1 / 43

Cyber-Identity, Authority and Trust in an Uncertain World

Cyber-Identity, Authority and Trust in an Uncertain World. Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University www.list.gmu.edu sandhu@gmu.edu. Outline. Perspective on security Role Based Access Control (RBAC)

minya
Download Presentation

Cyber-Identity, Authority and Trust in an Uncertain World

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University www.list.gmu.edu sandhu@gmu.edu

  2. Outline • Perspective on security • Role Based Access Control (RBAC) • Objective Model-Architecture Mechanism (OM-AM) Framework • Usage Control (UCON) • Discussion

  3. PERSPECTIVE

  4. Security Conundrum • Nobody knows WHAT security is • Some of us do know HOW to implement pieces of it Result: hammers in search of nails

  5. USAGE purpose • electronic commerce, electronic business Security Confusion • DRM, client-side controls INTEGRITY modification AVAILABILITY access CONFIDENTIALITY disclosure

  6. Security Successes • On-line banking • On-line trading • Automatic teller machines (ATMs) • GSM phones • Set-top boxes • ……………………. Success is largely unrecognized by the security community

  7. Good enough security • Exceeding good enough is not good • You will pay a price in user convenience, ease of operation, cost, performance, availability, … • There is no such thing as free security • Determining good enough is hard • Necessarily a moving target

  8. Good enough security Real-world users Security geeks SECURE EASY • end users • operations staff • help desk • whose security • perception or reality of security Business models dominate security models COST System owner • system cost • operational cost • opportunity cost • cost of fraud

  9. Good enough security • In many cases good enough is achievable at a pretty low threshold • The “entrepreneurial” mindset • In extreme cases good enough will require a painfully high threshold • The “academic” mindset

  10. Good enough security COST L M H Entrepreneurial mindset Academic mindset H 1 2 3 R I S K 2 3 4 M L 3 4 5

  11. ROLE-BASED ACCESS CONTROL (RBAC)

  12. MAC, DAC and RBAC • For 25 years (1971-96) access control was divided into • Mandatory Access Control (MAC) • Discretionary Access Control (DAC) • Since the early-mid 1990’s Role-Based Access Control (RBAC) has become a dominant force • RBAC subsumes MAC and DAC • RBAC is not the “final” answer BUT is a critical piece of the “final” answer

  13. Mandatory Access Control (MAC) TS S Lattice of security labels C Information Flow Dominance U Rights are determined by security labels (Bell-LaPadula 1971)

  14. Discretionary Access Control (DAC) • The owner of a resource determines access to that resource • The owner is often the creator of the resource • Fails to distinguish read from copy • This distinction has re-emerged recently under the name Dissemination Control (DCON)

  15. ... RBAC96 model(Currently foundation of a NIST/ANSI/ISO standard) ROLE HIERARCHIES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERS ROLES PERMISSIONS CONSTRAINTS SESSIONS

  16. RBAC SECURITY PRINCIPLES • least privilege • separation of duties • separation of administration and access • abstract operations

  17. HIERARCHICAL ROLES Primary-Care Physician Specialist Physician Physician Health-Care Provider

  18. Fundamental Theorem of RBAC • RBAC can be configured to do MAC • RBAC can be configured to do DAC RBAC is policy neutral

  19. OM-AM (Objective/Model Architecture/Mechanism) Framework

  20. THE OM-AM WAY A s s u r a n c e • Objectives • Model • Architecture • Mechanism What? How?

  21. LAYERS AND LAYERS • Multics rings • Layered abstractions • Waterfall model • Network protocol stacks • Napolean layers • RoFi layers • OM-AM • etcetera

  22. What? How? OM-AM AND MANDATORY ACCESS CONTROL (MAC) A s s u r a n c e • No information leakage • Lattices (Bell-LaPadula) • Security kernel • Security labels

  23. What? How? OM-AM AND DISCRETIONARY ACCESS CONTROL (DAC) A s s u r a n c e • Owner-based discretion • numerous • numerous • ACLs, Capabilities, etc

  24. What? How? OM-AM AND ROLE-BASED ACCESS CONTROL (RBAC) A s s u r a n c e • Objective neutral • RBAC96, ARBAC97, etc. • user-pull, server-pull, etc. • certificates, tickets, PACs, etc.

  25. ... RBAC96 model(Currently foundation of a NIST/ANSI/ISO standard) ROLE HIERARCHIES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERS ROLES PERMISSIONS CONSTRAINTS SESSIONS

  26. Server-Pull Architecture Client Server User-role Authorization Server

  27. User-Pull Architecture Client Server User-role Authorization Server

  28. Proxy-Based Architecture Client Proxy Server Server User-role Authorization Server

  29. USAGE CONTROL (UCON)

  30. The UCON Vision: A unified model • Traditional access control models are not adequatefor today’s distributed, network-connected digital environment. • Authorization only – No obligation or condition based control • Decision is made before access – No ongoing control • No consumable rights - No mutable attributes • Rights are pre-defined and granted to subjects

  31. OM-AM layered Approach

  32. Prior Work • Problem-specific enhancement to traditional access control • Digital Rights Management (DRM) • mainly focus on intellectual property rights protection. • Architecture and Mechanism level studies, Functional specification languages – Lack of access control model • Trust Management • Authorization for strangers’ access based on credentials

  33. Prior Work • Incrementally enhanced models • Provisional authorization [Kudo & Hada, 2000] • EACL [Ryutov & Neuman, 2001] • Task-based Access Control [Thomas & Sandhu, 1997] • Ponder [Damianou et al., 2001]

  34. Usage Control (UCON) Coverage • Protection Objectives • Sensitive information protection • IPR protection • Privacy protection • Protection Architectures • Server-side reference monitor (SRM) • Client-side reference monitor (CRM) • Both SRM and CRM

  35. Continuity of decisions ongoing pre post Mutability of attributes Core UCON (Usage Control) Models

  36. Examples • Long-distance phone (pre-authorization with post-update) • Pre-paid phone card (ongoing-authorization with ongoing-update) • Pay-per-view (pre-authorization with pre-updates) • Click Ad within every 30 minutes (ongoing-obligation with ongoing-updates) • Business Hour (pre-/ongoing-condition)

  37. Beyond the UCON Core Models

  38. UCON Architectures • We narrow down our focus so we can discuss in detail how UCON can be realized in architecture level • Sensitive information protection X CRM • First systematic study for generalized security architectures for digital information dissemination • Architectures can be extended to include payment function

  39. Three Factors of Security Architectures • Virtual Machine (VM) • runs on top of vulnerable computing environment and has control functions • Additional assurance will come with emerging hardware support • Control Set (CS) • A list of access rights and usage rules • Fixed,embedded, and external control set • Distribution Style • Message Push (MP),External Repository (ER) style

  40. Architecture Taxonomy • VM: Virtual Machine • CS: Control Set • MP: Message Push • ER: External Repository • NC1: No control architecture w/ MP • NC2: No control architecture w/ ER • FC1: Fixed control architecture w/ MP • FC2: Fixed control architecture w/ ER • EC1: Embedded control architecture w/ MP • EC2: Embedded control architecture w/ ER • XC1: External control architecture w/ MP • XC2: External control architecture w/ ER

  41. DISCUSSION

  42. THE OM-AM WAY A s s u r a n c e • Objectives • Model • Architecture • Mechanism What? How?

  43. Good enough security COST L M H Entrepreneurial mindset Academic mindset H 1 2 3 R I S K 2 3 4 M L 3 4 5

More Related