Presentation is loading. Please wait.

Presentation is loading. Please wait.

Role Activation Hierarchies Ravi Sandhu George Mason University.

Published byMichelle Lane Modified over 10 years ago

Similar presentations

Presentation on theme: "Role Activation Hierarchies Ravi Sandhu George Mason University."— Presentation transcript:

1

2 Role Activation Hierarchies Ravi Sandhu George Mason University

3 RBAC96 ROLES USER-ROLE ASSIGNMENT PERMISSION-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS ROLE HIERARCHIES CONSTRAINTS

4 ROLE HIERARCHIES u Inheritance hierarchies l permission inheritance l user inheritance u Activation hierarchies l role membership versus role activation

5 EXAMPLE ROLE HIERARCHY INTERPRETATIONS Employee (E) Engineering Department (ED) Project Lead 1 (PL1) Engineer 1 (E1) Production 1 (P1) Quality 1 (Q1) Director (DIR) Project Lead 2 (PL2) Engineer 2 (E2) Production 2 (P2) Quality 2 (Q2) PROJECT 2PROJECT 1

6 ALTERNATIVES u separate inheritance and activation hierarchies l this paper u single inheritance and activation hierarchy l most common approach, including RBAC96 u activation hierarchy only, no inheritance l alternative identified in NIST RBAC model u inheritance hierarchy only, no activation hierarchy l does not seem to be useful

7 LBAC: LIBERAL *-PROPERTY H L M1M2 ReadWrite -+ +-

8 LBAC: LIBERAL *-PROPERTY DUAL ROLE SIMULATION HR LR M1RM2R LW HW M1WM2W Read Write - +

9 LBAC: STRICT *-PROPERTY H L M1M2 ReadWrite - +

10 LBAC: STRICT *-PROPERTY DUAL ROLE SIMULATION HR LR M1RM2R LWHWM1WM2W

11 LBAC: STRICT *-PROPERTY SIMULATION BY PRIVATE ROLES HR LR M1RM2R

12 LBAC: STRICT *-PROPERTY SIMULATION BY PRIVATE ROLES HR LR M1RM2R HW LW M1WM2W

13 LBAC: STRICT *-PROPERTY SIMULATION BY PRIVATE ROLES HR LR M1RM2R HW LW M1WM2W

14 DYNAMIC SEPARATION OF DUTIES u Roles in dynamic SOD l cannot have common seniors in role inheritance hierarchy, but l can have common seniors in role activation hierarchy

15 EXAMPLE ROLE HIERARCHY INTERPRETATIONS Employee (E) Engineering Department (ED) Project Lead 1 (PL1) Engineer 1 (E1) Production 1 (P1) Quality 1 (Q1) Director (DIR) Project Lead 2 (PL2) Engineer 2 (E2) Production 2 (P2) Quality 2 (Q2) PROJECT 2PROJECT 1

16 ACTIVATION HIERARCHIES A B D C E A B D C E

17 CONCLUSION u separate inheritance and activation hierarchies l this paper u single inheritance and activation hierarchy l most common approach, including RBAC96 u activation hierarchy only, no inheritance l alternative identified in NIST RBAC model u inheritance hierarchy only, no activation hierarchy l does not seem to be useful

Download ppt "Role Activation Hierarchies Ravi Sandhu George Mason University."

Similar presentations

RBAC Role-Based Access Control

RBAC Role-Based Access Control
Cyber-Identity, Authority and Trust in an Uncertain World

Cyber-Identity, Authority and Trust in an Uncertain World
Role Based Access Control

Role Based Access Control
Cyber-Identity, Authority and Trust in an Uncertain World

Cyber-Identity, Authority and Trust in an Uncertain World
Access Control Prof. Ravi Sandhu Executive Director and Endowed Chair

Access Control Prof. Ravi Sandhu Executive Director and Endowed Chair
Cyber-Identity and Authorization in an Uncertain World Ravi Sandhu Laboratory for Information Security Technology www.list.gmu.edu Department of Information.

Cyber-Identity and Authorization in an Uncertain World Ravi Sandhu Laboratory for Information Security Technology Department of Information.
ROWLBAC – Representing Role Based Access Control in OWL

ROWLBAC – Representing Role Based Access Control in OWL
1 Framework for Role-Based Delegation Models (RBDMs) By: Ezedin S.Barka and Ravi Sandhu Laboratory Of Information Security Technology George Mason University.

1 Framework for Role-Based Delegation Models (RBDMs) By: Ezedin S.Barka and Ravi Sandhu Laboratory Of Information Security Technology George Mason University.
FRAMEWORK FOR AGENT-BASED ROLE DELEGATION Presentation by: Ezedin S. Barka UAE University.

FRAMEWORK FOR AGENT-BASED ROLE DELEGATION Presentation by: Ezedin S. Barka UAE University.
© 2004 Ravi Sandhu www.list.gmu.edu Role-Based Access Control Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.

© 2004 Ravi Sandhu Role-Based Access Control Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.
Institute for Cyber Security ASCAA Principles for Next- Generation Role-Based Access Control Ravi Sandhu Executive Director & Endowed Professor Institute.

Institute for Cyber Security ASCAA Principles for Next- Generation Role-Based Access Control Ravi Sandhu Executive Director & Endowed Professor Institute.
INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.

INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.
Role-Based Access Control Prof. Ravi Sandhu George Mason University and NSD Security SACMAT 2003.

Role-Based Access Control Prof. Ravi Sandhu George Mason University and NSD Security SACMAT 2003.
1 SACMAT 2002 © Oh and Sandhu 2002 A Model for Role Administration Using Organization Structure Sejong Oh Ravi Sandhu * George Mason University.

1 SACMAT 2002 © Oh and Sandhu 2002 A Model for Role Administration Using Organization Structure Sejong Oh Ravi Sandhu * George Mason University.
ARBAC99 (Model for Administration of Roles)

ARBAC99 (Model for Administration of Roles)
11 World-Leading Research with Real-World Impact! A Framework for Risk-Aware Role Based Access Control Khalid Zaman Bijon, Ram Krishnan and Ravi Sandhu.

11 World-Leading Research with Real-World Impact! A Framework for Risk-Aware Role Based Access Control Khalid Zaman Bijon, Ram Krishnan and Ravi Sandhu.
Ravi Sandhu Venkata Bhamidipati

Ravi Sandhu Venkata Bhamidipati
PBDM: A Flexible Delegation Model in RBAC Xinwen Zhang, Sejong Oh George Mason University Ravi Sandhu George Mason University and NSD Security.

PBDM: A Flexible Delegation Model in RBAC Xinwen Zhang, Sejong Oh George Mason University Ravi Sandhu George Mason University and NSD Security.
ARBAC 97 (ADMINISTRATIVE RBAC)

ARBAC 97 (ADMINISTRATIVE RBAC)
ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University.

ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University.

Similar presentations

Ads by Google