© 2005 Ravi Sandhu Role Usage and Activation Hierarchies (best viewed in slide show mode) Ravi...
-
Upload
jocelyn-bruce -
Category
Documents
-
view
217 -
download
0
Transcript of © 2005 Ravi Sandhu Role Usage and Activation Hierarchies (best viewed in slide show mode) Ravi...
![Page 1: © 2005 Ravi Sandhu Role Usage and Activation Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551463f45503462d4e8b5a72/html5/thumbnails/1.jpg)
© 2005 Ravi Sandhuwww.list.gmu.edu
Role Usage and Activation Hierarchies
(best viewed in slide show mode)
Ravi SandhuLaboratory for Information Security Technology
George Mason [email protected]
![Page 2: © 2005 Ravi Sandhu Role Usage and Activation Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551463f45503462d4e8b5a72/html5/thumbnails/2.jpg)
2
© 2005 Ravi Sandhuwww.list.gmu.edu
Reference• Ravi Sandhu, “Role Hierarchies and Constraints for Lattice-Based
Access Controls.” Proc. Fourth European Symposium on Research in Computer Security, Rome, Italy, September 25-27, 1996, pages 65-79. Published as Lecture Notes in Computer Science, Computer Security-ESORICS96 (Elisa Bertino et al, editors), Springer-Verlag, 1996.
• Ravi Sandhu, “Role Activation Hierarchies.” Proc. Third ACM Workshop on Role-Based Access Control, Fairfax, Virginia, October 22-23, 1998, pages 33-40.
• Sylvia Osborn, Ravi Sandhu and Qamar Munawer. “Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies.” ACM Transactions on Information and System Security, Volume 3, Number 2, May 2000, pages 85-106.
![Page 3: © 2005 Ravi Sandhu Role Usage and Activation Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551463f45503462d4e8b5a72/html5/thumbnails/3.jpg)
3
© 2005 Ravi Sandhuwww.list.gmu.edu
Role hierarchies
• Two aspects• Role usage: permission inheritance
• Role activation: activation hierarchy
• RBAC96 combines both aspects in a single hierarchy• ANSI/NIST standard model leaves this open
• Do one or both, just make it clear what you are doing
![Page 4: © 2005 Ravi Sandhu Role Usage and Activation Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551463f45503462d4e8b5a72/html5/thumbnails/4.jpg)
4
© 2005 Ravi Sandhuwww.list.gmu.edu
Example Role Hierarchy
![Page 5: © 2005 Ravi Sandhu Role Usage and Activation Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551463f45503462d4e8b5a72/html5/thumbnails/5.jpg)
5
© 2005 Ravi Sandhuwww.list.gmu.edu
LBAC to RBAC
![Page 6: © 2005 Ravi Sandhu Role Usage and Activation Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551463f45503462d4e8b5a72/html5/thumbnails/6.jpg)
6
© 2005 Ravi Sandhuwww.list.gmu.edu
Simple security property
• some variations of LBAC use 2 labels for subjects• λr for read and λw for read • λr = λw for the single label case
![Page 7: © 2005 Ravi Sandhu Role Usage and Activation Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551463f45503462d4e8b5a72/html5/thumbnails/7.jpg)
7
© 2005 Ravi Sandhuwww.list.gmu.edu
Variations of *-property
![Page 8: © 2005 Ravi Sandhu Role Usage and Activation Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551463f45503462d4e8b5a72/html5/thumbnails/8.jpg)
8
© 2005 Ravi Sandhuwww.list.gmu.edu
LBAC to RBAC: independent read-write hierarchies
![Page 9: © 2005 Ravi Sandhu Role Usage and Activation Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551463f45503462d4e8b5a72/html5/thumbnails/9.jpg)
9
© 2005 Ravi Sandhuwww.list.gmu.edu
LBAC to RBAC: intertwined read-write hierarchies
![Page 10: © 2005 Ravi Sandhu Role Usage and Activation Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551463f45503462d4e8b5a72/html5/thumbnails/10.jpg)
10
© 2005 Ravi Sandhuwww.list.gmu.edu
Activation hierarchies and dynamic SOD
![Page 11: © 2005 Ravi Sandhu Role Usage and Activation Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551463f45503462d4e8b5a72/html5/thumbnails/11.jpg)
11
© 2005 Ravi Sandhuwww.list.gmu.edu
Formal definition
![Page 12: © 2005 Ravi Sandhu Role Usage and Activation Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551463f45503462d4e8b5a72/html5/thumbnails/12.jpg)
12
© 2005 Ravi Sandhuwww.list.gmu.edu
Activation hierarchy with non-maximal roles
![Page 13: © 2005 Ravi Sandhu Role Usage and Activation Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551463f45503462d4e8b5a72/html5/thumbnails/13.jpg)
13
© 2005 Ravi Sandhuwww.list.gmu.edu
Read-write RBAC and LBAC
![Page 14: © 2005 Ravi Sandhu Role Usage and Activation Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551463f45503462d4e8b5a72/html5/thumbnails/14.jpg)
14
© 2005 Ravi Sandhuwww.list.gmu.edu
LBAC with trusted strict *-property