Скачать презентацию INSTITUTE FOR CYBER SECURITY Application-Centric Security Models Prof Скачать презентацию INSTITUTE FOR CYBER SECURITY Application-Centric Security Models Prof

c61e83aee0aa21e0e6c5835a45946f94.ppt

  • Количество слайдов: 18

INSTITUTE FOR CYBER SECURITY Application-Centric Security Models Prof. Ravi Sandhu Executive Director and Endowed INSTITUTE FOR CYBER SECURITY Application-Centric Security Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University of Texas at San Antonio July 2009 ravi. [email protected] edu www. profsandhu. com © Ravi Sandhu 1

Institute for Cyber Security (ICS) INSTITUTE FOR CYBER SECURITY Founded 2007 Dr. George Perry Institute for Cyber Security (ICS) INSTITUTE FOR CYBER SECURITY Founded 2007 Dr. George Perry Dean of the College of Science Dr. Robert W. Gracy Vice President for Research Dr. Ravi Sandhu Executive Director, ICS Center for Infrastructure Assurance and Security (CIAS) Sponsored Research Projects ICS Research Opertations Dr. Gregory White Dr. Ravi Sandhu To be appointed Numerous projects from NSF, AFOSR, AFRL, ONR, with 10+ UTSA researchers in collaboration with 11 University partners Innovative research infrastructure including experimental cloud and honeyfarm Dark Screen Exercises and Training © Ravi Sandhu National Collegiate Cyber Defense Competition World leading research with real world impact 2

INSTITUTE FOR CYBER SECURITY World leading security modeling and analysis research Role-Based Access Control INSTITUTE FOR CYBER SECURITY World leading security modeling and analysis research Role-Based Access Control (RBAC) Model (1996) Ø Catalyzes dominance of RBAC in commercial systems Ø From what to how Group-Centric Information Sharing (2007) Ø Sharing metaphor of meeting room Ø Unifies numerous extensions/enhancements PEI Framework (2000, 2006) Ø Policy, Enforcement, Implementation Models Ø Develops into a NIST/ANSI Standard (2004) Usage Control (UCON) Model (2004) Ø Attribute-Based Access Control on Steroids Ø ICS Key Assets Equivalently: mission centric Security for Social Networks (2008) Botnet Analysis, Detection and Mitigation (2008) Multilevel Secure Architectures (2009) Secure Cloud Computing (2009) Bring in partners from leading research universities worldwide as appropriate Ready to commercialize when appropriate © Ravi Sandhu 3

INSTITUTE FOR CYBER SECURITY Our Basic Premise There can be no security without application INSTITUTE FOR CYBER SECURITY Our Basic Premise There can be no security without application context Courtney’s Law (1970 s, 1980 s ? ? ): Ø You cannot say anything interesting (i. e. significant) about the security of a system except in the context of a particular application and environment Corollary Application Context There can be no security model without application context Reality Existing security models are application neutral Ø Assumption is they can be readily “configured” or “policyified” to suit application context © Ravi Sandhu 4

INSTITUTE FOR CYBER SECURITY Discretionary Access Control (DAC) Characteristic: Owner-based discretion Drawbacks: Ø Classic INSTITUTE FOR CYBER SECURITY Discretionary Access Control (DAC) Characteristic: Owner-based discretion Drawbacks: Ø Classic formulation fails to distinguish copy from read Ø Existing Security Models (1) Application context drives ownership and its delegation Lattice-Based Access Control (LBAC) Characteristic: One directional information flow in a lattice of security labels Ø Also known as: Bell-La. Padula, Multi-Level Security, Mandatory Access Control (ignoring subtle differences) Drawbacks: Many applications Ø Many applications violate one directional information flow Ø Many applications do not fit within preexisting security labels © Ravi Sandhu 5

INSTITUTE FOR CYBER SECURITY Existing Security Models (2) Role-Based Access Control (RBAC) Characteristic: Role INSTITUTE FOR CYBER SECURITY Existing Security Models (2) Role-Based Access Control (RBAC) Characteristic: Role is central, administration is simple Drawbacks: Ø Need to define the roles for each application/environment Ø Ø Lack of standardized roles results in lack of interoperability Too open: can be configured to do DAC or LBAC Attribute-Based Access Control (ABAC) Characteristic: subsume security labels, roles and more as attributes and enforce attribute-based policies Drawbacks: Ø All the RBAC drawbacks on steroids Ø Administrative complexity © Ravi Sandhu 6

INSTITUTE FOR CYBER SECURITY Usage Control Model (UCON) unified model integrating • authorization • INSTITUTE FOR CYBER SECURITY Usage Control Model (UCON) unified model integrating • authorization • obligation • conditions • and incorporating • continuity of decisions • mutability of attributes • UCON is Attribute-Based Access Control on Steroids © Ravi Sandhu 7

INSTITUTE FOR CYBER SECURITY Usage Control Model (UCON) DAC LBAC RBAC ABAC … and INSTITUTE FOR CYBER SECURITY Usage Control Model (UCON) DAC LBAC RBAC ABAC … and many, many others UCON ABAC on steroids Simple, familiar, usable and effective use cases demonstrate the need for UCON Ø Automatic Teller Machines Ø CAPTCHAs at Public web sites Ø End User Licencse Agreements Ø Terms of Usage for Wi. Fi in Hotels, Airports Ø Rate limits on call center workers © Ravi Sandhu 8

