Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2005 Ravi Sandhu www.list.gmu.edu Role Usage and Activation Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security.

Published byJocelyn Bruce Modified over 11 years ago

Similar presentations

Presentation on theme: "© 2005 Ravi Sandhu www.list.gmu.edu Role Usage and Activation Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security."— Presentation transcript:

1 © 2005 Ravi Sandhu www.list.gmu.edu Role Usage and Activation Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George Mason University www.list.gmu.edu sandhu@gmu.edu

2 © 2005 Ravi Sandhu www.list.gmu.edu 2 Reference Ravi Sandhu, Role Hierarchies and Constraints for Lattice-Based Access Controls. Proc. Fourth European Symposium on Research in Computer Security, Rome, Italy, September 25-27, 1996, pages 65-79. Published as Lecture Notes in Computer Science, Computer Security- ESORICS96 (Elisa Bertino et al, editors), Springer-Verlag, 1996. Ravi Sandhu, Role Activation Hierarchies. Proc. Third ACM Workshop on Role-Based Access Control, Fairfax, Virginia, October 22-23, 1998, pages 33-40. Sylvia Osborn, Ravi Sandhu and Qamar Munawer. Configuring Role- Based Access Control to Enforce Mandatory and Discretionary Access Control Policies. ACM Transactions on Information and System Security, Volume 3, Number 2, May 2000, pages 85-106.

3 © 2005 Ravi Sandhu www.list.gmu.edu 3 Role hierarchies Two aspects Role usage: permission inheritance Role activation: activation hierarchy RBAC96 combines both aspects in a single hierarchy ANSI/NIST standard model leaves this open Do one or both, just make it clear what you are doing

4 © 2005 Ravi Sandhu www.list.gmu.edu 4 Example Role Hierarchy

5 © 2005 Ravi Sandhu www.list.gmu.edu 5 LBAC to RBAC

6 © 2005 Ravi Sandhu www.list.gmu.edu 6 Simple security property some variations of LBAC use 2 labels for subjects λ r for read and λ w for read λ r = λ w for the single label case

7 © 2005 Ravi Sandhu www.list.gmu.edu 7 Variations of *-property

8 © 2005 Ravi Sandhu www.list.gmu.edu 8 LBAC to RBAC: independent read-write hierarchies

9 © 2005 Ravi Sandhu www.list.gmu.edu 9 LBAC to RBAC: intertwined read-write hierarchies

10 © 2005 Ravi Sandhu www.list.gmu.edu 10 Activation hierarchies and dynamic SOD

11 © 2005 Ravi Sandhu www.list.gmu.edu 11 Formal definition

12 © 2005 Ravi Sandhu www.list.gmu.edu 12 Activation hierarchy with non-maximal roles

13 © 2005 Ravi Sandhu www.list.gmu.edu 13 Read-write RBAC and LBAC

14 © 2005 Ravi Sandhu www.list.gmu.edu 14 LBAC with trusted strict *-property

Download ppt "© 2005 Ravi Sandhu www.list.gmu.edu Role Usage and Activation Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security."

Similar presentations

Slide 1 Insert your own content. Slide 2 Insert your own content.

Slide 1 Insert your own content. Slide 2 Insert your own content.
Cyber-Identity, Authority and Trust in an Uncertain World

Cyber-Identity, Authority and Trust in an Uncertain World
Role Based Access Control

Role Based Access Control
Cyber-Identity, Authority and Trust in an Uncertain World

Cyber-Identity, Authority and Trust in an Uncertain World
INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University www.list.gmu.edu.

Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University
Cyber-Identity and Authorization in an Uncertain World Ravi Sandhu Laboratory for Information Security Technology www.list.gmu.edu Department of Information.

Cyber-Identity and Authorization in an Uncertain World Ravi Sandhu Laboratory for Information Security Technology Department of Information.
1 ACSAC 2002 © Mohammad al-Kahtani 2002 A Model for Attribute-Based User-Role Assignment Mohammad A. Al-Kahtani Ravi Sandhu George Mason University SingleSignOn.net,

1 ACSAC 2002 © Mohammad al-Kahtani 2002 A Model for Attribute-Based User-Role Assignment Mohammad A. Al-Kahtani Ravi Sandhu George Mason University SingleSignOn.net,
© 2004 Ravi Sandhu www.list.gmu.edu The Schematic Protection Model (SPM) Ravi Sandhu Laboratory for Information Security Technology George Mason University.

© 2004 Ravi Sandhu The Schematic Protection Model (SPM) Ravi Sandhu Laboratory for Information Security Technology George Mason University.
Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA.

Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA.
© 2004-5 Ravi Sandhu www.list.gmu.edu Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology.

© Ravi Sandhu Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology.
© 2004 Ravi Sandhu www.list.gmu.edu The Safety Problem in Access Control HRU Model Ravi Sandhu Laboratory for Information Security Technology George Mason.

© 2004 Ravi Sandhu The Safety Problem in Access Control HRU Model Ravi Sandhu Laboratory for Information Security Technology George Mason.
George Mason University

George Mason University
1 Framework for Role-Based Delegation Models (RBDMs) By: Ezedin S.Barka and Ravi Sandhu Laboratory Of Information Security Technology George Mason University.

1 Framework for Role-Based Delegation Models (RBDMs) By: Ezedin S.Barka and Ravi Sandhu Laboratory Of Information Security Technology George Mason University.
© 2004 Ravi Sandhu www.list.gmu.edu A Perspective on Graphs and Access Control Models Ravi Sandhu Laboratory for Information Security Technology George.

© 2004 Ravi Sandhu A Perspective on Graphs and Access Control Models Ravi Sandhu Laboratory for Information Security Technology George.
© 2004 Ravi Sandhu www.list.gmu.edu Role-Based Access Control Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.

© 2004 Ravi Sandhu Role-Based Access Control Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.
INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.

INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.
ARBAC99 (Model for Administration of Roles)

ARBAC99 (Model for Administration of Roles)
11 World-Leading Research with Real-World Impact! A Framework for Risk-Aware Role Based Access Control Khalid Zaman Bijon, Ram Krishnan and Ravi Sandhu.

11 World-Leading Research with Real-World Impact! A Framework for Risk-Aware Role Based Access Control Khalid Zaman Bijon, Ram Krishnan and Ravi Sandhu.
Ravi Sandhu Venkata Bhamidipati

Ravi Sandhu Venkata Bhamidipati

Similar presentations

Ads by Google