Submit Search
Upload
Attribute Based Access Control and Administrative Model
•
0 likes
•
165 views
M
Maanak Gupta, Ph.D.
Follow
Attribute Based Access Control Model with Groups and Administrative Model
Read less
Read more
Education
Report
Share
Report
Share
1 of 15
Download now
Download to read offline
Recommended
important struts interview questions
important struts interview questions
surendray
Types of models
Types of models
Rahul Nagda
Database Management System Security.pptx
Database Management System Security.pptx
Roshni814224
3122019 Originality Reporthttpsblackboard.nec.eduweb.docx
3122019 Originality Reporthttpsblackboard.nec.eduweb.docx
rhetttrevannion
Android Dagger2
Android Dagger2
Monir Zzaman
IRJET- An Sla-Aware Cloud Coalition Formation Approach for Virtualized Networks.
IRJET- An Sla-Aware Cloud Coalition Formation Approach for Virtualized Networks.
IRJET Journal
Microsoft Azure Security Technologies (AZ-500) Exam Dumps 2023.pdf
Microsoft Azure Security Technologies (AZ-500) Exam Dumps 2023.pdf
SkillCertProExams
SAP SECURITY ONLINE TRAINING
SAP SECURITY ONLINE TRAINING
Santhosh Sap
Recommended
important struts interview questions
important struts interview questions
surendray
Types of models
Types of models
Rahul Nagda
Database Management System Security.pptx
Database Management System Security.pptx
Roshni814224
3122019 Originality Reporthttpsblackboard.nec.eduweb.docx
3122019 Originality Reporthttpsblackboard.nec.eduweb.docx
rhetttrevannion
Android Dagger2
Android Dagger2
Monir Zzaman
IRJET- An Sla-Aware Cloud Coalition Formation Approach for Virtualized Networks.
IRJET- An Sla-Aware Cloud Coalition Formation Approach for Virtualized Networks.
IRJET Journal
Microsoft Azure Security Technologies (AZ-500) Exam Dumps 2023.pdf
Microsoft Azure Security Technologies (AZ-500) Exam Dumps 2023.pdf
SkillCertProExams
SAP SECURITY ONLINE TRAINING
SAP SECURITY ONLINE TRAINING
Santhosh Sap
SAP-Security-Madhu
SAP-Security-Madhu
Madhu Sharma
Model-Based Systems Requirements
Model-Based Systems Requirements
Jean-Michel Bruel
Anil kumar sap security and grc consultant
Anil kumar sap security and grc consultant
Anil Kumar
A Framework for Predicate Based Access Control Policies in Infrastructure as ...
A Framework for Predicate Based Access Control Policies in Infrastructure as ...
IJERA Editor
Vpd
Vpd
Sage Computing Services
Opencast Valencia 2017: Users, groups, roles, ACLs and providers
Opencast Valencia 2017: Users, groups, roles, ACLs and providers
Stephen Marquard
Book Recommendation System
Book Recommendation System
IRJET Journal
Supporting Privacy Protection In Personalized Web Search
Supporting Privacy Protection In Personalized Web Search
IRJET Journal
Anil kumar sap security & GRC
Anil kumar sap security & GRC
Anil Kumar
Cavaros
Cavaros
Too Jannarong
How much do we know about Object-Oriented Programming?
How much do we know about Object-Oriented Programming?
