Foundations Applications Technologies

Similar documents
The Future of Access Control: Attributes, Automation and Adaptation

Security Models: Past, Present and Future

Towards Secure Information Sharing Models for Community Cyber Security

The Future of Cyber Security

Cyber Security: Past, Present and Future

BM482E Introduction to Computer Security

The Science, Engineering, and Business of Cyber Security

The Science, Engineering, and Business of Cyber Security

ATTRIBUTE-BASED ACCESS CONTROL MODELS AND IMPLEMENTATION IN CLOUD INFRASTRUCTURE AS A SERVICE

CHAPTER 22 Database Security Integration Using Role-Based Access Control

An Object Oriented Role-based Access Control Model for Secure Domain Environments

CLOUD-HOSTED PROXY BASED COLLABORATION IN MULTI- CLOUD COMPUTING ENVIRONMENTS WITH ABAC METHODS

Role Based Access Control

Quest One Identity Solution. Simplifying Identity and Access Management

Role-based access control. RBAC: Motivations

Chapter 2 Taxonomy and Classification of Access Control Models for Cloud Environments

Chapter 8 A secure virtual web database environment

1. Introduction. 2. Background Cloud computing in a nutshell

Installing, Configuring, and Managing a Microsoft Active Directory

Completeness, Versatility, and Practicality in Role Based Administration

Analysis of Different Access Control Mechanism in Cloud

Distributed Attribute Based Encryption for Patient Health Record Security under Clouds

Reference Guide for Security in Networks

Cyber Security: What You Need to Know

Meta Model Based Integration of Role-Based and Discretionary Access Control Using Path Expressions

Integrating Attributes into Role-Based Access Control

Data-stream Mining for Rule-based Access Control. Andrii Shalaginov, 13 th of October 2014 COINS PhD seminar

Proposed NIST Standard for Role-Based Access Control

Components- Based Access Control Architecture

Choosing Between Managed Security Services or In-house SIEM? Consider the Benefits of both!

TRAVERSE: VIRTUALIZATION AND PRIVATE CLOUD MONITORING

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Access Control Lists in Linux & Windows

Security Enhanced Linux and the Path Forward

IBM Software Group. Deliver effective governance for identity and access management.

NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense

Database Security Part 7

A Model for Context-dependent Access Control for Web-based Services with Role-based Approach

Role Based Access Control (RBAC) Nicola Zannone

IDENTITY MANAGEMENT. February The Government of the Hong Kong Special Administrative Region

Introduction to Computer Security

Application Based Access Control on Cloud Networks for Data Security

Towards Securing APIs in Cloud Computing

Practical Steps To Securing Process Control Networks

CA Cloud Service Management Proven Professional Certification Exam

Risk-Aware Role-Based Access Control

Computer Networks. Secure Systems

Updating Your Skills from Microsoft Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010 Course 10165; 5 Days, Instructor-led

Access Control Models Part I. Murat Kantarcioglu UT Dallas

Cisco Data Center Network Manager Release 5.1 (LAN)

How To Secure Cloud Computing

Implementation of Mandatory Access Control in Role-based Security System. CSE367 Final Project Report. Professor Steve Demurjian. Fall 2001.

Role based access control in a telecommunications operations and maintenance network

A logical approach to dynamic role-based access control

Identity Management and Access Control

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

EXECUTIVE VIEW. EmpowerID KuppingerCole Report. By Peter Cummings October By Peter Cummings

Using the Flask Security Architecture to Facilitate Risk Adaptable Access Controls

Onboarding Process. Construction Document

Integrating basic Access Control Models for efficient security along with encryption for the ERP System

Towards a Rule-based Access Control Framework for Distributed Information Systems

Access Control Intro, DAC and MAC. System Security

Citrix XenApp-7.6 Administration Training. Course

WHITE PAPER: THREAT INTELLIGENCE RANKING

The management of the projects with MS Project

Critical Controls for Cyber Security.

