RBAC-Capability Project Design Session II Zutao Zhu Derived from Karthick Jayaraman.

Slides:



Advertisements
Similar presentations
Protection Goals of Protection Domain of Protection Access Matrix
Advertisements

RBAC and HIPAA Security Uday O. Ali Pabrai, CHSS, SCNA Chief Executive, HIPAA Academy.
Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
Security Leadership Essentials – Defense-in-Depth – © 2006 SANS Role-Based Access Control (RBAC) Approach for Defense-in-Depth Peter Leight and Richard.
Protection. Goals of Protection Operating system consists of a collection of objects, hardware or software Each object has a unique name and can be accessed.
Role Based Access Control Venkata Marella. Access Control System Access control is the ability to permit or deny the use of a particular resource by a.
Bilkent University Department of Computer Engineering
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
Reasons for Protection n Prevent users from accessing information they shouldn’t have access to. n Ensure that each program component uses system resources.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
Chapter 14: Protection.
Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
Presented By: Matthew Garrison. Basics of Role Based Access Control  Roles are determined based on job functions within a given organization  Users.
Li Xiong CS573 Data Privacy and Security Access Control.
Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Protection.
Page 19/4/2015 CSE 30341: Operating Systems Principles Raid storage  Raid – 0: Striping  Good I/O performance if spread across disks (equivalent to n.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
1 Vigil : Enforcing Security in Ubiquitous Environments Authors : Lalana Kagal, Jeffrey Undercoffer, Anupam Joshi, Tim Finin Presented by : Amit Choudhri.
Chapter 14: Protection Silberschatz, Galvin and Gagne ©2005 AE4B33OSS Chapter 14: Protection Goals of Protection Principles of Protection Domain.
Li Xiong CS573 Data Privacy and Security Access Control.
Information Security - City College1 Access Control in Collaborative Systems Authors: Emis Simo David Naco.
Silberschatz, Galvin, and Gagne  Applied Operating System Concepts Module 18: Protection Goals of Protection Domain of Protection Access Matrix.
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Chapter 14: Protection.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Protection (Chapter 14)
Protection Nadeem Majeed Choudhary
Modul ke: Fakultas Program Studi Proteksi SISTEM OPERASI Misbahul Fajri, ST., MTI. 14 FASILKOM Teknik Informatika.
Access Control in Collaborative Systems William Tolone, Gail-Joon Ahn, Tanusree Pai & Seng-Phil Hong.
FRAC: Implementing Role-Based Access Control for Network File Systems Aniruddha Bohra, Stephen Smaldone, and Liviu Iftode Department of Computer Science.
ROLE BASED ACCESS CONTROL 1 Group 4 : Lê Qu ố c Thanh Tr ầ n Vi ệ t Tu ấ n Anh.
Role-Based Access Control
Chapter 14: Protection Silberschatz, Galvin and Gagne ©2005 Operating System Concepts – 7 th Edition, Apr 11, 2005 Goals of Protection Operating.
Chapter 14: Protection Silberschatz, Galvin and Gagne ©2005 Operating System Concepts Goals of Protection Operating system consists of a collection.
Jigsaw Activity. * The room has 3 sections: * Elementary * Middle * High * Please move to the section for your grade level and take your electronic device(s)
11.1 CSE Department MAITSandeep Tayal 11: Protection Goals of Protection Domain of Protection Access Matrix Implementation of Access Matrix Revocation.
Protection & Security Greg Bilodeau CS 5204 October 13, 2009.
Draft way Forward on Access Control Model and associated Terminology Group Name: SEC Source: Dragan Vujcic, Oberthur Technologies,
Morteza Amini; 2nd Semester ; Database Security; Sharif Univ. of Tech. Role-Based Access Control Overview user_sessions (RH) Role Hierarchy session_roles.
CSE Operating System Principles Protection.
18.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 18: Protection Goals of Protection Domain of Protection Access Matrix.
Saurav Karmakar. Chapter 14: Protection  Goals of Protection  Principles of Protection  Domain of Protection  Access Matrix  Implementation of Access.
Presented By: Smriti Bhatt
Project Management: Messages
PROTECTION.
Security Management: Successes and Failures
Chapter 14: System Protection
Chapter 14: Protection.
Operating System Concepts
Access Control Role-based models RBAC
alt Planning Analysis Performer Planning Session Manager
Chapter 14: Protection.
Chapter 14: Protection.
Chapter 14: Protection.
RBAC-Capability Project
Chapter 14: Protection.
Chapter 14: Protection.
Role-Based Access Control Richard Newman (c) 2012 R. Newman
Chapter 14: Protection.
Presenter #1 • Presenter #2 • Presenter #3 Presenter #4 • Presenter #5
Chapter 14: Protection.
Chapter 14: Protection.
Chapter 14: Protection.
Chapter 14: Protection.
Chapter 14: Protection.
Chapter 14: Protection.
Chapter 14: Protection.
Operating System Concepts
Chapter 14: Protection.
Presentation transcript:

RBAC-Capability Project Design Session II Zutao Zhu Derived from Karthick Jayaraman

Agenda Announcements Design questions ◦ Delegation ◦ Separation of duty ◦ Setuid Task list for project

NOTICES

Notices Design session I minutes are online. Design document ◦ Due on Monday, Nov 5, 2009 ◦ You may just summarize your plan for each design section. ◦ Please do not make an elaborate document.

DESIGN QUESTIONS

Delegation CAP_ROLE_DELEGATE Delegated roles are available to users immediately. User should explicitly activate delegated roles. The delegated roles should be available to all user-sessions. Delegation ends when machine reboots or the delegating user revokes the delegation. Revocation: Revoking a delegation chain is a challenge.

Delegation - continued Questions: ◦ Where to store delegated roles? ◦ How to enforce SSD and DSD for a delegation? ◦ How to do revocation?

Separation of Duty Static Separation of Duty (SSD) Dynamic separation of Duty (DSD) When to check each? How to represent the rules? Who can update the rules? Can the rules keep changing often?

Setuid Mechanism Setuid programs Traditional setuid programs should work. Set-owner-role program: How could a RBAC-aware support a setuid equivalent mechanism? Do we need a different identification mechanism for set-owner-role program ?

Setuid Mechanism - Continued What is the meaning of these system calls in the RBAC model: ◦ Setuid() ◦ Seteuid() Should these system calls be allowed for a set-owner-role program?

STAGES IN PROJECT

Stages Implementing commands to do UA and PA assignment. Defining all kernel level data structures required for supporting RBAC-Capability. ◦ Representing roles and capabiities. ◦ Representing session. ◦ Additional data structure(s) to support delegation. ◦ Changes to fproc structure. Changing login.c to setup a session.

Stages - continued Implementing role operations: Enable / Disable / and Drop session. Implementing delegation. Writing functions and commands to check SSD and DSD rules. Supporting set-owner-role programs. Changes to reference monitor.

Next milestone Setup all kernel data-structures required for supporting RBAC-capability. Implement all role operations. ◦ Should have a facility to printout all role / capabilities for the process. ◦ Should be able to show the correctness of all role operations.

Thank you

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.