• Home

  • Documents

  • Role Activation Hierarchies Ravi Sandhu George Mason University
16
Role Activation Hierarchies Ravi Sandhu George Mason University

Role Activation Hierarchies Ravi Sandhu George Mason University

Tags:

Embed Size (px)

Citation preview

Page 1: Role Activation Hierarchies Ravi Sandhu George Mason University

Role Activation Hierarchies

Ravi Sandhu

George Mason University

Page 2: Role Activation Hierarchies Ravi Sandhu George Mason University

RBAC96

ROLES

USER-ROLEASSIGNMENT

PERMISSION-ROLEASSIGNMENT

USERS PERMISSIONS

... SESSIONS

ROLE HIERARCHIES

CONSTRAINTS

Page 3: Role Activation Hierarchies Ravi Sandhu George Mason University

ROLE HIERARCHIES

Inheritance hierarchies permission inheritance user inheritance

Activation hierarchies role membership versus role activation

Page 4: Role Activation Hierarchies Ravi Sandhu George Mason University

EXAMPLE ROLE HIERARCHYINTERPRETATIONS

Employee (E)

Engineering Department (ED)

Project Lead 1(PL1)

Engineer 1(E1)

Production 1(P1)

Quality 1(Q1)

Director (DIR)

Project Lead 2(PL2)

Engineer 2(E2)

Production 2(P2)

Quality 2(Q2)

PROJECT 2PROJECT 1

Page 5: Role Activation Hierarchies Ravi Sandhu George Mason University

ALTERNATIVES

separate inheritance and activation hierarchies this paper

single inheritance and activation hierarchy most common approach, including RBAC96

activation hierarchy only, no inheritance alternative identified in NIST RBAC model

inheritance hierarchy only, no activation hierarchy does not seem to be useful

Page 6: Role Activation Hierarchies Ravi Sandhu George Mason University

LBAC: LIBERAL *-PROPERTY

H

L

M1 M2

Read Write- +

+ -

Page 7: Role Activation Hierarchies Ravi Sandhu George Mason University

LBAC: LIBERAL *-PROPERTY DUAL ROLE SIMULATION

HR

LR

M1R M2R

LW

HW

M1W M2W

Read Write-

+

Page 8: Role Activation Hierarchies Ravi Sandhu George Mason University

LBAC: STRICT *-PROPERTY

H

L

M1 M2

Read Write-

+

Page 9: Role Activation Hierarchies Ravi Sandhu George Mason University

LBAC: STRICT *-PROPERTY DUAL ROLE SIMULATION

HR

LR

M1R M2R LW

HWM1W M2W

Page 10: Role Activation Hierarchies Ravi Sandhu George Mason University

LBAC: STRICT *-PROPERTY SIMULATION BY PRIVATE ROLES

HR

LR

M1R M2R

Page 11: Role Activation Hierarchies Ravi Sandhu George Mason University

LBAC: STRICT *-PROPERTY SIMULATION BY PRIVATE ROLES

HR

LR

M1R M2R

HW

LW

M1W M2W

Page 12: Role Activation Hierarchies Ravi Sandhu George Mason University

LBAC: STRICT *-PROPERTY SIMULATION BY PRIVATE ROLES

HR

LR

M1R M2R

HW

LW

M1W M2W

Page 13: Role Activation Hierarchies Ravi Sandhu George Mason University

DYNAMIC SEPARATION OF DUTIES

Roles in dynamic SOD cannot have common seniors in role

inheritance hierarchy, but can have common seniors in role

activation hierarchy

Page 14: Role Activation Hierarchies Ravi Sandhu George Mason University

EXAMPLE ROLE HIERARCHYINTERPRETATIONS

Employee (E)

Engineering Department (ED)

Project Lead 1(PL1)

Engineer 1(E1)

Production 1(P1)

Quality 1(Q1)

Director (DIR)

Project Lead 2(PL2)

Engineer 2(E2)

Production 2(P2)

Quality 2(Q2)

