Upload
trevor-harper
View
216
Download
2
Embed Size (px)
Citation preview
INSTITUTE FOR CYBER SECURITY
© Ravi Sandhu 11
Group-Centric Information Sharing
Ravi SandhuExecutive Director and Endowed Professor
Institute for Cyber SecurityUniversity of Texas at San Antonio
www.ics.utsa.eduwww.profsandhu.com
INSTITUTE FOR CYBER SECURITY Collaboration and Groups
© Ravi Sandhu 2
Group-CentricInformation
Sharing
CollaborationSystems
Rich area for theory and practice
• PC Meeting• Merger and Acquisition• Design Collaboration• Trouble-shooting Collaboration• Joint Proposal• Research Collaboration• ….
Metaphor: Secure meeting room
Metaphor: Subscription
INSTITUTE FOR CYBER SECURITY Collaboration & Information Sharing
Collaboration requires Information Sharing How else do you collaborate?
Share but Differentiate How much can we differentiate within a
collaboration and still meaningfully call it a collaboration?
3
- Entirely bilateral sharing
- Bilateral sharing with multi-step chainsToo fragmented
Too uniform - Equal access for all collaborators
Where is the balance?
© Ravi Sandhu
INSTITUTE FOR CYBER SECURITY
4
Where is the Balance?
We have a proposal for Share but Differentiate
“Equality” translates to the technical and semantic concept of a group with the metaphor of a secure meeting room What is the semantics/policy of a secure
meeting room? “Differentiation” translates to groups
and sub-groups combined recursively … Groups within Groups within Groups
…© Ravi Sandhu
INSTITUTE FOR CYBER SECURITY
5
Divide and Conquer Initial investigation: single group Read only: actually add, remove and
read We have some promising insights
Read-Write: Object model Version constraints Just starting to investigate
Multiple groups To be done
© Ravi Sandhu
INSTITUTE FOR CYBER SECURITY Group-Centric Sharing
© Ravi Sandhu 6
GROUP
Authz (S,O,R)?
Join Leave
Add Remove
Subjects
Objects
GROUP
Authz (S,O,R)?
Strict Join
Strict Leave
Liberal Add
Liberal Remove
LiberalJoin
LiberalLeave
StrictAdd
StrictRemove
Subjects
Objects
INSTITUTE FOR CYBER SECURITY Group-Centric Models
© Ravi Sandhu 7
Core Properties
Level 1
Level 2
Core Properties Required of any policy
Additional Properties Level 1 cannot violate Core Level 2 cannot violate Level
1 …
INSTITUTE FOR CYBER SECURITY Core Properties
© Ravi Sandhu 8
GROUP
Authz (S,O,R)?
Join Leave
Add Remove
Subjects
Objects
(a)
(b)
(a)
(b)
1. Overlapping Membership Property
2. Persistence Property
3. Liveness Properties
4. Safety Properties
INSTITUTE FOR CYBER SECURITY Level 1 Join Operations
Lossy Vs Lossless Lose existing authorization(s) on Join No lose on Join
Restorative Vs Non-Restorative Restore authorizations from past
membership(s) No restoration from past
Leave Operations Gainful Vs Gainless
Gain authorization(s) from past membership period
No such gain Restorative Vs Non-Restorative
Restore authorization(s) from prior to Join
No such restoration
© Ravi Sandhu 9
GROUP
Authz (S,O,R)?
Join Leave
Add RemoveObjects
Subjects
Level 1 properties for Add and Remove?
Fix Level 1 Operations:Lossless Join, Gainless LeaveNon-Restorative Join & Leave
INSTITUTE FOR CYBER SECURITY Level 2
© Ravi Sandhu 10
Add after Join
Add before Join
Allow any combination of Level 2 operations
INSTITUTE FOR CYBER SECURITY
11
Read-Write Work in progress
Object Model Version Constraint Model
© Ravi Sandhu
INSTITUTE FOR CYBER SECURITY
12
Conclusion Principles:
Share but Differentiate … Groups within Groups within Groups …
Temporal aspect is critical for policy and semantics of groups for information sharing
Partners in this venture Ram Krishnan, Doctoral candidate, GMU Jianwei Niu, Asst. Prof., UTSA CS & ICS W. Winsborough, Assoc. Prof., UTSA CS &
ICS
© Ravi Sandhu