Cyber identity authority and trust in an uncertain world
This presentation is the property of its rightful owner.
Sponsored Links
1 / 42

Cyber-Identity, Authority and Trust in an Uncertain World PowerPoint PPT Presentation


  • 48 Views
  • Uploaded on
  • Presentation posted in: General

Cyber-Identity, Authority and Trust in an Uncertain World. Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University www.list.gmu.edu [email protected] Outline. Perspective on security Role Based Access Control (RBAC)

Download Presentation

Cyber-Identity, Authority and Trust in an Uncertain World

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Cyber identity authority and trust in an uncertain world

Cyber-Identity, Authority and Trust in an Uncertain World

Prof. Ravi Sandhu

Laboratory for Information Security Technology

George Mason University

www.list.gmu.edu

[email protected]


Outline

Outline

  • Perspective on security

  • Role Based Access Control (RBAC)

  • Objective Model-Architecture Mechanism (OM-AM) Framework

  • Usage Control (UCON)

  • Discussion


Perspective

PERSPECTIVE


Security conundrum

Security Conundrum

  • Nobody knows WHAT security is

  • Some of us do know HOW to implement pieces of it

Result: hammers in search of nails


Security confusion

USAGE

purpose

  • electronic commerce, electronic business

Security Confusion

  • DRM, client-side controls

INTEGRITY

modification

AVAILABILITY

access

CONFIDENTIALITY

disclosure


Security successes

Security Successes

  • On-line banking

  • On-line trading

  • Automatic teller machines (ATMs)

  • GSM phones

  • Set-top boxes

Success is largely unrecognized

by the security community


Good enough security

Good enough security

  • Exceeding good enough is not good

    • You will pay a price in user convenience, ease of operation, cost, performance, availability, …

    • There is no such thing as free security

  • Determining good enough is hard

    • Necessarily a moving target


Good enough security1

Good enough security

Real-world users

Security geeks

SECURE

EASY

  • end users

  • operations staff

  • help desk

  • whose security

  • perception or reality of security

System owner

COST

  • system solution

  • operational cost

  • opportunity cost

  • cost of fraud


Good enough security2

Good enough security

  • In many cases good enough is achievable at a pretty low threshold

    • The “entrepreneurial” mindset

  • In extreme cases good enough will require a painfully high threshold

    • The “academic” mindset


Role based access control rbac

ROLE-BASED ACCESS CONTROL (RBAC)


Mac and dac

MAC and DAC

  • For 25 years access control has been divided into

    • Mandatory Access Control (MAC)

    • Discretionary Access Control (DAC)

  • In the past 10 years RBAC has become a dominant force

    • RBAC subsumes MAC and DAC


Mandatory access control mac

Mandatory Access Control (MAC)

TS

S

Lattice of

security

labels

C

Information

Flow

Dominance

U


Mandatory access control mac1

Mandatory Access Control (MAC)

S,{A,B}

S,{B}

S,{A]

Dominance

Information

Flow

Lattice of

security

labels

S,{}


Discretionary access control dac

Discretionary Access Control (DAC)

  • The owner of a resource determines access to that resource

    • The owner is often the creator of the resource

  • Fails to distinguish read from copy


Rbac96 model currently foundation of an nist ansi iso standard

...

RBAC96 model(Currently foundation of an NIST/ANSI/ISO standard)

ROLE HIERARCHIES

USER-ROLE

ASSIGNMENT

PERMISSIONS-ROLE

ASSIGNMENT

USERS

ROLES

PERMISSIONS

SESSIONS

CONSTRAINTS


Rbac security principles

RBAC SECURITY PRINCIPLES

  • least privilege

  • separation of duties

  • separation of administration and access

  • abstract operations


Hierarchical roles

HIERARCHICAL ROLES

Primary-Care

Physician

Specialist

Physician

Physician

Health-Care Provider


Fundamental theorem of rbac

Fundamental Theorem of RBAC

  • RBAC can be configured to do MAC

  • RBAC can be configured to do DAC

RBAC is policy neutral


Om am objective model architecture mechanism framework

OM-AM(Objective/Model-Architecture/Mechanism)Framework


The om am way

THE OM-AM WAY

A

s

s

u

r

a

n

c

e

Objectives

Model

Architecture

Mechanism

What?

How?


Layers and layers

LAYERS AND LAYERS

  • Multics rings

  • Layered abstractions

  • Waterfall model

  • Network protocol stacks

  • Napolean layers

  • RoFi layers

  • OM-AM

  • etcetera


Om am and mandatory access control mac

What?

How?

OM-AM AND MANDATORY ACCESS CONTROL (MAC)

A

s

s

u

r

a

n

c

e

No information leakage

Lattices (Bell-LaPadula)

Security kernel

Security labels


Om am and discretionary access control dac

What?

