ROLE HIERARCHIES AND CONSTRAINTS FOR LATTICE- BASED ACCESS CONTROLS Ravi Sandhu George Mason...

ROLE HIERARCHIES AND CONSTRAINTS FOR LATTICE-BASED ACCESS CONTROLS

Ravi Sandhu

George Mason University

SETA Corporation

2© Ravi Sandhu

OUTLINE

RBAC96 model: policy neutral LBAC models: policy full and varied LBAC can be reduced to RBAC96

LBAC < RBAC96 ? why bother to do this?

3© Ravi Sandhu

RBAC96

USER-ROLEASSIGNMENT

PERMISSION-ROLEASSIGNMENT

USERS PERMISSIONS

... SESSIONS

ROLE HIERARCHIES

4© Ravi Sandhu

HIERARCHICAL ROLES

Engineer

HardwareEngineer

SoftwareEngineer

SupervisingEngineer

5© Ravi Sandhu

RBAC96

USER-ROLEASSIGNMENT

PERMISSIONS-ROLEASSIGNMENT

USERS PERMISSIONS

... SESSIONS

ROLE HIERARCHIES

CONSTRAINTS

6© Ravi Sandhu

WHAT IS THE POLICY IN RBAC?

RBAC is policy neutral Role hierarchies facilitate security

management Constraints facilitate non-discretionary

policies

7© Ravi Sandhu

LBAC: LIBERAL *-PROPERTY

Read Write- +

8© Ravi Sandhu

RBAC96: LIBERAL *-PROPERTY

M1R M2R

M1W M2W

Read Write-

9© Ravi Sandhu

RBAC96: LIBERAL *-PROPERTY

user xR, user has clearance x

user LW, independent of clearance Need constraints

session xR iff session xW read can be assigned only to xR roles write can be assigned only to xW roles (O,read) assigned to xR iff

(O,write) assigned to xW

10© Ravi Sandhu

LBAC: STRICT *-PROPERTY

Read Write-

11© Ravi Sandhu

RBAC96: STRICT *-PROPERTY

M1R M2R LW HWM1W M2W

12© Ravi Sandhu

LBAC: WRITE RANGE

subjects have 2 labels read labelwrite label

13© Ravi Sandhu

RBAC96: WRITE RANGE LIBERAL *-PROPERTY

M1R M2R

M1W M2W

read role ° write role

14© Ravi Sandhu

RBAC96: WRITE RANGE STRICT *-PROPERTY

M1R M2R LW HWM1W M2W

read role ° write role

15© Ravi Sandhu

LBAC: CONFIDENTIALITY AND INTEGRITY

HS-HI LS-LI

two independentlattices

one compositelattice

RBAC96: CONFIDENTIALITY AND INTEGRITY READ ROLES

HSR-LIR

LSR-HIR

HSR-HIR LSR-LIR

Same for all cases

RBAC96: CONFIDENTIALITY AND INTEGRITY WRITE ROLES

LSW-HIW

HSW-LIW

HSW-HIW LSW-LIW

Liberal confidentialityLiberal integrity

Strict confidentialityLiberal integrity

LSW-LIW

LSW-HIW

HSW-LIW

HSW-HIW

Strict confidentialityStrict integrity

LSW-LIWLSW-HIW HSW-LIWHSW-HIW

SUMMARY

policy-neutral RBAC96 can accommodate policy-full LBAC in all its variations

LBAC variations are modeled by adjusting role hierarchy adjusting constraints

COVERT CHANNELS

are a problem for LBAC remain a problem for RBAC but

they don’t get any worse same techniques can be adapted who cares about them anyway

ROLE HIERARCHIES AND CONSTRAINTS FOR LATTICE- BASED ACCESS CONTROLS Ravi Sandhu George Mason...

Documents

Kim sandhu

Spazio Seta catalogue

2016 05 02 o m SANDHU ,GURBIR SINGH SANDHU, AG HRY ,SS KHARAB IN CRA-D-861-DB-2012 SIDAKMEET SANDHU ,AG HARYANA ,GURBIR SINGH SANDHU ,VIKRAM ANAND, MANPREET SINGH 213 I CRM-28153

© Ravi Sandhu HRU and TAM Ravi Sandhu Laboratory for Information Security Technology George Mason University sandhu@gmu.edu

Rethinking Password Strategies Ravi Sandhu Chief Scientist sandhu@nsdsecurity 703 283 3484

Seta Endüstriyel

MIT6870_ORSU_lecture11 Hierarchies

SETA Policy Brief

ETDP SETA ABET SECTOR SKILLS PLAN 2013/14 UPDATEetdpseta.org.za/education/sites/default/files/2017-05/09_ETDP SETA... · ETDP SETA ABET SECTOR SKILLS PLAN ... ETDP SETA to conduct

PRODUCTOS CONGELADOS SELECTOS Foodservice · Baby Squid, peeled shrimp, broad beans and onion with drops of frozen sauce. Seta nameko, seta shiitake, seta cardo, seta boletus y bacon

© 2005 Ravi Sandhu Role Usage and Activation Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security

Memory hierarchies

PROVIDER SETA PORTAL - banksetamis.org.za · The PROVIDER SETA PORTAL (PSP) is an online designed to directly update information into the ... be sent to the SETA MIS and a SETA staff

Work samples_Ketan Seta

Db2mock4 Seta

SETA - Bolzanletti

Seta Management System

SETA March 2009

SETA international (sv)

Role Activation Hierarchies Ravi Sandhu George Mason University