Top Banner
Role Activation Hierarchies Ravi Sandhu George Mason University
16
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Role Activation Hierarchies Ravi Sandhu George Mason University.

Role Activation Hierarchies

Ravi Sandhu

George Mason University

Page 2: Role Activation Hierarchies Ravi Sandhu George Mason University.

RBAC96

ROLES

USER-ROLEASSIGNMENT

PERMISSION-ROLEASSIGNMENT

USERS PERMISSIONS

... SESSIONS

ROLE HIERARCHIES

CONSTRAINTS

Page 3: Role Activation Hierarchies Ravi Sandhu George Mason University.

ROLE HIERARCHIES

Inheritance hierarchies permission inheritance user inheritance

Activation hierarchies role membership versus role activation

Page 4: Role Activation Hierarchies Ravi Sandhu George Mason University.

EXAMPLE ROLE HIERARCHYINTERPRETATIONS

Employee (E)

Engineering Department (ED)

Project Lead 1(PL1)

Engineer 1(E1)

Production 1(P1)

Quality 1(Q1)

Director (DIR)

Project Lead 2(PL2)

Engineer 2(E2)

Production 2(P2)

Quality 2(Q2)

PROJECT 2PROJECT 1

Page 5: Role Activation Hierarchies Ravi Sandhu George Mason University.

ALTERNATIVES

separate inheritance and activation hierarchies this paper

single inheritance and activation hierarchy most common approach, including RBAC96

activation hierarchy only, no inheritance alternative identified in NIST RBAC model

inheritance hierarchy only, no activation hierarchy does not seem to be useful

Page 6: Role Activation Hierarchies Ravi Sandhu George Mason University.

LBAC: LIBERAL *-PROPERTY

H

L

M1 M2

Read Write- +

+ -

Page 7: Role Activation Hierarchies Ravi Sandhu George Mason University.

LBAC: LIBERAL *-PROPERTY DUAL ROLE SIMULATION

HR

LR

M1R M2R

LW

HW

M1W M2W

Read Write-

+

Page 8: Role Activation Hierarchies Ravi Sandhu George Mason University.

LBAC: STRICT *-PROPERTY

H

L

M1 M2

Read Write-

+

Page 9: Role Activation Hierarchies Ravi Sandhu George Mason University.

LBAC: STRICT *-PROPERTY DUAL ROLE SIMULATION

HR

LR

M1R M2R LW

HWM1W M2W

Page 10: Role Activation Hierarchies Ravi Sandhu George Mason University.

LBAC: STRICT *-PROPERTY SIMULATION BY PRIVATE ROLES

HR

LR

M1R M2R

Page 11: Role Activation Hierarchies Ravi Sandhu George Mason University.

LBAC: STRICT *-PROPERTY SIMULATION BY PRIVATE ROLES

HR

LR

M1R M2R

HW

LW

M1W M2W

Page 12: Role Activation Hierarchies Ravi Sandhu George Mason University.

LBAC: STRICT *-PROPERTY SIMULATION BY PRIVATE ROLES

HR

LR

M1R M2R

HW

LW

M1W M2W

Page 13: Role Activation Hierarchies Ravi Sandhu George Mason University.

DYNAMIC SEPARATION OF DUTIES

Roles in dynamic SOD cannot have common seniors in role

inheritance hierarchy, but can have common seniors in role

activation hierarchy

Page 14: Role Activation Hierarchies Ravi Sandhu George Mason University.

EXAMPLE ROLE HIERARCHYINTERPRETATIONS

Employee (E)

Engineering Department (ED)

Project Lead 1(PL1)

Engineer 1(E1)

Production 1(P1)

Quality 1(Q1)

Director (DIR)

Project Lead 2(PL2)

Engineer 2(E2)

Production 2(P2)

Quality 2(Q2)

PROJECT 2PROJECT 1

Page 15: Role Activation Hierarchies Ravi Sandhu George Mason University.

ACTIVATION HIERARCHIES

A

B

D

C

E

A

B

D

C

E

Page 16: Role Activation Hierarchies Ravi Sandhu George Mason University.

CONCLUSION

separate inheritance and activation hierarchies this paper

single inheritance and activation hierarchy most common approach, including RBAC96

activation hierarchy only, no inheritance alternative identified in NIST RBAC model

inheritance hierarchy only, no activation hierarchy does not seem to be useful


Related Documents
SACMAT 03© Mohammad Al-Kahtani1 Induced Role Hierarchies with Attribute-Based RBAC Mohammad A. Al-Kahtani Ravi Sandhu George Mason University NSD Security,

SACMAT 03© Mohammad Al-Kahtani1 Induced Role Hierarchies...

Category: Documents
1 TOPIC LATTICE-BASED ACCESS-CONTROL MODELS Ravi Sandhu.

1 TOPIC LATTICE-BASED ACCESS-CONTROL MODELS Ravi Sandhu.

Category: Documents
Authentication: the problem that will not go away Prof. Ravi Sandhu Chief Scientist sandhu@tricipher.com 703 283 3484 Protecting Online Identity.

Authentication: the problem that will not go away Prof. Ravi...

Category: Documents
© 2004 Ravi Sandhu Role-Based Access Control Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.

© 2004 Ravi Sandhu Role-Based Access Control Prof. Ravi...

Category: Documents
ROLE-BASED ACCESS CONTROL: A MULTI-DIMENSIONAL VIEW Ravi Sandhu, Edward Coyne, Hal Feinstein and Charles Youman Seta Corporation McLean, VA Ravi Sandhu.

ROLE-BASED ACCESS CONTROL: A MULTI-DIMENSIONAL VIEW Ravi...

Category: Documents
Security Cloud: Cloud Trust Brokers · Security and the Cloud: Cloud Trust Brokers Ravi Sandhu Ravi Ganesan* Founder, SafeMashups +1.415.680.5746 ravi@safemashups com ravi@findravi

Security Cloud: Cloud Trust Brokers · Security and the...

Category: Documents
© Ravi Sandhu HRU and TAM Ravi Sandhu Laboratory for Information Security Technology George Mason University sandhu@gmu.edu.

© Ravi Sandhu HRU and TAM Ravi Sandhu Laboratory for...

Category: Documents
CURRICULUM VITAE - Prof. Ravi Sandhuprofsandhu.com/sandhu/vita_long.docx · Web viewCo-Principal Investigators: Ravi Sandhu, Ram Tripathi Sponsor: Silicon Informatics, 2012-2014 Secure

CURRICULUM VITAE - Prof. Ravi...

Category: Documents
© 2004 Ravi Sandhu A Perspective on Graphs and Access Control Models Ravi Sandhu Laboratory for Information Security Technology George.

© 2004 Ravi Sandhu A Perspective on Graphs and Access...

Category: Documents
Role-Based Access Control on the Web - Ravi Sandhu

Role-Based Access Control on the Web - Ravi Sandhu

Category: Documents
ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University.

ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George...

Category: Documents
1 The Future of Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair ravi.sandhu@utsa.edu © Ravi Sandhu.

1 The Future of Cyber Security Prof. Ravi Sandhu Executive.....

Category: Documents