Presentation is loading. Please wait.

Presentation is loading. Please wait.

ROLE HIERARCHIES AND CONSTRAINTS FOR LATTICE- BASED ACCESS CONTROLS Ravi Sandhu George Mason University and SETA Corporation.

Similar presentations


Presentation on theme: "ROLE HIERARCHIES AND CONSTRAINTS FOR LATTICE- BASED ACCESS CONTROLS Ravi Sandhu George Mason University and SETA Corporation."— Presentation transcript:

1 ROLE HIERARCHIES AND CONSTRAINTS FOR LATTICE- BASED ACCESS CONTROLS Ravi Sandhu George Mason University and SETA Corporation

2 2 © Ravi Sandhu OUTLINE u RBAC96 model: policy neutral u LBAC models: policy full and varied u LBAC can be reduced to RBAC96 l LBAC < RBAC96 ? u why bother to do this?

3 3 © Ravi Sandhu RBAC96 ROLES USER-ROLE ASSIGNMENT PERMISSION-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS ROLE HIERARCHIES

4 4 © Ravi Sandhu HIERARCHICAL ROLES Engineer Hardware Engineer Software Engineer Supervising Engineer

5 5 © Ravi Sandhu RBAC96 ROLES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS ROLE HIERARCHIES CONSTRAINTS

6 6 © Ravi Sandhu WHAT IS THE POLICY IN RBAC? u RBAC is policy neutral l Role hierarchies facilitate security management l Constraints facilitate non-discretionary policies

7 7 © Ravi Sandhu LBAC: LIBERAL *-PROPERTY H L M1M2 ReadWrite -+ +-

8 8 © Ravi Sandhu RBAC96: LIBERAL *-PROPERTY HR LR M1RM2R LW HW M1WM2W Read Write - +

9 9 © Ravi Sandhu RBAC96: LIBERAL *-PROPERTY user xR, user has clearance x user LW, independent of clearance u Need constraints session xR iff session xW l read can be assigned only to xR roles l write can be assigned only to xW roles l (O,read) assigned to xR iff (O,write) assigned to xW

10 10 © Ravi Sandhu LBAC: STRICT *-PROPERTY H L M1M2 ReadWrite - +

11 11 © Ravi Sandhu RBAC96: STRICT *-PROPERTY HR LR M1RM2R LWHWM1WM2W

12 12 © Ravi Sandhu LBAC: WRITE RANGE u subjects have 2 labels l read label l write label H L M1M2

13 13 © Ravi Sandhu RBAC96: WRITE RANGE LIBERAL *-PROPERTY HR LR M1RM2R LW HW M1WM2W read role ° write role

14 14 © Ravi Sandhu RBAC96: WRITE RANGE STRICT *-PROPERTY HR LR M1RM2RLWHWM1WM2W read role ° write role

15 15 © Ravi Sandhu LBAC: CONFIDENTIALITY AND INTEGRITY HS LS LI HI HS-LI LS-HI HS-HILS-LI two independent lattices one composite lattice

16 16 © Ravi Sandhu RBAC96: CONFIDENTIALITY AND INTEGRITY READ ROLES HSR-LIR LSR-HIR HSR-HIRLSR-LIR Same for all cases

17 17 © Ravi Sandhu RBAC96: CONFIDENTIALITY AND INTEGRITY WRITE ROLES LSW-HIW HSW-LIW HSW-HIWLSW-LIW Liberal confidentiality Liberal integrity

18 18 © Ravi Sandhu RBAC96: CONFIDENTIALITY AND INTEGRITY WRITE ROLES Strict confidentiality Liberal integrity LSW-LIW LSW-HIW HSW-LIW HSW-HIW

19 19 © Ravi Sandhu RBAC96: CONFIDENTIALITY AND INTEGRITY WRITE ROLES Strict confidentiality Strict integrity LSW-LIWLSW-HIWHSW-LIWHSW-HIW

20 20 © Ravi Sandhu SUMMARY u policy-neutral RBAC96 can accommodate policy-full LBAC in all its variations u LBAC variations are modeled by l adjusting role hierarchy l adjusting constraints

21 21 © Ravi Sandhu COVERT CHANNELS u are a problem for LBAC u remain a problem for RBAC but l they dont get any worse l same techniques can be adapted l who cares about them anyway


Download ppt "ROLE HIERARCHIES AND CONSTRAINTS FOR LATTICE- BASED ACCESS CONTROLS Ravi Sandhu George Mason University and SETA Corporation."

Similar presentations


Ads by Google