delegation in role based access control
play

Delegation in Role-Based Access Control Controlling delegation - PowerPoint PPT Presentation

Apr 06, 2024 •376 likes •959 views

Introduction Delegation operations in hierarchical RBAC Delegation in Role-Based Access Control Controlling delegation Enforcing transfer delegation Jason Crampton Hemanth Khambhammettu semantics Conclusion Information Security

  1. Introduction Delegation operations in hierarchical RBAC Delegation in Role-Based Access Control Controlling delegation Enforcing transfer delegation Jason Crampton · Hemanth Khambhammettu semantics Conclusion Information Security Group, Royal Holloway, University of London ESORICS · Hamburg · 2006

  2. Outline Introduction Delegation operations in hierarchical Introduction 1 RBAC Controlling delegation Delegation operations in hierarchical RBAC 2 Enforcing transfer delegation semantics Controlling delegation Conclusion 3 Enforcing transfer delegation semantics 4 Conclusion 5

  3. Delegation Introduction Delegation operations in hierarchical Delegation is a lightweight method for assigning temporary RBAC permissions to a user Controlling delegation A delegator is required to be authorized for the delegated Enforcing transfer permission delegation semantics Conclusion

  4. Delegation Introduction Delegation operations in hierarchical Delegation is a lightweight method for assigning temporary RBAC permissions to a user Controlling delegation A delegator is required to be authorized for the delegated Enforcing transfer permission delegation semantics Conclusion Administration is a general term for the methods by which an authorization policy can be updated (including authorizing a user for a permission) An administrator is not necessarily required to be authorized for the permission

  5. Delegation operations Introduction Delegation operations in hierarchical Grant RBAC Controlling A delegator may grant a permission p to a delegatee delegation The delegator is still authorized for p Enforcing transfer delegation Monotonic semantics Conclusion

  6. Delegation operations Introduction Delegation operations in hierarchical Grant RBAC Controlling A delegator may grant a permission p to a delegatee delegation The delegator is still authorized for p Enforcing transfer delegation Monotonic semantics Conclusion Transfer A delegator may transfer p The delegator is no longer authorized for p Non-monotonic

  7. Role-based access control Introduction Delegation operations in hierarchical RBAC Role hierarchy Controlling delegation A partially ordered set of roles ( R , � ) Enforcing transfer delegation semantics Conclusion

  8. Role-based access control Introduction Delegation operations in hierarchical RBAC Role hierarchy Controlling delegation A partially ordered set of roles ( R , � ) Enforcing transfer delegation User-role assignment relation semantics Conclusion UA ⊆ U × R

  9. Role-based access control Introduction Delegation operations in hierarchical RBAC Role hierarchy Controlling delegation A partially ordered set of roles ( R , � ) Enforcing transfer delegation User-role assignment relation semantics Conclusion UA ⊆ U × R Permission-role assignment relation PA ⊆ P × R

  10. Role-based access control Introduction Delegation operations in hierarchical RBAC Controlling Authorized roles delegation u is authorized for role r ′ if there exists r � r ′ and ( u , r ) ∈ UA Enforcing transfer delegation semantics Conclusion

  11. Role-based access control Introduction Delegation operations in hierarchical RBAC Controlling Authorized roles delegation u is authorized for role r ′ if there exists r � r ′ and ( u , r ) ∈ UA Enforcing transfer delegation semantics Authorized permissions Conclusion u is authorized for permission p if there exists a role r for which u is authorized and ( p , r ) ∈ PA

  12. Role-based access control Introduction Delegation operations in hierarchical RBAC Controlling Sessions delegation u creates a session by activating some subset of the roles for Enforcing transfer which she is authorized delegation semantics Conclusion

  13. Role-based access control Introduction Delegation operations in hierarchical RBAC Controlling Sessions delegation u creates a session by activating some subset of the roles for Enforcing transfer which she is authorized delegation semantics Conclusion Authorized requests A request by u for permission p is granted if u has activated a role r such that ( p , r ) ∈ PA

  14. Motivation Introduction Delegation operations in hierarchical Delegation in RBAC has focused on delegation of roles RBAC (interpreted as a set of permissions) Controlling delegation Enforcing transfer delegation semantics Conclusion

  15. Motivation Introduction Delegation operations in hierarchical Delegation in RBAC has focused on delegation of roles RBAC (interpreted as a set of permissions) Controlling delegation Enforcing transfer Existing models for delegation in RBAC only consider grant delegation semantics operations Conclusion The existence of the hierarchy makes enforcing transfer operations difficult

  16. Motivation Introduction Delegation operations in hierarchical Delegation in RBAC has focused on delegation of roles RBAC (interpreted as a set of permissions) Controlling delegation Enforcing transfer Existing models for delegation in RBAC only consider grant delegation semantics operations Conclusion The existence of the hierarchy makes enforcing transfer operations difficult Existing models for delegation are simplistic and lack controls on the propagation of permissions and roles

