Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 RABAC : Role-Centric Attribute-Based Access Control MMM-ACNS 2012 Xin Jin, Ravi Sandhu, Ram Krishnan University of Texas at San Antonio San Antonio,

Published byTodd Robbins Modified over 9 years ago

Similar presentations

Presentation on theme: "1 RABAC : Role-Centric Attribute-Based Access Control MMM-ACNS 2012 Xin Jin, Ravi Sandhu, Ram Krishnan University of Texas at San Antonio San Antonio,"— Presentation transcript:

1 1 RABAC : Role-Centric Attribute-Based Access Control MMM-ACNS 2012 Xin Jin, Ravi Sandhu, Ram Krishnan University of Texas at San Antonio San Antonio, TX, USA World-Leading Research with Real-World Impact! Institute for Cyber Security

2 OUTLINE  Motivation  Proposed Model  XACML Profile  Conclusion World-Leading Research with Real-World Impact!

3 Role Based Access Control World-Leading Research with Real-World Impact! Role Explosion Role number is supposed to be much than users. Role Explosion : Different roles have to be defined for slightly different sets of permissions.

4 Example Doctor Patient Patient Document Visit Doctor Attending Doctor prj1 prj2 prj3 prjn Time and devices constraints, etc. Revealed for specific project. One doctor role for each set of patients. One VisitDoctor role for each project. World-Leading Research with Real-World Impact!

5 Related Work  Role Template, Parameterized Role, Attributed role, etc  Two level RBAC (SACMAT 12)  Environment Role, Object Role  Automatic user-role assignment, TrustBAC  Relationship based access control (ReBAC)  Role and organization based access control (ROBAC) World-Leading Research with Real-World Impact! They need modification in user-role and role-permission assignment. Role engineering is the most costly work in constructing RBAC system. Why can’t we design a solution which can be enforced with least impact to current deployment?

6 Motivation World-Leading Research with Real-World Impact!

7 Motivation  NIST proposed three alternative revisions to RBAC standard  Attribute Centric  Totally attribute based, role as a user attribute  Related work: ABAC–alpha model [Jin, DBSEC12], etc  Dynamic Roles  Automatically user-role assignment [Kahtani & Sandhu],etc  Role Centric RBAC  Not too much research. World-Leading Research with Real-World Impact! With previous work in ABAC-alpha, We provide a formal model for Role-Centric attribute based access control.

8 OUTLINE  Motivation  Proposed Model  XACML Profile  Conclusion World-Leading Research with Real-World Impact!

9 Model Components World-Leading Research with Real-World Impact!

10 Model Components World-Leading Research with Real-World Impact!

11 Filtering Policy World-Leading Research with Real-World Impact!

12 Filtering Policy World-Leading Research with Real-World Impact! How to specify?

13 Language for Policy World-Leading Research with Real-World Impact! Common Policy Language (CPL) : LCondition, used to specify each condition, is an instance of CPL where: type(o) = studentrecord ⋀ (owner(o) ∈ GameClub ⋁ ( ∃ reader ∈ reader(o). reader = user3)) Example :

14 Language for Policy World-Leading Research with Real-World Impact! LFilter, used to specify each filter, is an instance of CPL where: Example : major(u) = major(o) ⋀ (location(u)= utsa ⋁ ∃ project ∈ involvedprj(u). project=proj(o))

15 Access Checking World-Leading Research with Real-World Impact! Apply policy and get final available permissions in session Check against user request

16 World-Leading Research with Real-World Impact! Package Building Path

17 World-Leading Research with Real-World Impact! Advantage DoctorVisit DoctorPatient Document doctorof oproj uproj, device, time. Two role definitions are enough.

18 OUTLINE  Motivation  Proposed Model  XACML Profile  Conclusion World-Leading Research with Real-World Impact!

19 XACML-Profile for RABAC World-Leading Research with Real-World Impact! XACML Profile for RBAC XACML express permission filtering policy

20 OUTLINE  Motivation  Proposed Model  Use Case  XACML Profile  Conclusion World-Leading Research with Real-World Impact!

21 Conclusion  Main contribution  RABAC model: Extension to RBAC with filtering policy  Define languages for specifying policy  Modify functions for access checking  Advantages  Without modification to original deployment while mitigating role explosion problem.  Retains the administration convenience of RBAC  Offer flexibility and administration convenience.  Future work  Distinguish user attribute and session attribute.  Enhance policy language. World-Leading Research with Real-World Impact!

