Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2004 Ravi Sandhu www.list.gmu.edu A Perspective on Graphs and Access Control Models Ravi Sandhu Laboratory for Information Security Technology George.

Published byJeremiah Snyder Modified over 10 years ago

Similar presentations

Presentation on theme: "© 2004 Ravi Sandhu www.list.gmu.edu A Perspective on Graphs and Access Control Models Ravi Sandhu Laboratory for Information Security Technology George."— Presentation transcript:

1 © 2004 Ravi Sandhu www.list.gmu.edu A Perspective on Graphs and Access Control Models Ravi Sandhu Laboratory for Information Security Technology George Mason University www.list.gmu.edu sandhu@gmu.edu

2 © 2004 Ravi Sandhu www.list.gmu.edu 2 Outline A perspective on security A perspective on access control The safety problem in access control Looking ahead Discussion

3 © 2004 Ravi Sandhu www.list.gmu.edu 3 Security Confusion INTEGRITY modification AVAILABILITY access CONFIDENTIALITY disclosure USAGE purpose electronic commerce, electronic business digital rights management, client- side controls

4 © 2004 Ravi Sandhu www.list.gmu.edu 4 Good enough security EASY SECURE COST Security geeksReal-world users System owner whose security perception or reality of security end users operations staff help desk system cost operational cost opportunity cost cost of fraud Business models will dominate security models

5 © 2004 Ravi Sandhu www.list.gmu.edu 5 Good enough security RISKRISK COST H M L LMH 1 2 3 2 3 4 3 4 5 Entrepreneurial mindset Academic mindset

6 © 2004 Ravi Sandhu www.list.gmu.edu 6 Access Control Models Authentication AuthorizationEnforcement who is trying to access a protected resource? who should be allowed to access which protected resources? who should be allowed to change the access? how does the system enforce the specified authorization Access Control ModelsAccess Control Architecture

7 © 2004 Ravi Sandhu www.list.gmu.edu 7 The OM-AM Way Objectives Models Architectures Mechanisms What? How? AssuranceAssurance

8 © 2004 Ravi Sandhu www.list.gmu.edu 8 Access Control Status Ten years ago Emphasis on –Cryptography and intrusion detection –Access control relegated to back burner Ravi Sandhu, Access Control: The Neglected Frontier. Proc. First Australasian Conference on Information Security and Privacy, LNCS, 1996. Today Strong industry interest Growing need Growing research

9 © 2004 Ravi Sandhu www.list.gmu.edu 9 Safety in Access Control Authentication AuthorizationEnforcement who is trying to access a protected resource? who should be allowed to access which protected resources? who should be allowed to change the access? how does the system enforce the specified authorization Access Control ModelsAccess Control Architecture The Safety Problem

10 © 2004 Ravi Sandhu www.list.gmu.edu 10 The HRU (Harrison-Ruzzo-Ullman) Model, 1976 Ur w V F G r

11 © 2004 Ravi Sandhu www.list.gmu.edu 11 The HRU (Harrison-Ruzzo-Ullman) Model, 1976 UF r, w VG r

12 © 2004 Ravi Sandhu www.list.gmu.edu 12 The HRU (Harrison-Ruzzo-Ullman) Model, 1976 UF r, w VG r

13 © 2004 Ravi Sandhu www.list.gmu.edu 13 HRU Commands and Operations command α(X1, X2,..., Xk) if rl in (Xs1, Xo1) and r2 in (Xs2, Xo2) and ri in (Xsi, Xoi) then op1; op2; … opn end enter r into (Xs, Xo) delete r from (Xs, Xo) create subject Xs create object Xo destroy subject Xs destroy object Xo

14 © 2004 Ravi Sandhu www.list.gmu.edu 14 HRU as Graph Rules (from Koch et al 2002)

15 © 2004 Ravi Sandhu www.list.gmu.edu 15 Safety in HRU (late 1970s) Safety Problem: Is there a reachable state with edge labeled z from X to Y? Undecidable in general HRU unable to find interesting decidable cases. Mono-operational: decidable but uninteresting Monotonic: undecidable Bi-conditional monotonic: undecidable Mono-conditional monotonic: decidable but uninteresting