How?

OM-AM AND DISCRETIONARY ACCESS CONTROL (DAC)

A

s

s

u

r

a

n

c

e

Owner-based discretion

numerous

numerous

ACLs, Capabilities, etc


Om am and role based access control rbac

What?

How?

OM-AM AND ROLE-BASED ACCESS CONTROL (RBAC)

A

s

s

u

r

a

n

c

e

Objective neutral

RBAC96, ARBAC97, etc.

user-pull, server-pull, etc.

certificates, tickets, PACs, etc.


Rbac96 model

ROLE HIERARCHIES

USER-ROLE

ASSIGNMENT

PERMISSIONS-ROLE

ASSIGNMENT

USERS

ROLES

PERMISSIONS

...

SESSIONS

CONSTRAINTS

RBAC96 Model


Server pull architecture

Server-Pull Architecture

Client

Server

User-role

Authorization

Server


User pull architecture

User-Pull Architecture

Client

Server

User-role

Authorization

Server


Proxy based architecture

Proxy-Based Architecture

Client

Proxy

Server

Server

User-role

Authorization

Server


Usage control ucon

USAGE CONTROL (UCON)


The ucon vision a unified model

The UCON Vision:A unified model

  • Traditional access control models are not adequatefor today’s distributed, network-connected digital environment.

    • Authorization only – No obligation or condition based control

    • Decision is made before access – No ongoing control

    • No consumable rights - No mutable attributes

    • Rights are pre-defined and granted to subjects


Om am layered approach

OM-AM layered Approach

  • ABC core models for UCON


Prior work

Prior Work

  • Problem-specific enhancement to traditional access control

    • Digital Rights Management (DRM)

      • mainly focus on intellectual property rights protection.

      • Architecture and Mechanism level studies, Functional specification languages – Lack of access control model

    • Trust Management

      • Authorization for strangers’ access based on credentials


Prior work1

Prior Work

  • Incrementally enhanced models

    • Provisional authorization [Kudo & Hada, 2000]

    • EACL [Ryutov & Neuman, 2001]

    • Task-based Access Control [Thomas & Sandhu, 1997]

    • Ponder [Damianou et al., 2001]


Usage control ucon coverage

Usage Control (UCON) Coverage

  • Protection Objectives

    • Sensitive information protection

    • IPR protection

    • Privacy protection

  • Protection Architectures

    • Server-side reference monitor

    • Client-side reference monitor

    • SRM & CRM


Building abc models

Building ABC Models

  • Continuity

    • Decision can be made during usage for continuous enforcement

  • Mutability

    • Attributes can be updated as side-effects of subjects’ actions


Examples

Examples

  • Long-distance phone (pre-authorization with post-update)

  • Pre-paid phone card (ongoing-authorization with ongoing-update)

  • Pay-per-view (pre-authorization with pre-updates)

  • Click Ad within every 30 minutes (ongoing-obligation with ongoing-updates)

  • Business Hour (pre-/ongoing-condition)


Beyond the abc core models

Beyond the ABC Core Models


Ucon architectures

UCON Architectures

  • We narrow down our focus so we can discuss in detail how UCON can be realized in architecture level

    • Sensitive information protection X CRM

  • First systematic study for generalized security architectures for digital information dissemination

  • Architectures can be extended to include payment function


Three factors of security architectures

Three Factors of Security Architectures

  • Virtual Machine (VM)

    • runs on top of vulnerable computing environment and has control functions

  • Control Set (CS)

    • A list of access rights and usage rules

    • Fixed,embedded, and external control set

  • Distribution Style

    • Message Push (MP),External Repository (ER) style


Architecture taxonomy

Architecture Taxonomy

VM: Virtual Machine

CS: Control Set

MP: Message Push

ER: External Repository

NC1: No control architecture w/ MP

NC2: No control architecture w/ ER

FC1: Fixed control architecture w/ MP

FC2: Fixed control architecture w/ ER

EC1: Embedded control architecture w/ MP

EC2: Embedded control architecture w/ ER

XC1: External control architecture w/ MP

XC2: External control architecture w/ ER


Conclusion

Conclusion

  • Perspective on security

  • Role Based Access Control (RBAC)

  • Objective Model-Architecture Mechanism (OM-AM) Framework

  • Usage Control (UCON)

  • Discussion


Radical shifts get real

Radical Shifts: get real

Focus on

  • what needs to be done rather than how it is to be done

    • real-word business requirements rather than hypothetical academic scenarios

    • the 80% problem rather than the 120% problem

  • soft and informal rather than hard and formal

    • constructing the policy rather than auditing the policy

    • constructive safety via policy articulation and evolution rather than post-facto algorithmic safety

  • ordinary consumers as end-users and administrators rather than techno-geeks or math-geeks


  • Login