Access Control with Trust and Machine Learning

NISNet PhD student workshop, Bergen, Norway01-03 September 2010

Sergiy Gladysh

NTNU, ITEM

Access Control with Trust and Machine LearningSergiy Gladysh, PhD researcher, NTNU

2Access Control: General Model

Requests

Access Control Policy

(PDP – Policy Decision Point)

Audit Log

Information Security Boundary

O12 O13

Objects

O21 O22 O23

Reference Monitor

(PEP – Policy Enforcement Point)

3Discretionary Access Control (DAC)

Authorization

Reference Monitor

Access Matrix

ACL1:A: r, wB: rC: r:

O1 O2 O3 ...A: r,w r -B: r r rwC: r: r r

ACL2:A: rB: r, wC: r, w

ObjectsInformation Security Boundary

4Mandatory Access Control (MAC)

Objects

Confidentiality Label 2

Access Level 1

Access Level 2

Access Level 3

Access Level 4

Confidentiality Label 2

Top Secret

Secret

Confidential

Unclassified

Reference Monitor

Role-Based Access Control (RBAC)

Permissions

User-Role Assignment

Objects

Permissions

Objects

Role Activation

(UA) (RA)

Context-Aware RBAC, Dynamic Constraints, ABAC

Role1...

Users RA Constraints: - Location;- Temporal

PermissionsUser-Role Assignment

Objects

Permissions

Objects

Role Activation

(UA) (RA)

UA Constraints: - Separation of Duties (SoD);- Attributes (ABAC, XACML)

7Problems in Open Environments

Requests

Access Control Policy

(PDP – Policy Decision Point)

Audit Log

O12 O13

Objects

O21 O22 O23

Reference Monitor(PEP – Policy

Enforcement Point)

X... ZW

Trust Network Analysis + Machine Learning

Trust Metrics - Beta Probability Density Funtions

Problem in Open Environment: New/Unknown User

Trust Network

Lookup: Graph Query >> Indirect Trust Edge

Trust Network

ωEC ωC

Subjective Logic >> Probabilistic Inferrence of Metric for Indirect Trust

Trust Network

ωCXωE

C ωCX

Subjective Logic >> Inferred Metric for Indirect Trust

Trust Network

RBAC Dynamic Constraints + Trust Network

Users RA Constraints: - Location;- Temporal

PermissionsUser-Role Assignment

Objects

Permissions

ObjectsS

Role Activation

(UA) (RA)

UA Constraints: - SoD; - ABAC; - Trust / Reputation

Trust Network

ωEC ωC

Access Control with Trust and Machine Learning

Presentations & Public Speaking

Enhanced Trust Based Access Control for Multi-Cloud

Mandating Open Access - Wellcome Trust

Antitrust and the trust machine - OECD

Fast authentication and trust-based access control in ... · Fast authentication and trust-based access control in heterogeneous wireless ... based access control in heterogeneous

The Trust Paradox: Access Management and Trust in an Insecure Age

National Trust Cottages Access Statement

The CISO’s Guide to Effective Zero-Trust Access

Massive Access for Machine-to-Machine Communication in ...projekter.aau.dk/projekter/files/239500086/master.pdf · Massive Access for Machine-to-Machine Communication in Cellular

P. N. Mahalle et al. Trust Based Access Control 1 A Fuzzy Approach to Trust Based Access Control in Internet of Things

Open access policy and practice: the view from the Wellcome Trust · 2017-12-16 · Open access policy and practice: the view from the Wellcome Trust Open Access Infrastructures:

Access to Sentinels Data - ESA Business Applications · Slide 4 Copernicus Open Access Hub Human-Machine Interface Machine-Machine Interface OpenSearch and Open Data Protocol (ODATA)

Biometric Attendance machine-Access Control System

Chapter VII Interactive Access Control and Trust

National Trust : Access ABCD_Breaking Barriers Building Bridges

How Zero Trust Changes Identity & Access

Real time access control machine

Access Control Authentication: Who goes there? Determine whether access is allowed Authenticate human to machine Authenticate machine to machine Authorization:

Machine Learning for Access Control Policy Verification

ECTC access to careers, Machine Tool Technology

RESEARCH Open Access Machine-to-machine platform