![Page 1: 1 An Attribute Based Framework for Risk-Adaptive Access Control Models Ravi Sandhu Executive Director and Endowed Professor August 2011 ravi.sandhu@utsa.edu](https://reader036.vdocuments.mx/reader036/viewer/2022081414/551463b2550346b0158b4a44/html5/thumbnails/1.jpg)
1
An Attribute Based Framework forRisk-Adaptive Access Control Models
Ravi SandhuExecutive Director and Endowed Professor
August 2011
www.ics.utsa.edu
Joint work with Savith Kandala and Venkata Bhamidipati
© Ravi Sandhu World-Leading Research with Real-World Impact!
Institute for Cyber Security
![Page 2: 1 An Attribute Based Framework for Risk-Adaptive Access Control Models Ravi Sandhu Executive Director and Endowed Professor August 2011 ravi.sandhu@utsa.edu](https://reader036.vdocuments.mx/reader036/viewer/2022081414/551463b2550346b0158b4a44/html5/thumbnails/2.jpg)
Access to resources are automatically (or semi-automatically) granted based on:Purpose for the access request,Security risk, andSituational Factors
Motivating Example: Displaying a classified document…
© Ravi Sandhu 2World-Leading Research with Real-World Impact!
RAdAC Concepts
![Page 3: 1 An Attribute Based Framework for Risk-Adaptive Access Control Models Ravi Sandhu Executive Director and Endowed Professor August 2011 ravi.sandhu@utsa.edu](https://reader036.vdocuments.mx/reader036/viewer/2022081414/551463b2550346b0158b4a44/html5/thumbnails/3.jpg)
Benefits of Abstract Models
Core Characteristics of RAdAC
Components of RAdAC Model
Mapping RAdAC to UCON
Extending UCON Principles to RAdAC and Modified UCON Model
© Ravi Sandhu 3World-Leading Research with Real-World Impact!
Outline
![Page 4: 1 An Attribute Based Framework for Risk-Adaptive Access Control Models Ravi Sandhu Executive Director and Endowed Professor August 2011 ravi.sandhu@utsa.edu](https://reader036.vdocuments.mx/reader036/viewer/2022081414/551463b2550346b0158b4a44/html5/thumbnails/4.jpg)
Proposed at the Policy Layer
Do not lay out enforcement and implementation details
Successful practice – DAC, MAC and RBAC
Provides a formal and structural foundation
© Ravi Sandhu 4World-Leading Research with Real-World Impact!
Benefits of Abstract Models
![Page 5: 1 An Attribute Based Framework for Risk-Adaptive Access Control Models Ravi Sandhu Executive Director and Endowed Professor August 2011 ravi.sandhu@utsa.edu](https://reader036.vdocuments.mx/reader036/viewer/2022081414/551463b2550346b0158b4a44/html5/thumbnails/5.jpg)
Reference – Robert McGraw, NIST Privilege Management Workshop, 2009
Operational Need
Security Risk
Situational Factors
Heuristics
Adaptable Access Control Policies© Ravi Sandhu 5World-Leading Research with Real-World Impact!
Core Characteristics of RAdAC
![Page 6: 1 An Attribute Based Framework for Risk-Adaptive Access Control Models Ravi Sandhu Executive Director and Endowed Professor August 2011 ravi.sandhu@utsa.edu](https://reader036.vdocuments.mx/reader036/viewer/2022081414/551463b2550346b0158b4a44/html5/thumbnails/6.jpg)
© Ravi Sandhu 6World-Leading Research with Real-World Impact!
RAdAC Model
![Page 7: 1 An Attribute Based Framework for Risk-Adaptive Access Control Models Ravi Sandhu Executive Director and Endowed Professor August 2011 ravi.sandhu@utsa.edu](https://reader036.vdocuments.mx/reader036/viewer/2022081414/551463b2550346b0158b4a44/html5/thumbnails/7.jpg)
© Ravi Sandhu 7World-Leading Research with Real-World Impact!
Operational Need / Purpose
![Page 8: 1 An Attribute Based Framework for Risk-Adaptive Access Control Models Ravi Sandhu Executive Director and Endowed Professor August 2011 ravi.sandhu@utsa.edu](https://reader036.vdocuments.mx/reader036/viewer/2022081414/551463b2550346b0158b4a44/html5/thumbnails/8.jpg)
Purpose (Operational Need)The reason for the user’s access request
Can manifest as:A user’s membership in a roleAn authority is attesting to a user’s need to access the object
Examples: Health Care – Emergency treatment Energy – Impending power
emergency Banking – Consent to access acct info.
© Ravi Sandhu 8World-Leading Research with Real-World Impact!
Operational Need / Purpose
![Page 9: 1 An Attribute Based Framework for Risk-Adaptive Access Control Models Ravi Sandhu Executive Director and Endowed Professor August 2011 ravi.sandhu@utsa.edu](https://reader036.vdocuments.mx/reader036/viewer/2022081414/551463b2550346b0158b4a44/html5/thumbnails/9.jpg)
© Ravi Sandhu 9World-Leading Research with Real-World Impact!
Security Risk
![Page 10: 1 An Attribute Based Framework for Risk-Adaptive Access Control Models Ravi Sandhu Executive Director and Endowed Professor August 2011 ravi.sandhu@utsa.edu](https://reader036.vdocuments.mx/reader036/viewer/2022081414/551463b2550346b0158b4a44/html5/thumbnails/10.jpg)
UsersDevicesObjectsOperationsConnectionsAttribute Providers and Level of Assurance
Security risk evaluation be based on risk associated with each of these components, as well as a composite risk.