  17. Introduction Introduction 1 Delegation operations in hierarchical RBAC Controlling Delegation operations in hierarchical RBAC 2 delegation Enforcing transfer delegation Controlling delegation semantics 3 Conclusion Enforcing transfer delegation semantics 4 Conclusion 5

  18. Delegation operations and their semantics Introduction Delegation grantRole ( u , v , d ) operations in hierarchical Delegator u grants role d to delegatee v RBAC Controlling delegation Enforcing transfer delegation semantics a Conclusion b c d e f g h

  19. Delegation operations and their semantics Introduction Delegation grantRole ( u , v , d ) operations in hierarchical Delegator u grants role d to delegatee v RBAC Controlling u continues to be authorized for all roles in ↓ d delegation Enforcing transfer delegation semantics a Conclusion b c d e f g h

  20. Delegation operations and their semantics Introduction Delegation transferRoleStrong ( u , v , d ) operations in hierarchical Delegator u transfers role d to delegatee v RBAC Controlling delegation Enforcing transfer delegation semantics a Conclusion b c d e f g h

  21. Delegation operations and their semantics Introduction Delegation transferRoleStrong ( u , v , d ) operations in hierarchical Delegator u transfers role d to delegatee v RBAC Controlling u is no longer authorized for any role in ↓ d delegation Enforcing transfer delegation semantics a Conclusion b c d e f g h

  22. Delegation operations and their semantics Introduction transferRoleStatic ( u , v , d ) Delegation operations in hierarchical Delegator u transfers role d to delegatee v RBAC Controlling delegation Enforcing transfer delegation semantics Conclusion a b c d e f g h

  23. Delegation operations and their semantics Introduction transferRoleStatic ( u , v , d ) Delegation operations in hierarchical Delegator u transfers role d to delegatee v RBAC u is no longer authorized for any role x ∈ ↓ d unless there Controlling delegation exists r � = d such that r � x and ( u , r ) ∈ UA Enforcing transfer delegation semantics Conclusion a b c d e f g h

  24. Delegation operations and their semantics Introduction transferRoleDynamic ( u , v , d ) Delegation operations in hierarchical Delegator u transfers role d to delegatee v RBAC Controlling delegation Enforcing transfer delegation semantics Conclusion a b c d e f g h

  25. Delegation operations and their semantics Introduction transferRoleDynamic ( u , v , d ) Delegation operations in hierarchical Delegator u transfers role d to delegatee v RBAC u is no longer authorized for any role x ∈ ↓ d unless u has Controlling delegation activated a role r � = d such that r � x Enforcing transfer delegation semantics Conclusion a a b c b c d e f d e f g g h h

  26. Administrative scope Introduction Fundamental concept in the RHA family of administrative Delegation models operations in hierarchical RBAC Maps a role r to a set of roles σ ( r ) Controlling σ ( r ) = { r ′ � r : ↑ r ′ ⊆ ↓ r ∪ ↑ r } delegation If r ′ ∈ σ ( r ), every path upwards from r ′ passes through r Enforcing transfer delegation semantics Conclusion

  27. Administrative scope Introduction Fundamental concept in the RHA family of administrative Delegation models operations in hierarchical RBAC Maps a role r to a set of roles σ ( r ) Controlling σ ( r ) = { r ′ � r : ↑ r ′ ⊆ ↓ r ∪ ↑ r } delegation If r ′ ∈ σ ( r ), every path upwards from r ′ passes through r Enforcing transfer delegation semantics Conclusion a σ ( a ) = { a , b , . . . , h } b c σ ( b ) = { b , d } d e f σ ( d ) = { d } g h

  28. Administrative scope and delegation operations Introduction Delegation operations in hierarchical RBAC Controlling delegation It can be shown that the set of roles denied Enforcing transfer delegation by a static transfer of r is σ ( r ) semantics by a dynamic transfer of r is σ ( r ), where σ is evaluated in Conclusion the sub-poset of R generated by the set of activated roles

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Role-based access control Role-based access control 1 RBAC: Motivations Complexity of

Role-based access control Role-based access control 1 RBAC: Motivations Complexity of

Role-based access control Role-based access control 1 RBAC: Motivations Complexity of security administration p y y For large number of subjects and objects, the number of authorizations can become extremely large For dynamic

536 views • 51 slides
Strategies for Incorporating Delegation into Attribute-Based Access Control (ABAC) Sylvia L.

Strategies for Incorporating Delegation into Attribute-Based Access Control (ABAC) Sylvia L.

