© 2005 Ravi Sandhu Administrative Scope (continued) (best viewed in slide show mode) Ravi Sandhu...
-
Upload
evelyn-webb -
Category
Documents
-
view
220 -
download
1
Transcript of © 2005 Ravi Sandhu Administrative Scope (continued) (best viewed in slide show mode) Ravi Sandhu...
© 2005 Ravi Sandhuwww.list.gmu.edu
Administrative Scope (continued)(best viewed in slide show mode)
Ravi SandhuLaboratory for Information Security Technology
George Mason [email protected]
2
© 2005 Ravi Sandhuwww.list.gmu.edu
RHA Conditions for Four Operations
• These conditions always apply• RHA1
• Additional conditions may be imposed• RHA2, RHA3, RHA4
These are allowed to be
3
© 2005 Ravi Sandhuwww.list.gmu.edu
RHA: Add role Y with no children (scope PL1)
Y
4
© 2005 Ravi Sandhuwww.list.gmu.edu
RHA: Insert edge ENG1, Y (scope PL1)
Y
5
© 2005 Ravi Sandhuwww.list.gmu.edu
RHA: Delete edge ENG1, Y (scope PL1)
Y
• outside scope of PL1• so cannot get back to childless Y
6
© 2005 Ravi Sandhuwww.list.gmu.edu
RHA: Add role Y with no parents (scope PL1)
scope of PL1
scope of DIR
7
© 2005 Ravi Sandhuwww.list.gmu.edu
RHA: Add role Y with no parents (scope PL1)
Y
scope of PL1
scope of DIR
8
© 2005 Ravi Sandhuwww.list.gmu.edu
RHA Conditions for Four Operations
• These conditions always apply• RHA1
• Additional conditions may be imposed• RHA2, RHA3, RHA4
These are allowed to be
May not be a good idea, especially for parents
9
© 2005 Ravi Sandhuwww.list.gmu.edu
RHA3
10
© 2005 Ravi Sandhuwww.list.gmu.edu
RHA3
11
© 2005 Ravi Sandhuwww.list.gmu.edu
RHA3: Administrative Scope
12
© 2005 Ravi Sandhuwww.list.gmu.edu
RHA3
S+(PSO1)
S+(DSO)
13
© 2005 Ravi Sandhuwww.list.gmu.edu
RHA3: PSO1 creates Y
S+(PSO1)
S+(DSO)
Y
14
© 2005 Ravi Sandhuwww.list.gmu.edu
RHA3: Consistency Constraints
15
© 2005 Ravi Sandhuwww.list.gmu.edu
RHA4: admin-authority operations
16
© 2005 Ravi Sandhuwww.list.gmu.edu
RHA4: creation of parentless roles not allowed
Forces PSO1 as administrator of X
Should be DSO?
Eliminated from admin-hierarchy