panel June 3, 2015
11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.

11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.
INSTITUTE FOR CYBER SECURITY 1 Cyber Security: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security.

INSTITUTE FOR CYBER SECURITY 1 Cyber Security: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security.
1 Institute for Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair February 4, 2015

1 Institute for Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair February 4, 2015
1 Big Data Applications in Cloud and Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Professor UTSA COB Symposium on Big Data, Big Challenges.

1 Big Data Applications in Cloud and Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Professor UTSA COB Symposium on Big Data, Big Challenges.
1 Grand Challenges in Authorization Systems Prof. Ravi Sandhu Executive Director and Endowed Chair November 14, 2011

1 Grand Challenges in Authorization Systems Prof. Ravi Sandhu Executive Director and Endowed Chair November 14, 2011
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.

1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
11 World-Leading Research with Real-World Impact! Group-Centric Secure Information Sharing: A Lattice Interpretation Institute for Cyber Security Ravi.

11 World-Leading Research with Real-World Impact! Group-Centric Secure Information Sharing: A Lattice Interpretation Institute for Cyber Security Ravi.
1 Group-Centric Models for Secure and Agile Information Sharing Ravi Sandhu Executive Director and Endowed Professor October 2010

1 Group-Centric Models for Secure and Agile Information Sharing Ravi Sandhu Executive Director and Endowed Professor October 2010
1 Cloud Computing and Security Prof. Ravi Sandhu Executive Director and Endowed Chair April 19, 2013 © Ravi Sandhu.

1 Cloud Computing and Security Prof. Ravi Sandhu Executive Director and Endowed Chair April 19, © Ravi Sandhu.
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.

1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.

Similar presentations

Ads by Google