Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2005 Ravi Sandhu www.list.gmu.edu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology.

Similar presentations


Presentation on theme: "© 2005 Ravi Sandhu www.list.gmu.edu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology."— Presentation transcript:

1 © 2005 Ravi Sandhu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George Mason University

2 © 2005 Ravi Sandhu 2 RBAC96 Model

3 © 2005 Ravi Sandhu 3 ARBAC97 User-Role Assignment: URA97 Permission-Role Assignment: PRA97 Role-Role Assignment: RRA97 Ravi Sandhu, Venkata Bhamidipati and Qamar Munawer. The ARBAC97 Model for Role-Based Administration of Roles. ACM Transactions on Information and System Security, Volume 2, Number 1, February 1999, pages

4 © 2005 Ravi Sandhu 4 Example Role Hierarchy

5 © 2005 Ravi Sandhu 5 Example Administrative Role Hierarchy

6 © 2005 Ravi Sandhu 6 Abilities, Groups and UP-Roles

7 © 2005 Ravi Sandhu 7 Four operations Create role Delete role Insert edge Delete edge Authorized by a single relation can-modify More complex operations can be built from these Chief Security Officer can bypass all these controls

8 © 2005 Ravi Sandhu 8 can-modify not a typo Authority range must be encapsulated To be discussed later

9 © 2005 Ravi Sandhu 9 Example Role Hierarchy DSOPSO1

10 © 2005 Ravi Sandhu 10 Semantics of create role Specify immediate parent and child These must be within the can-modify range or be one of the endpoints of the range Immediate parent must be senior to immediate child If junior will introduce cycle If incomparable will introduce a new edge (so introduce the new edge first and then create the new role) Immediate parent and immediate child must constitute a create range (prior to creation) To be discussed later

11 © 2005 Ravi Sandhu 11 Semantics of delete role Deletion of a role preserves all transitive edges Deletion that causes dangling references is prohibited Prohibit deletion of roles used in can_assign, can_revoke, can_modify OR Deactivate these roles when they are deleted. Inactive roles cannot be activated in a session and new users and permissions cannot be added. Preserve permissions and users in a deleted role Only empty roles can be deleted OR Users pushed down to immediately junior roles and permissions are pushed up to immediately senior roles

12 © 2005 Ravi Sandhu 12 Semantics of insert edge Edges can be inserted only between incomparable roles Edge insertion must preserve encapsulation of authority ranges To be discussed

13 © 2005 Ravi Sandhu 13 Semantics of delete edge Edges can be deleted only if they are not transitively implied Deleting an edge preserves transitive edges Some of which will become visible in the Hasse diagram Cannot delete an edge between the endpoints of an authority range To be discussed

14 © 2005 Ravi Sandhu 14 Edge insertion anomaly DSOPSO1

15 © 2005 Ravi Sandhu 15 Edge insertion anomaly Edge insertion by PSO1 in range (E1,PL1) impacts relationship between X and Y outside the PSO1 range

16 © 2005 Ravi Sandhu 16 Edge insertion anomaly Let it happen Do not allow X and Y to be introduced (by DSO) Do not allow PSO1 to insert edge from QE1 to PE1

17 © 2005 Ravi Sandhu 17 Role Ranges typo

18 © 2005 Ravi Sandhu Range Definitions Rang e Create Range Encapsulated Range Authority Range

19 © 2005 Ravi Sandhu 19 Encapsulated Role Ranges typo

20 © 2005 Ravi Sandhu 20 Encapsulated Role Ranges DSOPSO1 Encapsulated (E1,PL1) (E2,PL2) (ED,DIR) (E,DIR) Non-encapsulated (E,PL1) (E,PL2) (E,E1) (E,E2)

21 © 2005 Ravi Sandhu 21 Encapsulated Role Ranges Encapsulated (x,y) (r2,y) (B,A) Non-encapsulated (x,y) (B,y)

22 © 2005 Ravi Sandhu 22 Encapsulated Role Ranges Encapsulated (r2,y) (B,A) (Non-encapsulated (x,y) (B,y)

23 © 2005 Ravi Sandhu 23 Create Ranges

24 © 2005 Ravi Sandhu 24 Create Ranges Authority ranges (B,A) (x,y) Create ranges dashed lines --- B is end point of AR immediate (y) A is end point of AR immediate (r3) A is end point of AR immediate (x) these are not create ranges

25 © 2005 Ravi Sandhu 25 Preserving encapsulation on edge insertion

26 © 2005 Ravi Sandhu 26 Preserving encapsulation on edge insertion Authority ranges (B,A) (x,y) Insertion of (y,r3) is ok but will prevent future insertion of (r3,x) Likewise insertion of (r3,x) is ok but will prevent future insertion of (y,r3)

27 © 2005 Ravi Sandhu 27 Edge deletion example

28 © 2005 Ravi Sandhu 28 Next class Read Jason Crampton and George Loizou. Administrative scope: A foundation for role-based administrative models. ACM Transactions on Information and System Security, Volume 6, Number 2, May 2003, pages Available in ACM digital library through GMU. and come prepared to discuss

29 © 2005 Ravi Sandhu 29 Assignment 1.Prove or give counterexample An authority range is always a create range? If x is an immediate child of y then (x,y) is a create range? 2.Prove or give counterexample If x is an immediate child of y then (x,y) can always be introduced into can-modify as an authority range that is guaranteed to be encapsulated?


Download ppt "© 2005 Ravi Sandhu www.list.gmu.edu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology."

Similar presentations


Ads by Google