1 attribute-based access control models and beyond prof. ravi sandhu executive director, institute...
TRANSCRIPT
1
Attribute-Based Access Control Modelsand Beyond
Prof. Ravi Sandhu
Executive Director, Institute for Cyber SecurityLutcher Brown Endowed Chair in Cyber Security
University of Texas at San Antonio
AsiaCCS Keynote TalkSingapore
April 16, 2015
[email protected], www.profsandhu.com, www.ics.utsa.edu
© Ravi Sandhu World-Leading Research with Real-World Impact!
© Ravi Sandhu 2World-Leading Research with Real-World Impact!
Access Control
Discretionary Access Control (DAC), 1970
Mandatory Access Control (MAC), 1970
Role Based Access Control (RBAC), 1995
Attribute Based Access Control (ABAC), ????
© Ravi Sandhu 3World-Leading Research with Real-World Impact!
PEI Models
Idealized
Enforceable(Approximate)
Codeable
© Ravi Sandhu 4World-Leading Research with Real-World Impact!
Access Control
Discretionary Access Control (DAC), 1970
Mandatory Access Control (MAC), 1970
Role Based Access Control (RBAC), 1995
Attribute Based Access Control (ABAC), ????
© Ravi Sandhu 5World-Leading Research with Real-World Impact!
Access Control
Discretionary Access Control (DAC), 1970
Mandatory Access Control (MAC), 1970
Role Based Access Control (RBAC), 1995
Attribute Based Access Control (ABAC), ????
Fixedpolicy
Flexiblepolicy
© Ravi Sandhu 6World-Leading Research with Real-World Impact!
Access Control
Discretionary Access Control (DAC), 1970
Mandatory Access Control (MAC), 1970
Role Based Access Control (RBAC), 1995
Attribute Based Access Control (ABAC), ????
EnterpriseOriented
BeyondEnterprise
© Ravi Sandhu 7World-Leading Research with Real-World Impact!
Access Control
Discretionary Access Control (DAC), 1970
Mandatory Access Control (MAC), 1970
Role Based Access Control (RBAC), 1995
Attribute Based Access Control (ABAC), ????
AdministrationDriven
AutomatedAdaptive
8World-Leading Research with Real-World Impact!
RBAC96 Model
© Ravi Sandhu
Constraints
Fundamental Theorem of RBAC
© Ravi Sandhu 9World-Leading Research with Real-World Impact!
RBAC can be configured to do MAC
RBAC can be configured to do DAC
RBAC is policy neutralRBAC is neither MAC nor DAC!
10World-Leading Research with Real-World Impact!
RBAC Shortcomings
© Ravi Sandhu
Constraints
Hard Enough Impossible
© Ravi Sandhu 11World-Leading Research with Real-World Impact!
The RBAC Story
2nd expansion phase1st expansion phase
1995 2000 2005 2008
Amount ofPublications
Year of Publication
28 30 30 35 40 48 53 88 85 88 112 103 111 866
1992
3 2 7 3
80
60
40
20
0
Pre-RBAC Early RBAC
100
RBAC96model
NIST-ANSIStandard Proposed
NIST-ANSIStandardAdopted
Ludwig Fuchs, Gunther Pernul and Ravi Sandhu, Roles in Information Security-A Survey and Classification of the Research Area, Computers & Security, Volume 30, Number 8, Nov. 2011, pages 748-76
© Ravi Sandhu 12World-Leading Research with Real-World Impact!
ABAC Status
2nd expansion phase1st expansion phase
1995 2000 2005 2008
Amount ofPublications
Year of Publication
28 30 30 35 40 48 53 88 85 88 112 103 111 866
1992
3 2 7 3
80
60
40
20
0
Pre-RBAC Early RBAC
100
RBAC96paper
ProposedStandard
StandardAdopted
ABAC still in pre/early phase
1990? 2015
13© Ravi Sandhu World-Leading Research with Real-World Impact!
ABAC is not New
User (Identity)
Attributes Public-keys + Secured secrets
14© Ravi Sandhu World-Leading Research with Real-World Impact!
