1 Framework for Role-Based Delegation Models (RBDMs) By: Ezedin S.Barka and Ravi Sandhu Laboratory Of Information Security Technology George Mason University.

Slides:



Advertisements
Similar presentations
TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST
Advertisements

Cyber-Identity, Authority and Trust in an Uncertain World
Role Based Access Control
1 ACSAC 2002 © Mohammad al-Kahtani 2002 A Model for Attribute-Based User-Role Assignment Mohammad A. Al-Kahtani Ravi Sandhu George Mason University SingleSignOn.net,
© 2004 Ravi Sandhu The Schematic Protection Model (SPM) Ravi Sandhu Laboratory for Information Security Technology George Mason University.
© 2004 Ravi Sandhu The Safety Problem in Access Control HRU Model Ravi Sandhu Laboratory for Information Security Technology George Mason.
Attribute Mutability in Usage Control July 26, 2004, IFIP WG11.3 Jaehong Park, University of Maryland University College Xinwen Zhang, George Mason University.
FRAMEWORK FOR AGENT-BASED ROLE DELEGATION Presentation by: Ezedin S. Barka UAE University.
INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.
1 SACMAT 2002 © Oh and Sandhu 2002 A Model for Role Administration Using Organization Structure Sejong Oh Ravi Sandhu * George Mason University.
ARBAC99 (Model for Administration of Roles)
Ravi Sandhu Venkata Bhamidipati
Institute for Cyber Security
PBDM: A Flexible Delegation Model in RBAC Xinwen Zhang, Sejong Oh George Mason University Ravi Sandhu George Mason University and NSD Security.
ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University.
ROLE HIERARCHIES AND CONSTRAINTS FOR LATTICE-BASED ACCESS CONTROLS
Future Directions in Role-Based Access Control Models Ravi Sandhu Co-Founder and Chief Scientist SingleSignOn.Net & Professor of Information Technology.
A Logic Specification for Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University SACMAT 2004.
© Ravi Sandhu HRU and TAM Ravi Sandhu Laboratory for Information Security Technology George Mason University
ISA 662 RBAC-MAC-DAC Prof. Ravi Sandhu. 2 © Ravi Sandhu RBAC96 ROLES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS ROLE.
© 2004 Ravi Sandhu The Typed Access Matrix Model (TAM) and Augmented TAM (ATAM) Ravi Sandhu Laboratory for Information Security Technology.
A Role-Based Delegation Model and some extensions By: Ezedin S.Barka Ravi Sandhu George Mason University.
ROLE-BASED ACCESS CONTROL: A MULTI-DIMENSIONAL VIEW Ravi Sandhu, Edward Coyne, Hal Feinstein and Charles Youman Seta Corporation McLean, VA Ravi Sandhu.
A THREE TIER ARCHITECTURE FOR ROLE-BASED ACCESS CONTROL Ravi Sandhu and Hal Feinstein Seta Corporation McLean, VA Ongoing NIST-funded project Other Project.
© Ravi Sandhu Security Issues in P2P Systems Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.
© 2005 Ravi Sandhu Permissions and Inheritance (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology.
© 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George.
© 2005 Ravi Sandhu Administrative Scope (continued) (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology.
© 2005 Ravi Sandhu Role Usage and Activation Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security.
Engineering Authority and Trust in Cyberspace: The OM-AM and RBAC Way Prof. Ravi Sandhu George Mason University
© 2005 Ravi Sandhu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology.
1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.
1 Chapter 40 - Physiology and Pathophysiology of Diuretic Action Copyright © 2013 Elsevier Inc. All rights reserved.
By D. Fisher Geometric Transformations. Reflection, Rotation, or Translation 1.
Cultural Heritage in REGional NETworks REGNET Auction System.
Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Multiplying binomials You will have 20 seconds to answer each of the following multiplication problems. If you get hung up, go to the next problem when.
Michigan Electronic Grants System Plus
0 - 0.
ALGEBRAIC EXPRESSIONS
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
MULTIPLYING MONOMIALS TIMES POLYNOMIALS (DISTRIBUTIVE PROPERTY)
ADDING INTEGERS 1. POS. + POS. = POS. 2. NEG. + NEG. = NEG. 3. POS. + NEG. OR NEG. + POS. SUBTRACT TAKE SIGN OF BIGGER ABSOLUTE VALUE.
MULTIPLICATION EQUATIONS 1. SOLVE FOR X 3. WHAT EVER YOU DO TO ONE SIDE YOU HAVE TO DO TO THE OTHER 2. DIVIDE BY THE NUMBER IN FRONT OF THE VARIABLE.
SUBTRACTING INTEGERS 1. CHANGE THE SUBTRACTION SIGN TO ADDITION
MULT. INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
Addition Facts
ZMQS ZMQS
Photo Composition Study Guide Label each photo with the category that applies to that image.
ABC Technology Project
© S Haughton more than 3?
CHAPTER 29 AGENCY: CREATION AND TERMINATION
Twenty Questions Subject: Twenty Questions
Linking Verb? Action Verb or. Question 1 Define the term: action verb.
Energy & Green Urbanism Markku Lappalainen Aalto University.
Introduction to Databases
Past Tense Probe. Past Tense Probe Past Tense Probe – Practice 1.
1 First EMRAS II Technical Meeting IAEA Headquarters, Vienna, 19–23 January 2009.
1 Welcome to JCCAA Data base presentation Click box to see the DEMO 1.JCCAA Web Site 2. Member Login 3. My Acount 4. School DBA The end.
Addition 1’s to 20.
25 seconds left…...
Test B, 100 Subtraction Facts
11 = This is the fact family. You say: 8+3=11 and 3+8=11
Week 1.
Number bonds to 10,
We will resume in: 25 Minutes.
1 Ke – Kitchen Elements Newport Ave. – Lot 13 Bethesda, MD.
1 Unit 1 Kinematics Chapter 1 Day
Presentation transcript:

