A Mechanism for Risk Adaptive Access Control (RAdAC) Machon Gregory - - PowerPoint PPT Presentation

a mechanism for risk adaptive access control radac
SMART_READER_LITE
LIVE PREVIEW

A Mechanism for Risk Adaptive Access Control (RAdAC) Machon Gregory - - PowerPoint PPT Presentation

Sep 06, 2023 331 likes •473 views

A Mechanism for Risk Adaptive Access Control (RAdAC) Machon Gregory 14 March 2007 National Information Assurance Research Laboratory (NIARL) Motivation Need for new access control model, Risk Adaptive Access Controls Commonly deployed

slide-1
SLIDE 1

National Information Assurance Research Laboratory (NIARL)

A Mechanism for Risk Adaptive Access Control (RAdAC)

Machon Gregory 14 March 2007

slide-2
SLIDE 2

National Information Assurance Research Laboratory (NIARL)

Motivation

 Need for new access control model, Risk

Adaptive Access Controls

 Commonly deployed systems are

incapable of supporting a policy with ability to change

 Technology exists with the ability to

create a system capable of providing Risk Adaptive Access Controls

slide-3
SLIDE 3

National Information Assurance Research Laboratory (NIARL)

Outline

 Background  Problem  Solution  Implementation  Current Status  Future Work

slide-4
SLIDE 4

National Information Assurance Research Laboratory (NIARL)

Background

 Risk Adaptive Access Control (RAdAC)

− Global Information Grid − “Need to Know” ➔ “Need to Share” − Flexible (escalation and revoke privileges) − Access decisions based on changing risk − Risk is defined by numerous factors

slide-5
SLIDE 5

National Information Assurance Research Laboratory (NIARL)

Problem

 What I want to do

− Selectively Share Information − Maintain Originator Control − Flexible Access Controls

 Why I can't do it now

− Trusted Computer − Access Control Limitation − State of the Remote System

slide-6
SLIDE 6

National Information Assurance Research Laboratory (NIARL)

Scenario

 Document Server/Document Viewer  Protection of documents on remote

machines

 Provide access controls over network

  • bjects

 Escalate and revoke privileges based on a

risk knob

slide-7
SLIDE 7

National Information Assurance Research Laboratory (NIARL)

Scenario

Document Server Client Client

slide-8
SLIDE 8

National Information Assurance Research Laboratory (NIARL)

Solution

 Applications of the Flask Security

Architecture

− Client/Server (SELinux) − Policy over Network Object

 Least Privilege Environment

− Prevents Release of Information − Provides a Level of Assurance

 IPSec Labeled Security Associations

slide-9
SLIDE 9

National Information Assurance Research Laboratory (NIARL)

Implementation

 User-space Security Server  Document Server and Viewer  IPSec with labeled security associations

(SA)

 Translation Mechanism  Mandatory Access Control Operating

System

 Local and network policy

slide-10
SLIDE 10

National Information Assurance Research Laboratory (NIARL)

Implementation

Client Client Document Server NSS This is paragraph

  • ne.

This is paragraph

two.

This is paragraph

three.

This is paragraph

  • ne.

This is paragraph

two.

This is paragraph

three.

This is paragraph

  • ne.

This is paragraph

two.

This is paragraph

three.

This is paragraph

two.

This is paragraph

three.

This is paragraph

two.

This is paragraph

three.

This is paragraph

two.

This is paragraph

three.

slide-11
SLIDE 11

National Information Assurance Research Laboratory (NIARL)

Current Status

 Limited functionality application  3 static policies representing risk  Policies for the system components

slide-12
SLIDE 12

National Information Assurance Research Laboratory (NIARL)

Future Work

 More robust application such as a Virtual

Machine, Word Processor, or Streaming Media Server

 Incorporation of a more secure windowing

environment

 Study the applicability of RAdAC concepts

to real world applications

slide-13
SLIDE 13

National Information Assurance Research Laboratory (NIARL)

Questions? Machon Gregory mbgrego@tycho.nsa.gov