22 22 World-Leading Research with Real-World Impact! Thanks Any Questions? Institute for Cyber Security

Download ppt "1 RABAC : Role-Centric Attribute-Based Access Control MMM-ACNS 2012 Xin Jin, Ravi Sandhu, Ram Krishnan University of Texas at San Antonio San Antonio,"

Similar presentations

Towards Secure Information Sharing Models for Community Cyber Security Ravi Sandhu, Ram Krishnan and Gregory B. White Institute for Cyber Security University.

Towards Secure Information Sharing Models for Community Cyber Security Ravi Sandhu, Ram Krishnan and Gregory B. White Institute for Cyber Security University.
Institute for Cyber Security ASCAA Principles for Next- Generation Role-Based Access Control Ravi Sandhu Executive Director & Endowed Professor Institute.

Institute for Cyber Security ASCAA Principles for Next- Generation Role-Based Access Control Ravi Sandhu Executive Director & Endowed Professor Institute.
11 World-Leading Research with Real-World Impact! A Framework for Risk-Aware Role Based Access Control Khalid Zaman Bijon, Ram Krishnan and Ravi Sandhu.

11 World-Leading Research with Real-World Impact! A Framework for Risk-Aware Role Based Access Control Khalid Zaman Bijon, Ram Krishnan and Ravi Sandhu.
Institute for Cyber Security

Institute for Cyber Security
Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.

Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.
Institute for Cyber Security

Institute for Cyber Security
1 Attribute Based Access Control and Implementation in Infrastructure as a Service Cloud Dissertation Defense Xin Jin Advisor: Dr. Ravi Sandhu Co-Advisor:

1 Attribute Based Access Control and Implementation in Infrastructure as a Service Cloud Dissertation Defense Xin Jin Advisor: Dr. Ravi Sandhu Co-Advisor:
Future of Access Control: Attributes, Automation, Adaptation

Future of Access Control: Attributes, Automation, Adaptation
1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.

1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.
Institute for Cyber Security Extending OpenStack Access Control with Domain Trust World-Leading Research with Real-World Impact! 1 Bo Tang and Ravi Sandhu.

Institute for Cyber Security Extending OpenStack Access Control with Domain Trust World-Leading Research with Real-World Impact! 1 Bo Tang and Ravi Sandhu.
Attribute-Based Access Control Models and Beyond

Attribute-Based Access Control Models and Beyond
11 World-Leading Research with Real-World Impact! Constraints Specification for Virtual Resource Orchestration in Cloud IaaS Constraints Specification.

11 World-Leading Research with Real-World Impact! Constraints Specification for Virtual Resource Orchestration in Cloud IaaS Constraints Specification.
11 World-Leading Research with Real-World Impact! RT-Based Administrative Models for Community Cyber Security Information Sharing Ravi Sandhu, Khalid Zaman.

11 World-Leading Research with Real-World Impact! RT-Based Administrative Models for Community Cyber Security Information Sharing Ravi Sandhu, Khalid Zaman.
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.

1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.

11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.
11 World-Leading Research with Real-World Impact! A Formal Model for Isolation Management in Cloud Infrastructure-as-a-Service Khalid Zaman Bijon, Ram.

11 World-Leading Research with Real-World Impact! A Formal Model for Isolation Management in Cloud Infrastructure-as-a-Service Khalid Zaman Bijon, Ram.
1 A Role Based Administration Model For Attribute Xin Jin, Ram Krishnan, Ravi Sandhu SRAS, Sep 19, 2012 World-Leading Research with Real-World Impact!

1 A Role Based Administration Model For Attribute Xin Jin, Ram Krishnan, Ravi Sandhu SRAS, Sep 19, 2012 World-Leading Research with Real-World Impact!
1 World-Leading Research with Real-World Impact! Authorization Federation in IaaS Multi Cloud Navid Pustchi, Ram Krishnan and Ravi Sandhu SCC 2015.

1 World-Leading Research with Real-World Impact! Authorization Federation in IaaS Multi Cloud Navid Pustchi, Ram Krishnan and Ravi Sandhu SCC 2015.
11 World-Leading Research with Real-World Impact! A Group-Centric Model for Collaboration with Expedient Insiders in Multilevel Systems Khalid Zaman Bijon,

11 World-Leading Research with Real-World Impact! A Group-Centric Model for Collaboration with Expedient Insiders in Multilevel Systems Khalid Zaman Bijon,
INSTITUTE FOR CYBER SECURITY 1 Cyber Security: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security.

INSTITUTE FOR CYBER SECURITY 1 Cyber Security: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security.

Similar presentations

Ads by Google