Presentation is loading. Please wait.

Presentation is loading. Please wait.

Assured Information Sharing

Published byWouter Theophiel Moens Modified over 5 years ago

Similar presentations

Presentation on theme: "Assured Information Sharing"— Presentation transcript:

1 Assured Information Sharing
Formal Models for Assured Information Sharing Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University of Texas at San Antonio September 2008 © Ravi Sandhu

2 Two Universes Convergence and Synergy AISL Policy Languages Policy
XACML Rei EXAM Policy Models Bell-LaPadula RBAC UCON Convergence and Synergy © Ravi Sandhu AISL

3 ... RBAC96 Model (1996) ROLE HIERARCHIES USER-ROLE ASSIGNMENT
PERMISSIONS-ROLE ASSIGNMENT USERS ROLES PERMISSIONS ... SESSIONS CONSTRAINTS © Ravi Sandhu AISL

4 Usage Control (UCON) Model (2004)
unified model integrating authorization obligation conditions and incorporating continuity of decisions mutability of attributes © Ravi Sandhu 4

5 Dissemination Vs Group-Centric Sharing
© Ravi Sandhu AISL

6 Dissemination-Centric Sharing
Attribute + Policy Cloud Attribute + Policy Cloud Attribute + Policy Cloud Attribute + Policy Cloud Object Object Object Object Alice Bob Charlie Ravi Shashi Attribute Cloud Attribute Cloud Attribute Cloud Attribute Cloud Attribute Cloud Dissemination Chain with Sticky Policies on Objects © Ravi Sandhu AISL

7 Group-Centric Sharing
Authz (S,O,R)? Strict Join Strict Leave Liberal Add Liberal Remove Liberal Join LiberalLeave Strict Add Remove Subjects Objects GROUP Authz (S,O,R)? Join Leave Add Remove Subjects Objects © Ravi Sandhu AISL

8 Group-Centric Models AISL Level 2 Level 1 Core Properties
Required of any policy Additional Properties Level 1 cannot violate Core Level 2 cannot violate Level 1 Core Properties © Ravi Sandhu AISL

9 Core Properties AISL Subjects 1. Overlapping Membership Property Leave
Join GROUP Authz (S,O,R)? 2. Persistence Property 3. Liveness Properties (a) Add Remove Objects (b) 4. Safety Properties (a) (b) © Ravi Sandhu AISL

10 Level 1 Lossless Vs Lossy Operations Restorative Vs Non-Restorative
Subjects Lossless Vs Lossy Operations Lossless Join Lossless Leave Restorative Vs Non-Restorative Non-Restorative Join Authorizations from past membership period not restored Non-Restorative Leave Authorizations prior to joining the group is not restored Leave Join GROUP Authz (S,O,R)? Add Remove Objects © Ravi Sandhu AISL

11 Level 2 AISL Subjects Leave Join Add Remove Objects Add after Join
GROUP Authz (S,O,R)? Add Remove Objects Add after Join Allows any combination of operations Add before Join © Ravi Sandhu AISL

Download ppt "Assured Information Sharing"

Similar presentations

INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.

INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.
INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
Cyber-Identity, Authority and Trust in an Uncertain World

Cyber-Identity, Authority and Trust in an Uncertain World
INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
INSTITUTE FOR CYBER SECURITY April 20081 Access Control and Semantic Web Technologies Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY April Access Control and Semantic Web Technologies Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
INSTITUTE FOR CYBER SECURITY 1 The PEI + UCON Framework for Application Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY 1 The PEI + UCON Framework for Application Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
Institute for Cyber Security ASCAA Principles for Next- Generation Role-Based Access Control Ravi Sandhu Executive Director & Endowed Professor Institute.

Institute for Cyber Security ASCAA Principles for Next- Generation Role-Based Access Control Ravi Sandhu Executive Director & Endowed Professor Institute.
Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.

Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.
© 2006 Ravi Sandhu www.list.gmu.edu Cyber-Identity, Authority and Trust Systems Prof. Ravi Sandhu Professor of Information Security and Assurance Director,

© 2006 Ravi Sandhu Cyber-Identity, Authority and Trust Systems Prof. Ravi Sandhu Professor of Information Security and Assurance Director,
1 Access Control Models Prof. Ravi Sandhu Executive Director and Endowed Chair January 25, 2013 & February 1, 2013

1 Access Control Models Prof. Ravi Sandhu Executive Director and Endowed Chair January 25, 2013 & February 1, 2013
1 The Data and Application Security and Privacy (DASPY) Challenge Prof. Ravi Sandhu Executive Director and Endowed Chair 11/11/11

1 The Data and Application Security and Privacy (DASPY) Challenge Prof. Ravi Sandhu Executive Director and Endowed Chair 11/11/11
Future of Access Control: Attributes, Automation, Adaptation

Future of Access Control: Attributes, Automation, Adaptation
1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.

1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.
1 Security and Trust Convergence: Attributes, Relations and Provenance Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown.

1 Security and Trust Convergence: Attributes, Relations and Provenance Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown.
Attribute-Based Access Control Models and Beyond

Attribute-Based Access Control Models and Beyond
1 Plenary Panel on Cloud Security and Privacy: What is new and What needs to be done? Ravi Sandhu Executive Director and Endowed Professor December 2010.

1 Plenary Panel on Cloud Security and Privacy: What is new and What needs to be done? Ravi Sandhu Executive Director and Endowed Professor December 2010.
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.

1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
1 A Role Based Administration Model For Attribute Xin Jin, Ram Krishnan, Ravi Sandhu SRAS, Sep 19, 2012 World-Leading Research with Real-World Impact!

1 A Role Based Administration Model For Attribute Xin Jin, Ram Krishnan, Ravi Sandhu SRAS, Sep 19, 2012 World-Leading Research with Real-World Impact!
11 World-Leading Research with Real-World Impact! A Group-Centric Model for Collaboration with Expedient Insiders in Multilevel Systems Khalid Zaman Bijon,

11 World-Leading Research with Real-World Impact! A Group-Centric Model for Collaboration with Expedient Insiders in Multilevel Systems Khalid Zaman Bijon,
INSTITUTE FOR CYBER SECURITY 1 Cyber Security: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security.

INSTITUTE FOR CYBER SECURITY 1 Cyber Security: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security.

Similar presentations

Ads by Google