Relationship-Based Access Control (ReBAC)
|
|
- Rosa Fleming
- 6 years ago
- Views:
Transcription
1 CS 5323 Relationship-Based Access Control (ReBAC) Pro. Ravi Sandhu Executive Director and Endowed Chair Lecture 6 ravi.utsa@gmail.com 1
2 Access Control Fixed policy Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Flexible policy Attribute Based Access Control (ABAC),???? 2
3 Access Control Fixed policy Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 Relationship Based Access Control (ReBAC), 2008 Role Based Access Control (RBAC), 1995 Flexible policy Attribute Based Access Control (ABAC),???? 3
4 Access Control Fixed policy Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 Relationship Based Access Control (ReBAC), 2008 Role Based Access Control (RBAC), 1995 Flexible policy Attribute Based Access Control (ABAC),???? 4
5 ReBAC Models 5
6 Online Social Networks (OSNs) Social graph is modeled as a directed labeled simple graph G=<U, E, Σ> Nodes U as users Edges E as relationships Σ={σ 1, σ 2,,σ n, σ 1-1, σ 2-1,, σ n -1 } as relationship types supported 6
7 Access Control in OSNs Policy Individualization Users deine their own privacy and activity preerences Related users can conigure policies too Collectively used by the system or control decision User and Resource as a Target e.g., poke, messaging, riendship invitation User Policies or Outgoing and Incoming Actions User can be either requester or target o activity Allows control on 1) activities w/o knowing a particular resource and 2) activities against the user w/o knowing a particular access requestor e.g., block notiication o riend s activities; restrict rom viewing violent contents 7
8 U2U ReBAC (UURAC) Model U A : Accessing User U T : Target User U C : Controlling User R T : Target Resource AUP: Accessing User Policy TUP: Target User Policy TRP: Target Resource Policy SP: System Policy Policy Individualization User and Resource as a Target Separation o user policies or incoming and outgoing actions Regular Expression based path pattern w/ max hopcounts (e.g., <u a, (*c,3)>) 8
9 Access Request and Evaluation Access Request <u a, action, target> u a tries to perorm action on target Target can be either user u t or resource r t Policies and Relationships used or Access Evaluation When u a requests to access a user u t u a s AUP, u t s TUP, SP U2U relationships between u a and u t When u a requests to access a resource r t u a s AUP, r t s TRP, SP U2U relationships between u a and u c 9
10 Policy Representations action -1 in TUP and TRP is the passive orm since it applies to the recipient o action TRP has an extra parameter u c to speciy the controlling user U2U relationships between u a and u c SP does not dierentiate the active and passive orms SP or resource needs r.typename, r.typevalue to reine the scope o the resource 10
11 Example 11
12 Beyond U2U Relationships There are various types o relationships between users and resources in addition to U2U relationships and ownership e.g., share, like, comment, tag, etc U2U, U2R and R2R U2R urther enables relationship and policy administration 12
13 U2U, U2R & R2R ReBAC (URRAC) Model AU: Accessing User AS: Accessing Session TU: Target User TS: Target Session O: Object P: Policy P AU : Accessing User Policy P AS : Accessing Session Policy P TU : Target User Policy P TS : Target Session Policy P O : Object Policy P P : Policy or Policy P Sys : System Policy 13
14 Dierences with UURAC Access Request (s, act, T) where T may contain multiple objects Policy Administration User-session Distinction Hopcount Skipping Local hopcount stated inside [[]] will not be counted in global hopcount. E.g., ([*,3][[c*, 2]],3), the local hopcount 2 or c* does not apply to the global hopcount 3, thus allowing * to have up to 3 hops. 14
15 Policy Conlict Resolution System-deined conlict resolution or potential conlicts among user-speciied policies Disjunctive, conjunctive and prioritized order between relationship types <share-1, (own tag share)> <read-1, (own tag)> <riend_request, (parent 15