Sandro Mancuso
Learning Software Performance Models for Dynamic and Uncertain Environments
Learning Software Performance Models for Dynamic and Uncertain Environments
Pooyan Jamshidi
Framework for tagging software in web application
Framework for tagging software in web application
csandit
FRAMEWORK FOR TAGGING SOFTWARE IN WEB APPLICATION
FRAMEWORK FOR TAGGING SOFTWARE IN WEB APPLICATION
cscpconf
Software Engineering Unit 1
Software Engineering Unit 1
Abhimanyu Mishra
High Performance Cloud Native APIs Using Apache Geode
High Performance Cloud Native APIs Using Apache Geode
VMware Tanzu
Anil kumar sap security and grc consultant
Anil kumar sap security and grc consultant
Anil Kumar
Online examination documentation
Online examination documentation
Wakimul Alam
IRJET- A Review On - Controlchain: Access Control using Blockchain
IRJET- A Review On - Controlchain: Access Control using Blockchain
IRJET Journal
Manoj(Java Developer)_Resume
Manoj(Java Developer)_Resume
Vamsi Manoj
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
AreebaZafar22
Tatlong Kwento ni Lola basyang-1.pdf arts
Tatlong Kwento ni Lola basyang-1.pdf arts
Nbelano25
More Related Content
Similar to Attribute Based Access Control and Administrative Model
SAP-Security-Madhu
SAP-Security-Madhu
Madhu Sharma
Model-Based Systems Requirements
Model-Based Systems Requirements
Jean-Michel Bruel
Anil kumar sap security and grc consultant
Anil kumar sap security and grc consultant
Anil Kumar
A Framework for Predicate Based Access Control Policies in Infrastructure as ...
A Framework for Predicate Based Access Control Policies in Infrastructure as ...
IJERA Editor
Vpd
Vpd
Sage Computing Services
Opencast Valencia 2017: Users, groups, roles, ACLs and providers
Opencast Valencia 2017: Users, groups, roles, ACLs and providers
Stephen Marquard
Book Recommendation System
Book Recommendation System
IRJET Journal
Supporting Privacy Protection In Personalized Web Search
Supporting Privacy Protection In Personalized Web Search
IRJET Journal
Anil kumar sap security & GRC
Anil kumar sap security & GRC
Anil Kumar
Cavaros
Cavaros
Too Jannarong
How much do we know about Object-Oriented Programming?
How much do we know about Object-Oriented Programming?
Sandro Mancuso
Learning Software Performance Models for Dynamic and Uncertain Environments
Learning Software Performance Models for Dynamic and Uncertain Environments
Pooyan Jamshidi
Framework for tagging software in web application
Framework for tagging software in web application
csandit
FRAMEWORK FOR TAGGING SOFTWARE IN WEB APPLICATION
FRAMEWORK FOR TAGGING SOFTWARE IN WEB APPLICATION
cscpconf
Software Engineering Unit 1
Software Engineering Unit 1
Abhimanyu Mishra
High Performance Cloud Native APIs Using Apache Geode
High Performance Cloud Native APIs Using Apache Geode
VMware Tanzu
Anil kumar sap security and grc consultant
Anil kumar sap security and grc consultant
Anil Kumar
Online examination documentation
Online examination documentation
Wakimul Alam
IRJET- A Review On - Controlchain: Access Control using Blockchain
IRJET- A Review On - Controlchain: Access Control using Blockchain
IRJET Journal
Manoj(Java Developer)_Resume
Manoj(Java Developer)_Resume
Vamsi Manoj
Similar to Attribute Based Access Control and Administrative Model
(20)
SAP-Security-Madhu
SAP-Security-Madhu
Model-Based Systems Requirements
Model-Based Systems Requirements
Anil kumar sap security and grc consultant
Anil kumar sap security and grc consultant
A Framework for Predicate Based Access Control Policies in Infrastructure as ...
A Framework for Predicate Based Access Control Policies in Infrastructure as ...
Vpd
Vpd
Opencast Valencia 2017: Users, groups, roles, ACLs and providers
Opencast Valencia 2017: Users, groups, roles, ACLs and providers
Book Recommendation System
Book Recommendation System
Supporting Privacy Protection In Personalized Web Search
Supporting Privacy Protection In Personalized Web Search
Anil kumar sap security & GRC
Anil kumar sap security & GRC
Cavaros
Cavaros
How much do we know about Object-Oriented Programming?
How much do we know about Object-Oriented Programming?
