ROLE HIERARCHIES AND CONSTRAINTS FOR LATTICE-BASED ACCESS CONTROLS - PowerPoint PPT Presentation

About This Presentation
Title:

ROLE HIERARCHIES AND CONSTRAINTS FOR LATTICE-BASED ACCESS CONTROLS

Description:

session xR iff session xW. read can be assigned only to xR roles ... (O,write) assigned to xW. 10 Ravi Sandhu. LBAC: STRICT *-PROPERTY. H. L. M1. M2. Read. Write ... – PowerPoint PPT presentation

Number of Views:32
Avg rating:3.0/5.0
Slides: 22
Provided by: rav67
Category:

less

Transcript and Presenter's Notes

Title: ROLE HIERARCHIES AND CONSTRAINTS FOR LATTICE-BASED ACCESS CONTROLS


1
ROLE HIERARCHIES AND CONSTRAINTS FOR
LATTICE-BASED ACCESS CONTROLS
  • Ravi Sandhu
  • George Mason University
  • and
  • SETA Corporation

2
OUTLINE
  • RBAC96 model policy neutral
  • LBAC models policy full and varied
  • LBAC can be reduced to RBAC96
  • LBAC lt RBAC96 ?
  • why bother to do this?

3
RBAC96
ROLE HIERARCHIES
USER-ROLE ASSIGNMENT
PERMISSION-ROLE ASSIGNMENT
ROLES
USERS
PERMISSIONS
SESSIONS
4
HIERARCHICAL ROLES
5
RBAC96
ROLE HIERARCHIES
USER-ROLE ASSIGNMENT
PERMISSIONS-ROLE ASSIGNMENT
ROLES
USERS
PERMISSIONS
SESSIONS
CONSTRAINTS
6
WHAT IS THE POLICY IN RBAC?
  • RBAC is policy neutral
  • Role hierarchies facilitate security management
  • Constraints facilitate non-discretionary policies

7
LBAC LIBERAL -PROPERTY
Read
Write
8
RBAC96 LIBERAL -PROPERTY

M1W
M2W
-
Read Write
9
RBAC96 LIBERAL -PROPERTY
  • user ? xR, user has clearance x
  • user ? LW, independent of clearance
  • Need constraints
  • session ? xR iff session ? xW
  • read can be assigned only to xR roles
  • write can be assigned only to xW roles
  • (O,read) assigned to xR iff
  • (O,write) assigned to xW

10
LBAC STRICT -PROPERTY

-
Read
Write
11
RBAC96 STRICT -PROPERTY
LW
HW
M1W
M2W
12
LBAC WRITE RANGE
  • subjects have 2 labels
  • read label
  • write label

13
RBAC96 WRITE RANGE LIBERAL -PROPERTY
M1W
M2W
read role write role
14
RBAC96 WRITE RANGE STRICT -PROPERTY
LW
HW
M1W
M2W
read role write role
15
LBAC CONFIDENTIALITY AND INTEGRITY
two independent lattices
one composite lattice
16
RBAC96 CONFIDENTIALITY AND INTEGRITY READ ROLES
HSR-LIR
HSR-HIR
LSR-LIR
LSR-HIR
Same for all cases
17
RBAC96 CONFIDENTIALITY AND INTEGRITY WRITE ROLES
LSW-HIW
HSW-HIW
LSW-LIW
HSW-LIW
Liberal confidentiality Liberal integrity
18
RBAC96 CONFIDENTIALITY AND INTEGRITY WRITE ROLES
Strict confidentiality Liberal integrity
19
RBAC96 CONFIDENTIALITY AND INTEGRITY WRITE ROLES
LSW-LIW
LSW-HIW
HSW-LIW
HSW-HIW
Strict confidentiality Strict integrity
20
SUMMARY
  • policy-neutral RBAC96 can accommodate policy-full
    LBAC in all its variations
  • LBAC variations are modeled by
  • adjusting role hierarchy
  • adjusting constraints

21
COVERT CHANNELS
  • are a problem for LBAC
  • remain a problem for RBAC but
  • they dont get any worse
  • same techniques can be adapted
  • who cares about them anyway
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "ROLE HIERARCHIES AND CONSTRAINTS FOR LATTICE-BASED ACCESS CONTROLS" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!