group-centric models for secure and agile information sharingarchitectures for computer network...
TRANSCRIPT
Group-Centric Models for Secure and Agile Information Sharing
Ravi Sandhu
Executive Director and Endowed Professor
Institute for Cyber Security
Executive Director and Endowed ProfessorOctober 2010
[email protected], www.profsandhu.com, www.ics.utsa.edu
© Ravi Sandhu World-Leading Research with Real
Centric Models for Secure and Agile Information Sharing
Ravi Sandhu
Executive Director and Endowed Professor
Institute for Cyber Security
1
Executive Director and Endowed ProfessorOctober 2010
[email protected], www.profsandhu.com, www.ics.utsa.edu
Leading Research with Real-World Impact!
Goal: 4th
� 3 succesful access control models in 40+ years�Discretionary Access Control (DAC)�Mandatory Access Control (MAC)�Role-base Access Control (RBAC)
� Crucial ingredients for success�Strong mathematical foundations�Strong mathematical foundations�Strong intuitive foundations�Significant real-world deployment
© Ravi Sandhu World-Leading Research with Real
th Element
3 succesful access control models in 40+ yearsDiscretionary Access Control (DAC)Mandatory Access Control (MAC)
base Access Control (RBAC)Crucial ingredients for success
Strong mathematical foundations
2
Strong mathematical foundationsStrong intuitive foundations
world deployment
Leading Research with Real-World Impact!
What is the 4
� DAC – owner control� MAC – information flow� RBAC – organizational/social alignment� Dynamics/agility
�Unconstrained DAC: too loose, too fine�Group-centric conceived to fill this gap�Group-centric conceived to fill this gap
© Ravi Sandhu World-Leading Research with Real
What is the 4th Element?
organizational/social alignment
Unconstrained DAC: too loose, too fine-grainedcentric conceived to fill this gap
3
centric conceived to fill this gap
Leading Research with Real-World Impact!
Historical Aside on Dynamics/Agility
� Harrison, Russo and Ullman 1976: HRU�dynamics leads to undecidable safety
� Jones, Lipton, Snyder 1978: Take�simple models can be efficiently decidable
� Sandhu, 1988, 1992: SPM, TAM�sophisticated models can be efficiently decidable�sophisticated models can be efficiently decidable
© Ravi Sandhu World-Leading Research with Real
Historical Aside on Dynamics/Agility
Harrison, Russo and Ullman 1976: HRUdynamics leads to undecidable safety
Jones, Lipton, Snyder 1978: Take-Grantsimple models can be efficiently decidable
Sandhu, 1988, 1992: SPM, TAMsophisticated models can be efficiently decidable
4
sophisticated models can be efficiently decidable
Leading Research with Real-World Impact!
Secure Information Sharing (SIS)
Goal: Share but protect� Containment challenge
� Client containment� Ultimate assurance infeasible (e.g., the analog hole)� Appropriate assurance achievable
� Server containment� Will typically have higher assurance than client containment� Will typically have higher assurance than client containment
� Policy challenge� How to construct meaningful, usable, agile SIS policy� How to develop an intertwined information and security model
© Ravi Sandhu World-Leading Research with Real
Secure Information Sharing (SIS)
Ultimate assurance infeasible (e.g., the analog hole)Appropriate assurance achievable
Will typically have higher assurance than client containment
5
Will typically have higher assurance than client containment
How to construct meaningful, usable, agile SIS policyHow to develop an intertwined information and security model
Leading Research with Real-World Impact!
Community Cyber Security
Core
Group Conditional
Membership
Automatic
Membership
Filtered RW
Administered
Membership
© Ravi Sandhu World-Leading Research with Real
Open
Group
Membership
Community Cyber Security
Incident
Group
6Leading Research with Real-World Impact!
Administered
Membership
Domain
Experts
Community Cyber Security
Core
Group
Incident
Groups
Automatic
Membership
Conditional
Membership
Read
Subordination
© Ravi Sandhu World-Leading Research with Real
Open
Group Write
Subordination
Community Cyber Security
Incident
Groups
g1
g2
Read
Subordination Domain
Experts
Administered
Membership
7Leading Research with Real-World Impact!
g2
g3
Write
Subordination
A Family of g
© Ravi Sandhu World-Leading Research with Real
� We have achieved a deep, formal understanding of isolated, undifferentiated groups
� Next challenge: extend the theory to connected, differentiated groups
A Family of g-SIS Models
8Leading Research with Real-World Impact!
We have achieved a deep, formal understanding of isolated, undifferentiated groupsNext challenge: extend the theory to connected,
Formal Models Development
Formal stateless behavioral model
Formal statefulenforceable model
Provable security properties
© Ravi Sandhu World-Leading Research with Real
Formal statefulenforceable model with latencies,
disconnected operations etc
Proof of safe equivalence
Formal Models Development
Provable security properties
Proof of equivalence
9
Leading Research with Real-World Impact!
Proof of safe equivalence
g-SIS Model Components
� Operational aspects� Group operation semanticso Add, Join, Leave, Remove, etc
o Multicast group is one example� Object modelo Read-onlyo Read-Write (no versioning
� User-subject model� User-subject modelo Read-only Vs read-write
� Policy specification
� Administrative aspects� Authorization to create group, user join/leave, object
add/remove, etc.
© Ravi Sandhu World-Leading Research with Real
SIS Model Components
Add, Join, Leave, Remove, etc
Multicast group is one example
Write (no versioning vs versioning)
Users
Objects
Group
Authz (u,o,r)?
join leave
add remove
10
Authorization to create group, user join/leave, object
Leading Research with Real-World Impact!
Core Properties
� Authorization Persistence� Authorization cannot change unless some group event occurs
© Ravi Sandhu World-Leading Research with Real
Core Properties
Authorization cannot change unless some group event occurs
11Leading Research with Real-World Impact!