Speeding Office 365 Implementation Using Identity-as-a-Service

CDM Hardware Asset Management (HWAM) Capability

Best Practices, Procedures and Methods for Access Control Management. Michael Haythorn

The Protection Mission a constant endeavor

CompTIA Security+ (Exam SY0-410)

Institute for Cyber Security. A Multi-Tenant RBAC Model for Collaborative Cloud Services

ISSECO Syllabus Public Version v1.0

Business Value of Microsoft System Center 2012 Configuration Manager

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 7 Access Control Fundamentals

White Paper. Authentication and Access Control - The Cornerstone of Information Security. Vinay Purohit September Trianz 2008 White Paper Page 1

Study of Virtual Side Channel Attack in Cloud Computing A Review

Transcription:

Institute for Cyber Security ICS Research Projects Ravi Sandhu Institute for Cyber Security University of Te exas at San Antonio August 30, 2012 IIIT Delhi 1

ICS Philosophy Foundations Applications Technologies 2

ICS Projects Secure information sharing Social network security Secure data provenancee Attribute based access control Botnet and malware analysis Smart grid security Hardware security Future internet t 3

ICS Projects Secure information sharing Social network security Secure data provenancee Attribute based access control Botnet and malware analysis Smart grid security Hardware security Future internet t 4

Secure Information Sharing (SIS) Goal: Share but protect Containment challenge Client containment Ultimate assurance infeasible (e.g., the analog hole) Appropriate assurance achievable Server containment Will typically have higher as ssurance than client containment Policy challenge How to construct meaningful, usable, agile SIS policy How to develop an intertwined information and security model 5

SIS Policy Construction Dissemination Centric (d-sis) Sticky policies that follow an object along a dissemination chain (possibly modified at each step) Group Centric (g-sis) Bring users and information together to share existing information and create new information Metaphors: Secure meeting room, Subscription service Benefits: analogous to RBAC over DAC 6

Community Cyber Security Filtered RW Core Group Administered Membership Conditional Membership Incident Group Automatic Membership Administered Membership Open Group Domain Experts 7

Community Cyber Security Core Group Automatic Membership Conditional Membership Incident Groups g1 Re ead Subordination Administered Membership Domain Experts Open Group g2 Write Subordination g3 8

ICS Projects Secure information sharing Social network security Secure data provenancee Attribute based access control Botnet and malware analysis Smart grid security Hardware security Future internet t 9

Relationship-based Access Control Users in Online Social Networks (OSNs) are connected with social rel lationships Owner of the resource can control its release based on such relationsh hips between the access requester and the owner 10

Solution Approach Using regular expression-based path pattern for arbitrary combination of relationship types Given relationship path pattern and hopcount limit, graph traversal algorithm checks the social graph to determine access 11

Related Works The advantages of this approach: Passive form of action allows outgoing and incoming action policy Path pattern of different relationship types make policy specification more expressivee 12

ICS Projects Secure information sharing Social network security Secure data provenancee Attribute based access control Botnet and malware analysis Smart grid security Hardware security Future internet t 13

Provenance Based Access Control (PBAC) vs Provenance Access Control (PAC) 14

OPEN PROVENANCE MODEL (OPM) 15

Sample Base Provenance Data 16

Sample Base Provenance Data wasreviewedoby wasreplacedvof wassubmittedvof wasreviewedoof wasgradedoof 17

ICS Projects Secure information sharing Social network security Secure data provenancee Attribute based access control Botnet and malware analysis Smart grid security Hardware security Future internet t 18

Access Control Models Discretionary Access Control (DAC), 1970 Owner controls access But only to the original, not to copies Grounded in pre-computer policies of researchers Mandatory Access Control (M MAC), 1970 Synonymous to Lattice-Based Access Control (LBAC) Access based on security labels Labels propagate to copies Grounded in pre-computer military and national security policies Role-Based Access Control (RBAC), 1995 Access based on roles Can be configured to do DAC or MAC Grounded in pre-computer ent erprise policies Numerous other models but only 3 successes: SO FAR 19

RBAC Shortcomings Role granularity is not adequate leading to role explosion Researchers have suggested several extensions such as parameterized privileges, role templates, param eterized roles (1997-) Role design and engineering is difficult and expensive Substantial research on role engineering top down or bottom up (1996-), and on role mining i (2003-) Assignment of users/permissions to roles is cumbersome Researchers have investigated decentralized administration (1997-), attribute-based implicit user-role assignment (2002-), role-delegation (2000-), role-based trust management (2003-), attribute-based implicit permission-role assignment (2012-) Adjustment t based on local/glob l/ l bal situational ti factors is difficult Temporal (2001-) and spatial (2005-) extensions to RBAC proposed RBAC does not offer an extension framework Every shortcoming seems to need a custom extension Can ABAC unify these extensions in a common open-ended framework? 20

ABACα Model Structure Policy Configuration Points 21

ICS Projects Secure information sharing Social network security Secure data provenancee Attribute based access control Botnet and malware analysis Smart grid security Hardware security Future internet t 22

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information