Enforcing SSoD policies by SMER Constraints - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

Enforcing SSoD policies by SMER Constraints

Description:

RBAC: Role-Based Access Control. SMER: Static Mutually Exclusive Role ... Comparison between different SMERs. Comparison between different SSoDs ... – PowerPoint PPT presentation

Number of Views:22
Avg rating:3.0/5.0
Slides: 13
Provided by: homesCeri
Category:

less

Transcript and Presenter's Notes

Title: Enforcing SSoD policies by SMER Constraints


1
Enforcing SSoD policies by SMER Constraints
  • Hong Chen

2
Motivation
  • Terminology
  • SoD Separation of Duty
  • RBAC Role-Based Access Control
  • SMER Static Mutually Exclusive Role
  • SoD is important in RBAC systems
  • Directly enforcing SoD in RBAC is difficult
  • We can use SMER to enforce RBAC

3
Definitions (1)
  • Domains
  • U the set of all possible users
  • R the set of all possible roles
  • P the set of all possible permissions
  • RBAC state

4
Definitions (2)
  • SSoD policy
  • SSoD safety
  • SMER constraint
  • RBAC state satisfies SMER constraint
  • Enforcing SSoD by SMER

5
Example
Example borrowed from Ninghui Li, Ziad Bizri,
and Mahesh V. Tripunitara On Mutually-Exclusive
Roles and Separation of Duty, ccs 2004
6
Current Research Result
  • Directly enforcing SSoD policies in RBAC is
    intractable
  • Enforcing SMER constraints is efficient
  • Verification problem is intractable
  • Generation of singleton SMER constraints
  • Precise enforcement is not always possible

7
Enforcing is not enough
  • Compatibility
  • Example
  • C1 and C2 both enforce E
  • C1 is not a good choice

8
Comparing SMER constraints
  • Compare two SMER constraints
  • C1 is at least as restrictive as C2 under RH
    (denoted by ) if and only if
  • If both C1 and C2 are in a set of SMERs and C1 is
    more restrictive than C2, than we can simply
    remove C2 from the set

9
Generation of SMER constraints(1)
  • Naïve Generation 2(2n)
  • Even for small n, not efficient
  • Generating all set of SMERs that can minimally
    implement given SSoD policies
  • Starting from most restrictive SMERs

10
Generation of SMER constraints(2)
Most Restrictive set of SMERs
Restrictive
SMERs that implement SSoD
SMERs that minimally implement SSoD
SMERs that do not implement SSoD
Not Restrictive
11
Summary
  • Notion of implementation
  • Comparison between different SMERs
  • Comparison between different SSoDs
  • Algorithm to generate all set of SMERs that
    minimally implement SSoD

12
Future Work
  • When can we precisely implement SSoD?
  • More efficient generation algorithm
  • How to choose from a set of implementations?
  • How to compare different SMER constraints
    according to the given SSoD policies?
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Enforcing SSoD policies by SMER Constraints" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!