© 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George Mason University

© 2005 Ravi Sandhu 2 Administrative Scope Jason Crampton and George Loizou. Administrative scope: A foundation for role-based administrative models. ACM Transactions on Information and System Security, Volume 6, Number 2, May 2003, pages Several diagrams and text excerpts are taken directly from this paper.

© 2005 Ravi Sandhu 3 Administrative Scope

© 2005 Ravi Sandhu 4 Example Hierarchies

© 2005 Ravi Sandhu 5 Notation Immediate childrenImmediate parentsMinimal roles Maximal roles Junior rolesSenior roles

© 2005 Ravi Sandhu 6 Four Operations

© 2005 Ravi Sandhu 7 Semantics of Edge Operations

© 2005 Ravi Sandhu 8 Edge Insertion Anomaly YNNYNN NNYNNY AddEdge(DSO,PE1,QE1) Y

© 2005 Ravi Sandhu 9 Administrative Scope

© 2005 Ravi Sandhu 10 Evolving Administrative Scope Dynamic administrative scope Versus Static can-modify

© 2005 Ravi Sandhu 11 Administrative Scope r is an immediate child of r

© 2005 Ravi Sandhu 12 RHA Conditions for Four Operations These conditions always apply RHA1 Additional conditions may be imposed RHA2, RHA3, RHA4

© 2005 Ravi Sandhu 13 RHA1 Regular roles are also administrative roles A role administers roles in its administrative scope No further conditions Too permissive ED administers E

© 2005 Ravi Sandhu 14 RHA2 RHA1 plus Only roles explicitly designated as administrators can administer Say DIR, PL1, PL2 but not ED and the others

© 2005 Ravi Sandhu 15 RHA3

© 2005 Ravi Sandhu 16 RHA3