Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Grand Challenges in Authorization Systems Prof. Ravi Sandhu Executive Director and Endowed Chair November 14, 2011

Published byEllen Harrison Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Grand Challenges in Authorization Systems Prof. Ravi Sandhu Executive Director and Endowed Chair November 14, 2011"— Presentation transcript:

1 1 Grand Challenges in Authorization Systems Prof. Ravi Sandhu Executive Director and Endowed Chair November 14, 2011 ravi.sandhu@utsa.edu www.profsandhu.com www.ics.utsa.edu © Ravi Sandhu World-Leading Research with Real-World Impact! Institute for Cyber Security

2 Mutually Supportive Technologies © Ravi Sandhu 2 World-Leading Research with Real-World Impact! AUTHENTICATION INTRUSION DETECTION CRYPTOGRAPHY ACCESS CONTROL ASSURANCE RISK ANALYSIS SECURITY ENGINEERING & MANAGEMENT

3 Cyber Security Objectives © Ravi Sandhu 3 World-Leading Research with Real-World Impact! INTEGRITY modification AVAILABILITY access CONFIDENTIALITY disclosure

4 Cyber Security Objectives © Ravi Sandhu 4 World-Leading Research with Real-World Impact! INTEGRITY modification AVAILABILITY access CONFIDENTIALITY disclosure USAGE purpose

5 Cyber Security Objectives © Ravi Sandhu 5 World-Leading Research with Real-World Impact! INTEGRITY modification AVAILABILITY access CONFIDENTIALITY disclosure USAGE purpose USAGE

6 6 World-Leading Research with Real-World Impact! Authorization Systems © Ravi Sandhu Policy Specification Dynamics Agility Enforcement Grand Challenge arena

7  Discretionary Access Control (DAC)  Owner controls access  But only to the original, not to copies  Mandatory Access Control (MAC)  Same as Lattice-Based Access Control (LBAC)  Access based on security labels  Labels propagate to copies  Role-Based Access Control (RBAC)  Access based on roles  Can be configured to do DAC or MAC  Generalizes to Attribute-Based Access Control (ABAC) © Ravi Sandhu 7 World-Leading Research with Real-World Impact! Access Control Models Numerous other models but only 3 successes: SO FAR

8 Discretionary Access Control © Ravi Sandhu 8 World-Leading Research with Real-World Impact! File F A:r A:w File G B:r A:w B cannot read file F A trusted not to copy F to G B cannot read file F A trusted not to copy F to G ACL

9 Discretionary Access Control © Ravi Sandhu 9 World-Leading Research with Real-World Impact! File F A:r A:w File G B:r A:w But trusting A does not stop Trojan Horses ACL A Program Goodies Trojan Horse executes read write

10 Mandatory Access Control © Ravi Sandhu 10 World-Leading Research with Real-World Impact! Unclassified Confidential Secret Top Secret can-flow dominance 

11 Mandatory Access Control © Ravi Sandhu 11 World-Leading Research with Real-World Impact! Low User High Trojan Horse Infected Subject High User Low Trojan Horse Infected Subject COVERT CHANNEL Information is leaked unknown to the high user

12 Role-Based Access Control © Ravi Sandhu 12 World-Leading Research with Real-World Impact!  Access is determined by roles  A user’s roles are assigned by security administrators  A role’s permissions are assigned by security administrators Is RBAC MAC or DAC or neither?  RBAC can be configured to do MAC  RBAC can be configured to do DAC  RBAC is policy neutral RBAC is neither MAC nor DAC!

13 Role-Based Access Control © Ravi Sandhu 13 World-Leading Research with Real-World Impact! ROLES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERS PERMISSIONS... SESSIONS ROLE HIERARCHIES CONSTRAINTS

14 Server Pull Enforcement Model © Ravi Sandhu 14 World-Leading Research with Real-World Impact! ClientServer User-role Authorization Server

15 Client Pull Enforcement Model © Ravi Sandhu 15 World-Leading Research with Real-World Impact! ClientServer User-role Authorization Server

16  Trojan Horse  Covert Channels  Inference  Analog Hole  Assured Enforcement  Privelege Escalation  Policy Comprehension and Analysis © Ravi Sandhu 16 World-Leading Research with Real-World Impact! Tough Challenges Tough Challenges NOT EQUAL TO Grand Challenges

