Top Banner
© 2005 Ravi Sandhu www.list.gmu.edu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George Mason University www.list.gmu.edu [email protected]
16

© 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George.

Mar 26, 2015

Download

Documents

Jasmine Davies

administrative scope

rha3 slide

administrative roles

mode ravi sandhu laboratory

rha4 slide

administrative scope

administrative models

qe1 y slide

Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: © 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George.

© 2005 Ravi Sandhuwww.list.gmu.edu

Administrative Scope(best viewed in slide show mode)

Ravi SandhuLaboratory for Information Security Technology

George Mason [email protected]

Page 2: © 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George.

2

© 2005 Ravi Sandhuwww.list.gmu.edu

Administrative Scope

• Jason Crampton and George Loizou. “Administrative scope: A foundation for role-based administrative models.” ACM Transactions on Information and System Security, Volume 6, Number 2, May 2003, pages 201-231.

• Several diagrams and text excerpts are taken directly from this paper.

Page 3: © 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George.

3

© 2005 Ravi Sandhuwww.list.gmu.edu

Administrative Scope

Page 4: © 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George.

4

© 2005 Ravi Sandhuwww.list.gmu.edu

Example Hierarchies

Page 5: © 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George.

5

© 2005 Ravi Sandhuwww.list.gmu.edu

NotationImmediate children Immediate parents Minimal roles

Maximal roles

Junior roles Senior roles

Page 6: © 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George.

6

© 2005 Ravi Sandhuwww.list.gmu.edu

Four Operations

Page 7: © 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George.

7

© 2005 Ravi Sandhuwww.list.gmu.edu

Semantics of Edge Operations

Page 8: © 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George.

8

© 2005 Ravi Sandhuwww.list.gmu.edu

Edge Insertion Anomaly

YNN

NNY

AddEdge(DSO,PE1,QE1) Y

Page 9: © 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George.

9

© 2005 Ravi Sandhuwww.list.gmu.edu

Administrative Scope

Page 10: © 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George.

10

© 2005 Ravi Sandhuwww.list.gmu.edu

Evolving Administrative Scope

Dynamic administrative scopeVersusStatic can-modify

Page 11: © 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George.

11

© 2005 Ravi Sandhuwww.list.gmu.edu

Administrative Scoper is an immediate child of r’

Page 12: © 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George.

12

© 2005 Ravi Sandhuwww.list.gmu.edu

RHA Conditions for Four Operations

• These conditions always apply• RHA1

• Additional conditions may be imposed• RHA2, RHA3, RHA4

Page 13: © 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George.

13

© 2005 Ravi Sandhuwww.list.gmu.edu

RHA1

• Regular roles are also administrative roles

• A role administers roles in its administrative scope

• No further conditions

• Too permissive• ED administers E

Page 14: © 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George.

14

© 2005 Ravi Sandhuwww.list.gmu.edu

RHA2

• RHA1 plus

• Only roles explicitly designated as administrators can administer• Say DIR, PL1, PL2 but not ED and the others

Page 15: © 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George.

15

© 2005 Ravi Sandhuwww.list.gmu.edu

RHA3

Page 16: © 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George.

16

© 2005 Ravi Sandhuwww.list.gmu.edu

RHA3


Related Documents
© 2004 Ravi Sandhu The Schematic Protection Model (SPM) Ravi Sandhu Laboratory for Information Security Technology George Mason University.

© 2004 Ravi Sandhu The Schematic Protection Model (SPM)...

Category: Documents
ISA 662 IKE Key management for IPSEC Prof. Ravi Sandhu.

ISA 662 IKE Key management for IPSEC Prof. Ravi Sandhu.

Category: Documents
Role-Based Access Control on the Web - Ravi Sandhu

Role-Based Access Control on the Web - Ravi Sandhu

Category: Documents
SSL Trust Pitfalls Prof. Ravi Sandhu. 2 © Ravi Sandhu 2002 THE CERTIFICATE TRIANGLE user attributepublic-key X.509 identity certificate X.509 attribute.

SSL Trust Pitfalls Prof. Ravi Sandhu. 2 © Ravi Sandhu 2002....

Category: Documents
Relational Database Access Controls Using SQL - Prof. Ravi Sandhu

Relational Database Access Controls Using SQL - Prof. Ravi.....

Category: Documents
ISA 662 Internet Security Protocols Kerberos Prof. Ravi Sandhu.

ISA 662 Internet Security Protocols Kerberos Prof. Ravi...

Category: Documents
Information Assurance: A Personal Perspective Ravi Sandhu .

Information Assurance: A Personal Perspective Ravi Sandhu .

Category: Documents
© 2005 Ravi Sandhu Administrative Scope (continued) (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology.

© 2005 Ravi Sandhu Administrative Scope (continued) (best....

Category: Documents
Rethinking Password Strategies Ravi Sandhu Chief Scientist sandhu@nsdsecurity 703 283 3484

Rethinking Password Strategies Ravi Sandhu Chief Scientist.....

Category: Documents
© Ravi Sandhu The Secure Information Sharing Problem and Solution Approaches Ravi Sandhu Executive Director and Endowed Chair Institute.

© Ravi Sandhu The Secure Information Sharing Problem and.....

Category: Documents
Prof. Ravi Sandhu Executive Director and Endowed …profsandhu.com/cs5323_s17/L1.pdf1 Introduction and Basic Concepts Prof. Ravi Sandhu Executive Director and Endowed Chair Lecture

Prof. Ravi Sandhu Executive Director and Endowed...

Category: Documents
Asymmetric Digital Signatures And Key Exchange Prof. Ravi Sandhu.

Asymmetric Digital Signatures And Key Exchange Prof. Ravi...

Category: Documents