16 Beyond Relationships ReBAC usually relies on type, depth, or strength o relationships, but cannot express more complicated topological inormation ReBAC lacks support or attributes o users, resources, and relationships Useul examples include common riends, duration o riendship, minimum age, etc. 16
17 Attribute-based Policy <quantiier, (ATTR(N), ATTR(E)), count i> [+1, -2], age(u) > 18 [+1, -1], weight(e) > 0.5 {+1, +2, -1}, gender(u) = male 17
18 Attribute-based Policy Node attributes Deine user s identity and characteristics: e.g., name, age, gender, etc. Edge attributes Describe the characteristics o the relationship: e.g., weight, type, duration, etc. Count attributes Occurrence requirements or the attribute-based path speciication, speciying the minimum 18
19 Example: No Attributes Bob Dave Alice Ed Harry Carol Fred Georg e 19
20 Example: Node Attributes Bob Occupation = student Dave Occupation = student Alice Ed Occupation = teacher Harry Carol Occupation = student Fred Occupation = teacher Georg e Occupation = student <access, (u a, ((*, 4): [+1, -1], occupation = student, count 3)))> 20
21 Example: Edge Attributes Since = Feb, 2014 Since = June, 2013 Bob Dave Since = Aug, 2008 Alice Ed Since = May, 2009 Harry Since = Aug, 2010 Carol Fred Georg e <read, Photo1, (u a, ((*, 3): [+1, -1], duration 3 month, _)))> 21
22 ReBAC Models Object-to-Object 22
23 Object Relationships in ReBAC ReBAC or OSN generally considers only user to user relationship OSN has very speciic types o resources photos, notes, comments, which are strongly tied to users. Even though some ReBAC models consider general computing systems beyond OSNs they still need users/subjects existence in relationship graph. 23
24 ReBAC in General Beyond OSNs Participant-o user 1 project 1 Participant-o older 1 Supervises Member-o doc 1 Member-o older 2 doc 2 Member-o A sample Relationship Graph or Organizational Environment [RPPM, Crampton et al.,2014 ] 24
25 Existence o Object Relationship Independent o User Object Relationship in Object Oriented System (Inheritance, Composition and Association) History o a Git Project (Version Control System) is a DAG 25
26 Limitations o Existing ReBAC Models Cannot conigure relationship between objects independent o user. Cannot express authorization policy solely considering object relationship. 26
27 How the model would look like? Object to Object Relationship Based Access Control Policy Level Example ACL(o 1 ) = {u 1 } ACL(o 2 ) = {} ACL(o 3 ) = {u 2 } policylevel(a 1,o 1 ) =2 policylevel(a 2,o 1 ) =0 policylevel(a 1,o 2 ) =1 policylevel(a 2,o 2 ) =0 policylevel(a 1,o 3 ) =3 policylevel(a 2,o 3 ) =2 policylevel(a 1,o 4 ) =2 policylevel(a 2,o 4 ) =0 27
28 OOReBAC: Model Components and Deinition 28
29 OOReBAC: An Example Sequence o operations and its outcome: Coniguration: Sequence o operations and its outcome: 29
30 OOReBAC: Application An OOReBAC Instantiation Sequence o Operations and Outcomes 30
31 ABAC-ReBAC Comparison 31
32 ReBAC Vs. ABAC ReBAC? ABAC Are they Comparable? Can Attributes Express Relationships? Can ReBAC Conigure ABAC? Vice versa? Do they have equal expressive power? I not Which one is more expressive? 32
33 Attribute Types 1. Attribute Value Structure Atomic-valued or Single-valued Attribute (e.g. gender) Set-valued or Multi-valued Attribute (e.g. phonenumber) Structured Attribute (e.g person-ino (name, age, phonenumber )) 2. Attribute Value Scope Entity Attribute (e.g. riend) Non-entity Attribute (e.g. age) 3. Boundedness o attribute range Finite Domain Attribute (e.g. gender) Ininite Domain Attribute (e.g. time) 4. Attribute association Contextual or Environmental Attribute (e.g. currenttime) Meta Attribute (e.g. role(user) = manager, task(manager) = supervise) 5. Attribute mutability Mutable Attribute Immutable Attribute 33
34 Attribute Function Composition 34