17  How can we be “secure” while being “insecure”?  What is the value of access control when we know that ultimately it can be bypassed? © Ravi Sandhu 17 World-Leading Research with Real-World Impact! Grandest Challenge

18 18 World-Leading Research with Real-World Impact! Authorization Systems © Ravi Sandhu Policy Specification Dynamics Agility Enforcement Grand Challenge arena

19  How do we determine the balance between too much and too little?  How do we enforce policies across multiple layers of the software stack?  How do we build dynamics into policy specifications and enforcement mechanisms?  How do we understand and control what we have done? © Ravi Sandhu 19 World-Leading Research with Real-World Impact! Grand Challenges

20  Computer scientists could never have designed the web because they would have tried to make it work.  But the Web does “work.”  What does it mean for the Web to “work”? © Ravi Sandhu 20 World-Leading Research with Real-World Impact! Butler Lampson Paraphrased

Download ppt "1 Grand Challenges in Authorization Systems Prof. Ravi Sandhu Executive Director and Endowed Chair November 14, 2011"

Similar presentations

INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.

INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.
INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
Cyber-Identity, Authority and Trust in an Uncertain World

Cyber-Identity, Authority and Trust in an Uncertain World
INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
Access Control Prof. Ravi Sandhu Executive Director and Endowed Chair

Access Control Prof. Ravi Sandhu Executive Director and Endowed Chair
ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University.

ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University.
Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.

Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.
© 2006 Ravi Sandhu www.list.gmu.edu Cyber-Identity, Authority and Trust Systems Prof. Ravi Sandhu Professor of Information Security and Assurance Director,

© 2006 Ravi Sandhu Cyber-Identity, Authority and Trust Systems Prof. Ravi Sandhu Professor of Information Security and Assurance Director,
OM-AM and RBAC Ravi Sandhu * www.list.gmu.edu Laboratory for Information Security Technology (LIST) George Mason University.

OM-AM and RBAC Ravi Sandhu * Laboratory for Information Security Technology (LIST) George Mason University.
Engineering Authority and Trust in Cyberspace: The OM-AM and RBAC Way Prof. Ravi Sandhu George Mason University www.list.gmu.edu.

Engineering Authority and Trust in Cyberspace: The OM-AM and RBAC Way Prof. Ravi Sandhu George Mason University
The RBAC96 Model Prof. Ravi Sandhu. 2 © Ravi Sandhu WHAT IS RBAC?  multidimensional  open ended  ranges from simple to sophisticated.

The RBAC96 Model Prof. Ravi Sandhu. 2 © Ravi Sandhu WHAT IS RBAC?  multidimensional  open ended  ranges from simple to sophisticated.
1 Access Control Models Prof. Ravi Sandhu Executive Director and Endowed Chair January 25, 2013 & February 1, 2013

1 Access Control Models Prof. Ravi Sandhu Executive Director and Endowed Chair January 25, 2013 & February 1, 2013
1 The Data and Application Security and Privacy (DASPY) Challenge Prof. Ravi Sandhu Executive Director and Endowed Chair 11/11/11

1 The Data and Application Security and Privacy (DASPY) Challenge Prof. Ravi Sandhu Executive Director and Endowed Chair 11/11/11
1 The Future of Access Control: Attributes, Automation and Adaptation Prof. Ravi Sandhu Executive Director and Endowed Chair S&P Symposium IIT Kanpur March.

1 The Future of Access Control: Attributes, Automation and Adaptation Prof. Ravi Sandhu Executive Director and Endowed Chair S&P Symposium IIT Kanpur March.
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.

1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.

1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.
1 Security and Trust Convergence: Attributes, Relations and Provenance Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown.

1 Security and Trust Convergence: Attributes, Relations and Provenance Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown.
Attribute-Based Access Control Models and Beyond

Attribute-Based Access Control Models and Beyond
1 Plenary Panel on Cloud Security and Privacy: What is new and What needs to be done? Ravi Sandhu Executive Director and Endowed Professor December 2010.

1 Plenary Panel on Cloud Security and Privacy: What is new and What needs to be done? Ravi Sandhu Executive Director and Endowed Professor December 2010.
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.

1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.

Similar presentations

Ads by Google