role usage and activation hierarchies (best viewed in slide show mode)
DESCRIPTION
Role Usage and Activation Hierarchies (best viewed in slide show mode). Ravi Sandhu Laboratory for Information Security Technology George Mason University www.list.gmu.edu [email protected]. Reference. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Role Usage and Activation Hierarchies (best viewed in slide show mode)](https://reader036.vdocuments.us/reader036/viewer/2022062408/5681449d550346895db14f0c/html5/thumbnails/1.jpg)
© 2005 Ravi Sandhuwww.list.gmu.edu
Role Usage and Activation Hierarchies
(best viewed in slide show mode)
Ravi SandhuLaboratory for Information Security Technology
George Mason [email protected]
![Page 2: Role Usage and Activation Hierarchies (best viewed in slide show mode)](https://reader036.vdocuments.us/reader036/viewer/2022062408/5681449d550346895db14f0c/html5/thumbnails/2.jpg)
2
© 2005 Ravi Sandhuwww.list.gmu.edu
Reference• Ravi Sandhu, “Role Hierarchies and Constraints for Lattice-Based
Access Controls.” Proc. Fourth European Symposium on Research in Computer Security, Rome, Italy, September 25-27, 1996, pages 65-79. Published as Lecture Notes in Computer Science, Computer Security-ESORICS96 (Elisa Bertino et al, editors), Springer-Verlag, 1996.
• Ravi Sandhu, “Role Activation Hierarchies.” Proc. Third ACM Workshop on Role-Based Access Control, Fairfax, Virginia, October 22-23, 1998, pages 33-40.
• Sylvia Osborn, Ravi Sandhu and Qamar Munawer. “Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies.” ACM Transactions on Information and System Security, Volume 3, Number 2, May 2000, pages 85-106.
![Page 3: Role Usage and Activation Hierarchies (best viewed in slide show mode)](https://reader036.vdocuments.us/reader036/viewer/2022062408/5681449d550346895db14f0c/html5/thumbnails/3.jpg)
3
© 2005 Ravi Sandhuwww.list.gmu.edu
Role hierarchies
• Two aspects• Role usage: permission inheritance
• Role activation: activation hierarchy
• RBAC96 combines both aspects in a single hierarchy• ANSI/NIST standard model leaves this open
• Do one or both, just make it clear what you are doing
![Page 4: Role Usage and Activation Hierarchies (best viewed in slide show mode)](https://reader036.vdocuments.us/reader036/viewer/2022062408/5681449d550346895db14f0c/html5/thumbnails/4.jpg)
4
© 2005 Ravi Sandhuwww.list.gmu.edu
Example Role Hierarchy
![Page 5: Role Usage and Activation Hierarchies (best viewed in slide show mode)](https://reader036.vdocuments.us/reader036/viewer/2022062408/5681449d550346895db14f0c/html5/thumbnails/5.jpg)
5
© 2005 Ravi Sandhuwww.list.gmu.edu
LBAC to RBAC
![Page 6: Role Usage and Activation Hierarchies (best viewed in slide show mode)](https://reader036.vdocuments.us/reader036/viewer/2022062408/5681449d550346895db14f0c/html5/thumbnails/6.jpg)
6
© 2005 Ravi Sandhuwww.list.gmu.edu
Simple security property
• some variations of LBAC use 2 labels for subjects• λr for read and λw for read • λr = λw for the single label case
![Page 7: Role Usage and Activation Hierarchies (best viewed in slide show mode)](https://reader036.vdocuments.us/reader036/viewer/2022062408/5681449d550346895db14f0c/html5/thumbnails/7.jpg)
7
© 2005 Ravi Sandhuwww.list.gmu.edu
Variations of *-property
![Page 8: Role Usage and Activation Hierarchies (best viewed in slide show mode)](https://reader036.vdocuments.us/reader036/viewer/2022062408/5681449d550346895db14f0c/html5/thumbnails/8.jpg)
8
© 2005 Ravi Sandhuwww.list.gmu.edu
LBAC to RBAC: independent read-write hierarchies
![Page 9: Role Usage and Activation Hierarchies (best viewed in slide show mode)](https://reader036.vdocuments.us/reader036/viewer/2022062408/5681449d550346895db14f0c/html5/thumbnails/9.jpg)
9
© 2005 Ravi Sandhuwww.list.gmu.edu
LBAC to RBAC: intertwined read-write hierarchies
![Page 10: Role Usage and Activation Hierarchies (best viewed in slide show mode)](https://reader036.vdocuments.us/reader036/viewer/2022062408/5681449d550346895db14f0c/html5/thumbnails/10.jpg)
10
© 2005 Ravi Sandhuwww.list.gmu.edu
Activation hierarchies and dynamic SOD
![Page 11: Role Usage and Activation Hierarchies (best viewed in slide show mode)](https://reader036.vdocuments.us/reader036/viewer/2022062408/5681449d550346895db14f0c/html5/thumbnails/11.jpg)
11
© 2005 Ravi Sandhuwww.list.gmu.edu
Formal definition
![Page 12: Role Usage and Activation Hierarchies (best viewed in slide show mode)](https://reader036.vdocuments.us/reader036/viewer/2022062408/5681449d550346895db14f0c/html5/thumbnails/12.jpg)
12
© 2005 Ravi Sandhuwww.list.gmu.edu
Activation hierarchy with non-maximal roles
![Page 13: Role Usage and Activation Hierarchies (best viewed in slide show mode)](https://reader036.vdocuments.us/reader036/viewer/2022062408/5681449d550346895db14f0c/html5/thumbnails/13.jpg)
13
© 2005 Ravi Sandhuwww.list.gmu.edu
Read-write RBAC and LBAC
![Page 14: Role Usage and Activation Hierarchies (best viewed in slide show mode)](https://reader036.vdocuments.us/reader036/viewer/2022062408/5681449d550346895db14f0c/html5/thumbnails/14.jpg)
14
© 2005 Ravi Sandhuwww.list.gmu.edu
LBAC with trusted strict *-property