We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byEvelyn Nichols
Modified over 4 years ago
An ORACLE Implementation of the PRA97 Model for Permission-Role Assignment Ravi Sandhu Venkata Bhamidipati George Mason University
2 © Ravi Sandhu 1997 ARBAC97 DECENTRALIZES u user-role assignment (URA97) l ORACLE implementation in 1997 u permission-role assignment (PRA97) l ORACLE implementation in 1998 u role-role hierarchy n groups or user-only roles (extend URA97) n abilities or permission-only roles (extend PRA97) n UP-roles or user-and-permission roles (RRA97)
3 © Ravi Sandhu 1997 EXAMPLE ROLE HIERARCHY Employee (E) Engineering Department (ED) Project Lead 1 (PL1) Engineer 1 (E1) Production 1 (P1) Quality 1 (Q1) Director (DIR) Project Lead 2 (PL2) Engineer 2 (E2) Production 2 (P2) Quality 2 (Q2) PROJECT 2PROJECT 1
4 © Ravi Sandhu 1997 EXAMPLE ADMINISTRATIVE ROLE HIERARCHY Senior Security Officer (SSO) Department Security Officer (DSO) Project Security Officer 1 (PSO1) Project Security Officer 2 (PSO2)
5 © Ravi Sandhu 1997 PERMISSION-ROLE ASSIGNMENT u dual of user-role assignment u can-assign-permission can-revoke-permission u weak revoke strong revoke (propagates down)
6 © Ravi Sandhu 1997 PERMISSION-ROLE ASSIGNMENT CAN-ASSIGN-PERMISSION ARolePrereq CondRole Range PSO1PL1[E1,PL1) PSO2PL2[E2,PL2) DSOE1 E2[ED,ED] SSOPL1 PL2 [ED,ED] SSOED[E,E]
7 © Ravi Sandhu 1997 PERMISSION-ROLE ASSIGNMENT CAN-REVOKE-PERMISSION ARoleRole Range PSO1[E1,PL1] PSO2[E2,PL2] DSO(ED,DIR) SSO[ED,DIR]
8 © Ravi Sandhu 1997 ORACLE IMPLEMENTATION u assigns and revokes individual permissions to roles u can be extended to assign and revoke roles (permission-only abilities) to roles (UP-roles) l decentralization of permission-role assignment is probably more effective in this mode
Cyber-Identity, Authority and Trust in an Uncertain World
1 Formal Model and Analysis of Usage Control Dissertation defense Student: Xinwen Zhang Director: Ravi S. Sandhu Co-director: Francesco Parisi-Presicce.
Role Based Access Control
Access Control Prof. Ravi Sandhu Executive Director and Endowed Chair
Cyber-Identity and Authorization in an Uncertain World Ravi Sandhu Laboratory for Information Security Technology Department of Information.
1 ACSAC 2002 © Mohammad al-Kahtani 2002 A Model for Attribute-Based User-Role Assignment Mohammad A. Al-Kahtani Ravi Sandhu George Mason University SingleSignOn.net,
1 Framework for Role-Based Delegation Models (RBDMs) By: Ezedin S.Barka and Ravi Sandhu Laboratory Of Information Security Technology George Mason University.
FRAMEWORK FOR AGENT-BASED ROLE DELEGATION Presentation by: Ezedin S. Barka UAE University.
© 2004 Ravi Sandhu Role-Based Access Control Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.
Institute for Cyber Security ASCAA Principles for Next- Generation Role-Based Access Control Ravi Sandhu Executive Director & Endowed Professor Institute.
INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.
Role-Based Access Control Prof. Ravi Sandhu George Mason University and NSD Security SACMAT 2003.
1 SACMAT 2002 © Oh and Sandhu 2002 A Model for Role Administration Using Organization Structure Sejong Oh Ravi Sandhu * George Mason University.
ARBAC99 (Model for Administration of Roles)
Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
Ravi Sandhu Venkata Bhamidipati
Institute for Cyber Security
PBDM: A Flexible Delegation Model in RBAC Xinwen Zhang, Sejong Oh George Mason University Ravi Sandhu George Mason University and NSD Security.
ARBAC 97 (ADMINISTRATIVE RBAC)
Role Activation Hierarchies Ravi Sandhu George Mason University.
© 2018 SlidePlayer.com Inc. All rights reserved.