Cyber identity authority and trust in an uncertain world
Download
1 / 42

Cyber-Identity, Authority and Trust in an Uncertain World - PowerPoint PPT Presentation


  • 67 Views
  • Uploaded on
  • Presentation posted in: General

Cyber-Identity, Authority and Trust in an Uncertain World. Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University www.list.gmu.edu sandhu@gmu.edu. Outline. Perspective on security Role Based Access Control (RBAC)

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha

Download Presentation

Cyber-Identity, Authority and Trust in an Uncertain World

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Cyber identity authority and trust in an uncertain world
Cyber-Identity, Authority and Trust in an Uncertain World

Prof. Ravi Sandhu

Laboratory for Information Security Technology

George Mason University

www.list.gmu.edu

sandhu@gmu.edu


Outline
Outline

  • Perspective on security

  • Role Based Access Control (RBAC)

  • Objective Model-Architecture Mechanism (OM-AM) Framework

  • Usage Control (UCON)

  • Discussion



Security conundrum
Security Conundrum

  • Nobody knows WHAT security is

  • Some of us do know HOW to implement pieces of it

Result: hammers in search of nails


Security confusion

USAGE

purpose

  • electronic commerce, electronic business

Security Confusion

  • DRM, client-side controls

INTEGRITY

modification

AVAILABILITY

access

CONFIDENTIALITY

disclosure


Security successes
Security Successes

  • On-line banking

  • On-line trading

  • Automatic teller machines (ATMs)

  • GSM phones

  • Set-top boxes

Success is largely unrecognized

by the security community


Good enough security
Good enough security

  • Exceeding good enough is not good

    • You will pay a price in user convenience, ease of operation, cost, performance, availability, …

    • There is no such thing as free security

  • Determining good enough is hard

    • Necessarily a moving target


Good enough security1
Good enough security

Real-world users

Security geeks

SECURE

EASY

  • end users

  • operations staff

  • help desk

  • whose security

  • perception or reality of security

System owner

COST

  • system solution

  • operational cost

  • opportunity cost

  • cost of fraud


Good enough security2
Good enough security

  • In many cases good enough is achievable at a pretty low threshold

    • The “entrepreneurial” mindset

  • In extreme cases good enough will require a painfully high threshold

    • The “academic” mindset



Mac and dac
MAC and DAC

  • For 25 years access control has been divided into

    • Mandatory Access Control (MAC)

    • Discretionary Access Control (DAC)

  • In the past 10 years RBAC has become a dominant force

    • RBAC subsumes MAC and DAC


Mandatory access control mac
Mandatory Access Control (MAC)

TS

S

Lattice of

security

labels

C

Information

Flow

Dominance

U


Mandatory access control mac1
Mandatory Access Control (MAC)

S,{A,B}

S,{B}

S,{A]

Dominance

Information

Flow

Lattice of

security

labels

S,{}


Discretionary access control dac
Discretionary Access Control (DAC)

  • The owner of a resource determines access to that resource

    • The owner is often the creator of the resource

  • Fails to distinguish read from copy


Rbac96 model currently foundation of an nist ansi iso standard

...

RBAC96 model(Currently foundation of an NIST/ANSI/ISO standard)

ROLE HIERARCHIES

USER-ROLE

ASSIGNMENT

PERMISSIONS-ROLE

ASSIGNMENT

USERS

ROLES

PERMISSIONS

SESSIONS

CONSTRAINTS


Rbac security principles
RBAC SECURITY PRINCIPLES

  • least privilege

  • separation of duties

  • separation of administration and access

  • abstract operations


Hierarchical roles
HIERARCHICAL ROLES

Primary-Care

Physician

Specialist

Physician

Physician

Health-Care Provider


Fundamental theorem of rbac
Fundamental Theorem of RBAC

  • RBAC can be configured to do MAC

  • RBAC can be configured to do DAC

RBAC is policy neutral


Om am objective model architecture mechanism framework
OM-AM(Objective/Model-Architecture/Mechanism)Framework


The om am way
THE OM-AM WAY

A

s

s

u

r

a

n

c

e

Objectives

Model

Architecture

Mechanism

What?

How?


Layers and layers
LAYERS AND LAYERS

  • Multics rings

  • Layered abstractions

  • Waterfall model

  • Network protocol stacks

  • Napolean layers

  • RoFi layers

  • OM-AM

  • etcetera


Om am and mandatory access control mac

What?

How?

OM-AM AND MANDATORY ACCESS CONTROL (MAC)

A

s

s

u

r

a

n

c

e

No information leakage

Lattices (Bell-LaPadula)

Security kernel

Security labels


Om am and discretionary access control dac

What?

