140 likes | 300 Views
Role Usage and Activation Hierarchies (best viewed in slide show mode). Ravi Sandhu Laboratory for Information Security Technology George Mason University www.list.gmu.edu sandhu@gmu.edu. Reference.
E N D
Role Usage and Activation Hierarchies(best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George Mason University www.list.gmu.edu sandhu@gmu.edu
Reference • Ravi Sandhu, “Role Hierarchies and Constraints for Lattice-Based Access Controls.” Proc. Fourth European Symposium on Research in Computer Security, Rome, Italy, September 25-27, 1996, pages 65-79. Published as Lecture Notes in Computer Science, Computer Security-ESORICS96 (Elisa Bertino et al, editors), Springer-Verlag, 1996. • Ravi Sandhu, “Role Activation Hierarchies.” Proc. Third ACM Workshop on Role-Based Access Control, Fairfax, Virginia, October 22-23, 1998, pages 33-40. • Sylvia Osborn, Ravi Sandhu and Qamar Munawer. “Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies.” ACM Transactions on Information and System Security, Volume 3, Number 2, May 2000, pages 85-106.
Role hierarchies • Two aspects • Role usage: permission inheritance • Role activation: activation hierarchy • RBAC96 combines both aspects in a single hierarchy • ANSI/NIST standard model leaves this open • Do one or both, just make it clear what you are doing
Simple security property • some variations of LBAC use 2 labels for subjects • λr for read and λw for read • λr = λw for the single label case