100 likes | 235 Vues
Cyber-Identity and Authorization in an Uncertain World. Ravi Sandhu Laboratory for Information Security Technology www.list.gmu.edu Department of Information and Software Engineering School of Information Technology and Engineering George Mason University sandhu@gmu.edu 703-993-1659.
E N D
Cyber-Identity and Authorizationin an Uncertain World Ravi Sandhu Laboratory for Information Security Technologywww.list.gmu.edu Department of Information and Software Engineering School of Information Technology and Engineering George Mason University sandhu@gmu.edu 703-993-1659
What is Cyber-Security? • Fighting fires • Keeping the bad guys out • Firewalls, Intrusion Detection, Virus scans, Spam filters, Content filters • Increasing productivity • Letting the good guys in • Cyber-Identity and Authorization STOP GO Laboratory for Information Security Technology
What is Cyber-Security? EASY SECURE PRACTICAL Laboratory for Information Security Technology
An Uncertain World • Uncertain threat • We are always fighting the last war • Technological change • Pervasive (ubiquitous) computing • Peer-to-peer, grid and utility computing • Intel’s LaGrande and Microsoft’s Longhorn • The next Intel, Microsoft, Cisco, …. • Business change • Outsourcing and globalization Laboratory for Information Security Technology
Cyber-Identity Megatrends • Federated identity • Identity relying party is NOT the identity provider • Who will be the DMV in cyberspace? • Grades of identity • Identity vetting, authentication strength, purpose, privacy • A single infrastructure to drive all grades Laboratory for Information Security Technology
Cyber-Identity Mega-Challenges • Pervasive (ubiquitous) computing • How can a user get effective control of identity in a pervasive environment • Ad-hoc peer-to-peer computing • First responders in an emergency • Trustworthy computing • Will Intel’s LaGrande technology or Microsoft’s Longhorn help us save the day Laboratory for Information Security Technology
ROLE HIERARCHIES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERS ROLES PERMISSIONS ... SESSIONS CONSTRAINTS RBAC96 Model Laboratory for Information Security Technology
Usage Control (UCON) Coverage • Protection Objectives • Sensitive information protection • IPR protection • Privacy protection • Protection Architectures • Server-side reference monitor • Client-side reference monitor • SRM & CRM Laboratory for Information Security Technology
UCON_ABC Models • Continuity • Decision can be made during usage for continuous enforcement • Mutability • Attributes can be updated as side-effects of subjects’ actions Laboratory for Information Security Technology
Conclusion • Managing cyber-identity and authorization in an uncertain world is one of our nation’s foremost cyber-security problems • RBAC and UCON will be essential underpinnings of the solutions • GMU is a world leader in this sector Laboratory for Information Security Technology