16 © 2004 Ravi Sandhu www.list.gmu.edu 16 The Safety Problem HRU 1976: It would be nice if we could provide for protection systems an algorithm which decided safety for a wide class of systems, especially if it included all or most of the systems that people seriously contemplate. Unfortunately, our one result along these lines involves a class of systems called mono- operational, which are not terribly realistic. Our attempts to extend these results have not succeeded, and the problem of giving a decision algorithm for a class of protection systems as useful as the LR(k) class is to grammar theory appears very difficult. 2004: Considerable progress has been made but much remains to be done and practical application of known results is essentially non-existent. –Progress includes: Take-Grant Model (Jones, Lipton, Snyder, Denning, Bishop; late 79s early 80s), Schematic Protection Model (Sandhu, 80s), Typed Access Matrix Model (Sandhu, 1990s), Graph Transformations (Koch, Mancini, Parisi- Pressice 2000s)

17 © 2004 Ravi Sandhu www.list.gmu.edu 17 Safety with Types Typed Access Matrix or TAM model (Sandhu 1992) Safety is polynomial-decidable for monotonic ternary TAM with acyclic create-graph Typed Graphs (Koch et al 2002) Safety is decidable for transformations that are either expanding or deleting The given algorithm is exponential but actual complexity remains an open question

18 © 2004 Ravi Sandhu www.list.gmu.edu 18 The Take-Grant Model (late 70s, early 80s) AB t (a) B/t Є dom(A) AB g (b) B/g Є dom(A) Original graph representation, late 70s

19 © 2004 Ravi Sandhu www.list.gmu.edu 19 The Take-Grant Model (late 70s, early 80s) AB t (a) B/t Є dom(A) AB g (b) B/g Є dom(A) Lockman-Minsky representation, 1982

20 © 2004 Ravi Sandhu www.list.gmu.edu 20 Creation in Take-Grant A A tg (a) The Original View A A tg (b) The Lockman-Minsky View

21 © 2004 Ravi Sandhu www.list.gmu.edu 21 Reversal of Take-Grant Flow: case t AB t A tg g t

22 © 2004 Ravi Sandhu www.list.gmu.edu 22 Reversal of Take-Grant Flow: case g AB g A tg g t, g

23 © 2004 Ravi Sandhu www.list.gmu.edu 23 Reversal of Grant-Only Flow AB g A gg g g

24 © 2004 Ravi Sandhu www.list.gmu.edu 24 Non-Reversal of Take-Only Flow AB t A tt t

25 © 2004 Ravi Sandhu www.list.gmu.edu 25 Safety in more recent (and practical) models RBAC96 (foundation of a new NIST/ANSI/ISO standard) Safety is undecidable in general –Sandhu, Munawer, Crampton, 1998 Decidable cases exist –Li, Mitchell, Winsborough, Solworth, Sloan, 2000s UCON (Usage Control Models) Safety is undecidable in general Decidable cases exist –Park, Sandhu, Zhang, Parisi-Pressice 2000s

26 © 2004 Ravi Sandhu www.list.gmu.edu 26 Looking ahead Security lags information technology applications Information technology applications are moving extremely rapidly The need for decentralized and automatic authorization is growing very rapidly The safety problem of access control remains a critical path problem Challenges –Develop new real-world relevant theory –Apply old and new theory Can theory of graph transformations help us?

27 © 2004 Ravi Sandhu www.list.gmu.edu 27 RBAC96 model (Currently foundation of a NIST/ANSI/ISO standard) ROLES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS ROLE HIERARCHIES CONSTRAINTS

28 © 2004 Ravi Sandhu www.list.gmu.edu 28 UCON (Usage Control) Models ongoingN/A

Download ppt "© 2004 Ravi Sandhu www.list.gmu.edu A Perspective on Graphs and Access Control Models Ravi Sandhu Laboratory for Information Security Technology George."

