Cyber-Identity and Authorization in an Uncertain World Ravi Sandhu Laboratory for Information Security Technology www.list.gmu.edu Department of Information and Software Engineering School of Information Technology and Engineering George Mason University [email protected]
Cyber-Identity and Authorization in an Uncertain World Ravi Sandhu Laboratory for Information Security Technology Department of Information.
Mar 26, 2015
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Cyber-Identity and Authorizationin an Uncertain World
Ravi SandhuLaboratory for Information Security Technology
www.list.gmu.edu
Department of Information and Software Engineering
School of Information Technology and Engineering
George Mason University
703-993-1659
Laboratory for Information Security Technology
2
What is Cyber-Security?
• Fighting fires– Keeping the bad guys out– Firewalls, Intrusion Detection, Virus scans,
Spam filters, Content filters
• Increasing productivity– Letting the good guys in– Cyber-Identity and Authorization
STOP
GO
Laboratory for Information Security Technology
3
What is Cyber-Security?
EASY SECURE
PRACTICAL
Laboratory for Information Security Technology
4
An Uncertain World• Uncertain threat
– We are always fighting the last war
• Technological change– Pervasive (ubiquitous) computing– Peer-to-peer, grid and utility computing– Intel’s LaGrande and Microsoft’s Longhorn– The next Intel, Microsoft, Cisco, ….
• Business change– Outsourcing and globalization
Laboratory for Information Security Technology
5
Cyber-Identity Megatrends
• Federated identity– Identity relying party is NOT the identity provider– Who will be the DMV in cyberspace?
• Grades of identity– Identity vetting, authentication strength, purpose,
privacy– A single infrastructure to drive all grades
Laboratory for Information Security Technology
6
Cyber-Identity Mega-Challenges• Pervasive (ubiquitous) computing
– How can a user get effective control of identity in a pervasive environment
• Ad-hoc peer-to-peer computing– First responders in an emergency
• Trustworthy computing– Will Intel’s LaGrande technology or Microsoft’s
Longhorn help us save the day
Laboratory for Information Security Technology
7
RBAC96 Model
ROLES
USER-ROLEASSIGNMENT
PERMISSIONS-ROLEASSIGNMENT
USERS PERMISSIONS
... SESSIONS
ROLE HIERARCHIES
CONSTRAINTS
Laboratory for Information Security Technology
8
Usage Control (UCON) Coverage
• Protection Objectives– Sensitive information
protection– IPR protection– Privacy protection
• Protection Architectures– Server-side reference
monitor– Client-side reference
monitor– SRM & CRMServer-side
Reference Monitor(SRM)
Client-sideReference Monitor
(CRM)
TraditionalAccessControl
TrustManagement
Usage ControlSensitive
InformationProtection
IntellectualProperty Rights
Protection
PrivacyProtection
DRM
SRM & CRM
Laboratory for Information Security Technology
9
UCON_ABC Models
Rights(R)
UsageDecision
Authoriza-tions (A)
Subjects(S)
Objects(O)
Subject Attributes(ATT(S))
Object Attributes(ATT(O))
Obligations(B)
Conditions(C)
Continuity Decision can be made during usage for continuous enforcement
MutabilityAttributes can be updated as side-effects of subjects’ actions
Usage
Continuity ofDecisions
pre
Before After
ongoing N/A
pre ongoing postMutability of
Attributes
Laboratory for Information Security Technology
10
Conclusion
• Managing cyber-identity and authorization in an uncertain world is one of our nation’s foremost cyber-security problems
• RBAC and UCON will be essential underpinnings of the solutions
• GMU is a world leader in this sector
Related Documents