How?

OM-AM AND DISCRETIONARY ACCESS CONTROL (DAC)

A

s

s

u

r

a

n

c

e

Owner-based discretion

numerous

numerous

ACLs, Capabilities, etc


Om am and role based access control rbac

What?

How?

OM-AM AND ROLE-BASED ACCESS CONTROL (RBAC)

A

s

s

u

r

a

n

c

e

Objective neutral

RBAC96, ARBAC97, etc.

user-pull, server-pull, etc.

certificates, tickets, PACs, etc.


Rbac96 model

ROLE HIERARCHIES

USER-ROLE

ASSIGNMENT

PERMISSIONS-ROLE

ASSIGNMENT

USERS

ROLES

PERMISSIONS

...

SESSIONS

CONSTRAINTS

RBAC96 Model


Server pull architecture
Server-Pull Architecture

Client

Server

User-role

Authorization

Server


User pull architecture
User-Pull Architecture

Client

Server

User-role

Authorization

Server


Proxy based architecture
Proxy-Based Architecture

Client

Proxy

Server

Server

User-role

Authorization

Server



The ucon vision a unified model
The UCON Vision:A unified model

  • Traditional access control models are not adequatefor today’s distributed, network-connected digital environment.

    • Authorization only – No obligation or condition based control

    • Decision is made before access – No ongoing control

    • No consumable rights - No mutable attributes

    • Rights are pre-defined and granted to subjects


Om am layered approach
OM-AM layered Approach

  • ABC core models for UCON


Prior work
Prior Work

  • Problem-specific enhancement to traditional access control

    • Digital Rights Management (DRM)

      • mainly focus on intellectual property rights protection.

      • Architecture and Mechanism level studies, Functional specification languages – Lack of access control model

    • Trust Management

      • Authorization for strangers’ access based on credentials


Prior work1
Prior Work

  • Incrementally enhanced models

    • Provisional authorization [Kudo & Hada, 2000]

    • EACL [Ryutov & Neuman, 2001]

    • Task-based Access Control [Thomas & Sandhu, 1997]

    • Ponder [Damianou et al., 2001]


Usage control ucon coverage
Usage Control (UCON) Coverage

  • Protection Objectives

    • Sensitive information protection

    • IPR protection

    • Privacy protection

  • Protection Architectures

    • Server-side reference monitor

    • Client-side reference monitor

    • SRM & CRM


Building abc models
Building ABC Models

  • Continuity

    • Decision can be made during usage for continuous enforcement

  • Mutability

    • Attributes can be updated as side-effects of subjects’ actions


Examples
Examples

  • Long-distance phone (pre-authorization with post-update)

  • Pre-paid phone card (ongoing-authorization with ongoing-update)

  • Pay-per-view (pre-authorization with pre-updates)

  • Click Ad within every 30 minutes (ongoing-obligation with ongoing-updates)

  • Business Hour (pre-/ongoing-condition)



Ucon architectures
UCON Architectures

  • We narrow down our focus so we can discuss in detail how UCON can be realized in architecture level

    • Sensitive information protection X CRM

  • First systematic study for generalized security architectures for digital information dissemination

  • Architectures can be extended to include payment function


Three factors of security architectures
Three Factors of Security Architectures

  • Virtual Machine (VM)

    • runs on top of vulnerable computing environment and has control functions

  • Control Set (CS)

    • A list of access rights and usage rules

    • Fixed,embedded, and external control set

  • Distribution Style

    • Message Push (MP),External Repository (ER) style


Architecture taxonomy
Architecture Taxonomy

VM: Virtual Machine

CS: Control Set

MP: Message Push

ER: External Repository

NC1: No control architecture w/ MP

NC2: No control architecture w/ ER

FC1: Fixed control architecture w/ MP

FC2: Fixed control architecture w/ ER

EC1: Embedded control architecture w/ MP

EC2: Embedded control architecture w/ ER

XC1: External control architecture w/ MP

XC2: External control architecture w/ ER


Conclusion
Conclusion

  • Perspective on security

  • Role Based Access Control (RBAC)

  • Objective Model-Architecture Mechanism (OM-AM) Framework

  • Usage Control (UCON)

  • Discussion


Radical shifts get real
Radical Shifts: get real

Focus on

  • what needs to be done rather than how it is to be done

    • real-word business requirements rather than hypothetical academic scenarios

    • the 80% problem rather than the 120% problem

  • soft and informal rather than hard and formal

    • constructing the policy rather than auditing the policy

    • constructive safety via policy articulation and evolution rather than post-facto algorithmic safety

  • ordinary consumers as end-users and administrators rather than techno-geeks or math-geeks


ad
  • Login