RbAC 3rd Review Ppt

8/2/2019 RbAC 3rd Review Ppt

1/22

ROLE BASED ACCESS CONTROL


2/22

Role-based access control (RBAC) hasestablished itself as a solid base for todayssecurity administration needs.

However, the administration of large RBACsystems remains a challenging openproblem. Large RBAC systems may havehundreds of roles and tens of thousands of

users.


3/22

There are three principles for designingsecurity mechanisms:

flexibility and scalability psychological acceptability economy of mechanism

we design administrative models for RBACthat has significant advantages overexisting models.


4/22

Home PageHome page might contain the page

title, a login link, and a link to the homepage. This module for authentication login

page for security reasons.


5/22

The new user have to give the requireddetails for creating a account .

In that we are give the mobile number it willsend a verification code to our mobilenumber.

We have to enter that code into registrationform after that the registration will be

completed.


6/22

USERNEWUSER LOGIN

REGISTER

IS

SUCCESS

DB

ADMIN

MANAGER

PROGRAMMERES

NO

NO

YES


7/22

Employee web page contains the operationsof the employee.

It contains resources and Day to Day work ,inresources it contains the documents.

And then the employee have to enter the dayto day work and send to the admin.


8/22

EMPLOYEE

OPERATIONS

DOCS

TODAYSWORK

LOGINEXIT

DB


9/22

Manager web page contains resources andday to day work.

In resources it contains documents andprojects.

The manager also want to enter the day today work to admin.


10/22

MANAGER

OPERATIONS

RESOURCESTODAYS

WORKE-MAIL EXIT

DOCSPROJECT

S DBSMTP


11/22

The admin have the access of resources ,email to the employee , view the employeework, and search the employee logdetails.

These details are stored in the admindatabase when the user will login.

The resources contains documents, projects,brouchers. In email page is used to send the

email to the emploee.


12/22

ADMIN

OPERATIONS

MAILWORK

DETAILSRESOURCE

SSEARCH EXIT

SMTP DB

DOCSBROCHUR

E

PROJECT

DB


13/22


14/22

Real time polynomial algorithm polynomial-time algorithm that removes

number of constraints and simplify.

The algorithm to reduce the size of userused in the preprocessing procedure .

For every user we compute the maximumset of roles that can be assigned to user.


15/22

Input(u,r) user name and user role. Ru Initial Registration database.

URQ-user roll queue

If (user in role exist in user register database) {

User regdatabase addrecord forregistration

}


16/22

While (records are affected ) do Display the roles, userdetails.

For every role in the user register database

If(registerd user is not in role)

{ Delete roles from database

Flag set=true

}

End if Flag set =false

End while


17/22

Role assignment: A subject can execute atransaction only if the subject has selected orbeen assigned a role. The identification andauthentication process (e.g. login) is not

considered a transaction.

All other user activities on the system areconducted through transactions. Thus allactive users are required to have some activerole.


18/22

Role authorization: A subject's active rolemust be authorized for the subject.

With above, this rule ensures that users cantake on only roles for which they areauthorized.


19/22

Transaction authorization: A subject canexecute a transaction only if the transactionis authorized through the subject's rolememberships, and subject to any constraints

that may be applied across users, roles, andpermissions.

This rule ensures that users can execute onlytransactions for which they are authorized.


20/22

A future direction is to introduceoptimization goals into the user-roleassignment problem . An interestingoptimization objective is to minimize thenumber of users.

future work also relates to human resourcemanagement. Assume that there is no valid

assignment for a given configuration, whichindicates that we may either change theconfiguration or hire more people (i.e.,introduce more users into the system).


21/22

The user-role assignment problem with

consideration of user-role qualificationrelation and a variety of role-based and user-based constraints.

The consistency problem among three typesof role-based constraints, and computational

problems related to user-role assign.


22/22

G.-J. Ahn and R.S. Sandhu, The RSL99 Language for Role-Based Separation of Duty Constraints, Proc. Fourth

Workshop Role-Based Access Control, pp. 43-54, 1999.

G.-J. Ahn and R.S. Sandhu, Role-Based Authorization

Constraints Specification, ACM Trans. Information andSystem Security,vol. 3, no. 4, pp. 207-226, Nov. 2000.

ANSI, American National Standard for Information

TechnologyRole Based Access Control, p. 359, ANSI Intl

Committee for Information Technology Standards, Feb. 2004.

Documents

RbAC 3rd Review Ppt