35 Assumptions All non entity attribute are inite domain Entity attribute unctions are partial unctions deined on existing entities only Inner attribute unction in an attribute unction composition should always be entity attributes Structured attribute is a multivalued tuple o atomic or set-valued attributes. So it is more expressive than atomic or set-valued attribute. 35
36 ReBAC Classiication Figure 3.: ReBAC Framework 36
37 Example Figure 4.: A Simple Relationship Graph Expressible in ReBAC B [Crampton et al ] 37
38 Example (Continued ) Figure 5: An Example o Node Attributes in Relationship Graph Expressible in ReBAC BN Figure 6: An Example o Edge Attributes in Relationship Graph Expressible in ReBAC BE 38
39 Example (Continued ) Structure Edge Attribute: dependson Sub Attributes o dependson Source Node Target Node RelationshipType dependson (u,r,ua) = (y,x,tt) Figure 7: An Example o Node Attributes in Relationship Graph Expressible in ReBAC BNES [Cheng et al. 2016] 39
40 ABAC Classiication Figure 8: ABAC Framework 40
41 Expressing Relationship Graph with Attributes Entity types = {user, project, ile, directory} Attributes: User attributes ={Participant-o, Supervises} File attributes = {Resource-or, FileMember-o} Project attributes = {} Directory attributes ={DirectoryMember-o} Relationship Graph in Figure 4 is Expressible with ABAC E 41
42 Expressing Relationship Graph with Attributes (Continued ) entitytype = {user} Attribute: user s entity attribute ={riend} User s Non Entity Attribute ={Name, Age, Gender} Relationship Graph in Figure 5 is Expressible with ABAC E Relationship Graph in Figure 6 is Expressible with ABAC ES entitytype = {user, project, tenant} Attribute: user s atomic entity attribute ={supervises} User s structured entity Attribute ={assignedby} e.g. assignedby(bob) = ( Project1, supervises, Alice ) 42
43 Expressing Relationship Graph with Attributes (Continued ) Entity types: {user, tenant, role} Attribute: User s atomic entity attribute: {UO,UA} Users Structured Entity Attribute: {dependentedge} dependentedge(u) = ( r, UA, {(y,x,tt)} ) Relationship Graph in Figure 7 is Expressible with ABAC ES 43
44 Expressing Multilevel Relationship With Attributes riend riend Alice Bob Carol Figure 9. A simple Relationship Graph Attribute Composition Needs one attribute: riend Policy Expression uses Attribute composition riend(alice)={bob} riend(riend(alice))={carol} Composite Attribute Needs two attribute 1. riend 2. riendoriend Policy Expression uses direct attributes riend(alice) ={Bob} riendoriend(alice)={carol} 44
45 Example: riend riend(alice) = {Amy, Carol} riendoriend(alice) = {John} Figure 10. A simple Relationship Graph I the riend relationship between Amy and John deleted riendoriend(alice) =? Instead o keeping the end user as attribute value we have to keep the exact path inormation. 45
46 Example Figure 12: Multilevel Relationship Expression with Attribute 46
47 Comparison: On Dynamics Figure 12: ReBAC Dynamics, ABAC Dynamics and Attribute Domain wise Comparison between ReBAC and ABAC 47
48 Comparison: Equivalent Structural Models or ReBAC and ABAC Figure 13: Equivalence o ReBAC and ABAC Structural Classiication 48
49 Comparison: Non-Equivalent Structural models or ReBAC and ABAC Figure 14: Non-Equivalence o ReBAC and ABAC Structural Classiication 49
50 Comparison: On Perormance Attribute Composition is similar to ReBAC and Both have polynomial complexity or authorization policy and constant complexity on update Composite attribute has constant complexity on authorization policy and polynomial complexity on update to maintain relationship changes. Perormance Depends on : Node Dynamics Relationship Dynamics Density o the Relationship Graph 50
