Presentation is loading. Please wait.

Presentation is loading. Please wait.

Safety in Access Control Take-Grant (best viewed in slide-show mode)

Published byAiden Potter Modified over 10 years ago

Similar presentations

Presentation on theme: "Safety in Access Control Take-Grant (best viewed in slide-show mode)"— Presentation transcript:

1 Safety in Access Control Take-Grant (best viewed in slide-show mode)
Ravi Sandhu Laboratory for Information Security Technology George Mason University

2 The Take-Grant Model (late 70’s, early 80’s)
B t A/t (a) A/t Є dom(B) A B g B/g Original graph representation, late 70’s (b) B/g Є dom(A)

3 The Take-Grant Model (late 70’s, early 80’s)
B t A/t (a) A/t Є dom(B) A B g B/g Lockman-Minsky representation, 1982 (b) B/g Є dom(A)

4 Creation in Take-Grant
A’/tg A’/tg A A t g t g A’ A’ (a) The Original View (b) The Lockman-Minsky View

5 Reversal of Take-Grant Flow: case t
B t A’/tg A/t A’/tg A/t t t g g A’

6 Reversal of Take-Grant Flow: case g
B g B/g B/g A’/tg A’/tg t t g g A’

7 Reversal of Grant-Only Flow
B g B/g A’/g B/g A/g A’/g g g g g A/g B/g A/g A’

8 Non-Reversal of Take-Only Flow
B t A’/t A/t A’/t A/t t t t A/t A’

9 Shortening of Take-Only Flows
B C t t A/t B/t A/t B/t

10 Summary Take-Grant, Grant only
Disconnected islands of completely connected subjects with total sharing of rights within each island and no sharing across islands Take-only Original topology of flows is preserved, but existing paths can be shortened to a direct edge Send-receive Requires send and receive rights Similar to take-only in preserving original topology of flows, but existing paths cannot always be shortened to a single edge

11 Exercise Express take-grant, grant-only, take-only and send-receive in the HRU model Are these constructions Mono-conditional Bi-conditional Mono-operational

Download ppt "Safety in Access Control Take-Grant (best viewed in slide-show mode)"

Similar presentations

Cyber-Identity, Authority and Trust in an Uncertain World

Cyber-Identity, Authority and Trust in an Uncertain World
1 Formal Model and Analysis of Usage Control Dissertation defense Student: Xinwen Zhang Director: Ravi S. Sandhu Co-director: Francesco Parisi-Presicce.

1 Formal Model and Analysis of Usage Control Dissertation defense Student: Xinwen Zhang Director: Ravi S. Sandhu Co-director: Francesco Parisi-Presicce.
Privacy-Enhancing Models and Mechanisms for Securing Provenance and its Use October 2010 Lead PI: Ravi Sandhu (UT San Antonio) PIs: Elisa Bertino (Purdue),

Privacy-Enhancing Models and Mechanisms for Securing Provenance and its Use October 2010 Lead PI: Ravi Sandhu (UT San Antonio) PIs: Elisa Bertino (Purdue),
1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010

1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010
Cyber-Identity, Authority and Trust in an Uncertain World

Cyber-Identity, Authority and Trust in an Uncertain World
1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010

1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010
Cyber-Identity and Authorization in an Uncertain World Ravi Sandhu Laboratory for Information Security Technology www.list.gmu.edu Department of Information.

Cyber-Identity and Authorization in an Uncertain World Ravi Sandhu Laboratory for Information Security Technology Department of Information.
1 ACSAC 2002 © Mohammad al-Kahtani 2002 A Model for Attribute-Based User-Role Assignment Mohammad A. Al-Kahtani Ravi Sandhu George Mason University SingleSignOn.net,

1 ACSAC 2002 © Mohammad al-Kahtani 2002 A Model for Attribute-Based User-Role Assignment Mohammad A. Al-Kahtani Ravi Sandhu George Mason University SingleSignOn.net,
SACMAT 03© Mohammad Al-Kahtani1 Induced Role Hierarchies with Attribute-Based RBAC Mohammad A. Al-Kahtani Ravi Sandhu George Mason University NSD Security,

SACMAT 03© Mohammad Al-Kahtani1 Induced Role Hierarchies with Attribute-Based RBAC Mohammad A. Al-Kahtani Ravi Sandhu George Mason University NSD Security,
© 2004 Ravi Sandhu www.list.gmu.edu The Schematic Protection Model (SPM) Ravi Sandhu Laboratory for Information Security Technology George Mason University.

© 2004 Ravi Sandhu The Schematic Protection Model (SPM) Ravi Sandhu Laboratory for Information Security Technology George Mason University.
© 2004 Ravi Sandhu www.list.gmu.edu The Safety Problem in Access Control HRU Model Ravi Sandhu Laboratory for Information Security Technology George Mason.

© 2004 Ravi Sandhu The Safety Problem in Access Control HRU Model Ravi Sandhu Laboratory for Information Security Technology George Mason.
1 Framework for Role-Based Delegation Models (RBDMs) By: Ezedin S.Barka and Ravi Sandhu Laboratory Of Information Security Technology George Mason University.

1 Framework for Role-Based Delegation Models (RBDMs) By: Ezedin S.Barka and Ravi Sandhu Laboratory Of Information Security Technology George Mason University.
© 2004 Ravi Sandhu www.list.gmu.edu A Perspective on Graphs and Access Control Models Ravi Sandhu Laboratory for Information Security Technology George.

© 2004 Ravi Sandhu A Perspective on Graphs and Access Control Models Ravi Sandhu Laboratory for Information Security Technology George.
A New Modeling Paradigm for Dynamic Authorization in Multi-Domain Systems MMM-ACNS, September 13, 2007 Manoj Sastry, Ram Krishnan, Ravi Sandhu Intel Corporation,

A New Modeling Paradigm for Dynamic Authorization in Multi-Domain Systems MMM-ACNS, September 13, 2007 Manoj Sastry, Ram Krishnan, Ravi Sandhu Intel Corporation,
Managing Cyber-Identity, Authorization and Trust (and their inter-relationships) Prof. Ravi Sandhu Laboratory for Information Security Technology George.

Managing Cyber-Identity, Authorization and Trust (and their inter-relationships) Prof. Ravi Sandhu Laboratory for Information Security Technology George.
SACMAT 2002 Panel Making Access Control More Usable Ravi Sandhu www.list.gmu.edu.

SACMAT 2002 Panel Making Access Control More Usable Ravi Sandhu
1 Safety Analysis of Usage Control (UCON) Authorization Model Xinwen Zhang, Ravi Sandhu, and Francesco Parisi-Presicce George Mason University AsiaCCS.

1 Safety Analysis of Usage Control (UCON) Authorization Model Xinwen Zhang, Ravi Sandhu, and Francesco Parisi-Presicce George Mason University AsiaCCS.
Towards Usage Control Models: Beyond Traditional Access Control 7 th SACMAT, June 3, 2002 Jaehong Park and Ravi Sandhu Laboratory for Information Security.

Towards Usage Control Models: Beyond Traditional Access Control 7 th SACMAT, June 3, 2002 Jaehong Park and Ravi Sandhu Laboratory for Information Security.
ARBAC99 (Model for Administration of Roles)

ARBAC99 (Model for Administration of Roles)
Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu www.list.gmu.edu.

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu

Similar presentations

Ads by Google