A THREE TIER ARCHITECTURE FOR - PowerPoint PPT Presentation

About This Presentation
Title:

A THREE TIER ARCHITECTURE FOR

Description:

A THREE TIER ARCHITECTURE FOR. ROLE-BASED ACCESS CONTROL. Ravi Sandhu and Hal Feinstein ... Ed Coyne, Charles Youman. 2. RBAC. An alternative to classical MAC and DAC ... – PowerPoint PPT presentation

Number of Views:30
Avg rating:3.0/5.0
Slides: 24
Provided by: rav67
Category:

less

Transcript and Presenter's Notes

Title: A THREE TIER ARCHITECTURE FOR


1
A THREE TIER ARCHITECTURE FOR ROLE-BASED ACCESS
CONTROL Ravi Sandhu and Hal Feinstein Seta
Corporation McLean, VA
Ongoing NIST-funded project Other Project Members
at Seta Ed Coyne, Charles Youman
2
RBAC
  • An alternative to classical MAC and DAC
  • Substantial history and tradition
  • Often used to separate administrative functions
  • Operator
  • Auditor
  • Security Officer
  • User
  • Extend this concept into application domain

3
INTERACTION OF RBAC, MAC AND DAC
4
POLICY VERSUS MECHANISM
  • Roles are a policy concept
  • Several mechanisms can be used to implement roles
  • Roles
  • Groups
  • Compartments
  • Some mechanisms are better suited than others

5
RBAC
ROLE
USERS
PRIVILEGES
USER-ROLE ASSIGNMENT
PRIVILEGE-ROLE ASSIGNMENT
6
USERS
  • Users are human beings
  • Each individual should be known as exactly one
    user

7
PRIVILEGES
  • Primitive privileges
  • read, write, append, execute
  • Abstract privileges
  • credit, debit, inquiry
  • Generic privileges
  • auditor

8
RBAC
ROLE HIERARCHIES
ROLE
USERS
PRIVILEGES
USER-ROLE ASSIGNMENT
PRIVILEGE-ROLE ASSIGNMENT
9
HIERARCHICAL ROLES
Health-Care Provider
Physician
Primary-Care Physician
Specialist Physician
10
HIERARCHICAL ROLES
Engineer
Hardware Engineer
Software Engineer
Supervising Engineer
11
RBAC
ROLE HIERARCHIES
ROLE
USERS
PRIVILEGES
USER-ROLE ASSIGNMENT
PRIVILEGE-ROLE ASSIGNMENT
CONSTRAINTS
12
CONSTRAINTS
  • Mutually Exclusive Roles
  • Static Exclusion The same individual can never
    hold both roles
  • Dynamic Exclusion The same individual can never
    hold both roles in the same context
  • Prerequisite Roles
  • A user must belong to one or more prerequisite
    roles in order to qualify for possible membership
    in some other role

13
SCALE
  • Hundreds of roles
  • User-role assignment will change frequently
  • Privilege-role assignment will change frequently
  • Role hierarchy will change occasionally

14
RBAC SUMMARY
  • RBAC is a sophisticated and multi-dimensional
    concept
  • Different products will support variations of
    RBAC (even if standards emerge)

15
ANSI/SPARC DATABASE ARCHITECTURE
Community View
16
RBAC ARCHITECTURE
External View
External View
External View
Community View
Implementation View
Implementation View
Implementation View
17
TOP TWO TIERS
ELIMINATION
External View
External View
Community View
REFINEMENT
18
EXAMPLE
ELIMINATION
REFINEMENT
ROLE HIERARCHY
19
BOTTOM TWO TIERS
REFINEMENT
Community View
Implementation View
Implementation View
ELIMINATION
20
BOTTOM TWO TIERS
IMPLICIT MECHANISM
Community View
Implementation View
Implementation View
EXPLICIT MECHANISM
21
IMPLICIT USER ASSIGNMENT
22
EXPLICIT USER ASSIGNMENT
explicit assignment
NO ROLE HIERARCHY
USER
explicit assignments
23
CONCLUSION
  • Further work is ongoing on
  • RBAC model
  • RBAC architecture
  • Preliminary results are promising
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "A THREE TIER ARCHITECTURE FOR" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!