51 Comparison: Choice o Models For static system or only change or non entity attribute------composite attribute is the best approach System with huge node dynamics, relationship dynamics and high relationship density----- Attribute composition is the best option I the system is in the middle between two extremes ---- A hybrid approach where both composite attribute and attribute composition is used. Hybrid Approach: To achieve p level relationship composition it uses m level composite attribute and n level attribute composition where p = n X m. 51
52 Comparison: In Respect o PEI Framework No Dierence Both the approaches dier here Figure 15: PEI Framework 52
Expressive Power, Safety and Cloud Implementation of Attribute and Relationship Based Access Control Models
Expressive Power, Safety and Cloud Implementation of Attribute and Relationship Based Access Control Models Dissertation Defense: Tahmina Ahmed Dissertation Committee: Dr. Ravi Sandhu, Supervising Professor
More informationRelationship-Based Access Control (ReBAC or RAC)
CS 6393 Lecture 6 Relationship-Based Access Control (ReBAC or RAC) Prof. Ravi Sandhu Executive Director and Endowed Chair March 4, 2016 ravi.sandhu@utsa.edu www.profsandhu.com Ravi Sandhu 1 RAC Models
More informationAccess Control for Online Social Networks using Relationship Type Patterns
Institute or Cyber Security Access Control or Online Social Networks using Relationship Type Patterns Dissertation Deense Yuan Cheng Department o Computer Science University o Texas at San Antonio 4/16/2014
More informationClassifying and Comparing Attribute-Based and Relationship-Based Access Control
Classifying and Comparing Attribute-Based and Relationship-Based Access Control Tahmina Ahmed Univ. of Texas at San Antonio qfk367@my.utsa.edu Ravi Sandhu Univ. of Texas at San Antonio ravi.sandhu@utsa.edu
More informationACCESS CONTROL FOR ONLINE SOCIAL NETWORKS USING RELATIONSHIP TYPE PATTERNS
ACCESS CONTROL FOR ONLINE SOCIAL NETWORKS USING RELATIONSHIP TYPE PATTERNS APPROVED BY SUPERVISING COMMITTEE: Ravi Sandhu, Ph. D., Co-Chair Jaehong Park, Ph. D., Co-Chair Rajendra Boppana, Ph. D. Jianwei
More informationOSNS have become ubiquitous in daily life and have tremendously
424 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 13, NO. 4, JULY/AUGUST 2016 An Access Control Model for Online Social Networks Using User-to-User Relationships Yuan Cheng, Jaehong Park,
More informationDiscretionary Access Control (DAC)
CS 5323 Discretionary Access Control (DAC) Prof. Ravi Sandhu Executive Director and Endowed Chair Lecture 7 ravi.utsa@gmail.com www.profsandhu.com Ravi Sandhu 1 Authentication, Authorization, Audit AAA
More informationChapter 4: Access Control
(DAC) Chapter 4: Comp Sci 3600 Security Outline (DAC) 1 2 (DAC) 3 4 5 Attribute-based control (DAC) The prevention of unauthorized use of a resource, including the prevention of use of a resource in an
More informationPolicy Machine PRESENTED BY: SMRITI BHATT
Policy Machine PRESENTED BY: SMRITI BHATT Overview Many policies and access control models DAC, MAC, RBAC, ABAC, LaBAC, ReBAC, Policy Machine immense concept and capabilities PM vs ABAC Attributes, relationships,
More informationA Proposed Approach for Solving Rough Bi-Level. Programming Problems by Genetic Algorithm
Int J Contemp Math Sciences, Vol 6, 0, no 0, 45 465 A Proposed Approach or Solving Rough Bi-Level Programming Problems by Genetic Algorithm M S Osman Department o Basic Science, Higher Technological Institute
More informationAttribute-Based Access Control Models
Institute for Cyber Security Attribute-Based Access Control Models Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber Security University of Texas at
More informationA Requirement Specification Language for Configuration Dynamics of Multiagent Systems
A Requirement Speciication Language or Coniguration Dynamics o Multiagent Systems Mehdi Dastani, Catholijn M. Jonker, Jan Treur* Vrije Universiteit Amsterdam, Department o Artiicial Intelligence, De Boelelaan
More informationDiscretionary Access Control (DAC)