1 Framework for Role-Based Delegation Models (RBDMs) By: Ezedin S.Barka and Ravi Sandhu Laboratory Of Information Security Technology George Mason University {e.barka,

2 Introduction What is delegation? Forms of delegation Our focus RBAC96 is the base for our work

3 What is delegation? An active entity in a system delegates authority to another active entity to carry out some function on behalf of the former Active entities –Human being –Computer –Software agent –Process –etc.

4 Forms of delegation human to human Human to machine Machine to machine Perhaps even machine to human

5 Human-to human role-based delegation A user who is a member of a role to delegate his/her role to another user who belongs to some other role.

6 The RBAC96 Model

7 Example of role Hierarchy Project lead Production Engineer Quality Engineer Engineering Project Lead > Quality Engineer Quality Engineer > engineering Production engineer Quality engineer

8 The RBDM Framework Identified a number of characteristics related to delegation between humans, – Permanence –Monotonicity –Administration –Levels of delegation –Multiple delegation –Bilateral agreements –Revocation

9 Permanence Weather or not the delegating role member looses membership in the delegating role. –Permanent: is permanently replacement by the delegate user delegating user cant get the role back Delegate member assumes full power in the role –Temporary: expires with time or by revocation Delegating user maintain responsibility over the behavior of the delegate user in the delegated role

10 Monotonicity Weather or not the delegating role member looses the power in the delegating role. –Monotonic: Upon delegation, the delegating user maintains his power in that role Can override any action by the delegate user –Non-monotonic: During delegation, the delegating user looses his power in the delegated role Never looses the revoking permissions Regains full power upon delegation expiration

11 Totality Size of the delegated permission in a role –Total: delegating all the permissions assigned to the role –Partial: delegating only subset of the role Easier to address in hierarchical roles

12 Administration who administer the delegation –Self-administered The delegating user carryout the actual delegation process –Agent-based A third party conducts the actual delegation Needed when the delegating user is not available

13 Levels of delegation How many times can the role be further delegated –Single-step Delegation The role can be delegated only once –Multi-step delegation The delegated role is further delegated Adds a lots of complexities

14 Multiple delegation Number of people to whom a delegating role member can delegate at any given time. –To a single person Role is delegated to only one person at a time –To multiple people simultaneously Role is delegated to more than one person at a time Introduces accountability issues

15 Bilateral agreements Both parties have to agree on the delegation

16 Revocation The process by which a delegating user take away the privileges delegated to another user –Cascading revocation Usually a concern in the case of the two step delegation – grant-dependency revocation Who can revoke –Only the delegating user can revoke –Any member of the delegating role can revoke

17

18 Models in this framework Permanent delegation –RBDM-PD, work in progress Temporary delegation –self administered RBDM-FR, NISSC 2000 RBDM-HR, NISSC 2000 –Agent-based ABEDM, work in progress

19 Conclusion Identified a number of characteristic related to delegation Used a systematic approach to reduce the large number of possibilities to some useful cases Used the reduced cases to build delegation models

20 Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.