© Ravi Sandhu 10World-Leading Research with Real-World Impact!
Security Risk
![Page 11: 1 An Attribute Based Framework for Risk-Adaptive Access Control Models Ravi Sandhu Executive Director and Endowed Professor August 2011 ravi.sandhu@utsa.edu](https://reader036.vdocuments.mx/reader036/viewer/2022081414/551463b2550346b0158b4a44/html5/thumbnails/11.jpg)
© Ravi Sandhu 11World-Leading Research with Real-World Impact!
Situational Factors
![Page 12: 1 An Attribute Based Framework for Risk-Adaptive Access Control Models Ravi Sandhu Executive Director and Endowed Professor August 2011 ravi.sandhu@utsa.edu](https://reader036.vdocuments.mx/reader036/viewer/2022081414/551463b2550346b0158b4a44/html5/thumbnails/12.jpg)
Environmental or system oriented decision factors
Global Situational Factors Example : National terrorist threat level, Enterprise under
cyber attack
Local Situational Factors Example: location, current local time for accessible time
period (e.g., business hours), current location for accessible location checking (e.g., area code, connection origination point)
© Ravi Sandhu 12World-Leading Research with Real-World Impact!
Situational Factors
![Page 13: 1 An Attribute Based Framework for Risk-Adaptive Access Control Models Ravi Sandhu Executive Director and Endowed Professor August 2011 ravi.sandhu@utsa.edu](https://reader036.vdocuments.mx/reader036/viewer/2022081414/551463b2550346b0158b4a44/html5/thumbnails/13.jpg)
© Ravi Sandhu 13World-Leading Research with Real-World Impact!
Access History
![Page 14: 1 An Attribute Based Framework for Risk-Adaptive Access Control Models Ravi Sandhu Executive Director and Endowed Professor August 2011 ravi.sandhu@utsa.edu](https://reader036.vdocuments.mx/reader036/viewer/2022081414/551463b2550346b0158b4a44/html5/thumbnails/14.jpg)
Access HistoryProvides two functions
updates the object access history repository with the attributes in the access request and the access control decision
provides input for future access decisions
Heuristics can be used to Fine-tune access control policies Improve future access decisions Inputs the access decisions
© Ravi Sandhu 14World-Leading Research with Real-World Impact!
Access History
![Page 15: 1 An Attribute Based Framework for Risk-Adaptive Access Control Models Ravi Sandhu Executive Director and Endowed Professor August 2011 ravi.sandhu@utsa.edu](https://reader036.vdocuments.mx/reader036/viewer/2022081414/551463b2550346b0158b4a44/html5/thumbnails/15.jpg)
© Ravi Sandhu 15World-Leading Research with Real-World Impact!
Adaptable Access Control Policies
![Page 16: 1 An Attribute Based Framework for Risk-Adaptive Access Control Models Ravi Sandhu Executive Director and Endowed Professor August 2011 ravi.sandhu@utsa.edu](https://reader036.vdocuments.mx/reader036/viewer/2022081414/551463b2550346b0158b4a44/html5/thumbnails/16.jpg)
Adaptable access control policies can be defined based on all the components
OverridesAutomaticSemi-AutomaticManual
© Ravi Sandhu 16World-Leading Research with Real-World Impact!
Adaptable Access Control Policies
![Page 17: 1 An Attribute Based Framework for Risk-Adaptive Access Control Models Ravi Sandhu Executive Director and Endowed Professor August 2011 ravi.sandhu@utsa.edu](https://reader036.vdocuments.mx/reader036/viewer/2022081414/551463b2550346b0158b4a44/html5/thumbnails/17.jpg)
© Ravi Sandhu 17World-Leading Research with Real-World Impact!
UCON Model
![Page 18: 1 An Attribute Based Framework for Risk-Adaptive Access Control Models Ravi Sandhu Executive Director and Endowed Professor August 2011 ravi.sandhu@utsa.edu](https://reader036.vdocuments.mx/reader036/viewer/2022081414/551463b2550346b0158b4a44/html5/thumbnails/18.jpg)
Key missing featuresSubject definitionAccess HistoryRisk Evaluation
Extending UCON Principles to RAdAC
© Ravi Sandhu 18World-Leading Research with Real-World Impact!
Mapping RAdAC to UCON
![Page 19: 1 An Attribute Based Framework for Risk-Adaptive Access Control Models Ravi Sandhu Executive Director and Endowed Professor August 2011 ravi.sandhu@utsa.edu](https://reader036.vdocuments.mx/reader036/viewer/2022081414/551463b2550346b0158b4a44/html5/thumbnails/19.jpg)
© Ravi Sandhu 19World-Leading Research with Real-World Impact!
Modified UCON Model
![Page 20: 1 An Attribute Based Framework for Risk-Adaptive Access Control Models Ravi Sandhu Executive Director and Endowed Professor August 2011 ravi.sandhu@utsa.edu](https://reader036.vdocuments.mx/reader036/viewer/2022081414/551463b2550346b0158b4a44/html5/thumbnails/20.jpg)
Purely focused on the abstract models
The modified UCON model with the decomposed subject definition and the added functions of access history and risk evaluation is most suitable for modeling and implementing the RAdAC concept.
Future Work: Enforcement and implementation
Defining architecture, protocols and mechanisms for the proposed RAdAC model
© Ravi Sandhu 20World-Leading Research with Real-World Impact!
Conclusion and Future Work