CS 5323 Discretionary Access Control (DAC) Prof. Ravi Sandhu Executive Director and Endowed Chair Lecture 2 ravi.utsa@gmail.com www.profsandhu.com Ravi Sandhu 1 Authentication Ravi Sandhu 2 Authentication,
More informationAN 608: HST Jitter and BER Estimator Tool for Stratix IV GX and GT Devices
AN 608: HST Jitter and BER Estimator Tool or Stratix IV GX and GT Devices July 2010 AN-608-1.0 The high-speed communication link design toolkit (HST) jitter and bit error rate (BER) estimator tool is a
More informationAccess Control. Discretionary Access Control
Access Control Discretionary Access Control 1 Outlines Access Control Discretionary Access Control (DAC) Mandatory Access Control (MAC) Role-Based Access Control (RBAC) 2 Access Control Access control
More informationTime-constraint Access Control in Pervasive Computing Environments
Time-constraint Access Control in Pervasive Computing Environments Jun-qing Li lijunqing@lcu.edu.cn Quan-ke Pan panquanke@lcu.edu.cn Sheng-xian Xie xsx@lcu.edu.cn Yu-ting Wang wangyuting@lcu.edu.cn ABSTRACT
More informationThe Future of Access Control: Attributes, Automation and Adaptation
Institute for Cyber Security The Future of Access Control: Attributes, Automation and Adaptation Prof. Ravi Sandhu Executive Director and Endowed Chair IRI San Francisco August 15, 2013 ravi.sandhu@utsa.edu
More informationCS 356 Lecture 7 Access Control. Spring 2013
CS 356 Lecture 7 Access Control Spring 2013 Review Chapter 1: Basic Concepts and Terminology Integrity, Confidentiality, Availability, Authentication, and Accountability Types of threats: active vs. passive,
More informationInter-ReBAC: Inter-operation of Relationship-based Access Control Model Instances
Inter-ReBAC: Inter-operation of Relationship-based Access Control Model Instances Jason Crampton and James Sellwood Royal Holloway University of London, Egham, United Kingdom. jason.crampton@rhul.ac.uk,
More informationIdentity, Authentication and Authorization. John Slankas
Identity, Authentication and Authorization John Slankas jbslanka@ncsu.edu Identity Who or what a person or thing is; a distinct impression of a single person or thing presented to or perceived by others;
More information2. Recommended Design Flow
2. Recommended Design Flow This chapter describes the Altera-recommended design low or successully implementing external memory interaces in Altera devices. Altera recommends that you create an example
More informationDATABASE SECURITY AND PRIVACY. Some slides were taken from Database Access Control Tutorial, Lars Olson, UIUC CS463, Computer Security
DATABASE SECURITY AND PRIVACY Some slides were taken from 463.5.1 Database Access Control Tutorial, Lars Olson, UIUC CS463, Computer Security Database Security Protect Sensitive Data from Unauthorized
More informationAn Attribute-Based Access Matrix Model
An Attribute-Based Access Matrix Model Xinwen Zhang Lab for Information Security Technology George Mason University xzhang6@gmu.edu Yingjiu Li School of Information Systems Singapore Management University
More information2. Methodology. 1. Introduction. Tie-RBAC: An application of RBAC to Social Networks. 2.1 Social Network Analysis
Tie-RBAC: An application of RBAC to Social Networks Antonio Tapiador, Diego Carrera, Joaquín Salvachúa Universidad Politécnica de Madrid Abstract This paper explores the application of role-based access
More informationAutomated Planning for Feature Model Configuration based on Functional and Non-Functional Requirements
Automated Planning or Feature Model Coniguration based on Functional and Non-Functional Requirements Samaneh Soltani 1, Mohsen Asadi 1, Dragan Gašević 2, Marek Hatala 1, Ebrahim Bagheri 2 1 Simon Fraser
More informationL12: ER modeling 5. CS3200 Database design (sp18 s2) 2/22/2018
L12: ER modeling 5 CS3200 Database design (sp18 s2) https://course.ccs.neu.edu/cs3200sp18s2/ 2/22/2018 200 Announcements! Keep bringing your name plates J Exam 1 discussion: questions on grading: Piazza,
More informationSection II. Nios II Software Development
