ROLE-BASED ACCESS CONTROL: A MULTI-DIMENSIONAL VIEW Ravi Sandhu, Edward Coyne, Hal Feinstein and Charles Youman Seta Corporation McLean, VA Ravi Sandhu.

Slides:



Advertisements
Similar presentations
TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST
Advertisements

You have been given a mission and a code. Use the code to complete the mission and you will save the world from obliteration…
Cyber-Identity, Authority and Trust in an Uncertain World
Cyber-Identity, Authority and Trust in an Uncertain World
1 ACSAC 2002 © Mohammad al-Kahtani 2002 A Model for Attribute-Based User-Role Assignment Mohammad A. Al-Kahtani Ravi Sandhu George Mason University SingleSignOn.net,
George Mason University
1 Framework for Role-Based Delegation Models (RBDMs) By: Ezedin S.Barka and Ravi Sandhu Laboratory Of Information Security Technology George Mason University.
INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.
Role-Based Access Control Prof. Ravi Sandhu George Mason University and NSD Security SACMAT 2003.
Ravi Sandhu Venkata Bhamidipati
Institute for Cyber Security
1 TRANSACTION CONTROL EXPRESSIONS (TCEs) Ravi Sandhu.
ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University.
ROLE HIERARCHIES AND CONSTRAINTS FOR LATTICE-BASED ACCESS CONTROLS
SECURING CYBERSPACE: THE OM-AM, RBAC AND PKI ROADMAP Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University
Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.
Future Directions in Role-Based Access Control Models Ravi Sandhu Co-Founder and Chief Scientist SingleSignOn.Net & Professor of Information Technology.
ENGINEERING AUTHORITY AND TRUST IN CYBERSPACE: A ROLE-BASED APPROACH Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.
A Logic Specification for Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University SACMAT 2004.
ISA 662 RBAC-MAC-DAC Prof. Ravi Sandhu. 2 © Ravi Sandhu RBAC96 ROLES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS ROLE.
A THREE TIER ARCHITECTURE FOR ROLE-BASED ACCESS CONTROL Ravi Sandhu and Hal Feinstein Seta Corporation McLean, VA Ongoing NIST-funded project Other Project.
© 2005 Ravi Sandhu Permissions and Inheritance (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology.
Engineering Authority and Trust in Cyberspace: The OM-AM and RBAC Way Prof. Ravi Sandhu George Mason University
Requirements Engineering Process
1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.
By D. Fisher Geometric Transformations. Reflection, Rotation, or Translation 1.
Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Title Subtitle.
0 - 0.
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
MULTIPLYING MONOMIALS TIMES POLYNOMIALS (DISTRIBUTIVE PROPERTY)
ADDING INTEGERS 1. POS. + POS. = POS. 2. NEG. + NEG. = NEG. 3. POS. + NEG. OR NEG. + POS. SUBTRACT TAKE SIGN OF BIGGER ABSOLUTE VALUE.
SUBTRACTING INTEGERS 1. CHANGE THE SUBTRACTION SIGN TO ADDITION
MULT. INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
Addition Facts
Year 6 mental test 5 second questions
ZMQS ZMQS
BT Wholesale October Creating your own telephone network WHOLESALE CALLS LINE ASSOCIATED.
ABC Technology Project
© S Haughton more than 3?
© Charles van Marrewijk, An Introduction to Geographical Economics Brakman, Garretsen, and Van Marrewijk.
© Charles van Marrewijk, An Introduction to Geographical Economics Brakman, Garretsen, and Van Marrewijk.
© Charles van Marrewijk, An Introduction to Geographical Economics Brakman, Garretsen, and Van Marrewijk.
Squares and Square Root WALK. Solve each problem REVIEW:
Past Tense Probe. Past Tense Probe Past Tense Probe – Practice 1.
Chapter 5 Test Review Sections 5-1 through 5-4.
GG Consulting, LLC I-SUITE. Source: TEA SHARS Frequently asked questions 2.
Addition 1’s to 20.
25 seconds left…...
Test B, 100 Subtraction Facts
Week 1.
We will resume in: 25 Minutes.
1 Unit 1 Kinematics Chapter 1 Day
How Cells Obtain Energy from Food
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
The RBAC96 Model Prof. Ravi Sandhu. 2 © Ravi Sandhu WHAT IS RBAC?  multidimensional  open ended  ranges from simple to sophisticated.
Access Control RBAC Database Activity Monitoring.
Fall 2010/Lecture 301 CS 426 (Fall 2010) Role Based Access Control.
Role Based Access Control Models Presented By Ankit Shah 2 nd Year Master’s Student.
Li Xiong CS573 Data Privacy and Security Access Control.
CSCE 201 Introduction to Information Security Fall 2010 Access Control Models.
1 Role-Based Access Control (RBAC) Prof. Ravi Sandhu Executive Director and Endowed Chair January 29, © Ravi.
CSCE 522 Access Control.
Role-Based Access Control (RBAC)
Role-Based Access Control (RBAC)
Role Based Access Control
ASCAA Principles for Next-Generation Role-Based Access Control
Role-Based Access Control George Mason University and
Presentation transcript:

