Presentation is loading. Please wait.

Presentation is loading. Please wait.

Institute for Cyber Security ASCAA Principles for Next- Generation Role-Based Access Control Ravi Sandhu Executive Director & Endowed Professor Institute.

Published byAlexander Coughlin Modified over 11 years ago

Similar presentations

Presentation on theme: "Institute for Cyber Security ASCAA Principles for Next- Generation Role-Based Access Control Ravi Sandhu Executive Director & Endowed Professor Institute."— Presentation transcript:

1 Institute for Cyber Security ASCAA Principles for Next- Generation Role-Based Access Control Ravi Sandhu Executive Director & Endowed Professor Institute for Cyber Security Univ. of Texas at San Antonio ravi.sandhu@utsa.edu www.profsandhu.com

2 Institute for Cyber Security The State of Cyber Security –We are in the midst of big change in cyber space –Nobody knows where we are headed –So far we have done a pretty bad job in cyber security –There is hope New services will not be held back Need for security will remain Good enough security is feasible

3 Institute for Cyber Security Security Schools of Thought –OLD THINK: We had it figured out. If the industry had only listened to us our computers and networks today would be secure. We can do security without considering applications –REALITY: Todays and tomorrows cyber systems and their security needs are fundamentally different from the timesharing era of the early 1970s. Security without application context is an oxymoron.

4 Institute for Cyber Security Fundamental Security Challenges –Balance security, convenience and cost –Make security seamless but not too seamless for the user –Make security flexible but not too flexible for the administrators –Make security models conform to business and social models NOT vice versa

5 Institute for Cyber Security RBAC: Role-Based Access Control –Access is determined by roles –A users roles are assigned by security administrators –A roles permissions are assigned by security administrators

6 Institute for Cyber Security RBAC96 Model ROLES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERS PERMISSIONS... SESSIONS ROLE HIERARCHIES CONSTRAINTS

7 Institute for Cyber Security Founding Principles of RBAC96 –Abstraction of Privileges Credit is different from Debit even though both require read and write –Separation of Administrative Functions Separation of user-role assignment from role- permission assignment –Least Privilege Right-size the roles Dont activate all roles all the time –Separation of Duty Static separation: purchasing manager versus accounts payable manager Dynamic separation: cash-register clerk versus cash-register manager

8 Institute for Cyber Security ASCAA Principles for Future RBAC –Abstraction of Privileges Credit vs debit Personalized permissions –Separation of Administrative Functions –Containment Least Privilege Separation of Duties Usage Limits Human in the loop –Automation Revocation Assignment: (i) Self-assignment, (ii) Attribute-based Context and environment adjustment –Accountability Re-authentication/Escalated authentication Click-through obligations Notification and alerts

9 Institute for Cyber Security Conclusion –RBAC is here to stay But needs continuous improvement –Access control needs agility Usage limits Automation (self-administration) Accountability –This is already happening Our models have fallen behind

Download ppt "Institute for Cyber Security ASCAA Principles for Next- Generation Role-Based Access Control Ravi Sandhu Executive Director & Endowed Professor Institute."

Similar presentations

INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.

INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.
INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010

1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010
Cyber-Identity, Authority and Trust in an Uncertain World

Cyber-Identity, Authority and Trust in an Uncertain World
INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
INSTITUTE FOR CYBER SECURITY April 20081 Access Control and Semantic Web Technologies Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY April Access Control and Semantic Web Technologies Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
Access Control Prof. Ravi Sandhu Executive Director and Endowed Chair

Access Control Prof. Ravi Sandhu Executive Director and Endowed Chair
1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010

1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010
INSTITUTE FOR CYBER SECURITY 1 Industry-Academia Research Synergy: Fantasy or Reality? Ravi Sandhu Executive Director and Endowed Professor Institute for.

INSTITUTE FOR CYBER SECURITY 1 Industry-Academia Research Synergy: Fantasy or Reality? Ravi Sandhu Executive Director and Endowed Professor Institute for.
The Future: Evolution of the Technology Ravi Sandhu Chief Scientist TriCipher, Inc. Los Gatos, California Executive Director and Chaired Professor Institute.

The Future: Evolution of the Technology Ravi Sandhu Chief Scientist TriCipher, Inc. Los Gatos, California Executive Director and Chaired Professor Institute.
1 PANEL Solving the Access Control Puzzle: Finding the Pieces and Putting Them Together Ravi Sandhu Executive Director Endowed Professor June 2010

1 PANEL Solving the Access Control Puzzle: Finding the Pieces and Putting Them Together Ravi Sandhu Executive Director Endowed Professor June 2010
INSTITUTE FOR CYBER SECURITY 1 The PEI + UCON Framework for Application Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY 1 The PEI + UCON Framework for Application Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
Cyber-Identity and Authorization in an Uncertain World Ravi Sandhu Laboratory for Information Security Technology www.list.gmu.edu Department of Information.

Cyber-Identity and Authorization in an Uncertain World Ravi Sandhu Laboratory for Information Security Technology Department of Information.
Sandhus Laws of Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University of Texas at San Antonio Chief.

Sandhus Laws of Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University of Texas at San Antonio Chief.
1 The Future of Cyber Security Prof. Ravi Sandhu Executive Director February 2010 © Ravi Sandhu.

1 The Future of Cyber Security Prof. Ravi Sandhu Executive Director February © Ravi Sandhu.
INSTITUTE FOR CYBER SECURITY 1 The PEI Framework for Application-Centric Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for.

INSTITUTE FOR CYBER SECURITY 1 The PEI Framework for Application-Centric Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for.
INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.

INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.
11 World-Leading Research with Real-World Impact! A Framework for Risk-Aware Role Based Access Control Khalid Zaman Bijon, Ram Krishnan and Ravi Sandhu.

11 World-Leading Research with Real-World Impact! A Framework for Risk-Aware Role Based Access Control Khalid Zaman Bijon, Ram Krishnan and Ravi Sandhu.
Institute for Cyber Security

Institute for Cyber Security
1 TRANSACTION CONTROL EXPRESSIONS (TCEs) Ravi Sandhu.

1 TRANSACTION CONTROL EXPRESSIONS (TCEs) Ravi Sandhu.

Similar presentations

Ads by Google