The π-system Specification
© Ravi Sandhu World-Leading Research with Real
system Specification
12Leading Research with Real-World Impact!
Sample Stateful
Authz (s,o,r) ->
Add-TS(o) > Join
Leave-TS(s) = NULL &
Remove-TS(o) = NULL
© Ravi Sandhu World-Leading Research with Real
Remove-TS(o) = NULL
Stateful Specification
TS(o) > Join-TS(s) &
TS(s) = NULL &
TS(o) = NULL
13Leading Research with Real-World Impact!
TS(o) = NULL
Summary
� The 4th element, crucial for dynamic/agile secure information sharing� Discretionary Access Control (DAC)
� Mandatory Access Control (MAC)
� Role-base Access Control (RBAC)
� Group-centric Secure Information Sharing (g
� Crucial ingredients for success
© Ravi Sandhu World-Leading Research with Real
� Crucial ingredients for success� Strong mathematical foundations
� Strong intuitive foundations
� Significant real-world deployment
Summary
element, crucial for dynamic/agile secure
Discretionary Access Control (DAC)
Mandatory Access Control (MAC)
base Access Control (RBAC)
centric Secure Information Sharing (g-SIS)
Crucial ingredients for success
14Leading Research with Real-World Impact!
Crucial ingredients for successStrong mathematical foundations
Strong intuitive foundations
world deployment
Publications
� Ram Krishnan, Jianwei Niu, Ravi Sandhu and William Winsborough, “Groupfor Isolated Groups.” ACM Transactions on Information and System Security
� Ravi Sandhu, Ram Krishnan and Gregory White, “TowarSecurity.” In Proceedings 5th IEEE International ConfereWorksharing (CollaborateCom), Chicago, Illinois, October 9
� Ravi Sandhu, Ram Krishnan, Jianwei Niu and William Winsborough, “GroupInformation Sharing.” In Proceedings 5th International Conference, on Mathematical Methods, Models, and Architectures for Computer Network Security, MMM-ACNS 2010, St. Petersburg, Russia, September 855-69. Published as Springer Lecture Notes in Computer Science Vol. 6258, and Victor Skormin, editors), 2010.
� Ram Krishnan, Ravi Sandhu, Jianwei Niu and William Winsborough, “Towards a Framework for GroupCollaboration.” In Proc. 5th IEEE International ConferencWorksharing (CollaborateCom), Crystal City, Virginia, November 11
� Ram Krishnan and Ravi Sandhu, “A Hybrid Enforcement Model for Group
© Ravi Sandhu World-Leading Research with Real
� Ram Krishnan and Ravi Sandhu, “A Hybrid Enforcement Model for GroupIEEE International Conference on Computational Science and Engineering (CSE31, 2009, pages 189-194.
� Ram Krishnan, Ravi Sandhu, Jianwei Niu and William Winsborough, “Formal Models for GroupInformation Sharing.” Proc. 14th ACM Symposium on Access Control Models and Technologies (SACMAT)Italy, June 3-5, 2009, pages 115-124.
� Ram Krishnan, Ravi Sandhu, Jianwei Niu and William Winsborough, “A Conceptual Framework for GroupSecure Information Sharing.” Proc. 4th ACM Symposium on Information, Computer and Communications Security (AsiaCCS), Sydney, Australia, March 10-12, 2009, pages 384
� Ram Krishnan, Jianwei Niu, Ravi Sandhu and William Winsborough, “StaleSecure Information Sharing.” Proc. 6th ACM-CCS Workshop on Formal Methods in Security Engineering (FMSE),Alexandria, Virginia, October 27, 2008, pages 53-62.
Publications
Ram Krishnan, Jianwei Niu, Ravi Sandhu and William Winsborough, “Group-Centric Secure Information Sharing Models ACM Transactions on Information and System Security, accepted with minor revision.
ards Secure Information Sharing Models for Community Cyber erence on Collaborative Computing: Networking, Applications and
, Chicago, Illinois, October 9-12, 2010.Ravi Sandhu, Ram Krishnan, Jianwei Niu and William Winsborough, “Group-Centric Models for Secure and Agile
Proceedings 5th International Conference, on Mathematical Methods, Models, and ACNS 2010, St. Petersburg, Russia, September 8-10, 2010, pages
69. Published as Springer Lecture Notes in Computer Science Vol. 6258, Computer Network Security (Igor Kotenko
Ram Krishnan, Ravi Sandhu, Jianwei Niu and William Winsborough, “Towards a Framework for Group-Centric Secure ence on Collaborative Computing: Networking, Applications and
, Crystal City, Virginia, November 11-14, 2009, pages 1-10. Ram Krishnan and Ravi Sandhu, “A Hybrid Enforcement Model for Group-Centric Secure Information Sharing.” Proc.
15Leading Research with Real-World Impact!
Ram Krishnan and Ravi Sandhu, “A Hybrid Enforcement Model for Group-Centric Secure Information Sharing.” Proc. IEEE International Conference on Computational Science and Engineering (CSE-09), Vancouver, Canada, August 29-
Ram Krishnan, Ravi Sandhu, Jianwei Niu and William Winsborough, “Formal Models for Group-Centric Secure Proc. 14th ACM Symposium on Access Control Models and Technologies (SACMAT), Stresa,
Ram Krishnan, Ravi Sandhu, Jianwei Niu and William Winsborough, “A Conceptual Framework for Group-Centric Proc. 4th ACM Symposium on Information, Computer and Communications Security
12, 2009, pages 384-387.Ram Krishnan, Jianwei Niu, Ravi Sandhu and William Winsborough, “Stale-Safe Security Properties for Group-Based
CCS Workshop on Formal Methods in Security Engineering (FMSE),