INSTITUTE FOR CYBER SECURITY Our Basic Premise Application-Centric Security Models There can be no INSTITUTE FOR CYBER SECURITY Our Basic Premise Application-Centric Security Models There can be no security model without application context So how does one customize an application-centric security model? Combine the essential insights of DAC, LBAC, RBAC, ABAC and UCON in a meaningful way Directly address the application-specific trade-offs Within the security objectives of confidentiality, integrity and availability Across security, performance, cost and usability objectives Separate the real-world concerns of practical distributed systems and ensuing staleness and approximations (enforcement layer) from the policy concerns in a idealized environment (policy layer) © Ravi Sandhu 9

INSTITUTE FOR CYBER SECURITY © Ravi Sandhu PEI Models: 3 Layers/5 Layers 10 INSTITUTE FOR CYBER SECURITY © Ravi Sandhu PEI Models: 3 Layers/5 Layers 10

Dissemination-Centric Sharing INSTITUTE FOR CYBER SECURITY Extensive research in the last two decades ORCON, Dissemination-Centric Sharing INSTITUTE FOR CYBER SECURITY Extensive research in the last two decades ORCON, DRM, ERM, Xr. ML, ODRL, etc. Copy/usage control has received major attention Manageability problem largely unaddressed Attribute + Policy Cloud Object Alice Attribute Cloud Object Bob Attribute Cloud Attribute + Policy Cloud Object Charlie Attribute Cloud Attribute + Policy Cloud Object Eve Attribute Cloud Susie Attribute Cloud Dissemination Chain with Sticky Policies on Objects © Ravi Sandhu 11

INSTITUTE FOR CYBER SECURITY Brings users & objects together in a group Focuses on INSTITUTE FOR CYBER SECURITY Brings users & objects together in a group Focuses on manageability using groups Co-exists with dissemination-centric Two metaphors Secure Meeting Room (E. g. Program committee) Subscription Model (E. g. Secure multicast) Group characteristics leave Group Authz (u, o, r)? E. g. Are there any core properties? Group operation semantics E. g. What is authorized by join, add, etc. ? Read-only Vs Read-Write Administrative aspects join Users Operational aspects Group-Centric Sharing (g-SIS) E. g. Who authorizes join, add, etc. ? May be application dependant Inter-group relationship Multiple groups © Ravi Sandhu remove add Objects 12

INSTITUTE FOR CYBER SECURITY join g-SIS Operation Semantics Users leave GROUP Authz (u, o, INSTITUTE FOR CYBER SECURITY join g-SIS Operation Semantics Users leave GROUP Authz (u, o, r)? add © Ravi Sandhu Objects remove 13

INSTITUTE FOR CYBER SECURITY Liberal Join Strict Join g-SIS Operation Semantics Users Strict Leave INSTITUTE FOR CYBER SECURITY Liberal Join Strict Join g-SIS Operation Semantics Users Strict Leave Liberal Leave GROUP Authz (u, o, r)? Strict Add Liberal Add © Ravi Sandhu Objects Strict Remove Liberal Remove 14

INSTITUTE FOR CYBER SECURITY Family of g-SIS Policy Models Traditional Groups: <LJ, SL, LA, INSTITUTE FOR CYBER SECURITY Family of g-SIS Policy Models Traditional Groups: Secure Multicast: Most Restrictive g-SIS Specification: © Ravi Sandhu 15

g-SIS Enforcement Model INSTITUTE FOR CYBER SECURITY 3. 2 Set Leave-TS (s) e t. g-SIS Enforcement Model INSTITUTE FOR CYBER SECURITY 3. 2 Set Leave-TS (s) e t. R 5. 1 1. Read Objects TRM u eq R CC h es fr es a pd tr t e. A s ute ib t U. 2 5 TRM 4. 2 Add o to ORL … TRM CC: Control Center GA: Group Administrator 4. 1 Re Ob mo jec ve t (o ) 3. Le 1 Su av bj e ec (s t ) GA Group Subjects Subject Attributes: {id, Join-TS, Leave. TS, ORL, g. Key} ORL: Object Revocation List g. Key: Group Key Object Attributes: {id, Add. TS} Refresh Time (RT): TRM contacts CC to update attributes © Ravi Sandhu 16

INSTITUTE FOR CYBER SECURITY From Policy to Enforcement Additional Trusted/Semi-Trusted Servers Approximate Enforcement Finally, INSTITUTE FOR CYBER SECURITY From Policy to Enforcement Additional Trusted/Semi-Trusted Servers Approximate Enforcement Finally, the Implementation layer models spell out protocol details and details of TRM algorithms © Ravi Sandhu 17

INSTITUTE FOR CYBER SECURITY Application-Centric Security Models require Conclusion State-of-the-art approaches such as UCON, INSTITUTE FOR CYBER SECURITY Application-Centric Security Models require Conclusion State-of-the-art approaches such as UCON, PEI Mix-and-match DAC, LBAC, RBAC, UCON, g-SIS …. . The future of cyber security research will revolve around Application-centric models Technology-centric models Attack models …. . © Ravi Sandhu 18