Page 1
1
Attribute-Based Access Control Modelsand Beyond
Prof. Ravi Sandhu
Executive Director, Institute for Cyber SecurityLutcher Brown Endowed Chair in Cyber Security
University of Texas at San Antonio
AsiaCCS Keynote TalkSingapore
April 16, 2015
[email protected] , www.profsandhu.com, www.ics.utsa.edu
© Ravi Sandhu World-Leading Research with Real-World Impact!
Page 2
© Ravi Sandhu 2World-Leading Research with Real-World Impact!
Access Control
Discretionary Access Control (DAC), 1970
Mandatory Access Control (MAC), 1970
Role Based Access Control (RBAC), 1995
Attribute Based Access Control (ABAC), ????
Page 3
© Ravi Sandhu 3World-Leading Research with Real-World Impact!
PEI Models
Idealized
Enforceable(Approximate)
Codeable
Page 4
© Ravi Sandhu 4World-Leading Research with Real-World Impact!
Access Control
Discretionary Access Control (DAC), 1970
Mandatory Access Control (MAC), 1970
Role Based Access Control (RBAC), 1995
Attribute Based Access Control (ABAC), ????
Page 5
© Ravi Sandhu 5World-Leading Research with Real-World Impact!
Access Control
Discretionary Access Control (DAC), 1970
Mandatory Access Control (MAC), 1970
Role Based Access Control (RBAC), 1995
Attribute Based Access Control (ABAC), ????
Fixedpolicy
Flexiblepolicy
Page 6
© Ravi Sandhu 6World-Leading Research with Real-World Impact!
Access Control
Discretionary Access Control (DAC), 1970
Mandatory Access Control (MAC), 1970
Role Based Access Control (RBAC), 1995
Attribute Based Access Control (ABAC), ????
EnterpriseOriented
BeyondEnterprise
Page 7
© Ravi Sandhu 7World-Leading Research with Real-World Impact!
Access Control
Discretionary Access Control (DAC), 1970
Mandatory Access Control (MAC), 1970
Role Based Access Control (RBAC), 1995
Attribute Based Access Control (ABAC), ????
AdministrationDriven
AutomatedAdaptive
Page 8
8World-Leading Research with Real-World Impact!
RBAC96 Model
© Ravi Sandhu
Constraints
Page 9
Fundamental Theorem of RBAC
© Ravi Sandhu 9World-Leading Research with Real-World Impact!
RBAC can be configured to do MAC
RBAC can be configured to do DAC
RBAC is policy neutralRBAC is neither MAC nor DAC!
Page 10
10World-Leading Research with Real-World Impact!
RBAC Shortcomings
© Ravi Sandhu
Constraints
Hard Enough Impossible
Page 11
© Ravi Sandhu 11World-Leading Research with Real-World Impact!
The RBAC Story
2nd expansion phase1st expansion phase
1995 2000 2005 2008
Amount ofPublications
Year of Publication
28 30 30 35 40 48 53 88 85 88 112 103 111 866
1992
3 2 7 3
80
60
40
20
0
Pre-RBAC Early RBAC
100
RBAC96model
NIST-ANSIStandard Proposed
NIST-ANSIStandardAdopted
Ludwig Fuchs, Gunther Pernul and Ravi Sandhu, Roles in Information Security-A Survey and Classification of the Research Area, Computers & Security, Volume 30, Number 8, Nov. 2011, pages 748-76
Page 12
© Ravi Sandhu 12World-Leading Research with Real-World Impact!
ABAC Status
2nd expansion phase1st expansion phase
1995 2000 2005 2008
Amount ofPublications
Year of Publication
28 30 30 35 40 48 53 88 85 88 112 103 111 866
1992
3 2 7 3
80
60
40
20
0
Pre-RBAC Early RBAC
100
RBAC96paper
ProposedStandard
StandardAdopted
ABAC still in pre/early phase
1990? 2015
Page 13
13© Ravi Sandhu World-Leading Research with Real-World Impact!
ABAC is not New
User (Identity)
Attributes Public-keys + Secured secrets
Page 14
14© Ravi Sandhu World-Leading Research with Real-World Impact!