Learning Software Performance Models for Dynamic and Uncertain Environments
Learning Software Performance Models for Dynamic and Uncertain Environments
Framework for tagging software in web application
Framework for tagging software in web application
FRAMEWORK FOR TAGGING SOFTWARE IN WEB APPLICATION
FRAMEWORK FOR TAGGING SOFTWARE IN WEB APPLICATION
Software Engineering Unit 1
Software Engineering Unit 1
High Performance Cloud Native APIs Using Apache Geode
High Performance Cloud Native APIs Using Apache Geode
Anil kumar sap security and grc consultant
Anil kumar sap security and grc consultant
Online examination documentation
Online examination documentation
IRJET- A Review On - Controlchain: Access Control using Blockchain
IRJET- A Review On - Controlchain: Access Control using Blockchain
Manoj(Java Developer)_Resume
Manoj(Java Developer)_Resume
Recently uploaded
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
AreebaZafar22
Tatlong Kwento ni Lola basyang-1.pdf arts
Tatlong Kwento ni Lola basyang-1.pdf arts
Nbelano25
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
Mebane Rash
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
MaryamAhmad92
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University of Engineering & Technology, Jamshoro
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptx
Celine George
How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17
Celine George
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Pooja Bhuva
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
Celine George
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
neillewis46
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Pooja Bhuva
21st_Century_Skills_Framework_Final_Presentation_2.pptx
21st_Century_Skills_Framework_Final_Presentation_2.pptx
JoelynRubio1
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
Celine George
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
Jisc
Plant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptx
UmeshTimilsina1
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
Nguyen Thanh Tu Collection
Basic Intentional Injuries Health Education
Basic Intentional Injuries Health Education
NeilDeclaro1
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
Jisc
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
Nirmal Dwivedi
Recently uploaded
(20)
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
Tatlong Kwento ni Lola basyang-1.pdf arts
Tatlong Kwento ni Lola basyang-1.pdf arts
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptx
How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptx
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
21st_Century_Skills_Framework_Final_Presentation_2.pptx
21st_Century_Skills_Framework_Final_Presentation_2.pptx
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
Plant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptx
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
Basic Intentional Injuries Health Education
Basic Intentional Injuries Health Education
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
Attribute Based Access Control and Administrative Model
1.
The GURAG Administrative
Model for User and Group Attribute Assignment Prof. Ravi Sandhu Executive Director and Endowed Chair 10th International Conference on Network and System Security (NSS) September 28-30, 2016 ravi.sandhu@utsa.edu www.profsandhu.com Maanak Gupta and Ravi Sandhu Department of Computer Science Institute for Cyber Security © Ravi Sandhu World-Leading Research with Real-World Impact! 1
2.
Attribute Based
Access Control requires attributes of entities to make access control decisions. provides flexible and fine grained access control needs attributes (characteristics of entities) to be assigned by security administrators before access policies can be enforced. Several models have been developed ABACα model [DBSec12] Attribute based encryption (ABE) [CCS06] Logical Based Framework for ABAC [FMSE04] Attributed based AC for web services [ICWS'05] Guide to ABAC Definitions and Considerations [NIST SP 800-162] etcetera!! Attribute Based Access Control (ABAC) © Ravi Sandhu World-Leading Research with Real-World Impact! 2
3.
© Ravi Sandhu
World-Leading Research with Real-World Impact! 3 ABAC Administration GURA (Single User, Single Attribute Value Assignment) satisfy condition Attribute Value assign or delete Who ? Prerequisite Cond. Attribute Value Attribute Value Attribute Value satisfy condition Attribute Value assign or delete
4.
Redefined HGABAC © Ravi
Sandhu World-Leading Research with Real-World Impact! 4 U: User UG: User-Group S: Subject UA: User Attributes O: Object OG: Object-Group OA: Object Attributes OP: Operation (Actions) [Servos et al] proposed Hierarchical Group and Attribute based Access Control (HGABAC) operational model Introduces the notion of User and Object Groups Core advantage is simplified administration of attributes User and Objects are assigned set of attributes in one go as compared to single assignment at a time.
5.
Example User-Group Hierarchy ©
Ravi Sandhu World-Leading Research with Real-World Impact! 5 Senior Groups inherit attributes from junior group Graduate group (G) is senior to CSD and UN G inherits attributes from both CSD and UN example: ‘univId’ and ‘college’ attribute for G inherited from UN and CSD User assigned to group G will have direct attributes and attributes from G
6.
