1 / 27

Access Control Evolution and Prospects

Explore the evolution, challenges, and future prospects of access control in the field of cyber security. Discover the fundamental technologies and limits, including authentication, authorization, cryptography, and more. Learn about different access control models such as DAC, MAC, RBAC, and ABAC, and their strengths and weaknesses. Delve into the world-leading research and real-world impact of access control.

tomd
Download Presentation

Access Control Evolution and Prospects

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Access ControlEvolution and Prospects Ravi SandhuExecutive DirectorProfessor of Computer ScienceLutcher Brown Chair in Cyber Security October 2019 ravi.sandhu@utsa.eduwww.ics.utsa.eduwww.profsandhu.com World-Leading Research with Real-World Impact!

  2. Holistic Cyber Security Objectives ATTACKS POLICY Respond Enable Why? What? Enforce Defend DETECT PROTECT How? Mechanisms Complement World-Leading Research with Real-World Impact!

  3. Cyber SecurityFundamental Technologies • Access Control: Authentication, Authorization • Cryptography: Symmetric, Assymetric • Detection: Signature, Zero Day • Recovery/Recourse: Backups, Forensics • Tolerance/Resilience: Mission Assurance • ………. World-Leading Research with Real-World Impact!

  4. Cyber SecurityFundamental Limits • Copy control • Inference • Analog hole • Trusting humans vs trusting software • Trusted computing base vulnerabilities • Side channels and covert channels • ……………. World-Leading Research with Real-World Impact!

  5. Cryptography Symmetric Key Cryptography, 1977 Asymmetric Key Cryptography, 1996 BlockChain Applications, ???? World-Leading Research with Real-World Impact!

  6. Access ControlPEI Layers Assumes Successful Authentication Idealized Enforceable (Approximate) Codeable World-Leading Research with Real-World Impact!

  7. Access Control Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? World-Leading Research with Real-World Impact!

  8. Core concept: Custodian of information determines access • Core drawback: Does not protect copies Therefore OK for integrity but not for confidentiality • Sophistication: Delegation of custody Denials or negative rights Discretionary Access Control (DAC) World-Leading Research with Real-World Impact!

  9. Mandatory Access Control (MAC) Top Secret Secret Confidential Unclassified can-flow World-Leading Research with Real-World Impact!

  10. Core concept: Extend control to copies by means of security labels • Core drawback: Covert/side channels bypass MAC Inference not prevented Too strict Too reductionist • Sophistication: Dynamic labels Mandatory Access Control (MAC) World-Leading Research with Real-World Impact!

  11. Access Control Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? World-Leading Research with Real-World Impact!

  12. Role-Based Access Control (RBAC) Primary-Care Physician Specialist Physician Physician Health-Care Provider World-Leading Research with Real-World Impact!

  13. Core concept: Roles determine everything • Core drawback: Roles are a natural concept for human users But not so natural for: Information objects IoT things Contextual attributes • Sophistication: Role hierarchies Role constraints Role-Based Access Control (RBAC) World-Leading Research with Real-World Impact!

  14. Role-Based Access Control (RBAC) • Fundamental theorem of RBAC: RBAC can be configured to do DAC RBAC can be configured to do MAC World-Leading Research with Real-World Impact!

  15. Access Control Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? World-Leading Research with Real-World Impact!

  16. Attribute-Based Access Control (ABAC) Operation Access Decision? Yes/No Actor Target Context World-Leading Research with Real-World Impact!

  17. Core concept: Attributes determine everything No fixed access decision rule • Core drawback: Flexibility at the cost of complexity • Sophistication: Chained attributes Group attributes Distributed decision rules Automation Adaptation Attribute-Based Access Control (ABAC) World-Leading Research with Real-World Impact!

  18. Access Control Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? World-Leading Research with Real-World Impact!

  19. ABAC Research Space 7. ABAC Design, Engineering and Applications 3. Administrative ABAC Models 4. Extended ABAC Models 6. ABAC Enforcement Architectures 5. ABAC Policy Architectures and Languages 2. Core ABAC Models 1. Foundational Principles and Theory World-Leading Research with Real-World Impact!

  20. Core ABAC Models: ABACβ World-Leading Research with Real-World Impact!

  21. Core ABAC Models: ABACβ Policy Configuration Points Can be configured to do various forms of DAC, MAC, RBAC (Jin, Krishnan, Sandhu 2012) World-Leading Research with Real-World Impact!

  22. Administrative ABAC Models: HGABAC • Hierarchical Group and Attribute Based Access Control (HGABAC) • Introduces User and Object Groups • Simplifies administration of attributes Servos and Osborn, 2015 World-Leading Research with Real-World Impact!

  23. ABAC Applications: Cloud Enabled IoT Alsheri, Bhatt, Patwa, Benson, Sandhu 2016 onwards World-Leading Research with Real-World Impact!

  24. Policy Architecture: Amazon AWSstyle World-Leading Research with Real-World Impact!

  25. ABAC Enforcement Architecture: Federated ABAC Fisher 2015 NCCOE, NIST, Building Block World-Leading Research with Real-World Impact!

  26. Extended ABAC Models: ReBAC versus ABAC ReBAC and ABAC are not that different (Tahmina, Sandhu 2017) World-Leading Research with Real-World Impact!

  27. Foundations: Safety Analysis Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 • Can subject s obtain a right r on object o? • Current state? • Some future state? Role Based Access Control (RBAC), 1995 Safety Complexity Attribute Based Access Control (ABAC), ???? Ahmed, Rajkumar, Sandhu 2016 onwards World-Leading Research with Real-World Impact!

More Related