ROLE-BASED ACCESS CONTROL: A MULTI-DIMENSIONAL VIEW Ravi Sandhu, Edward Coyne, Hal Feinstein and Charles Youman Seta Corporation McLean, VA Ravi Sandhu is also affiliated with George Mason University, Fairfax, VA

2 RBAC An alternative to classical MAC and DAC Substantial history and tradition Often used to separate administrative functions Extend this concept into application domain

3 RBAC ROLE USER-ROLE ASSIGNMENT PRIVILEGE-ROLE ASSIGNMENT USERSPRIVILEGES

4 Primitive privileges read, write, append, execute Abstract privileges credit, debit, inquiry Generic privileges auditor

5 USERS Users are human beings Each individual should be known as exactly one user

6 POLICY VERSUS MECHANISM Roles are a policy concept Several mechanisms can be used to implement roles Roles Groups Compartments Some mechanisms are better suited than others

7 WHAT IS THE POLICY IN RBAC? There is no information flow policy RBAC is a framework to help in articulating policy The main point of RBAC is to facilitate security management

8 INTERACTION OF RBAC, MAC AND DAC RBAC MACDAC permitted accesses

9 RBAC ROLE USER-ROLE ASSIGNMENT PRIVILEGE-ROLE ASSIGNMENT USERSPRIVILEGES

10 RBAC ROLE USER-ROLE ASSIGNMENT PRIVILEGE-ROLE ASSIGNMENT USERSPRIVILEGES ROLE HIERARCHIES

11 HIERARCHICAL ROLES Health-Care Provider Physician Primary-Care Physician Specialist Physician

12 HIERARCHICAL ROLES Engineer Hardware Engineer Software Engineer Supervising Engineer

13 SCOPED INHERITANCE Department Head Project 1 ManagerProject 2 Manager Department Public Project 1 PublicProject 2 Public Project 1 Programmers Project 1 Testing Project 2 Programmers Project 2 Testing

14 RBAC ROLEUSERSPRIVILEGES ROLE HIERARCHIES CONSTRAINTS USER-ROLE ASSIGNMENT PRIVILEGE-ROLE ASSIGNMENT

15 CONSTRAINTS Mutually Exclusive Roles Static Exclusion: The same individual can never hold both roles Dynamic Exclusion: The same individual can never hold both roles in the same context

16 CONSTRAINTS Mutually Exclusive Privileges Static Exclusion: The same role should never be assigned both privileges Dynamic Exclusion: The same role can never hold both privileges in the same context

17 CONSTRAINTS Cardinality Constraints on User-Role Assignment At most k users can belong to the role At least k users must belong to the role Exactly k users must belong to the role Cardinality Constraints on Privilege-Role Assignment At most k roles can get the privilege At least k roles must get the privilege Exactly k roles must get the privilege

18 RBAC ROLE USER-ROLE ASSIGNMENT PRIVILEGE-ROLE ASSIGNMENT USERSPRIVILEGES ROLE HIERARCHIES

19 SCALE Hundreds of roles User-role assignment will change frequently Privilege-role assignment will change frequently Role hierarchy will change occasionally

20 RBAC SUMMARY RBAC is a sophisticated and multi-dimensional concept Different products will support variations of RBAC (even if standards emerge)

21 BELL-LAPADULA AND RBAC Can BLP be practically and conveniently done in RBAC? YES

22 IS RBAC A PANACEA? NO

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.