ABAC is not New
User (Identity)
Attributes Public-keys + Secured secrets
X.509Identity
Certificates
X.500Directory
Pre Internet, early 1990s
15© Ravi Sandhu World-Leading Research with Real-World Impact!
ABAC is not New
User (Identity)
Attributes Public-keys + Secured secrets
X.509Identity
Certificates
X.509Attribute
Certificates
Post Internet, late 1990s
16© Ravi Sandhu World-Leading Research with Real-World Impact!
ABAC is not New
User (Identity)
Attributes Public-keys + Secured secrets
Post Internet, late 1990s
SPKI Certificates
17© Ravi Sandhu World-Leading Research with Real-World Impact!
ABAC is not New
User (Identity)
Attributes Public-keys + Secured secrets
Mature Internet, 2000s
AnonymousCredentials
18© Ravi Sandhu World-Leading Research with Real-World Impact!
ABAC is not New
Action
User
Subject
Object
Context
Policy
Authorization Decision
Yes/No
Attributes
Mature Internet, 2000s
XACML
19© Ravi Sandhu World-Leading Research with Real-World Impact!
ABAC is not New
Usage Control Models, early 2000s
Rights(R)
Authorizations
(A)
Subjects(S)
Objects(O)
Subject Attributes (SA) Object Attributes (OA)
Obligations(B)
Conditions(C)
UsageDecisions
before-usage ongoing-Usage after-usage
Continuity ofDecisions
pre-decision ongoing-decision
pre-update ongoing-update post-update
Mutability ofAttributes
• unified model integrating• authorization• obligation• conditions
• and incorporating• continuity of decisions• mutability of attributes
© Ravi Sandhu 20World-Leading Research with Real-World Impact!
ABAC Status
2nd expansion phase1st expansion phase
1995 2000 2005 2008
Amount ofPublications
Year of Publication
28 30 30 35 40 48 53 88 85 88 112 103 111 866
1992
3 2 7 3
80
60
40
20
0
Pre-RBAC Early RBAC
100
RBAC96paper
ProposedStandard
StandardAdopted
ABAC still in pre/early phase
1990? 2015
© Ravi Sandhu 21World-Leading Research with Real-World Impact!
Access Control
Discretionary Access Control (DAC), 1970
Mandatory Access Control (MAC), 1970
Role Based Access Control (RBAC), 1995
Attribute Based Access Control (ABAC), ????
22World-Leading Research with Real-World Impact!
ABACα Model Structure
© Ravi Sandhu
Policy Configuration Points
Can be configured to do simple forms of DAC, MAC, RBAC
23World-Leading Research with Real-World Impact!
RBAC Extensions
3. Subject attributes constrained by attributes of subjects created by the same user.
5. Meta-Attributes
2. Subject attribute constraints policy are different at creation and modification time.
1. Context Attributes
4. Policy Language
1, 2, 4, 5
1, 4, 5
4, 5
1,41, 4, 5
1, 2, 3, 4, 5
4
24
ABACβ Model
Can be configured to do many RBAC extensions
25
SOME RESEARCH CHALLENGES
© Ravi Sandhu World-Leading Research with Real-World Impact!
26© Ravi Sandhu World-Leading Research with Real-World Impact!
Ultimate Unified Model
SecurityAccess Control
TrustRisk
Attributes
Relationships Provenance
© Ravi Sandhu 27World-Leading Research with Real-World Impact!
Expressive Power
Idealized
Enforceable(Approximate)
Codeable
© Ravi Sandhu 28World-Leading Research with Real-World Impact!
Safety Analysis
Idealized
Enforceable(Approximate)
Codeable
29
Attribute and Policy Engineering
Application Domains
© Ravi Sandhu 30World-Leading Research with Real-World Impact!
Cloud computing Internet of Things ……….
© Ravi Sandhu 31World-Leading Research with Real-World Impact!
Access Control
Discretionary Access Control (DAC), 1970
Mandatory Access Control (MAC), 1970
Role Based Access Control (RBAC), 1995
Attribute Based Access Control (ABAC), ????