Post on 26-Mar-2015
© 2005 Ravi Sandhuwww.list.gmu.edu
Administrative Scope(best viewed in slide show mode)
Ravi SandhuLaboratory for Information Security Technology
George Mason Universitywww.list.gmu.edusandhu@gmu.edu
2
© 2005 Ravi Sandhuwww.list.gmu.edu
Administrative Scope
• Jason Crampton and George Loizou. “Administrative scope: A foundation for role-based administrative models.” ACM Transactions on Information and System Security, Volume 6, Number 2, May 2003, pages 201-231.
• Several diagrams and text excerpts are taken directly from this paper.
3
© 2005 Ravi Sandhuwww.list.gmu.edu
Administrative Scope
4
© 2005 Ravi Sandhuwww.list.gmu.edu
Example Hierarchies
5
© 2005 Ravi Sandhuwww.list.gmu.edu
NotationImmediate children Immediate parents Minimal roles
Maximal roles
Junior roles Senior roles
6
© 2005 Ravi Sandhuwww.list.gmu.edu
Four Operations
7
© 2005 Ravi Sandhuwww.list.gmu.edu
Semantics of Edge Operations
8
© 2005 Ravi Sandhuwww.list.gmu.edu
Edge Insertion Anomaly
YNN
NNY
AddEdge(DSO,PE1,QE1) Y
9
© 2005 Ravi Sandhuwww.list.gmu.edu
Administrative Scope
10
© 2005 Ravi Sandhuwww.list.gmu.edu
Evolving Administrative Scope
Dynamic administrative scopeVersusStatic can-modify
11
© 2005 Ravi Sandhuwww.list.gmu.edu
Administrative Scoper is an immediate child of r’
12
© 2005 Ravi Sandhuwww.list.gmu.edu
RHA Conditions for Four Operations
• These conditions always apply• RHA1
• Additional conditions may be imposed• RHA2, RHA3, RHA4
13
© 2005 Ravi Sandhuwww.list.gmu.edu
RHA1
• Regular roles are also administrative roles
• A role administers roles in its administrative scope
• No further conditions
• Too permissive• ED administers E
14
© 2005 Ravi Sandhuwww.list.gmu.edu
RHA2
• RHA1 plus
• Only roles explicitly designated as administrators can administer• Say DIR, PL1, PL2 but not ED and the others
15
© 2005 Ravi Sandhuwww.list.gmu.edu
RHA3
16
© 2005 Ravi Sandhuwww.list.gmu.edu
RHA3