Presentation is loading. Please wait.

Presentation is loading. Please wait.

The RBAC96 Model Prof. Ravi Sandhu. 2 © Ravi Sandhu WHAT IS RBAC?  multidimensional  open ended  ranges from simple to sophisticated.

Published byKimberly Whitter Modified over 9 years ago

Similar presentations

Presentation on theme: "The RBAC96 Model Prof. Ravi Sandhu. 2 © Ravi Sandhu WHAT IS RBAC?  multidimensional  open ended  ranges from simple to sophisticated."— Presentation transcript:

1 The RBAC96 Model Prof. Ravi Sandhu

2 2 © Ravi Sandhu WHAT IS RBAC?  multidimensional  open ended  ranges from simple to sophisticated

3 3 © Ravi Sandhu WHAT IS THE POLICY IN RBAC?  LBAC is policy driven: one-directional information flow in a lattice of security labels  DAC is policy driven: owner-based discretion  RBAC is a framework to help in articulating policy  The main point of RBAC is to facilitate security management

4 4 © Ravi Sandhu RBAC96  Policy neutral  can be configured to do LBAC  roles simulate clearances (ESORICS 96)  can be configured to do DAC  roles simulate identity (RBAC98)

5 5 © Ravi Sandhu RBAC SECURITY PRINCIPLES  least privilege  separation of duties  separation of administration and access  abstract operations

6 6 © Ravi Sandhu RBAC CONUNDRUM  turn on all roles all the time  turn on one role only at a time  turn on a user-specified subset of roles

7 7 © Ravi Sandhu RBAC96 FAMILY OF MODELS RBAC0 BASIC RBAC RBAC3 ROLE HIERARCHIES + CONSTRAINTS RBAC1 ROLE HIERARCHIES RBAC2 CONSTRAINTS

8 8 © Ravi Sandhu RBAC0 ROLES USER-ROLE ASSIGNMENT PERMISSION-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS

9 9 © Ravi Sandhu PERMISSIONS  Primitive permissions  read, write, append, execute  Abstract permissions  credit, debit, inquiry

10 10 © Ravi Sandhu PERMISSIONS  System permissions  Auditor  Object permissions  read, write, append, execute, credit, debit, inquiry

11 11 © Ravi Sandhu PERMISSIONS  Permissions are positive  No negative permissions or denials  negative permissions and denials can be handled by constraints  No duties or obligations  outside scope of access control

12 12 © Ravi Sandhu ROLES AS POLICY  A role brings together  a collection of users and  a collection of permissions  These collections will vary over time  A role has significance and meaning beyond the particular users and permissions brought together at any moment

13 13 © Ravi Sandhu ROLES VERSUS GROUPS  Groups are often defined as  a collection of users  A role is  a collection of users and  a collection of permissions  Some authors define role as  a collection of permissions

14 14 © Ravi Sandhu USERS  Users are  human beings or  other active agents  Each individual should be known as exactly one user

15 15 © Ravi Sandhu USER-ROLE ASSIGNMENT  A user can be a member of many roles  Each role can have many users as members

16 16 © Ravi Sandhu SESSIONS  A user can invoke multiple sessions  In each session a user can invoke any subset of roles that the user is a member of

17 17 © Ravi Sandhu PERMISSION-ROLE ASSIGNMENT  A permission can be assigned to many roles  Each role can have many permissions

18 18 © Ravi Sandhu MANAGEMENT OF RBAC  Option 1: USER-ROLE-ASSIGNMENT and PERMISSION-ROLE ASSIGNMENT can be changed only by the chief security officer  Option 2: Use RBAC to manage RBAC

19 19 © Ravi Sandhu RBAC1 ROLES USER-ROLE ASSIGNMENT PERMISSION-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS ROLE HIERARCHIES

20 20 © Ravi Sandhu HIERARCHICAL ROLES Health-Care Provider Physician Primary-Care Physician Specialist Physician

21 21 © Ravi Sandhu HIERARCHICAL ROLES Engineer Hardware Engineer Software Engineer Supervising Engineer

22 22 © Ravi Sandhu PRIVATE ROLES Engineer Hardware Engineer Software Engineer Supervising Engineer Hardware Engineer’ Software Engineer’

23 23 © Ravi Sandhu EXAMPLE ROLE HIERARCHY Employee (E) Engineering Department (ED) Project Lead 1 (PL1) Engineer 1 (E1) Production 1 (P1) Quality 1 (Q1) Director (DIR) Project Lead 2 (PL2) Engineer 2 (E2) Production 2 (P2) Quality 2 (Q2) PROJECT 2PROJECT 1

24 24 © Ravi Sandhu EXAMPLE ROLE HIERARCHY Employee (E) Engineering Department (ED) Project Lead 1 (PL1) Engineer 1 (E1) Production 1 (P1) Quality 1 (Q1) Project Lead 2 (PL2) Engineer 2 (E2) Production 2 (P2) Quality 2 (Q2) PROJECT 2PROJECT 1

25 25 © Ravi Sandhu EXAMPLE ROLE HIERARCHY Project Lead 1 (PL1) Engineer 1 (E1) Production 1 (P1) Quality 1 (Q1) Director (DIR) Project Lead 2 (PL2) Engineer 2 (E2) Production 2 (P2) Quality 2 (Q2) PROJECT 2PROJECT 1

