Upload File

© 2005 ravi sandhu administrative scope (best viewed in slide show mode) ravi sandhu laboratory...

  • Home
  • Documents
  • © 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George
16
© 2005 Ravi Sandhu www.list.gmu.edu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George Mason University www.list.gmu.edu [email protected]

Upload: jasmine-davies

Post on 26-Mar-2015

219 views

Category:

Documents


4 download

Report

Tags:

TRANSCRIPT

Page 1: © 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George

© 2005 Ravi Sandhuwww.list.gmu.edu

Administrative Scope(best viewed in slide show mode)

Ravi SandhuLaboratory for Information Security Technology

George Mason [email protected]

Page 2: © 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George

2

© 2005 Ravi Sandhuwww.list.gmu.edu

Administrative Scope

• Jason Crampton and George Loizou. “Administrative scope: A foundation for role-based administrative models.” ACM Transactions on Information and System Security, Volume 6, Number 2, May 2003, pages 201-231.

• Several diagrams and text excerpts are taken directly from this paper.

Page 3: © 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George

3

© 2005 Ravi Sandhuwww.list.gmu.edu

Administrative Scope

Page 4: © 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George

4

© 2005 Ravi Sandhuwww.list.gmu.edu

Example Hierarchies

Page 5: © 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George

5

© 2005 Ravi Sandhuwww.list.gmu.edu

NotationImmediate children Immediate parents Minimal roles

Maximal roles

Junior roles Senior roles

Page 6: © 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George

6

© 2005 Ravi Sandhuwww.list.gmu.edu

Four Operations

Page 7: © 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George

7

© 2005 Ravi Sandhuwww.list.gmu.edu

Semantics of Edge Operations

Page 8: © 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George

8

© 2005 Ravi Sandhuwww.list.gmu.edu

Edge Insertion Anomaly

YNN

NNY

AddEdge(DSO,PE1,QE1) Y

Page 9: © 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George

9

© 2005 Ravi Sandhuwww.list.gmu.edu

Administrative Scope

Page 10: © 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George

10

© 2005 Ravi Sandhuwww.list.gmu.edu

Evolving Administrative Scope

Dynamic administrative scopeVersusStatic can-modify

Page 11: © 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George

11

© 2005 Ravi Sandhuwww.list.gmu.edu

Administrative Scoper is an immediate child of r’

Page 12: © 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George

12

© 2005 Ravi Sandhuwww.list.gmu.edu

RHA Conditions for Four Operations

• These conditions always apply• RHA1

• Additional conditions may be imposed• RHA2, RHA3, RHA4

Page 13: © 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George

13

© 2005 Ravi Sandhuwww.list.gmu.edu

RHA1

• Regular roles are also administrative roles

• A role administers roles in its administrative scope

• No further conditions

• Too permissive• ED administers E

Page 14: © 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George

14

© 2005 Ravi Sandhuwww.list.gmu.edu

RHA2

• RHA1 plus

• Only roles explicitly designated as administrators can administer• Say DIR, PL1, PL2 but not ED and the others

Page 15: © 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George

15

© 2005 Ravi Sandhuwww.list.gmu.edu

RHA3

Page 16: © 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George

16

© 2005 Ravi Sandhuwww.list.gmu.edu

RHA3


ROLE-BASED ACCESS CONTROL: A MULTI-DIMENSIONAL VIEW Ravi Sandhu, Edward Coyne, Hal Feinstein and Charles Youman Seta Corporation McLean, VA Ravi Sandhu

Role Activation Hierarchies Ravi Sandhu George Mason University

NIST SP 800-144, Guidelines on Security and - Prof. Ravi Sandhu

1 The Future of Cyber Security Prof. Ravi Sandhu Executive Director February 2010 [email protected] © Ravi Sandhu

Role-Based Access Control on the Web - Ravi Sandhu

ISA 662 SSL Prof. Ravi Sandhu. 2 © Ravi Sandhu SECURE SOCKETS LAYER (SSL) layered on top of TCP SSL versions 1.0, 2.0, 3.0, 3.1 Netscape protocol later

Rethinking Password Strategies Ravi Sandhu Chief Scientist sandhu@nsdsecurity 703 283 3484

Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair

SSL Trust Pitfalls Prof. Ravi Sandhu. 2 © Ravi Sandhu 2002 THE CERTIFICATE TRIANGLE user attributepublic-key X.509 identity certificate X.509 attribute

1 Common Criteria Ravi Sandhu Edited by Duminda Wijesekera

ISA 662 IKE Key management for IPSEC Prof. Ravi Sandhu

© 2005 Ravi Sandhu Permissions and Inheritance (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology

ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University

© 2004 Ravi Sandhu The Safety Problem in Access Control HRU Model Ravi Sandhu Laboratory for Information Security Technology George Mason

Relational Database Access Controls Using SQL - Prof. Ravi Sandhu

© 2006 Ravi Sandhu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)

1 Rethinking Password Strategies Ravi Sandhu Chief Scientist [email protected] 703 283 3484 [email protected]

© 2005 Ravi Sandhu Administrative Scope (continued) (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology

ISA 662 RBAC-MAC-DAC Prof. Ravi Sandhu. 2 © Ravi Sandhu RBAC96 ROLES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS ROLE

© Ravi Sandhu The Secure Information Sharing Problem and Solution Approaches Ravi Sandhu Professor of Information Security and Assurance

INFS 767 Fall 2003 Administrative RBAC ARBAC97 Prof. Ravi Sandhu

1 TOPIC LATTICE-BASED ACCESS-CONTROL MODELS Ravi Sandhu

© Ravi Sandhu HRU and TAM Ravi Sandhu Laboratory for Information Security Technology George Mason University [email protected]

Security Cloud: Cloud Trust Brokers · Security and the Cloud: Cloud Trust Brokers Ravi Sandhu Ravi Ganesan* Founder, SafeMashups +1.415.680.5746 ravi@safemashups com ravi@findravi

CURRICULUM VITAE - Prof. Ravi Sandhuprofsandhu.com/sandhu/vita_long.docx · Web viewCo-Principal Investigators: Ravi Sandhu, Ram Tripathi Sponsor: Silicon Informatics, 2012-2014 Secure

Asymmetric Digital Signatures And Key Exchange Prof. Ravi Sandhu

SSL Prof. Ravi Sandhu. 2 © Ravi Sandhu 2002 SECURE SOCKETS LAYER (SSL) layered on top of TCP SSL versions 1.0, 2.0, 3.0, 3.1 Netscape protocol later refitted

© 2004 Ravi Sandhu The Typed Access Matrix Model (TAM) and Augmented TAM (ATAM) Ravi Sandhu Laboratory for Information Security Technology

1 The Future of Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair [email protected] © Ravi Sandhu

A Role Based Administration Model For Attribute Xin Jin , Ram Krishnan, Ravi Sandhu

© Ravi Sandhu The Secure Information Sharing Problem and Solution Approaches Ravi Sandhu Executive Director and Endowed Chair Institute

1 Virtualization Prof. Ravi Sandhu Executive Director and Endowed Chair February 7, 2014 [email protected] © Ravi Sandhu World-Leading

© 2004-5 Ravi Sandhu Security Issues in P2P Systems Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University

© 2004 Ravi Sandhu Role-Based Access Control Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University

Prof. Ravi Sandhu Executive Director and Endowed …profsandhu.com/cs5323_s17/L1.pdf1 Introduction and Basic Concepts Prof. Ravi Sandhu Executive Director and Endowed Chair Lecture