RBAC-Capability Project

Slides:



Advertisements
Similar presentations
RBAC and HIPAA Security Uday O. Ali Pabrai, CHSS, SCNA Chief Executive, HIPAA Academy.
Advertisements

Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.
Role-Based Access Control CS461/ECE422 Fall 2011.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
Materials Data Curation System
6 th Annual Focus Users’ Conference 6 th Annual Focus Users’ Conference Profiles and User Permissions Presented by: Josh Mostyn Presented by: Josh Mostyn.
Access Control RBAC Database Activity Monitoring.
Protection. Goals of Protection Operating system consists of a collection of objects, hardware or software Each object has a unique name and can be accessed.
Role Based Access Control Venkata Marella. Access Control System Access control is the ability to permit or deny the use of a particular resource by a.
Bilkent University Department of Computer Engineering
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
Chapter 14: Protection.
Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.
Lecture 7 Access Control
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
Presented By: Matthew Garrison. Basics of Role Based Access Control  Roles are determined based on job functions within a given organization  Users.
Li Xiong CS573 Data Privacy and Security Access Control.
Page 19/4/2015 CSE 30341: Operating Systems Principles Raid storage  Raid – 0: Striping  Good I/O performance if spread across disks (equivalent to n.
Announcements Assignment 3 due. Invite friends, co-workers to your presentations. Course evaluations on Friday.
Chapter 11 CS Introduction to Database Systems.
Accomplishments: Implementation Login form Dictionary Inputs Calculations(Partially Completed) Output(Partially Completed) Made a test database.
17 Copyright © Oracle Corporation, All rights reserved. Managing Roles.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 4 – Access Control.
G53SEC 1 Access Control principals, objects and their operations.
Li Xiong CS573 Data Privacy and Security Access Control.
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Chapter 14: Protection.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Protection (Chapter 14)
CE Operating Systems Lecture 21 Operating Systems Protection with examples from Linux & Windows.
Modul ke: Fakultas Program Studi Proteksi SISTEM OPERASI Misbahul Fajri, ST., MTI. 14 FASILKOM Teknik Informatika.
20 Managing Roles Objectives Creating and modifying roles Controlling availability of roles Removing roles Using predefined roles Displaying role.
FRAC: Implementing Role-Based Access Control for Network File Systems Aniruddha Bohra, Stephen Smaldone, and Liviu Iftode Department of Computer Science.
Lecture 18 Page 1 CS 111 Online OS Use of Access Control Operating systems often use both ACLs and capabilities – Sometimes for the same resource E.g.,
Advanced CAMP: BoF Summaries. 2 Role-based Access Control (RBAC)
ROLE BASED ACCESS CONTROL 1 Group 4 : Lê Qu ố c Thanh Tr ầ n Vi ệ t Tu ấ n Anh.
CSCE 201 Introduction to Information Security Fall 2010 Access Control Models.
Access Control Lesson Introduction ●Understand the importance of access control ●Explore ways in which access control can be implemented ●Understand how.
RBAC-Capability Project Design Session II Zutao Zhu Derived from Karthick Jayaraman.
Chapter Six Working with NDS Security. Chapter Objectives Describe NDS security and list the object and property rights Identify the NDS security needs.
Chapter 14: Protection Silberschatz, Galvin and Gagne ©2005 Operating System Concepts – 7 th Edition, Apr 11, 2005 Goals of Protection Operating.
Role Based Access Control In oneM2m
Chapter 14: Protection Silberschatz, Galvin and Gagne ©2005 Operating System Concepts Goals of Protection Operating system consists of a collection.
Computer Security: Principles and Practice
Draft way Forward on Access Control Model and associated Terminology Group Name: SEC Source: Dragan Vujcic, Oberthur Technologies,
Morteza Amini; 2nd Semester ; Database Security; Sharif Univ. of Tech. Role-Based Access Control Overview user_sessions (RH) Role Hierarchy session_roles.
What is a database? (a supplement, not a substitute for Chapter 1…) some slides copied/modified from text Collection of Data? Data vs. information Example:
Justin Scheitlin Daisey Fahringer
Presented By: Smriti Bhatt
Architecture Review 10/11/2004
Administrating a Database
PROTECTION.
Protection and Security
Security Management: Successes and Failures
Operating Systems Protection Alok Kumar Jagadev.
Chapter 14: System Protection
Chapter 14: Protection.
Chapter 14: Protection.
Chapter 14: Protection.
CE Operating Systems Lecture 21
Chapter 14: Protection.
Role-Based Access Control Richard Newman (c) 2012 R. Newman
Chapter 14: Protection.
Chapter 14: Protection.
Overview of Oracle Site Hub
Chapter 14: Protection.
Access Control.
Chapter 4: Threads.
Chapter 14: Protection.
Chapter 14: Protection.
CS703 - Advanced Operating Systems
Administrating a Database
Presentation transcript:

RBAC-Capability Project Design Session I Zutao Zhu 10/23/2009 Derived from Karthick Jayaraman’s ppt

Agenda Self - status check Summary of requirements Design questions Privileged user operations Representing role and capabilities Session representation Delegation Separation of duty Setuid

SELF Status check

Self Status Check Expectations Exceeding expectations Understood requirements Comfortable with making changes to Minix3 Compiling the kernel Adding a new system call Familiar with important portions of the source code. Exceeding expectations Finished preliminary design and started coding.

SUMMARY of REquirements

Requirements RBAC-Capability should co-exist ACL. UA : User – role mapping PA : Role – capability mapping A privileged user controls (UA) and (PA) assignment.. A login session is a RBAC session. All processes in an login session belong to the same RBAC session.

Requirements - continued The CAP_ROLE_DELEGATE role should entitle a user to delegate his/her roles to others temporarily, and also revoke them at a later time. Enable, disable, and drop roles. Separation of duty: SSD and DSD rules. Supporting SETUID Traditional setuid programs should work Should also support an equivalent of setuid in the RBAC capability model.

Design questions

Privileged User Operations Who is the Privileged user ? How to maintain UA and PA assignment? Where to store ? Who will update ? Privileged user operations Role_Adduser, Role_Removeuser, Role_Addpermission, Role_Removepermission, Add_Role_to_Program.

Representing Roles and Capabilities Observe file-descriptor management How to represent a role ? What information should each role contain ? How to represent a capability ? What information should each capability contain ? Should a process reference role / capability ? Information depends on role-operations ActivateRole, DeactivateRole, DropRole, DelegateRole, RevokeRole

Session Representation RBAC Session : Each login session. A subset of user-roles is active for each session. A user may have multiple sessions. Each session may have different roles active. All processes in a login session should have the same set of roles. How to represent a session ? What does the process carry ?

Delegation Delegated roles are available to users immediately. CAP_ROLE_DELEGATE Delegated roles are available to users immediately. User should explicitly activate delegated roles. The delegated roles should be available to all user-sessions.

Separation of Duty Static Separation of Duty (SSD) Dynamic separation of Duty (DSD) When to check each? How to represent the rules? Who can update the rules?

Setuid Mechanism Setuid programs Traditional setuid programs should work. How could a RBAC-aware support a setuid equivalent mechanism ? What is the meaning of these system calls in the RBAC model: Setuid() Seteuid()

Next milestone Setup all kernel data-structures required for supporting RBAC-capability. Implement all role operations. Should have a facility to printout all role / capabilities for the process. Should be able to show the correctness of all role operations.

Thank you

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.