ABAC is not New
User (Identity)
Attributes Public-keys + Secured secrets
X.509Identity
Certificates
X.500Directory
Pre Internet, early 1990s
Page 15
15© Ravi Sandhu World-Leading Research with Real-World Impact!
ABAC is not New
User (Identity)
Attributes Public-keys + Secured secrets
X.509Identity
Certificates
X.509Attribute
Certificates
Post Internet, late 1990s
Page 16
16© Ravi Sandhu World-Leading Research with Real-World Impact!
ABAC is not New
User (Identity)
Attributes Public-keys + Secured secrets
Post Internet, late 1990s
SPKI Certificates
Page 17
17© Ravi Sandhu World-Leading Research with Real-World Impact!
ABAC is not New
User (Identity)
Attributes Public-keys + Secured secrets
Mature Internet, 2000s
AnonymousCredentials
Page 18
18© Ravi Sandhu World-Leading Research with Real-World Impact!
ABAC is not New
Action
User
Subject
Object
Context
Policy
Authorization Decision
Yes/No
Attributes
Mature Internet, 2000s
XACML
Page 19
19© Ravi Sandhu World-Leading Research with Real-World Impact!
ABAC is not New
Usage Control Models, early 2000s
Rights(R)
Authorizations
(A)
Subjects(S)
Objects(O)
Subject Attributes (SA) Object Attributes (OA)
Obligations(B)
Conditions(C)
UsageDecisions
before-usage ongoing-Usage after-usage
Continuity ofDecisions
pre-decision ongoing-decision
pre-update ongoing-update post-update
Mutability ofAttributes
• unified model integrating• authorization• obligation• conditions
• and incorporating• continuity of decisions• mutability of attributes
Page 20
© Ravi Sandhu 20World-Leading Research with Real-World Impact!
ABAC Status
2nd expansion phase1st expansion phase
1995 2000 2005 2008
Amount ofPublications
Year of Publication
28 30 30 35 40 48 53 88 85 88 112 103 111 866
1992
3 2 7 3
80
60
40
20
0
Pre-RBAC Early RBAC
100
RBAC96paper
ProposedStandard
StandardAdopted
ABAC still in pre/early phase
1990? 2015
Page 21
© Ravi Sandhu 21World-Leading Research with Real-World Impact!
Access Control
Discretionary Access Control (DAC), 1970
Mandatory Access Control (MAC), 1970
Role Based Access Control (RBAC), 1995
Attribute Based Access Control (ABAC), ????
Page 22
22World-Leading Research with Real-World Impact!
ABACα Model Structure
© Ravi Sandhu
Policy Configuration Points
Can be configured to do simple forms of DAC, MAC, RBAC
Page 23
23World-Leading Research with Real-World Impact!
RBAC Extensions
3. Subject attributes constrained by attributes of subjects created by the same user.
5. Meta-Attributes
2. Subject attribute constraints policy are different at creation and modification time.
1. Context Attributes
4. Policy Language
1, 2, 4, 5
1, 4, 5
4, 5
1,41, 4, 5
1, 2, 3, 4, 5
4
Page 24
24
ABACβ Model
Can be configured to do many RBAC extensions
Page 25
25
SOME RESEARCH CHALLENGES
© Ravi Sandhu World-Leading Research with Real-World Impact!
Page 26
26© Ravi Sandhu World-Leading Research with Real-World Impact!
Ultimate Unified Model
SecurityAccess Control
TrustRisk
Attributes
Relationships Provenance
Page 27
© Ravi Sandhu 27World-Leading Research with Real-World Impact!
Expressive Power
Idealized
Enforceable(Approximate)
Codeable
Page 28
© Ravi Sandhu 28World-Leading Research with Real-World Impact!
Safety Analysis
Idealized
Enforceable(Approximate)
Codeable
Page 29
29
Attribute and Policy Engineering
Page 30
Application Domains
© Ravi Sandhu 30World-Leading Research with Real-World Impact!
Cloud computing Internet of Things ……….
Page 31
© Ravi Sandhu 31World-Leading Research with Real-World Impact!
Access Control
Discretionary Access Control (DAC), 1970
Mandatory Access Control (MAC), 1970
Role Based Access Control (RBAC), 1995
Attribute Based Access Control (ABAC), ????