Organization versus Activation: The Role of Endocrine-disrupting
Role Activation Hierarchies
description
Transcript of Role Activation Hierarchies
![Page 1: Role Activation Hierarchies](https://reader036.fdocuments.net/reader036/viewer/2022062423/5681449d550346895db14e1e/html5/thumbnails/1.jpg)
Role Activation Hierarchies
Ravi Sandhu
George Mason University
![Page 2: Role Activation Hierarchies](https://reader036.fdocuments.net/reader036/viewer/2022062423/5681449d550346895db14e1e/html5/thumbnails/2.jpg)
RBAC96
ROLES
USER-ROLEASSIGNMENT
PERMISSION-ROLEASSIGNMENT
USERS PERMISSIONS
... SESSIONS
ROLE HIERARCHIES
CONSTRAINTS
![Page 3: Role Activation Hierarchies](https://reader036.fdocuments.net/reader036/viewer/2022062423/5681449d550346895db14e1e/html5/thumbnails/3.jpg)
ROLE HIERARCHIES
Inheritance hierarchies permission inheritance user inheritance
Activation hierarchies role membership versus role activation
![Page 4: Role Activation Hierarchies](https://reader036.fdocuments.net/reader036/viewer/2022062423/5681449d550346895db14e1e/html5/thumbnails/4.jpg)
EXAMPLE ROLE HIERARCHYINTERPRETATIONS
Employee (E)
Engineering Department (ED)
Project Lead 1(PL1)
Engineer 1(E1)
Production 1(P1)
Quality 1(Q1)
Director (DIR)
Project Lead 2(PL2)
Engineer 2(E2)
Production 2(P2)
Quality 2(Q2)
PROJECT 2PROJECT 1
![Page 5: Role Activation Hierarchies](https://reader036.fdocuments.net/reader036/viewer/2022062423/5681449d550346895db14e1e/html5/thumbnails/5.jpg)
ALTERNATIVES
separate inheritance and activation hierarchies this paper
single inheritance and activation hierarchy most common approach, including RBAC96
activation hierarchy only, no inheritance alternative identified in NIST RBAC model
inheritance hierarchy only, no activation hierarchy does not seem to be useful
![Page 6: Role Activation Hierarchies](https://reader036.fdocuments.net/reader036/viewer/2022062423/5681449d550346895db14e1e/html5/thumbnails/6.jpg)
LBAC: LIBERAL *-PROPERTY
H
L
M1 M2
Read Write- +
+ -
![Page 7: Role Activation Hierarchies](https://reader036.fdocuments.net/reader036/viewer/2022062423/5681449d550346895db14e1e/html5/thumbnails/7.jpg)
LBAC: LIBERAL *-PROPERTY DUAL ROLE SIMULATION
HR
LR
M1R M2R
LW
HW
M1W M2W
Read Write-
+
![Page 8: Role Activation Hierarchies](https://reader036.fdocuments.net/reader036/viewer/2022062423/5681449d550346895db14e1e/html5/thumbnails/8.jpg)
LBAC: STRICT *-PROPERTY
H
L
M1 M2
Read Write-
+
![Page 9: Role Activation Hierarchies](https://reader036.fdocuments.net/reader036/viewer/2022062423/5681449d550346895db14e1e/html5/thumbnails/9.jpg)
LBAC: STRICT *-PROPERTY DUAL ROLE SIMULATION
HR
LR
M1R M2R LW
HWM1W M2W
![Page 10: Role Activation Hierarchies](https://reader036.fdocuments.net/reader036/viewer/2022062423/5681449d550346895db14e1e/html5/thumbnails/10.jpg)
LBAC: STRICT *-PROPERTY SIMULATION BY PRIVATE ROLES
HR
LR
M1R M2R
![Page 11: Role Activation Hierarchies](https://reader036.fdocuments.net/reader036/viewer/2022062423/5681449d550346895db14e1e/html5/thumbnails/11.jpg)
LBAC: STRICT *-PROPERTY SIMULATION BY PRIVATE ROLES
HR
LR
M1R M2R
HW
LW
M1W M2W
![Page 12: Role Activation Hierarchies](https://reader036.fdocuments.net/reader036/viewer/2022062423/5681449d550346895db14e1e/html5/thumbnails/12.jpg)
LBAC: STRICT *-PROPERTY SIMULATION BY PRIVATE ROLES
HR
LR
M1R M2R
HW
LW
M1W M2W
![Page 13: Role Activation Hierarchies](https://reader036.fdocuments.net/reader036/viewer/2022062423/5681449d550346895db14e1e/html5/thumbnails/13.jpg)
DYNAMIC SEPARATION OF DUTIES
Roles in dynamic SOD cannot have common seniors in role
inheritance hierarchy, but can have common seniors in role
activation hierarchy
![Page 14: Role Activation Hierarchies](https://reader036.fdocuments.net/reader036/viewer/2022062423/5681449d550346895db14e1e/html5/thumbnails/14.jpg)
EXAMPLE ROLE HIERARCHYINTERPRETATIONS
Employee (E)
Engineering Department (ED)
Project Lead 1(PL1)
Engineer 1(E1)
Production 1(P1)
Quality 1(Q1)
Director (DIR)
Project Lead 2(PL2)
Engineer 2(E2)
Production 2(P2)
Quality 2(Q2)
PROJECT 2PROJECT 1
![Page 15: Role Activation Hierarchies](https://reader036.fdocuments.net/reader036/viewer/2022062423/5681449d550346895db14e1e/html5/thumbnails/15.jpg)
ACTIVATION HIERARCHIES
A
B
D
C
E
A
B
D
C
E
![Page 16: Role Activation Hierarchies](https://reader036.fdocuments.net/reader036/viewer/2022062423/5681449d550346895db14e1e/html5/thumbnails/16.jpg)
CONCLUSION
separate inheritance and activation hierarchies this paper
single inheritance and activation hierarchy most common approach, including RBAC96
activation hierarchy only, no inheritance alternative identified in NIST RBAC model
inheritance hierarchy only, no activation hierarchy does not seem to be useful