Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2004-5 Ravi Sandhu www.list.gmu.edu Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology.

Published byMadison Romero Modified over 10 years ago

Similar presentations

Presentation on theme: "© 2004-5 Ravi Sandhu www.list.gmu.edu Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology."— Presentation transcript:

1 © 2004-5 Ravi Sandhu www.list.gmu.edu Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University www.list.gmu.edu sandhu@gmu.edu

2 © 2004 Ravi Sandhu www.list.gmu.edu 2 Outline Perspective on security Role Based Access Control (RBAC) Objective Model-Architecture Mechanism (OM-AM) Framework Usage Control (UCON) Discussion

3 © 2004-5 Ravi Sandhu www.list.gmu.edu PERSPECTIVE

4 © 2004 Ravi Sandhu www.list.gmu.edu 4 Security Conundrum Nobody knows WHAT security is Some of us do know HOW to implement pieces of it Result: hammers in search of nails

5 © 2004 Ravi Sandhu www.list.gmu.edu 5 Security Confusion INTEGRITY modification AVAILABILITY access CONFIDENTIALITY disclosure USAGE purpose electronic commerce, electronic business DRM, client-side controls

6 © 2004 Ravi Sandhu www.list.gmu.edu 6 Security Successes On-line banking On-line trading Automatic teller machines (ATMs) GSM phones Set-top boxes ……………………. Success is largely unrecognized by the security community

7 © 2004 Ravi Sandhu www.list.gmu.edu 7 Good enough security Exceeding good enough is not good You will pay a price in user convenience, ease of operation, cost, performance, availability, … There is no such thing as free security Determining good enough is hard Necessarily a moving target

8 © 2004 Ravi Sandhu www.list.gmu.edu 8 Good enough security EASY SECURE COST Security geeksReal-world users System owner whose security perception or reality of security end users operations staff help desk system cost operational cost opportunity cost cost of fraud Business models dominate security models

9 © 2004 Ravi Sandhu www.list.gmu.edu 9 Good enough security In many cases good enough is achievable at a pretty low threshold The entrepreneurial mindset In extreme cases good enough will require a painfully high threshold The academic mindset

10 © 2004 Ravi Sandhu www.list.gmu.edu 10 Good enough security RISKRISK COST H M L LMH 1 2 3 2 3 4 3 4 5 Entrepreneurial mindset Academic mindset

11 © 2004-5 Ravi Sandhu www.list.gmu.edu ROLE-BASED ACCESS CONTROL (RBAC)

12 © 2004 Ravi Sandhu www.list.gmu.edu 12 MAC, DAC and RBAC For 25 years (1971-96) access control was divided into Mandatory Access Control (MAC) Discretionary Access Control (DAC) Since the early-mid 1990s Role-Based Access Control (RBAC) has become a dominant force RBAC subsumes MAC and DAC RBAC is not the final answer BUT is a critical piece of the final answer

13 © 2004 Ravi Sandhu www.list.gmu.edu 13 Mandatory Access Control (MAC) TS S C U Information Flow Dominance Lattice of security labels Rights are determined by security labels (Bell-LaPadula 1971)

14 © 2004 Ravi Sandhu www.list.gmu.edu 14 Discretionary Access Control (DAC) The owner of a resource determines access to that resource The owner is often the creator of the resource Fails to distinguish read from copy This distinction has re-emerged recently under the name Dissemination Control (DCON)

15 © 2004 Ravi Sandhu www.list.gmu.edu 15 RBAC96 model (Currently foundation of a NIST/ANSI/ISO standard) ROLES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS ROLE HIERARCHIES CONSTRAINTS

16 © 2004 Ravi Sandhu www.list.gmu.edu 16 RBAC SECURITY PRINCIPLES least privilege separation of duties separation of administration and access abstract operations

17 © 2004 Ravi Sandhu www.list.gmu.edu 17 HIERARCHICAL ROLES Health-Care Provider Physician Primary-Care Physician Specialist Physician

18 © 2004 Ravi Sandhu www.list.gmu.edu 18 Fundamental Theorem of RBAC RBAC can be configured to do MAC RBAC can be configured to do DAC RBAC is policy neutral

19 © 2004-5 Ravi Sandhu www.list.gmu.edu OM-AM (Objective/Model Architecture/Mechanism) Framework

20 © 2004 Ravi Sandhu www.list.gmu.edu 20 THE OM-AM WAY Objectives Model Architecture Mechanism What? How? AssuranceAssurance

21 © 2004 Ravi Sandhu www.list.gmu.edu 21 LAYERS AND LAYERS Multics rings Layered abstractions Waterfall model Network protocol stacks Napolean layers RoFi layers OM-AM etcetera