Strategies for Incorporating Delegation into Attribute-Based Access Control (ABAC) Sylvia L. Osborn Daniel Servos sylvia@csd.uwo.ca dservos5@uwo.ca Department of Computer Science The 9th International Symposium on Foundations & Practice

1.05k views • 75 slides
A Distributed Calculus for Role-Based Access Control Chiara Braghin joint work with D. Gorla and

A Distributed Calculus for Role-Based Access Control Chiara Braghin joint work with D. Gorla and

A Distributed Calculus for Role-Based Access Control Chiara Braghin joint work with D. Gorla and V. Sassone MyThS Meeting, Venice, June, 14th, 2004 A Distributed Calculus for Role-Based Access Control p.1/18 RBAC Why: Role-Based Access

613 views • 36 slides
Meta-policies for Distributed Role-based Access Control Andrs Belokosztolszki, Ken Moody

Meta-policies for Distributed Role-based Access Control Andrs Belokosztolszki, Ken Moody

Meta-policies for Distributed Role-based Access Control Andrs Belokosztolszki, Ken Moody {ab374,km}@cl.cam.ac.uk University of Cambridge, Computer Laboratory, OPERA Policy 2002 1 Outline Role-Based Access Control OASIS

480 views • 14 slides
Role-Based Access Control Corban Rivera CS 6204, Spring 2005 1 Trusted Computer System

Role-Based Access Control Corban Rivera CS 6204, Spring 2005 1 Trusted Computer System

Role-Based Access Control Corban Rivera CS 6204, Spring 2005 1 Trusted Computer System Evaluation Criteria (TCSEC) Background MAC Mandatory Access Control Firm security levels DAC Discretionary Access Control Access

240 views • 6 slides
PERMIS Role-Based Access Control Example System Presenter: Haiyan Cheng CS 6204, Spring 2005 1

PERMIS Role-Based Access Control Example System Presenter: Haiyan Cheng CS 6204, Spring 2005 1

PERMIS Role-Based Access Control Example System Presenter: Haiyan Cheng CS 6204, Spring 2005 1 PERMIS Review A role-based access control infrastructure Uses X.509 attribute certificate (AC) to store users roles All access

397 views • 8 slides
A solution for Access Delegation based on SAML Ciro Formisano Ermanno Travaglino Isabel

A solution for Access Delegation based on SAML Ciro Formisano Ermanno Travaglino Isabel

A solution for Access Delegation based on SAML Ciro Formisano Ermanno Travaglino Isabel Matranga Access Delegation in distributed environments SAML 2.0 Condition to Delegate Implementation Future plans Access Delegation in distributed

666 views • 18 slides
1 General Access Control General Access Control Control of access to memory relatively easy:

1 General Access Control General Access Control Control of access to memory relatively easy:

Role of Access Control Before closing back doors we need to close front doors Access control: determines access to files & processes in OS Fall 2008 We will return to these themes throughout the course Fall 2008 CS

512 views • 6 slides
Role-Based Access Control CS461/ECE422 Spring 2012 Reading

Role-Based Access Control CS461/ECE422 Spring 2012 Reading

Role-Based Access Control CS461/ECE422 Spring 2012 Reading Material Chapter 4, sec?ons 4.5 and 4.6 [SFK00] DAC vs RBAC DAC Users, Groups

415 views • 25 slides
Constraints in Role-Based Access Control Jason Crampton Information Security Group, Royal

Constraints in Role-Based Access Control Jason Crampton Information Security Group, Royal

Constraints in Role-Based Access Control Jason Crampton Information Security Group, Royal Holloway University of London jason.crampton@rhul.ac.uk www.isg.rhul.ac.uk/~jason Outline Introduction Separation of duty Role-based

482 views • 14 slides
Incorporating Off-Line Attribute Delegation into Hierarchical Group and Attribute-Based Access

Incorporating Off-Line Attribute Delegation into Hierarchical Group and Attribute-Based Access

Incorporating Off-Line Attribute Delegation into Hierarchical Group and Attribute-Based Access Control Daniel Servos Michael Bauer Western University Western University London, Ontario London, Ontario dservos5@uwo.ca bauer@uwo.ca November

511 views • 34 slides
Working Set- -Based Access Control for Based Access Control for Working Set Network File

Working Set- -Based Access Control for Based Access Control for Working Set Network File

Working Set- -Based Access Control for Based Access Control for Working Set Network File Systems Network File Systems Stephen Smaldone, Vinod Ganapathy, and Liviu Iftode DiscoLab - Department of Computer Science Rutgers, The State University

667 views • 23 slides
Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions Protection objects : system resources for which protection is

576 views • 21 slides
Applying Hierarchical and Role-Based Access Control to XML Documents Jason Crampton Information

Applying Hierarchical and Role-Based Access Control to XML Documents Jason Crampton Information