PROJECT 2PROJECT 1

Page 15: Role Activation Hierarchies Ravi Sandhu George Mason University

ACTIVATION HIERARCHIES

A

B

D

C

E

A

B

D

C

E

Page 16: Role Activation Hierarchies Ravi Sandhu George Mason University

CONCLUSION

separate inheritance and activation hierarchies this paper

single inheritance and activation hierarchy most common approach, including RBAC96

activation hierarchy only, no inheritance alternative identified in NIST RBAC model

inheritance hierarchy only, no activation hierarchy does not seem to be useful


SSL Prof. Ravi Sandhu. 2 © Ravi Sandhu 2002 SECURE SOCKETS LAYER (SSL) layered on top of TCP SSL versions 1.0, 2.0, 3.0, 3.1 Netscape protocol later refitted

SSL Prof. Ravi Sandhu. 2 © Ravi Sandhu 2002 SECURE SOCKETS LAYER (SSL) layered on top of TCP SSL versions 1.0, 2.0, 3.0, 3.1 Netscape protocol later refitted

Documents
© 2004-5 Ravi Sandhu Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology

© 2004-5 Ravi Sandhu Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology

Documents
SACMAT 03© Mohammad Al-Kahtani1 Induced Role Hierarchies with Attribute-Based RBAC Mohammad A. Al-Kahtani Ravi Sandhu George Mason University NSD Security,

SACMAT 03© Mohammad Al-Kahtani1 Induced Role Hierarchies with Attribute-Based RBAC Mohammad A. Al-Kahtani Ravi Sandhu George Mason University NSD Security,

Documents
1 Common Criteria Ravi Sandhu Edited by Duminda Wijesekera

1 Common Criteria Ravi Sandhu Edited by Duminda Wijesekera

Documents
Information Assurance: A Personal Perspective Ravi Sandhu

Information Assurance: A Personal Perspective Ravi Sandhu

Documents
1 Rethinking Password Strategies Ravi Sandhu Chief Scientist sandhu@nsdsecurity.com 703 283 3484 sandhu@nsdsecurity.com

1 Rethinking Password Strategies Ravi Sandhu Chief Scientist [email protected] 703 283 3484 [email protected]

Documents
© 2005 Ravi Sandhu Administrative Scope (continued) (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology

© 2005 Ravi Sandhu Administrative Scope (continued) (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology

Documents
ISA 662 IKE Key management for IPSEC Prof. Ravi Sandhu

ISA 662 IKE Key management for IPSEC Prof. Ravi Sandhu

Documents
NIST SP 800-144, Guidelines on Security and - Prof. Ravi Sandhu

NIST SP 800-144, Guidelines on Security and - Prof. Ravi Sandhu

Documents
Prof. Ravi Sandhu Executive Director and Endowed …profsandhu.com/cs5323_s17/L1.pdf1 Introduction and Basic Concepts Prof. Ravi Sandhu Executive Director and Endowed Chair Lecture

Prof. Ravi Sandhu Executive Director and Endowed …profsandhu.com/cs5323_s17/L1.pdf1 Introduction and Basic Concepts Prof. Ravi Sandhu Executive Director and Endowed Chair Lecture

Documents
© 2004 Ravi Sandhu Role-Based Access Control Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University

© 2004 Ravi Sandhu Role-Based Access Control Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University

Documents
1 Cloud Computing Prof. Ravi Sandhu Executive Director and Endowed Chair April 12, 2013 ravi.sandhu@utsa.edu © Ravi Sandhu World-Leading

1 Cloud Computing Prof. Ravi Sandhu Executive Director and Endowed Chair April 12, 2013 [email protected] © Ravi Sandhu World-Leading

Documents
How to do Discretionary Access Control Using Roles Ravi Sandhu Qamar Munawer

How to do Discretionary Access Control Using Roles Ravi Sandhu Qamar Munawer

Documents
Asymmetric Digital Signatures And Key Exchange Prof. Ravi Sandhu

Asymmetric Digital Signatures And Key Exchange Prof. Ravi Sandhu

Documents
SSL Trust Pitfalls Prof. Ravi Sandhu. 2 © Ravi Sandhu 2002 THE CERTIFICATE TRIANGLE user attributepublic-key X.509 identity certificate X.509 attribute

SSL Trust Pitfalls Prof. Ravi Sandhu. 2 © Ravi Sandhu 2002 THE CERTIFICATE TRIANGLE user attributepublic-key X.509 identity certificate X.509 attribute