22 © 2004 Ravi Sandhu www.list.gmu.edu 22 OM-AM AND MANDATORY ACCESS CONTROL (MAC) What? How? No information leakage Lattices (Bell-LaPadula) Security kernel Security labels AssuranceAssurance

23 © 2004 Ravi Sandhu www.list.gmu.edu 23 OM-AM AND DISCRETIONARY ACCESS CONTROL (DAC) What? How? Owner-based discretion numerous ACLs, Capabilities, etc AssuranceAssurance

24 © 2004 Ravi Sandhu www.list.gmu.edu 24 OM-AM AND ROLE-BASED ACCESS CONTROL (RBAC) What? How? Objective neutral RBAC96, ARBAC97, etc. user-pull, server-pull, etc. certificates, tickets, PACs, etc. AssuranceAssurance

25 © 2004 Ravi Sandhu www.list.gmu.edu 25 RBAC96 model (Currently foundation of a NIST/ANSI/ISO standard) ROLES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS ROLE HIERARCHIES CONSTRAINTS

26 © 2004 Ravi Sandhu www.list.gmu.edu 26 Server-Pull Architecture ClientServer User-role Authorization Server

27 © 2004 Ravi Sandhu www.list.gmu.edu 27 User-Pull Architecture ClientServer User-role Authorization Server

28 © 2004 Ravi Sandhu www.list.gmu.edu 28 Proxy-Based Architecture ClientServer Proxy Server User-role Authorization Server

29 © 2004-5 Ravi Sandhu www.list.gmu.edu USAGE CONTROL (UCON)

30 © 2004 Ravi Sandhu www.list.gmu.edu 30 The UCON Vision: A unified model Traditional access control models are not adequate for todays distributed, network- connected digital environment. Authorization only – No obligation or condition based control Decision is made before access – No ongoing control No consumable rights - No mutable attributes Rights are pre-defined and granted to subjects

31 © 2004 Ravi Sandhu www.list.gmu.edu 31 OM-AM layered Approach

32 © 2004 Ravi Sandhu www.list.gmu.edu 32 Prior Work Problem-specific enhancement to traditional access control Digital Rights Management (DRM) –mainly focus on intellectual property rights protection. –Architecture and Mechanism level studies, Functional specification languages – Lack of access control model Trust Management –Authorization for strangers access based on credentials

33 © 2004 Ravi Sandhu www.list.gmu.edu 33 Prior Work Incrementally enhanced models Provisional authorization [Kudo & Hada, 2000] EACL [Ryutov & Neuman, 2001] Task-based Access Control [Thomas & Sandhu, 1997] Ponder [Damianou et al., 2001]

34 © 2004 Ravi Sandhu www.list.gmu.edu 34 Usage Control (UCON) Coverage Protection Objectives Sensitive information protection IPR protection Privacy protection Protection Architectures Server-side reference monitor (SRM) Client-side reference monitor (CRM) Both SRM and CRM

35 © 2004 Ravi Sandhu www.list.gmu.edu 35 Core UCON (Usage Control) Models ongoing postpre Continuity of decisions Mutability of attributes

36 © 2004 Ravi Sandhu www.list.gmu.edu 36 Examples Long-distance phone (pre-authorization with post- update) Pre-paid phone card (ongoing-authorization with ongoing-update) Pay-per-view (pre-authorization with pre-updates) Click Ad within every 30 minutes (ongoing- obligation with ongoing-updates) Business Hour (pre-/ongoing-condition)

37 © 2004 Ravi Sandhu www.list.gmu.edu 37 Beyond the UCON Core Models

38 © 2004 Ravi Sandhu www.list.gmu.edu 38 UCON Architectures We narrow down our focus so we can discuss in detail how UCON can be realized in architecture level Sensitive information protection X CRM First systematic study for generalized security architectures for digital information dissemination Architectures can be extended to include payment function

39 © 2004 Ravi Sandhu www.list.gmu.edu 39 Three Factors of Security Architectures Virtual Machine (VM) runs on top of vulnerable computing environment and has control functions Additional assurance will come with emerging hardware support Control Set (CS) A list of access rights and usage rules Fixed, embedded, and external control set Distribution Style Message Push (MP), External Repository (ER) style

40 © 2004 Ravi Sandhu www.list.gmu.edu 40 Architecture Taxonomy VM: Virtual Machine CS: Control Set MP: Message Push ER: External Repository NC1: No control architecture w/ MP NC2: No control architecture w/ ER FC1: Fixed control architecture w/ MP FC2: Fixed control architecture w/ ER EC1: Embedded control architecture w/ MP EC2: Embedded control architecture w/ ER XC1: External control architecture w/ MP XC2: External control architecture w/ ER

