Presentation is loading. Please wait.

Presentation is loading. Please wait.

ROLE HIERARCHIES AND CONSTRAINTS FOR LATTICE-BASED ACCESS CONTROLS

Published byMelissa Moreno Modified over 11 years ago

Similar presentations

Presentation on theme: "ROLE HIERARCHIES AND CONSTRAINTS FOR LATTICE-BASED ACCESS CONTROLS"— Presentation transcript:

1 ROLE HIERARCHIES AND CONSTRAINTS FOR LATTICE-BASED ACCESS CONTROLS
Ravi Sandhu George Mason University and SETA Corporation

2 OUTLINE RBAC96 model: policy neutral
LBAC models: policy full and varied LBAC can be reduced to RBAC96 LBAC < RBAC96 ? why bother to do this?

3 RBAC96 ... ROLE HIERARCHIES USER-ROLE ASSIGNMENT PERMISSION-ROLE
USERS ROLES PERMISSIONS ... SESSIONS This is a somewhat busy slide It shows a bird’s eye view of RBAC There are many details that need to be debated and filled in Some of these will be discussed in the subsequent panel For our purpose the bird’s eye view will suffice

4 HIERARCHICAL ROLES Engineer Hardware Software Supervising

5 RBAC96 ... ROLE HIERARCHIES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE
USERS ROLES PERMISSIONS ... SESSIONS This is a somewhat busy slide It shows a bird’s eye view of RBAC There are many details that need to be debated and filled in Some of these will be discussed in the subsequent panel For our purpose the bird’s eye view will suffice CONSTRAINTS

6 WHAT IS THE POLICY IN RBAC?
RBAC is policy neutral Role hierarchies facilitate security management Constraints facilitate non-discretionary policies

7 LBAC: LIBERAL *-PROPERTY
+ - H L M1 M2 - + Read Write

8 RBAC96: LIBERAL *-PROPERTY
+ HR LR M1R M2R LW HW M1W M2W - Read Write

9 RBAC96: LIBERAL *-PROPERTY
user  xR, user has clearance x user  LW, independent of clearance Need constraints session  xR iff session  xW read can be assigned only to xR roles write can be assigned only to xW roles (O,read) assigned to xR iff (O,write) assigned to xW

10 LBAC: STRICT *-PROPERTY
+ H L M1 M2 - Read Write

11 RBAC96: STRICT *-PROPERTY
HR LR M1R M2R M1W LW HW M2W

12 LBAC: WRITE RANGE H L M1 M2 subjects have 2 labels read label
write label

13 RBAC96: WRITE RANGE LIBERAL *-PROPERTY
HR LR M1R M2R LW HW M1W M2W read role ° write role

14 RBAC96: WRITE RANGE STRICT *-PROPERTY
HR LR M1R M2R M1W LW HW M2W read role ° write role

15 LBAC: CONFIDENTIALITY AND INTEGRITY
HS-LI LS-HI HS-HI LS-LI HS LS LI HI two independent lattices one composite lattice

16 RBAC96: CONFIDENTIALITY AND INTEGRITY READ ROLES
HSR-LIR HSR-HIR LSR-LIR LSR-HIR Same for all cases

17 RBAC96: CONFIDENTIALITY AND INTEGRITY WRITE ROLES
LSW-HIW HSW-HIW LSW-LIW HSW-LIW Liberal confidentiality Liberal integrity

18 RBAC96: CONFIDENTIALITY AND INTEGRITY WRITE ROLES
LSW-LIW LSW-HIW HSW-LIW HSW-HIW Strict confidentiality Liberal integrity

19 RBAC96: CONFIDENTIALITY AND INTEGRITY WRITE ROLES
LSW-HIW HSW-HIW LSW-LIW HSW-LIW Strict confidentiality Strict integrity

20 SUMMARY policy-neutral RBAC96 can accommodate policy-full LBAC in all its variations LBAC variations are modeled by adjusting role hierarchy adjusting constraints

21 COVERT CHANNELS are a problem for LBAC remain a problem for RBAC but
they don’t get any worse same techniques can be adapted who cares about them anyway

Download ppt "ROLE HIERARCHIES AND CONSTRAINTS FOR LATTICE-BASED ACCESS CONTROLS"

Similar presentations

TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST

TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST
LEUCEMIA MIELOIDE AGUDA TIPO 0

LEUCEMIA MIELOIDE AGUDA TIPO 0
Cyber-Identity, Authority and Trust in an Uncertain World

Cyber-Identity, Authority and Trust in an Uncertain World
Cyber-Identity, Authority and Trust in an Uncertain World

Cyber-Identity, Authority and Trust in an Uncertain World
Access Control Prof. Ravi Sandhu Executive Director and Endowed Chair

Access Control Prof. Ravi Sandhu Executive Director and Endowed Chair
1 ACSAC 2002 © Mohammad al-Kahtani 2002 A Model for Attribute-Based User-Role Assignment Mohammad A. Al-Kahtani Ravi Sandhu George Mason University SingleSignOn.net,

1 ACSAC 2002 © Mohammad al-Kahtani 2002 A Model for Attribute-Based User-Role Assignment Mohammad A. Al-Kahtani Ravi Sandhu George Mason University SingleSignOn.net,
George Mason University

George Mason University
1 Framework for Role-Based Delegation Models (RBDMs) By: Ezedin S.Barka and Ravi Sandhu Laboratory Of Information Security Technology George Mason University.

1 Framework for Role-Based Delegation Models (RBDMs) By: Ezedin S.Barka and Ravi Sandhu Laboratory Of Information Security Technology George Mason University.
INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.

INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.
Role-Based Access Control Prof. Ravi Sandhu George Mason University and NSD Security SACMAT 2003.

Role-Based Access Control Prof. Ravi Sandhu George Mason University and NSD Security SACMAT 2003.
ACCESS-CONTROL MODELS

ACCESS-CONTROL MODELS
ARBAC99 (Model for Administration of Roles)

ARBAC99 (Model for Administration of Roles)
Ravi Sandhu Venkata Bhamidipati

Ravi Sandhu Venkata Bhamidipati
Role Activation Hierarchies Ravi Sandhu George Mason University.

Role Activation Hierarchies Ravi Sandhu George Mason University.
ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University.

ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University.
SECURING CYBERSPACE: THE OM-AM, RBAC AND PKI ROADMAP Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University

SECURING CYBERSPACE: THE OM-AM, RBAC AND PKI ROADMAP Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University
Future Directions in Role-Based Access Control Models Ravi Sandhu Co-Founder and Chief Scientist SingleSignOn.Net & Professor of Information Technology.

Future Directions in Role-Based Access Control Models Ravi Sandhu Co-Founder and Chief Scientist SingleSignOn.Net & Professor of Information Technology.
ENGINEERING AUTHORITY AND TRUST IN CYBERSPACE: A ROLE-BASED APPROACH Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.

ENGINEERING AUTHORITY AND TRUST IN CYBERSPACE: A ROLE-BASED APPROACH Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.
ISA 662 RBAC-MAC-DAC Prof. Ravi Sandhu. 2 © Ravi Sandhu RBAC96 ROLES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS ROLE.

ISA 662 RBAC-MAC-DAC Prof. Ravi Sandhu. 2 © Ravi Sandhu RBAC96 ROLES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS ROLE.
A Role-Based Delegation Model and some extensions By: Ezedin S.Barka Ravi Sandhu George Mason University.

A Role-Based Delegation Model and some extensions By: Ezedin S.Barka Ravi Sandhu George Mason University.

Similar presentations

Ads by Google