Top Banner
30
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Access control
Page 2: Access control
Page 3: Access control

Controlling Access to Sensitive Resources

Access Control

Controlling Access to Sensitive Resources

Page 4: Access control
Page 5: Access control

Access in Controlled Based on Different Factors

Page 6: Access control

•Traditionally…….

Role Based Access Control

Mandatory Access Control

Discretionary Access Control

Page 7: Access control

LIMITATIONS

Context insensitive

Static

Coarse grained

Pre-defined

Page 8: Access control
Page 9: Access control

Context Insensitive Context Sensitive

Page 10: Access control

Context Matters

Usage Patterns

Current and Future Access Control Needs

Page 11: Access control

Context Based Access Control

Model

Page 12: Access control

Related Work

• Context Aware Access Control(extensions built on top of a

context insensitive model)

• Context Based Access Control(inherently context

sensitive)

Page 13: Access control

Role Based Access Control

Page 14: Access control

Extended RBAC Models

• Location Based• Time Based• Spatial-Temporal Based• Environmental Role Based• And many others…..

• Too specific • Increased

Complexity• Not widely

applicable

Page 15: Access control

Step 1: Role Engineering

Page 16: Access control

Step 2: Permission Assignment to Roles

Page 17: Access control

Step 3: Role Assignment to Users

Page 18: Access control

Role Engineering

RBAC’s Limitation

Page 19: Access control

Role Activation and Deactivation

RBAC’s Limitation

Page 20: Access control

Role Explosion

RBAC’s Limitation

Page 21: Access control

Attribute Based Access Control

Page 22: Access control

Subject

Attributes

Age NameIdentity

RoleDepartment

Designation

Location

MembershipExperience

Page 23: Access control

Resource Attributes

Size

Creation Time

Last Modified

Path

Location

Usage

Access Time

Content Type

Resource Id

Owner

Page 24: Access control
Page 25: Access control

9 possible combinations, 7 different approachesAdding Attributes to Role-Based Access

Control

Page 26: Access control

Attribute Centric Approach

Attributes

Roles

Identity

Page 27: Access control

References[1] Hu, Vincent C., et al. "Guide to attribute based access control (ABAC) definition and considerations (draft)." NIST Special Publication 800 (2013): 162.[2] Hulsebosch, R. J., et al. "Context sensitive access control." Proceedings of the tenth ACM symposium on Access control models and technologies. ACM, 2005.[3] Zhang, Guangsen, and Manish Parashar. "Context-aware dynamic access control for pervasive applications." Proceedings of the Communication Networks and Distributed Systems Modeling and Simulation Conference. 2004.[4] Covington, Michael J., and Manoj R. Sastry. "A contextual attribute-based access control model." On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops. Springer Berlin Heidelberg, 2006.[5] Kulkarni, Devdatta, and Anand Tripathi. "Context-aware role-based access control in pervasive computing systems." Proceedings of the 13th ACM symposium on Access control models and technologies. ACM, 2008.[6] Martin, Hervé. "A generalized context-based access control model for pervasive environments." Proceedings of the 2nd SIGSPATIAL ACM GIS 2009 International Workshop on Security and Privacy in GIS and LBS. ACM, 2009.[7] Ferraiolo, David F., et al. "Proposed NIST standard for role-based access control." ACM Transactions on Information and System Security (TISSEC) 4.3 (2001): 224-274.

Page 28: Access control

References[8] Hansen, Frode, and Vladimir Oleshchuk. "SRBAC: A spatial role-based access control model for mobile systems." Proceedings of the 7th Nordic Workshop on Secure IT Systems (NORDSEC’03). 2003.[9] Covington, Michael J., et al. "Securing context-aware applications using environment roles." Proceedings of the sixth ACM symposium on Access control models and technologies. ACM, 2001.[10] Ray, Indrakshi, Mahendra Kumar, and Lijun Yu. "LRBAC: a location-aware role-based access control model." Information Systems Security. Springer Berlin Heidelberg, 2006. 147-161.[11] Ray, Indrakshi, and Manachai Toahchoodee. "A spatio-temporal role-based access control model." Data and Applications Security XXI. Springer Berlin Heidelberg, 2007. 211-226.[12] Kuhn, D. Richard, Edward J. Coyne, and Timothy R. Weil. "Adding attributes to role-based access control." Computer 43.6 (2010): 79-81.[13] Kim, Young-Gab, et al. "Context-aware access control mechanism for ubiquitous applications." Advances in Web Intelligence. Springer Berlin Heidelberg, 2005. 236-242.[14] Shen, Hai-bo, and Fan Hong. "An attribute-based access control model for web services." Parallel and Distributed Computing, Applications and Technologies, 2006. PDCAT'06. Seventh International Conference on. IEEE, 2006.[15] Al-Muhtadi, Jalal, et al. "Cerberus: a context-aware security scheme for smart spaces." Pervasive Computing and Communications, 2003.(PerCom 2003). Proceedings of the First IEEE International Conference on. IEEE, 2003.

Page 29: Access control
Page 30: Access control

Related Documents
Lecture 18: Mandatory Access Control · Mandatory Access Control •Mandatory access control (MAC) •not Message Authentication Code (applied crypto), nor Media Access Control (networking)

Lecture 18: Mandatory Access Control · Mandatory Access...

Category: Documents
A Comparison of Attribute Based Access Control (ABAC ... · access control; access control mechanism; access control model; access control policy; attribute based access control (ABAC);

A Comparison of Attribute Based Access Control (ABAC ... ·...

Category: Documents
Access Control Software V2.3.2.11 - Time Attendance · Access control software introduction About Software Fingerprint Access Control, Access Control based on biometric solution from

Access Control Software V2.3.2.11 - Time Attendance ·...

Category: Documents
Access Control Overview of Access Control: Hardware, Operating System, Middleware, Application, LAN, WAN. OS Access Control and ACLs (Access Control Lists)

Access Control Overview of Access Control: Hardware,...

Category: Documents
TAKE TOTAL CONTROL OF ACCESS CONTROL HIKVISION ACCESS CONTROLoversea-download.hikvision.com/uploadfile/Leaflet/Brochure/3... · ACCESS CONTROL TAKE TOTAL CONTROL OF CCESS CONTROL

TAKE TOTAL CONTROL OF ACCESS CONTROL HIKVISION ACCESS...

Category: Documents
Access Control System Viewerpartnerfirst.pelco.com/sites/partnerfirst.pelco.com/files...Access Control System Viewer 9 User Guide Figure 8: Access Control Server Details 5.4.1.2 Access

Access Control System...

Category: Documents
95752:3-1 Access Control. 95752:3-2 Access Control Two methods of information control: –control access –control use or comprehension Access Control Methods.

95752:3-1 Access Control. 95752:3-2 Access Control Two...

Category: Documents
Access Control and CCTV Requirements Req ID Access Control ...

Access Control and CCTV Requirements Req ID Access Control.....

Category: Documents
Access Control Software V2.3.2.11zksoftware.rs/download/access_control_software_v2.3.2.11.pdf · Access control software introduction About Software Fingerprint Access Control, Access

Access Control Software...

Category: Documents
Access control

Access control

Category: Entertainment & Humor
Part 2 Access Control 1 Access Control Part 2 Access Control 2 Access Control Two parts to access control Authentication: Are you who you say.

Part 2 Access Control 1 Access Control Part 2 Access...

Category: Documents
Getting Started with Access Control · PDF fileGetting Started with Access Control Policies ... when you apply an access control policy that does not contain any access control ...

Getting Started with Access Control · PDF fileGetting...

Category: Documents