Upload
ellen-harrison
View
214
Download
0
Tags:
Embed Size (px)
Citation preview
1
Grand Challenges inAuthorization Systems
Prof. Ravi SandhuExecutive Director and Endowed Chair
November 14, 2011
www.ics.utsa.edu
© Ravi Sandhu World-Leading Research with Real-World Impact!
Institute for Cyber Security
Mutually Supportive Technologies
© Ravi Sandhu 2World-Leading Research with Real-World Impact!
AUTHENTICATION
INTRUSIONDETECTION
CRYPTOGRAPHYACCESS
CONTROL
ASSURANCE
RISKANALYSIS
SECURITY ENGINEERING& MANAGEMENT
Cyber Security Objectives
© Ravi Sandhu 3World-Leading Research with Real-World Impact!
INTEGRITYmodification
AVAILABILITYaccess
CONFIDENTIALITYdisclosure
Cyber Security Objectives
© Ravi Sandhu 4World-Leading Research with Real-World Impact!
INTEGRITYmodification
AVAILABILITYaccess
CONFIDENTIALITYdisclosure
USAGEpurpose
Cyber Security Objectives
© Ravi Sandhu 5World-Leading Research with Real-World Impact!
INTEGRITYmodification
AVAILABILITYaccess
CONFIDENTIALITYdisclosure
USAGEpurpose
USAGE
6World-Leading Research with Real-World Impact!
Authorization Systems
© Ravi Sandhu
PolicySpecification
DynamicsAgility
Enforcement
GrandChallenge arena
Discretionary Access Control (DAC)Owner controls access But only to the original, not to copies
Mandatory Access Control (MAC) Same as Lattice-Based Access Control (LBAC) Access based on security labels Labels propagate to copies
Role-Based Access Control (RBAC) Access based on roles Can be configured to do DAC or MAC Generalizes to Attribute-Based Access Control (ABAC)
© Ravi Sandhu 7World-Leading Research with Real-World Impact!
Access Control Models
Numerous other models but only 3 successes: SO FAR
Discretionary Access Control
© Ravi Sandhu 8World-Leading Research with Real-World Impact!
File FA:r
A:w
File GB:r
A:w
B cannot read file F
A trusted not to copy F to G
B cannot read file F
A trusted not to copy F to G
ACL
Discretionary Access Control
© Ravi Sandhu 9World-Leading Research with Real-World Impact!
File FA:r
A:w
File GB:r
A:w
But trusting A does not stop Trojan HorsesBut trusting A does not stop Trojan Horses
ACLA
Program Goodies
Trojan Horse
executes
read
write
Mandatory Access Control
© Ravi Sandhu 10World-Leading Research with Real-World Impact!
Unclassified
Confidential
Secret
Top Secret
can-flowdominance
Mandatory Access Control
© Ravi Sandhu 11World-Leading Research with Real-World Impact!
Low User
High Trojan HorseInfected Subject
High User
Low Trojan HorseInfected Subject
COVERTCHANNEL
Information is leaked unknown to the high user
Information is leaked unknown to the high user
Role-Based Access Control
© Ravi Sandhu 12World-Leading Research with Real-World Impact!
Access is determined by roles A user’s roles are assigned by security
administrators A role’s permissions are assigned by security
administrators
Is RBAC MAC or DAC or neither?
RBAC can be configured to do MAC
RBAC can be configured to do DAC
RBAC is policy neutralRBAC is neither MAC nor DAC!
Role-Based Access Control
© Ravi Sandhu 13World-Leading Research with Real-World Impact!
ROLES
USER-ROLEASSIGNMENT
PERMISSIONS-ROLEASSIGNMENT
USERS PERMISSIONS
... SESSIONS
ROLE HIERARCHIES
CONSTRAINTS
Server Pull Enforcement Model
© Ravi Sandhu 14World-Leading Research with Real-World Impact!
Client Server
User-roleAuthorization
Server
Client Pull Enforcement Model
© Ravi Sandhu 15World-Leading Research with Real-World Impact!
Client Server
User-roleAuthorization
Server
Trojan Horse Covert Channels Inference Analog Hole Assured Enforcement Privelege Escalation Policy Comprehension and Analysis
© Ravi Sandhu 16World-Leading Research with Real-World Impact!
Tough Challenges
Tough Challenges NOT EQUAL TO Grand Challenges
How can we be “secure” while being
“insecure”?
What is the value of access control when we know that ultimately it can be bypassed?
© Ravi Sandhu 17World-Leading Research with Real-World Impact!
Grandest Challenge
18World-Leading Research with Real-World Impact!
Authorization Systems
© Ravi Sandhu
PolicySpecification
DynamicsAgility
Enforcement
GrandChallenge arena
How do we determine the balance between too
much and too little?
How do we enforce policies across multiple layers of the software stack?
How do we build dynamics into policy specifications and enforcement mechanisms?
How do we understand and control what we have done?
© Ravi Sandhu 19World-Leading Research with Real-World Impact!
Grand Challenges