Applying Hierarchical and Role-Based Access Control to XML Documents Jason Crampton Information Security Group Royal Holloway, University of London ACM Workshop on Secure Web Services 2004 George Mason University, 29 October 2004 Applying

647 views • 31 slides
Semantic security framework and context- aware role-based access control ontology for Smart

Semantic security framework and context- aware role-based access control ontology for Smart

Semantic security framework and context- aware role-based access control ontology for Smart Spaces Semantic Big Data Workshop, ACM SIGMOD 2016 Conference 2016, San Francisco, California, July 1st 2016 Shohreh Hosseinzadeh, Natalia

240 views • 19 slides
ROLE BASED ACCESS CONTROL (RBAC) John Barkley RBAC Project Leader Software Diagnostics and

ROLE BASED ACCESS CONTROL (RBAC) John Barkley RBAC Project Leader Software Diagnostics and

ROLE BASED ACCESS CONTROL (RBAC) John Barkley RBAC Project Leader Software Diagnostics and Conformance Testing National Institute of Standards and Technology (301) 975-3346 jbarkley@nist.gov http://hissa.nist.gov/rbac/ ACTIVE PARTICIPANTS

635 views • 27 slides
An analysis of the applicability of blockchain to secure IP addresses allocation, delegation and

An analysis of the applicability of blockchain to secure IP addresses allocation, delegation and

An analysis of the applicability of blockchain to secure IP addresses allocation, delegation and bindings draft-paillisse-sidrops-blockchain-01 OPSEC - IETF 101 - London March 2018 Jordi Pailliss , Albert Cabellos, Vina Ermagan, Alberto

939 views • 44 slides
Welcome We will begin at 7:30 p.m. Central Time. Call in for audio. You need to register

Welcome We will begin at 7:30 p.m. Central Time. Call in for audio. You need to register

Welcome We will begin at 7:30 p.m. Central Time. Call in for audio. You need to register Register here for a pin and phone number. Delegation What is effective delegation? Type in the chat box Press 1 on your phone Effective delegation is

522 views • 51 slides
Conducting Meaningful Conversations in Faith and Science Walter.Rogero@live.com Conducting

Conducting Meaningful Conversations in Faith and Science Walter.Rogero@live.com Conducting

Conducting Meaningful Conversations in Faith and Science Walter.Rogero@live.com Conducting Meaningful Conversations in Faith and Science As Christians interested in the nexus of science and religion, we sometimes find ourselves in

373 views • 23 slides
Share Chair 2.009 Final Presentation December 11, 2006 The Share Chair Traditional Wheelchair

Share Chair 2.009 Final Presentation December 11, 2006 The Share Chair Traditional Wheelchair

Share Chair 2.009 Final Presentation December 11, 2006 The Share Chair Traditional Wheelchair I hate having to give up all controlI feel vulnerable when I can t see the person pushing me or communicate with them. Kaley,

398 views • 18 slides
Global Types with Internal Delegation and Connecting Communications joint work with Ilaria

Global Types with Internal Delegation and Connecting Communications joint work with Ilaria

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion Global Types with Internal Delegation and Connecting Communications joint work with Ilaria Castellani, Paola Giannini and Ross Horne Nobuko meeting

1.63k views • 116 slides
ffwd: delegation is (much) faster than you think Sepideh Roghanchi, Jakob Eriksson, Nilanjana

ffwd: delegation is (much) faster than you think Sepideh Roghanchi, Jakob Eriksson, Nilanjana

ffwd: delegation is (much) faster than you think Sepideh Roghanchi, Jakob Eriksson, Nilanjana Basu int get_seqno() { return ++seqno; } // ~1 Billion ops/s // single-threaded int threadsafe_get_seqno() { acquire(lock); int

1.04k views • 56 slides
Josh Bloch Charlie Garrod 17-214 1 Administrivia Homework 1 graded soon Reading due

Josh Bloch Charlie Garrod 17-214 1 Administrivia Homework 1 graded soon Reading due

Principles of Software Construction: Objects, Design, and Concurrency Part 1: Designing classes Design for reuse: delegation and inheritance Josh Bloch Charlie Garrod 17-214 1 Administrivia Homework 1 graded soon Reading due today:

845 views • 36 slides
Computational Social Choice 2020 Ulle Endriss Institute for Logic, Language and Computation

Computational Social Choice 2020 Ulle Endriss Institute for Logic, Language and Computation

Liquid Democracy COMSOC 2020 Computational Social Choice 2020 Ulle Endriss Institute for Logic, Language and Computation University of Amsterdam http://www.illc.uva.nl/~ulle/teaching/comsoc/2020/ Ulle Endriss 1 Liquid Democracy

359 views • 16 slides

More recommend