GURAG Administrative Model ©
Ravi Sandhu World-Leading Research with Real-World Impact! 6 GURAG Sub Models UAA: User Attribute Assignment UGAA: User Group Attribute Assignment UGA: User to User-Group Assignment This paper proposes the first administration model for HGABAC model referred as GURAG.
7.
Example UAA
rules User Attribute Assignment (UAA) © Ravi Sandhu World-Leading Research with Real-World Impact! 7 Administrative Role Prerequisite Condition Allowed values Rule 1: Administrative Role DeptAdmin (or senior) can add any value in {TA, Grader} to user attribute ‘jobTitle’ if the user’s ‘studType’ attribute includes ‘Grad’ value. Common Policy Expression Language: EXPR(UA) in UAA:
8.
Example UGAA
rules User Group Attribute Assignment (UGAA) © Ravi Sandhu World-Leading Research with Real-World Impact! 8 EXPR(UA) in UGAA:
9.
User to User-Group
Assignment (UGA) © Ravi Sandhu World-Leading Research with Real-World Impact! 9 EXPR(UA ∪ UG) in UGA: Example UGA canAssign rules: Example UGA canRemove rules:
10.
studId: {abc12} skills: {c,java} roomAcc:
{1.2} USER GRADUATE GROUP (G) DeptAdmin (or senior) USER UGA studType: {Grad} roomAcc: {2.03, 2.04, 3.02} userType: {student} college: {COS} univId: {12345} studId: {abc12} skills: {c,java} roomAcc: {1.2, 2.03, 2.04, 3.02} studType: {Grad} userType: {student} college: {COS} univId: {12345} effective attributes effective attributesdirect & effective attributes 1 2 3 User to User-Group Assignment (UGA) © Ravi Sandhu World-Leading Research with Real-World Impact! 10 Here the user has been assigned set of attributes by group G membership, in lieu of single attribute assignment, making attribute administration easy.
11.
Weak Removal
versus Strong Removal GURAG Model Extensions © Ravi Sandhu World-Leading Research with Real-World Impact! 11 will not impact implicit membership o After removal from CSD, user still inherits attribute of CSD through G. will remove both explicit and implicit memberships o User will be removed from G, if removed from CSD and authorized by rules. USER
12.
Weak Removal
versus Strong Removal GURAG Model Extensions © Ravi Sandhu World-Leading Research with Real-World Impact! 12 will not impact implicit membership o After removal from CSD, user still inherits attribute of CSD through G. will remove both explicit and implicit memberships o User will be removed from G, if removed from CSD and authorized by rules. USER
13.
GURAG Model Extensions
Inherited Value Deletion in User Inherited Value Deletion in User Group © Ravi Sandhu World-Leading Research with Real-World Impact! 13 canDeleteunivId ADMIN ROLE 2 1 Deleting an inherited value from a user will require to remove the membership of a user from all the user groups from where the value is inherited. Deleting an inherited value from a user group will require the deletion of value from all the junior groups which have value directly assigned. GROUP (G3) studType: {Grad} roomAcc: {2.03, 2.04, 3.02} userType: {student} effective attributes GROUP (G1) roomAcc: {2.04, 3.02} userType: {student} GROUP (G2) roomAcc: {2.03} userType: {student} canDeleteuserType 1 22 Note: Administrative Rules must exist to authorize operations.
14.
Advantage: Simplified distributed
attribute administration. RBAC advantage inherited. Limitations: Cascading pre-assignment of attributes may lead to some values assignment not essentially required by the entity. UGA may require multiple pre-assignments of junior group to assign senior group, though the same inheritance can be achieved by senior group membership only. Future Work: Reachability Analysis for GURAG User and Object Group hierarchy administration. Attribute based User and Group attribute management. Discussions and Future Work © Ravi Sandhu World-Leading Research with Real-World Impact! 14
15.
Institute for Cyber
Security © Ravi Sandhu World-Leading Research with Real-World Impact! 15
Download now