Section II. Nios II Sotware Development This section o the Embedded Design Handbook describes how to most eectively use the Altera tools or embedded system sotware development, and recommends design styles
More informationFormalizing Cardinality-based Feature Models and their Staged Configuration
Formalizing Cardinality-based Feature Models and their Staged Coniguration Krzyszto Czarnecki, Simon Helsen, and Ulrich Eisenecker 2 University o Waterloo, Canada 2 University o Applied Sciences Kaiserslautern,
More informationInformation Security CS 526
Information Security CS 526 Topic 23: Role Based Access Control CS526 Topic 23: RBAC 1 Readings for This Lecture RBAC96 Family R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman. Role-Based Access
More informationRBAC: Motivations. Users: Permissions:
Role-based access control 1 RBAC: Motivations Complexity of security administration For large number of subjects and objects, the number of authorizations can become extremely large For dynamic user population,
More information9. Reviewing Printed Circuit Board Schematics with the Quartus II Software
November 2012 QII52019-12.1.0 9. Reviewing Printed Circuit Board Schematics with the Quartus II Sotware QII52019-12.1.0 This chapter provides guidelines or reviewing printed circuit board (PCB) schematics
More informationCOMS W4705, Spring 2015: Problem Set 2 Total points: 140
COM W4705, pring 2015: Problem et 2 Total points: 140 Analytic Problems (due March 2nd) Question 1 (20 points) A probabilistic context-ree grammar G = (N, Σ, R,, q) in Chomsky Normal Form is deined as
More informationInternet Routing Seminar. September/2000
1 2 3 4 Internet Routing Seminar - Adj-RIB-In: store routing inormation that has learned via inbound UPDATE msg input to the Decision Process - RIB-Loc: routes selected by the Decision Process applying
More informationAccess Control. Protects against accidental and malicious threats by
Access Control 1 Access Control Access control: ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions Protection objects: system resources for which protection
More information10. SOPC Builder Component Development Walkthrough
10. SOPC Builder Component Development Walkthrough QII54007-9.0.0 Introduction This chapter describes the parts o a custom SOPC Builder component and guides you through the process o creating an example
More informationIntelligent knowledge-based system for the automated screwing process control
Intelligent knowledge-based system or the automated screwing process control YULIYA LEBEDYNSKA yuliya.lebedynska@tu-cottbus.de ULRICH BERGER Chair o automation Brandenburg University o Technology Cottbus
More informationData Security and Privacy. Topic 8: Role Based Access Control
Data Security and Privacy Topic 8: Role Based Access Control Plan for this lecture CodeShield: towards personalized application whitelisting. Christopher S. Gates, Ninghui Li, Jing Chen, Robert W. Proctor:
More informationRepresent entities and relations with diagrams
LEARNING OBJECTIVES Define data modeling terms Describe E-R Model Identify entities and relations Represent entities and relations with diagrams WHAT IS DATA MODELING? A data model is a collection of concepts
More informationCounting Interface Automata and their Application in Static Analysis of Actor Models
Counting Interace Automata and their Application in Static Analysis o Actor Models Ernesto Wandeler Jörn W. Janneck Edward A. Lee Lothar Thiele Abstract We present an interace theory based approach to
More informationProvenance-Based Access Control (PBAC)
CS 6393 Lecture 9 Part 1 Provenance-Based Access Control (PBAC) Prof. Ravi Sandhu Executive Director and Endowed Chair April 15, 2016 ravi.sandhu@utsa.edu www.profsandhu.com 1 Ultimate Unified Model Attributes
More informationThe DBMS accepts requests for data from the application program and instructs the operating system to transfer the appropriate data.
