role activation hierarchies ravi sandhu george mason university
TRANSCRIPT
![Page 1: Role Activation Hierarchies Ravi Sandhu George Mason University](https://reader033.vdocuments.us/reader033/viewer/2022061305/551463c05503462d4e8b5a56/html5/thumbnails/1.jpg)
Role Activation Hierarchies
Ravi Sandhu
George Mason University
![Page 2: Role Activation Hierarchies Ravi Sandhu George Mason University](https://reader033.vdocuments.us/reader033/viewer/2022061305/551463c05503462d4e8b5a56/html5/thumbnails/2.jpg)
RBAC96
ROLES
USER-ROLEASSIGNMENT
PERMISSION-ROLEASSIGNMENT
USERS PERMISSIONS
... SESSIONS
ROLE HIERARCHIES
CONSTRAINTS
![Page 3: Role Activation Hierarchies Ravi Sandhu George Mason University](https://reader033.vdocuments.us/reader033/viewer/2022061305/551463c05503462d4e8b5a56/html5/thumbnails/3.jpg)
ROLE HIERARCHIES
Inheritance hierarchies permission inheritance user inheritance
Activation hierarchies role membership versus role activation
![Page 4: Role Activation Hierarchies Ravi Sandhu George Mason University](https://reader033.vdocuments.us/reader033/viewer/2022061305/551463c05503462d4e8b5a56/html5/thumbnails/4.jpg)
EXAMPLE ROLE HIERARCHYINTERPRETATIONS
Employee (E)
Engineering Department (ED)
Project Lead 1(PL1)
Engineer 1(E1)
Production 1(P1)
Quality 1(Q1)
Director (DIR)
Project Lead 2(PL2)
Engineer 2(E2)
Production 2(P2)
Quality 2(Q2)
PROJECT 2PROJECT 1
![Page 5: Role Activation Hierarchies Ravi Sandhu George Mason University](https://reader033.vdocuments.us/reader033/viewer/2022061305/551463c05503462d4e8b5a56/html5/thumbnails/5.jpg)
ALTERNATIVES
separate inheritance and activation hierarchies this paper
single inheritance and activation hierarchy most common approach, including RBAC96
activation hierarchy only, no inheritance alternative identified in NIST RBAC model
inheritance hierarchy only, no activation hierarchy does not seem to be useful
![Page 6: Role Activation Hierarchies Ravi Sandhu George Mason University](https://reader033.vdocuments.us/reader033/viewer/2022061305/551463c05503462d4e8b5a56/html5/thumbnails/6.jpg)
LBAC: LIBERAL *-PROPERTY
H
L
M1 M2
Read Write- +
+ -
![Page 7: Role Activation Hierarchies Ravi Sandhu George Mason University](https://reader033.vdocuments.us/reader033/viewer/2022061305/551463c05503462d4e8b5a56/html5/thumbnails/7.jpg)
LBAC: LIBERAL *-PROPERTY DUAL ROLE SIMULATION
HR
LR
M1R M2R
LW
HW
M1W M2W
Read Write-
+
![Page 8: Role Activation Hierarchies Ravi Sandhu George Mason University](https://reader033.vdocuments.us/reader033/viewer/2022061305/551463c05503462d4e8b5a56/html5/thumbnails/8.jpg)
LBAC: STRICT *-PROPERTY
H
L
M1 M2
Read Write-
+
![Page 9: Role Activation Hierarchies Ravi Sandhu George Mason University](https://reader033.vdocuments.us/reader033/viewer/2022061305/551463c05503462d4e8b5a56/html5/thumbnails/9.jpg)
LBAC: STRICT *-PROPERTY DUAL ROLE SIMULATION
HR
LR
M1R M2R LW
HWM1W M2W
![Page 10: Role Activation Hierarchies Ravi Sandhu George Mason University](https://reader033.vdocuments.us/reader033/viewer/2022061305/551463c05503462d4e8b5a56/html5/thumbnails/10.jpg)
LBAC: STRICT *-PROPERTY SIMULATION BY PRIVATE ROLES
HR
LR
M1R M2R
![Page 11: Role Activation Hierarchies Ravi Sandhu George Mason University](https://reader033.vdocuments.us/reader033/viewer/2022061305/551463c05503462d4e8b5a56/html5/thumbnails/11.jpg)
LBAC: STRICT *-PROPERTY SIMULATION BY PRIVATE ROLES
HR
LR
M1R M2R
HW
LW
M1W M2W
![Page 12: Role Activation Hierarchies Ravi Sandhu George Mason University](https://reader033.vdocuments.us/reader033/viewer/2022061305/551463c05503462d4e8b5a56/html5/thumbnails/12.jpg)
LBAC: STRICT *-PROPERTY SIMULATION BY PRIVATE ROLES
HR
LR
M1R M2R
HW
LW
M1W M2W
![Page 13: Role Activation Hierarchies Ravi Sandhu George Mason University](https://reader033.vdocuments.us/reader033/viewer/2022061305/551463c05503462d4e8b5a56/html5/thumbnails/13.jpg)
DYNAMIC SEPARATION OF DUTIES
Roles in dynamic SOD cannot have common seniors in role
inheritance hierarchy, but can have common seniors in role
activation hierarchy
![Page 14: Role Activation Hierarchies Ravi Sandhu George Mason University](https://reader033.vdocuments.us/reader033/viewer/2022061305/551463c05503462d4e8b5a56/html5/thumbnails/14.jpg)
EXAMPLE ROLE HIERARCHYINTERPRETATIONS
Employee (E)
Engineering Department (ED)
Project Lead 1(PL1)
Engineer 1(E1)
Production 1(P1)
Quality 1(Q1)
Director (DIR)
Project Lead 2(PL2)
Engineer 2(E2)
Production 2(P2)
Quality 2(Q2)
PROJECT 2PROJECT 1
![Page 15: Role Activation Hierarchies Ravi Sandhu George Mason University](https://reader033.vdocuments.us/reader033/viewer/2022061305/551463c05503462d4e8b5a56/html5/thumbnails/15.jpg)
ACTIVATION HIERARCHIES
A
B
D
C
E
A
B
D
C
E
![Page 16: Role Activation Hierarchies Ravi Sandhu George Mason University](https://reader033.vdocuments.us/reader033/viewer/2022061305/551463c05503462d4e8b5a56/html5/thumbnails/16.jpg)
CONCLUSION
separate inheritance and activation hierarchies this paper
single inheritance and activation hierarchy most common approach, including RBAC96
activation hierarchy only, no inheritance alternative identified in NIST RBAC model
inheritance hierarchy only, no activation hierarchy does not seem to be useful