ENGINEERING AUTHORITY AND TRUST IN CYBERSPACE: - PowerPoint PPT Presentation

1 / 24
About This Presentation
Title:

ENGINEERING AUTHORITY AND TRUST IN CYBERSPACE:

Description:

Information security management is fundamentally ... R&D IN INTERNET TIME. new technology needs to be developed and deployed continuously in the very short ... – PowerPoint PPT presentation

Number of Views:52
Avg rating:3.0/5.0
Slides: 25
Provided by: rav93
Category:

less

Transcript and Presenter's Notes

Title: ENGINEERING AUTHORITY AND TRUST IN CYBERSPACE:


1
ENGINEERING AUTHORITY AND TRUST IN CYBERSPACE A
ROLE-BASED APPROACH
Prof. Ravi Sandhu Laboratory for Information
Security Technology George Mason
University sandhu_at_gmu.edu www.list.gmu.edu
2
AUTHORIZATION, TRUST AND RISK
  • Information security management is fundamentally
    about managing
  • authorization and
  • trust
  • so as to manage risk

3
ENGINEERING AUTHORITY TRUST4 LAYERS
  • Policy
  • Model
  • Architecture
  • Mechanism

4
ENGINEERING AUTHORITY TRUST4 LAYERS
Multilevel Security
No information leakage Lattices
(Bell-LaPadula) Security kernel Security labels
5
ENGINEERING AUTHORITY TRUST4 LAYERS
Role-Based Access Control (RBAC)
Policy neutral RBAC96 user-pull, server-pull,
etc. certificates, tickets, PACs, etc.
6
ROLE-BASED ACCESS CONTROL (RBAC)
  • A users permissions are determined by the users
    roles
  • rather than identity or clearance
  • roles can encode arbitrary attributes
  • multi-faceted
  • ranges from very simple to very sophisticated

7
RBAC SECURITY PRINCIPLES
  • least privilege
  • separation of duties
  • separation of administration and access
  • abstract operations

8
RBAC96IEEE Computer Feb. 1996
  • Policy neutral
  • can be configured to do MAC
  • roles simulate clearances (ESORICS 96)
  • can be configured to do DAC
  • roles simulate identity (RBAC98)

9
RBAC96 FAMILY OF MODELS
RBAC3 ROLE HIERARCHIES CONSTRAINTS
RBAC0 BASIC RBAC
10
RBAC0
11
RBAC1
ROLE HIERARCHIES
USER-ROLE ASSIGNMENT
PERMISSION-ROLE ASSIGNMENT
ROLES
USERS
PERMISSIONS
SESSIONS
12
HIERARCHICAL ROLES
Primary-Care Physician
Specialist Physician
Physician
Health-Care Provider
13
EXAMPLE ROLE HIERARCHY
Director (DIR)
Project Lead 1 (PL1)
Project Lead 2 (PL2)
Production 1 (P1)
Quality 1 (Q1)
Production 2 (P2)
Quality 2 (Q2)
Engineer 1 (E1)
Engineer 2 (E2)
Engineering Department (ED)
PROJECT 2
PROJECT 1
Employee (E)
14
RBAC3
ROLE HIERARCHIES
USER-ROLE ASSIGNMENT
PERMISSIONS-ROLE ASSIGNMENT
ROLES
USERS
PERMISSIONS
SESSIONS
CONSTRAINTS
15
ADMINISTRATIVE RBAC
ROLES
PERMISSIONS
USERS
CONSTRAINTS
ADMIN ROLES
ADMIN PERMISSIONS
16
EXAMPLE ROLE HIERARCHY
Director (DIR)
Project Lead 1 (PL1)
Project Lead 2 (PL2)
Production 1 (P1)
Quality 1 (Q1)
Production 2 (P2)
Quality 2 (Q2)
Engineer 1 (E1)
Engineer 2 (E2)
Engineering Department (ED)
PROJECT 2
PROJECT 1
Employee (E)
17
EXAMPLE ADMINISTRATIVE ROLE HIERARCHY
Senior Security Officer (SSO)
Department Security Officer (DSO)
Project Security Officer 1 (PSO1)
Project Security Officer 2 (PSO2)
18
RBAC PARAMETERS
  • RBAC has many facets, including
  • number of roles large or small
  • flat roles versus hierarchical roles
  • permission-role review capability
  • static separation of duties
  • dynamic separation of duties
  • role-activation capability
  • at least 64 variations

19
NIST RBAC MODELin progress
  • Level 1 flat RBAC
  • user-role review
  • Level 2 hierarchical RBAC
  • plus role hierarchies
  • Level 3 constrained RBAC
  • plus separation constraints
  • Level 4 true RBAC
  • plus permission-role review

20
CLASS I SYSTEMSENFORCEMENT ARCHITECTURE
Client
Server
21
CLASS I SYSTEMSADMINISTRATION ARCHITECTURE
Server1
Administrative Client
Server2
Authorization Center
ServerN
22
CLASS II SYSTEMSSERVER-PULL
Client
Server
Authorization Server
Authentication Server
23
CLASS II SYSTEMSUSER-PULL
Client
Server
Authorization Server
Authentication Server
24
RD IN INTERNET TIME
  • new technology needs to be developed and deployed
    continuously in the very short term
  • need focused applied research
  • need synergy between Universities and Industry
Write a Comment
User Comments (0)
About PowerShow.com