Presentation is loading. Please wait.

Presentation is loading. Please wait.

Institute for Cyber Security

Published byJoel Moody Modified over 6 years ago

Similar presentations

Presentation on theme: "Institute for Cyber Security"— Presentation transcript:

1 Institute for Cyber Security
Uni-ARBAC: A Unified Administrative Model for Role-Based Access Control Prosunjit Biswas, Ravi Sandhu and Ram Krishnan Department of Computer Science Department of Electrical and Computer Engineering 19th Information Security Conference, (ISC 2016) September 7-9, 2016 World-Leading Research with Real-World Impact! 1 1 1

2 Existing concepts and principles The Uni-ARBAC model
Outline Summary Motivation Existing concepts and principles The Uni-ARBAC model Variations of Uni-ARBAC Engineering Administrative Units Conclusion World-Leading Research with Real-World Impact! 2 2 2

3 Summary We have presented a unified model (Uni-ARBAC) for administering user-role and permission-role assignments by combining many of the existing administrative principles. World-Leading Research with Real-World Impact! 3 3 3

4 Crampton & Loizou model
Motivation ARBAC97 ARBAC02 Crampton & Loizou model URBAC World-Leading Research with Real-World Impact! 4 4 4

5 Inspiring concepts & principles
Separation principle [ARBAC97] Separation of user & permission administration Separation of regular roles from administration Unification principles Task as a group of permissions [TRBAC] User-pool as a group of users [ARBAC02] World-Leading Research with Real-World Impact! 5 5 5

6 Inspiring concepts & principles
Design of administrative structure Strictly based on role hierarchy [Administrative scope] Flexible role hierarchy [Role-graph administration] Principles of role administration [UARBAC] Reversibility Administrative structure flexibility World-Leading Research with Real-World Impact! 6 6 6

7 Uni-ARBAC Principles

8 The Uni-ARBAC model

9 Scope of Administrative Unit

10 Variation of Uni-ARBAC
Aggressive inheritance model No-self administration model Discriminative revoke model

11 Engineering Administrative Units
Role Graph 3. Iterate the process until all roles are partitioned into Administrative Units. 1. Use role hierarchy to discover senior and junior roles. “Senior-most” roles “Junior-most” roles 2.Separate senior-most and junior-most roles from role graph & define Administrative Units with these roles.

12 Examples of engineered Administrative units
Fig1: Role hierarchy Fig2: Generated Administrative Units

13 Examples of engineered Administrative units
Fig1: Role hierarchy Fig2: Generated Administrative Units

14 Conclusion Uni-ARBAC unifies different role administrative principles into a single model. It addresses different concerns raised in the literatures of role-based administration.

15

16

Download ppt "Institute for Cyber Security"

Similar presentations

1 Framework for Role-Based Delegation Models (RBDMs) By: Ezedin S.Barka and Ravi Sandhu Laboratory Of Information Security Technology George Mason University.

1 Framework for Role-Based Delegation Models (RBDMs) By: Ezedin S.Barka and Ravi Sandhu Laboratory Of Information Security Technology George Mason University.
FRAMEWORK FOR AGENT-BASED ROLE DELEGATION Presentation by: Ezedin S. Barka UAE University.

FRAMEWORK FOR AGENT-BASED ROLE DELEGATION Presentation by: Ezedin S. Barka UAE University.
Institute for Cyber Security ASCAA Principles for Next- Generation Role-Based Access Control Ravi Sandhu Executive Director & Endowed Professor Institute.

Institute for Cyber Security ASCAA Principles for Next- Generation Role-Based Access Control Ravi Sandhu Executive Director & Endowed Professor Institute.
ARBAC99 (Model for Administration of Roles)

ARBAC99 (Model for Administration of Roles)
PBDM: A Flexible Delegation Model in RBAC Xinwen Zhang, Sejong Oh George Mason University Ravi Sandhu George Mason University and NSD Security.

PBDM: A Flexible Delegation Model in RBAC Xinwen Zhang, Sejong Oh George Mason University Ravi Sandhu George Mason University and NSD Security.
ARBAC 97 (ADMINISTRATIVE RBAC)

ARBAC 97 (ADMINISTRATIVE RBAC)
Role Activation Hierarchies Ravi Sandhu George Mason University.

Role Activation Hierarchies Ravi Sandhu George Mason University.
1 Towards a Discipline of Mission-Aware Cloud Computing (A Position Paper) Ravi Sandhu Executive Director and Endowed Professor October 2010

1 Towards a Discipline of Mission-Aware Cloud Computing (A Position Paper) Ravi Sandhu Executive Director and Endowed Professor October 2010
Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.

Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.
Institute for Cyber Security

Institute for Cyber Security
1 New Trends and Challenges in Computer Network Security Ravi Sandhu Executive Director and Endowed Professor September 2010

1 New Trends and Challenges in Computer Network Security Ravi Sandhu Executive Director and Endowed Professor September 2010
An ORACLE Implementation of the PRA97 Model for Permission-Role Assignment Ravi Sandhu Venkata Bhamidipati George Mason University.

An ORACLE Implementation of the PRA97 Model for Permission-Role Assignment Ravi Sandhu Venkata Bhamidipati George Mason University.
A Role-Based Delegation Model and some extensions By: Ezedin S.Barka Ravi Sandhu George Mason University.

A Role-Based Delegation Model and some extensions By: Ezedin S.Barka Ravi Sandhu George Mason University.
ROLE-BASED ACCESS CONTROL: A MULTI-DIMENSIONAL VIEW Ravi Sandhu, Edward Coyne, Hal Feinstein and Charles Youman Seta Corporation McLean, VA Ravi Sandhu.

ROLE-BASED ACCESS CONTROL: A MULTI-DIMENSIONAL VIEW Ravi Sandhu, Edward Coyne, Hal Feinstein and Charles Youman Seta Corporation McLean, VA Ravi Sandhu.
© 2005 Ravi Sandhu www.list.gmu.edu Permissions and Inheritance (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology.

© 2005 Ravi Sandhu Permissions and Inheritance (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology.
© 2005 Ravi Sandhu www.list.gmu.edu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George.

© 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George.
© 2005 Ravi Sandhu www.list.gmu.edu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology.

© 2005 Ravi Sandhu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology.
The RBAC96 Model Prof. Ravi Sandhu. 2 © Ravi Sandhu WHAT IS RBAC?  multidimensional  open ended  ranges from simple to sophisticated.

The RBAC96 Model Prof. Ravi Sandhu. 2 © Ravi Sandhu WHAT IS RBAC?  multidimensional  open ended  ranges from simple to sophisticated.
Access Control RBAC Database Activity Monitoring.

Access Control RBAC Database Activity Monitoring.
1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.

1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.

Similar presentations

Ads by Google