26 26 © Ravi Sandhu EXAMPLE ROLE HIERARCHY Project Lead 1 (PL1) Engineer 1 (E1) Production 1 (P1) Quality 1 (Q1) Project Lead 2 (PL2) Engineer 2 (E2) Production 2 (P2) Quality 2 (Q2) PROJECT 2PROJECT 1

27 27 © Ravi Sandhu RBAC3 ROLES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS ROLE HIERARCHIES CONSTRAINTS

28 28 © Ravi Sandhu CONSTRAINTS  Mutually Exclusive Roles  Static Exclusion: The same individual can never hold both roles  Dynamic Exclusion: The same individual can never hold both roles in the same context

29 29 © Ravi Sandhu CONSTRAINTS  Mutually Exclusive Permissions  Static Exclusion: The same role should never be assigned both permissions  Dynamic Exclusion: The same role can never hold both permissions in the same context

30 30 © Ravi Sandhu CONSTRAINTS  Cardinality Constraints on User-Role Assignment  At most k users can belong to the role  At least k users must belong to the role  Exactly k users must belong to the role

31 31 © Ravi Sandhu CONSTRAINTS  Cardinality Constraints on Permissions-Role Assignment  At most k roles can get the permission  At least k roles must get the permission  Exactly k roles must get the permission

Download ppt "The RBAC96 Model Prof. Ravi Sandhu. 2 © Ravi Sandhu WHAT IS RBAC?  multidimensional  open ended  ranges from simple to sophisticated."

Similar presentations

INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
RBAC Role-Based Access Control

RBAC Role-Based Access Control
Cyber-Identity, Authority and Trust in an Uncertain World

Cyber-Identity, Authority and Trust in an Uncertain World
Cyber-Identity, Authority and Trust in an Uncertain World

Cyber-Identity, Authority and Trust in an Uncertain World
Access Control Prof. Ravi Sandhu Executive Director and Endowed Chair

Access Control Prof. Ravi Sandhu Executive Director and Endowed Chair
ROWLBAC – Representing Role Based Access Control in OWL

ROWLBAC – Representing Role Based Access Control in OWL
© 2004 Ravi Sandhu www.list.gmu.edu Role-Based Access Control Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.

© 2004 Ravi Sandhu Role-Based Access Control Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.
Institute for Cyber Security ASCAA Principles for Next- Generation Role-Based Access Control Ravi Sandhu Executive Director & Endowed Professor Institute.

Institute for Cyber Security ASCAA Principles for Next- Generation Role-Based Access Control Ravi Sandhu Executive Director & Endowed Professor Institute.
INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.

INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.
Role-Based Access Control Prof. Ravi Sandhu George Mason University and NSD Security SACMAT 2003.

Role-Based Access Control Prof. Ravi Sandhu George Mason University and NSD Security SACMAT 2003.
Role Activation Hierarchies Ravi Sandhu George Mason University.

Role Activation Hierarchies Ravi Sandhu George Mason University.
ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University.

ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University.
ROLE HIERARCHIES AND CONSTRAINTS FOR LATTICE-BASED ACCESS CONTROLS

ROLE HIERARCHIES AND CONSTRAINTS FOR LATTICE-BASED ACCESS CONTROLS
SECURING CYBERSPACE: THE OM-AM, RBAC AND PKI ROADMAP Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University

SECURING CYBERSPACE: THE OM-AM, RBAC AND PKI ROADMAP Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University
Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.

Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.
Future Directions in Role-Based Access Control Models Ravi Sandhu Co-Founder and Chief Scientist SingleSignOn.Net & Professor of Information Technology.

Future Directions in Role-Based Access Control Models Ravi Sandhu Co-Founder and Chief Scientist SingleSignOn.Net & Professor of Information Technology.
ENGINEERING AUTHORITY AND TRUST IN CYBERSPACE: A ROLE-BASED APPROACH Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.

ENGINEERING AUTHORITY AND TRUST IN CYBERSPACE: A ROLE-BASED APPROACH Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.
ISA 662 RBAC-MAC-DAC Prof. Ravi Sandhu. 2 © Ravi Sandhu RBAC96 ROLES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS ROLE.

ISA 662 RBAC-MAC-DAC Prof. Ravi Sandhu. 2 © Ravi Sandhu RBAC96 ROLES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS ROLE.
ROLE-BASED ACCESS CONTROL: A MULTI-DIMENSIONAL VIEW Ravi Sandhu, Edward Coyne, Hal Feinstein and Charles Youman Seta Corporation McLean, VA Ravi Sandhu.

ROLE-BASED ACCESS CONTROL: A MULTI-DIMENSIONAL VIEW Ravi Sandhu, Edward Coyne, Hal Feinstein and Charles Youman Seta Corporation McLean, VA Ravi Sandhu.
A THREE TIER ARCHITECTURE FOR ROLE-BASED ACCESS CONTROL Ravi Sandhu and Hal Feinstein Seta Corporation McLean, VA Ongoing NIST-funded project Other Project.

A THREE TIER ARCHITECTURE FOR ROLE-BASED ACCESS CONTROL Ravi Sandhu and Hal Feinstein Seta Corporation McLean, VA Ongoing NIST-funded project Other Project.

Similar presentations

Ads by Google