41 © 2004-5 Ravi Sandhu www.list.gmu.edu RESEARCH TOPICS

42 © 2004 Ravi Sandhu www.list.gmu.edu 42 RESEARCH TOPICS OM-AM, RBAC, UCON Previously discussed Trusted computing Hardware-based trust on the client side Dissemination control Discretionary access control done correctly Application-layer security Cant escape it Security as a tool for enterprise risk management Reconciling financial, reputational and regulatory risk with business models Security in a world of pervasive computing A comfort zone for users in a brave new world New security gizmos, widgets and protocols A never ending quest

Download ppt "© 2004-5 Ravi Sandhu www.list.gmu.edu Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology."

Similar presentations

Numbers Treasure Hunt Following each question, click on the answer. If correct, the next page will load with a graphic first – these can be used to check.

Numbers Treasure Hunt Following each question, click on the answer. If correct, the next page will load with a graphic first – these can be used to check.
INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.

INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.
INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
1 UNIVERSITIES of AUSTRALASIA BENCHMARKING RISK MANAGEMENT BILL DUNNE DIRECTOR RISK MANAGEMENT UNSW. PROUDLY SPONSORED BY UNIMUTUAL.

1 UNIVERSITIES of AUSTRALASIA BENCHMARKING RISK MANAGEMENT BILL DUNNE DIRECTOR RISK MANAGEMENT UNSW. PROUDLY SPONSORED BY UNIMUTUAL.
Cyber-Identity, Authority and Trust in an Uncertain World

Cyber-Identity, Authority and Trust in an Uncertain World
Cyber-Identity, Authority and Trust in an Uncertain World

Cyber-Identity, Authority and Trust in an Uncertain World
INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University www.list.gmu.edu.

Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University
Cyber-Identity and Authorization in an Uncertain World Ravi Sandhu Laboratory for Information Security Technology www.list.gmu.edu Department of Information.

Cyber-Identity and Authorization in an Uncertain World Ravi Sandhu Laboratory for Information Security Technology Department of Information.
George Mason University

George Mason University
© 2004 Ravi Sandhu www.list.gmu.edu A Perspective on Graphs and Access Control Models Ravi Sandhu Laboratory for Information Security Technology George.

© 2004 Ravi Sandhu A Perspective on Graphs and Access Control Models Ravi Sandhu Laboratory for Information Security Technology George.
Attribute Mutability in Usage Control July 26, 2004, IFIP WG11.3 Jaehong Park, University of Maryland University College Xinwen Zhang, George Mason University.

Attribute Mutability in Usage Control July 26, 2004, IFIP WG11.3 Jaehong Park, University of Maryland University College Xinwen Zhang, George Mason University.
INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.

INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.
Role-Based Access Control Prof. Ravi Sandhu George Mason University and NSD Security SACMAT 2003.

Role-Based Access Control Prof. Ravi Sandhu George Mason University and NSD Security SACMAT 2003.
1 Safety Analysis of Usage Control (UCON) Authorization Model Xinwen Zhang, Ravi Sandhu, and Francesco Parisi-Presicce George Mason University AsiaCCS.

1 Safety Analysis of Usage Control (UCON) Authorization Model Xinwen Zhang, Ravi Sandhu, and Francesco Parisi-Presicce George Mason University AsiaCCS.
Towards Usage Control Models: Beyond Traditional Access Control 7 th SACMAT, June 3, 2002 Jaehong Park and Ravi Sandhu Laboratory for Information Security.

Towards Usage Control Models: Beyond Traditional Access Control 7 th SACMAT, June 3, 2002 Jaehong Park and Ravi Sandhu Laboratory for Information Security.
Institute for Cyber Security

Institute for Cyber Security
© 2006 Ravi Sandhu www.list.gmu.edu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)

© 2006 Ravi Sandhu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)
A Usage-based Authorization Framework for Collaborative Computing Systems Xinwen Zhang George Mason University Masayuki Nakae NEC Corporation Michael J.

A Usage-based Authorization Framework for Collaborative Computing Systems Xinwen Zhang George Mason University Masayuki Nakae NEC Corporation Michael J.
Usage Control: UCON Ravi Sandhu. © Ravi Sandhu2 Problem Statement Traditional access control models are not adequate for todays distributed, network-

Usage Control: UCON Ravi Sandhu. © Ravi Sandhu2 Problem Statement Traditional access control models are not adequate for todays distributed, network-

Similar presentations

Ads by Google