Your SlideShare is downloading. ×
Purpose-Centric Secure Information Sharing
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Purpose-Centric Secure Information Sharing

883

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
883
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Purpose-Centric Secure Information Sharing Ravi Sandhu Executive Director and Endowed Professor Institute for Cyber Security (ICS) University of Texas at San Antonio September 2009 ravi.sandhu@utsa.edu www.profsandhu.com © Ravi Sandhu
  • 2. Butler Lampson Paraphrased (I think)
    • Computer scientists could never have designed the web because they would have tried to make it work.
    • But the Web does “work.”
    • What does it mean for the Web to “work”?
    • Security geeks could never have designed the ATM network because they would have tried to make it secure.
    • But the ATM network is “secure.
    • What does it mean for the ATM network to be “secure”?
    © Ravi Sandhu
  • 3. Security Objectives INTEGRITY modification AVAILABILITY access CONFIDENTIALITY disclosure © Ravi Sandhu
  • 4. Security Objectives INTEGRITY modification AVAILABILITY access CONFIDENTIALITY disclosure USAGE purpose © Ravi Sandhu
  • 5. Security Objectives INTEGRITY modification AVAILABILITY access CONFIDENTIALITY disclosure USAGE purpose USAGE © Ravi Sandhu
  • 6. Information Sharing Modes © Ravi Sandhu
    • Fundamental Goal: Share BUT Protect
    • I. Dissemination-Centric Sharing
      • Digital Rights Management
      • Enterprise Rights Management
      • XrML
    • II. Query-Centric Sharing
      • Queries wrt a protected dataset
      • Several talks yesterday focused on privacy protection
      • More generally de-aggregation/inference protection
    • III. Purpose-Centric Sharing
      • Sharing for a purpose
      • Mission-centric sharing
      • Group-centric sharing
  • 7. Information Protection Models
    • Discretionary Access Control (DAC)
      • Owner-based discretion
      • Classic formulation fails to distinguish copy from read
    • Lattice-Based Access Control (LBAC)
      • One directional information flow in a lattice of security labels
      • Rigid and coarse-grained due to strict one-directional information flow within predefined security labels
    • Role-Based Access Control (RBAC)
      • Role is central, administration is simplified
      • Flexible: can be configured to do DAC or LBAC
      • Role engineering/discovery is challenging
    • Attribute-Based Access Control (ABAC)
      • Subsumes security labels, roles and more
      • Attribute engineering even more challenging
    • Usage Control (UCON)
      • ABAC on steroids
      • Consumable rights, usage limits, obligations, conditions
    © Ravi Sandhu
  • 8. Group-Centric Sharing (g-SIS)
    • Brings users & objects together in a group for some purpose
    • Metaphor: secure meeting room
    • Research goal: combine elements of DAC, LBAC, RBAC, ABAC, UCON, g-SIS into a coherent framework for purpose-centric information sharing while leveraging dissemination-centric and data-centric information sharing
    • Initial focus: understand and formalize g-SIS
    © Ravi Sandhu Group Authz (u,o,r)? join leave add remove Users Objects
  • 9. PEI Layers World-View © Ravi Sandhu Security and system goals Policy models Enforcement models/architectures Implementation models/architectures/platforms Concrete System
    • Necessarily informal
    • Specified in terms of users, subjects, objects, administrators, labels, roles, groups, etc. in an idealized setting.
    • Security analysis (e.g. security objectives, security properties, etc.)
    • Approximated policy realized using system architecture with trusted servers, secure protocols, etc. in a real-world setting
    • Enforcement level security analysis (e.g. safe approximations with respect to network latency, protocol proofs, security properties, etc.)
    • Technologies and standards such as SOA, Cloud, SaaS, TCG/TPM, MILS, X.509, SAML, XACML, Oath, Oauth, etc.
    • Implementation level security analysis (e.g. vulnerability analysis, penetration testing, protocol proofs, security properties, etc.)
    • Layered software stacks executing on hardware
  • 10. Published Results to Date
    • Ram Krishnan, Ravi Sandhu, Jianwei Niu and William Winsborough, Foundations for Group-Centric Secure Information Sharing Models. Proc. 14th ACM Symposium on Access Control Models and Technologies (SACMAT), Stresa, Italy, June 3-5, 2009, pages 115-124.
    • Ram Krishnan, Ravi Sandhu, Jianwei Niu and William Winsborough, A Conceptual Framework for Group-Centric Secure Information Sharing. Proc. 4th ACM Symposium on Information, Computer and Communications Security (AsiaCCS) , Sydney, Australia, March 10-12, 2009, pages 384-387.
    • Ram Krishnan, Jianwei Niu, Ravi Sandhu and William Winsborough, Stale-Safe Security Properties for Group-Based Secure Information Sharing . Proc. 6th ACM-CCS Workshop on Formal Methods in Security Engineering (FMSE) , Alexandria, Virginia, October 27, 2008, pages 53-62.
    • Ram Krishnan and Ravi Sandhu, A Hybrid Enforcement Model for Group-Centric Secure Information Sharing. Proc. IEEE International Symposium on Secure Computing (SecureCom-09), Vancouver, Canada, August 29-31, 2009.
    • Ram Krishnan and Ravi Sandhu, Enforcement Architecture and Implementation Model for Group-Centric Information Sharing. Proc. 1st International Workshop on Security and Communication Networks (IWSCN), Trondheim, Norway, May 20-22, 2009.
    © Ravi Sandhu

×