Documents
ROLE HIERARCHIES AND CONSTRAINTS FOR LATTICE- BASED ACCESS CONTROLS Ravi Sandhu George Mason University and SETA Corporation

ROLE HIERARCHIES AND CONSTRAINTS FOR LATTICE- BASED ACCESS CONTROLS Ravi Sandhu George Mason University and SETA Corporation

Documents
© 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George

© 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George

Documents
© 2004 Ravi Sandhu The Typed Access Matrix Model (TAM) and Augmented TAM (ATAM) Ravi Sandhu Laboratory for Information Security Technology

© 2004 Ravi Sandhu The Typed Access Matrix Model (TAM) and Augmented TAM (ATAM) Ravi Sandhu Laboratory for Information Security Technology

Documents
© 2005 Ravi Sandhu Role Usage and Activation Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security

© 2005 Ravi Sandhu Role Usage and Activation Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security

Documents
The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu

The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu

Documents
CURRICULUM VITAE - Prof. Ravi Sandhuprofsandhu.com/sandhu/vita_long.docx · Web viewCo-Principal Investigators: Ravi Sandhu, Ram Tripathi Sponsor: Silicon Informatics, 2012-2014 Secure

CURRICULUM VITAE - Prof. Ravi Sandhuprofsandhu.com/sandhu/vita_long.docx · Web viewCo-Principal Investigators: Ravi Sandhu, Ram Tripathi Sponsor: Silicon Informatics, 2012-2014 Secure

Documents
ISA 662 SSL Prof. Ravi Sandhu. 2 © Ravi Sandhu SECURE SOCKETS LAYER (SSL) layered on top of TCP SSL versions 1.0, 2.0, 3.0, 3.1 Netscape protocol later

ISA 662 SSL Prof. Ravi Sandhu. 2 © Ravi Sandhu SECURE SOCKETS LAYER (SSL) layered on top of TCP SSL versions 1.0, 2.0, 3.0, 3.1 Netscape protocol later

Documents
SSL Trust Pitfalls Prof. Ravi Sandhu. 2 © Ravi Sandhu SERVER-SIDE SSL (OR 1-WAY) HANDSHAKE WITH RSA Record Protocol Handshake Protocol

SSL Trust Pitfalls Prof. Ravi Sandhu. 2 © Ravi Sandhu SERVER-SIDE SSL (OR 1-WAY) HANDSHAKE WITH RSA Record Protocol Handshake Protocol

Documents
ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University

ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University

Documents
ISA 662 RBAC-MAC-DAC Prof. Ravi Sandhu. 2 © Ravi Sandhu RBAC96 ROLES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS ROLE

ISA 662 RBAC-MAC-DAC Prof. Ravi Sandhu. 2 © Ravi Sandhu RBAC96 ROLES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS ROLE

Documents
© Ravi Sandhu The Secure Information Sharing Problem and Solution Approaches Ravi Sandhu Executive Director and Endowed Chair Institute

© Ravi Sandhu The Secure Information Sharing Problem and Solution Approaches Ravi Sandhu Executive Director and Endowed Chair Institute

Documents
Role-Based Access Control on the Web - Ravi Sandhu

Role-Based Access Control on the Web - Ravi Sandhu

Documents
Authentication: the problem that will not go away Prof. Ravi Sandhu Chief Scientist sandhu@tricipher.com 703 283 3484 Protecting Online Identity

Authentication: the problem that will not go away Prof. Ravi Sandhu Chief Scientist [email protected] 703 283 3484 Protecting Online Identity

Documents
Rethinking Password Strategies Ravi Sandhu Chief Scientist sandhu@nsdsecurity 703 283 3484

Rethinking Password Strategies Ravi Sandhu Chief Scientist sandhu@nsdsecurity 703 283 3484

Documents
1 Virtualization Prof. Ravi Sandhu Executive Director and Endowed Chair February 7, 2014 ravi.sandhu@utsa.edu © Ravi Sandhu World-Leading

1 Virtualization Prof. Ravi Sandhu Executive Director and Endowed Chair February 7, 2014 [email protected] © Ravi Sandhu World-Leading

Documents