Similar presentations

Delta Confidential 1 5/29 – 6/6, 2001 SAP R/3 V4.6c PP Module Order Change Management(OCM)

Delta Confidential 1 5/29 – 6/6, 2001 SAP R/3 V4.6c PP Module Order Change Management(OCM)
Using Matrices in Real Life

Using Matrices in Real Life
Advanced Piloting Cruise Plot.

Advanced Piloting Cruise Plot.
Cyber-Identity, Authority and Trust in an Uncertain World

Cyber-Identity, Authority and Trust in an Uncertain World
1 Formal Model and Analysis of Usage Control Dissertation defense Student: Xinwen Zhang Director: Ravi S. Sandhu Co-director: Francesco Parisi-Presicce.

1 Formal Model and Analysis of Usage Control Dissertation defense Student: Xinwen Zhang Director: Ravi S. Sandhu Co-director: Francesco Parisi-Presicce.
Cyber-Identity, Authority and Trust in an Uncertain World

Cyber-Identity, Authority and Trust in an Uncertain World
Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University www.list.gmu.edu.

Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University
Cyber-Identity and Authorization in an Uncertain World Ravi Sandhu Laboratory for Information Security Technology www.list.gmu.edu Department of Information.

Cyber-Identity and Authorization in an Uncertain World Ravi Sandhu Laboratory for Information Security Technology Department of Information.
© 2004 Ravi Sandhu www.list.gmu.edu The Schematic Protection Model (SPM) Ravi Sandhu Laboratory for Information Security Technology George Mason University.

© 2004 Ravi Sandhu The Schematic Protection Model (SPM) Ravi Sandhu Laboratory for Information Security Technology George Mason University.
© 2004-5 Ravi Sandhu www.list.gmu.edu Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology.

© Ravi Sandhu Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology.
© 2004 Ravi Sandhu www.list.gmu.edu The Safety Problem in Access Control HRU Model Ravi Sandhu Laboratory for Information Security Technology George Mason.

© 2004 Ravi Sandhu The Safety Problem in Access Control HRU Model Ravi Sandhu Laboratory for Information Security Technology George Mason.
1 Framework for Role-Based Delegation Models (RBDMs) By: Ezedin S.Barka and Ravi Sandhu Laboratory Of Information Security Technology George Mason University.

1 Framework for Role-Based Delegation Models (RBDMs) By: Ezedin S.Barka and Ravi Sandhu Laboratory Of Information Security Technology George Mason University.
Attribute Mutability in Usage Control July 26, 2004, IFIP WG11.3 Jaehong Park, University of Maryland University College Xinwen Zhang, George Mason University.

Attribute Mutability in Usage Control July 26, 2004, IFIP WG11.3 Jaehong Park, University of Maryland University College Xinwen Zhang, George Mason University.
Managing Cyber-Identity, Authorization and Trust (and their inter-relationships) Prof. Ravi Sandhu Laboratory for Information Security Technology George.

Managing Cyber-Identity, Authorization and Trust (and their inter-relationships) Prof. Ravi Sandhu Laboratory for Information Security Technology George.
INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.

INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.
1 Safety Analysis of Usage Control (UCON) Authorization Model Xinwen Zhang, Ravi Sandhu, and Francesco Parisi-Presicce George Mason University AsiaCCS.

1 Safety Analysis of Usage Control (UCON) Authorization Model Xinwen Zhang, Ravi Sandhu, and Francesco Parisi-Presicce George Mason University AsiaCCS.
ISA 662 Internet Security Protocols Kerberos Prof. Ravi Sandhu.

ISA 662 Internet Security Protocols Kerberos Prof. Ravi Sandhu.
ARBAC99 (Model for Administration of Roles)

ARBAC99 (Model for Administration of Roles)
Ravi Sandhu Venkata Bhamidipati

Ravi Sandhu Venkata Bhamidipati
© 2006 Ravi Sandhu www.list.gmu.edu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)

© 2006 Ravi Sandhu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)

Similar presentations

Ads by Google