Managing Data Data storage tool must provide the following features: Data definition (data structuring) Data entry (to add new data) Data editing (to change existing data) Querying (a means of extracting
More informationUsing VCS with the Quartus II Software
Using VCS with the Quartus II Sotware December 2002, ver. 1.0 Application Note 239 Introduction As the design complexity o FPGAs continues to rise, veriication engineers are inding it increasingly diicult
More informationAdministrative Privilege Inheritance in RBAC
Administrative Privilege Inheritance in RBAC Open Session Talk, FOSAD 2006 Marnix Dekker, TNO ICT, Security group This talk is about ongoing work with: with Jan Cederquist*, Jason Crampton** and Sandro
More informationMultiparty Communications CS 118. Computer Network Fundamentals Peter Reiher. Lecture 4 Page 1 CS 118. Winter 2016
Multiparty Communications Computer Network Fundamentals Peter Reiher Page 1 Outline Extending 2-party model to N-party A party has multiple receivers (other end) A party has multiple senders (local end)
More informationThe R BAC96 RBAC96 M odel Model Prof. Ravi Sandhu
The RBAC96 Model Prof. Ravi Sandhu WHAT IS RBAC? multidimensional open ended ranges from simple to sophisticated 2 WHAT IS THE POLICY IN RBAC? LBAC is policy driven: one-directional information flow in
More informationConceptual Database Design. COSC 304 Introduction to Database Systems. Entity-Relationship Modeling. Entity-Relationship Modeling
COSC 304 Introduction to Database Systems Entity-Relationship Modeling Dr. Ramon Lawrence University of British Columbia Okanagan ramon.lawrence@ubc.ca Conceptual Database Design Conceptual database design
More informationAnalysis of Various RBAC and ABAC Based Access Control Models with Their Extension
Analysis of Various RBAC and ABAC Based Access Control Models with Their Extension Prajapati Barkha, Gurucharansingh Sahani Student, Assistant Professor, Computer Engineering Department, Sardar Vallabhbhai
More informationAccess Control. Access control: ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions
Access Control 1 Access Control Access control: ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions Protection objects: system resources for which protection
More informationHarmonizing CIM and IEC Grant Gilchrist, EnerNex Corporation John Gillerman, SISCO Inc.
Harmonizing CIM and IEC 61850 Grant Gilchrist, EnerNex Corporation John Gillerman, SISCO Inc. The Problem OPERATIONS and MAINTENANCE ENVIRONMENT Power System Model Server CIM XML or GID Services Field
More informationThe Science, Engineering, and Business of Cyber Security
Institute for Cyber Security The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber Security University
More informationA Framework for Enforcing Constrained RBAC Policies
A Framework for Enforcing Constrained RBAC Policies Jason Crampton Information Security Group Royal Holloway, University of London jason.crampton@rhul.ac.uk Hemanth Khambhammettu Information Security Group
More informationMessage authentication
Message authentication -- Reminder on hash unctions -- MAC unctions hash based block cipher based -- Digital signatures (c) Levente Buttyán (buttyan@crysys.hu) Hash unctions a hash unction is a unction
More informationMidterm Exam (Version B) CS 122A Spring 2017
NAME: SOLUTION SEAT NO.: STUDENT ID: Midterm Exam (Version B) CS 122A Spring 2017 Max. Points: 100 (Please read the instructions carefully) Instructions: - The total time for the exam is 80 minutes; be
More informationRavi Sandhu
Institute for Cyber Security The Authorization Leap fr rom Rights to Attributes: Maturation or Chaos? Prof. Ravi Sandhu Executive Director and Endowed Chair SecurIT 2012 August 17, 2012 ravi.sandhu@ @utsa.edu
More informationConcavity. Notice the location of the tangents to each type of curve.
Concavity We ve seen how knowing where a unction is increasing and decreasing gives a us a good sense o the shape o its graph We can reine that sense o shape by determining which way the unction bends
More informationAccess Control. Access Control: enacting a security policy. COMP 435 Fall 2017 Prof. Cynthia Sturton. Access Control: enacting a security policy
Access Control: enacting a security policy Access Control COMP 435 Fall 2017 Prof. Cynthia Sturton Which users can access which resources and with which rights 2 Access Control: enacting a security policy
More informationPre-defined class JFrame. Object & Class an analogy
CS1M Lecture 17 Mar 29, 25 1 Announcements: Project 4 due Sunda 4/3 at 6pm Use Keboard class or reading input Section in classrooms this week Previous Lecture: Selection statement Reading input using Keboard
More informationTHE ENTITY- RELATIONSHIP (ER) MODEL CHAPTER 7 (6/E) CHAPTER 3 (5/E)
THE ENTITY- RELATIONSHIP (ER) MODEL CHAPTER 7 (6/E) CHAPTER 3 (5/E) 2 CHAPTER 7 OUTLINE Using High-Level, Conceptual Data Models for Database Design Entity-Relationship (ER) model Popular high-level conceptual
More informationCS 4604: Introduction to Database Management Systems. B. Aditya Prakash Lecture #10: Query Processing
CS 4604: Introduction to Database Management Systems B. Aditya Prakash Lecture #10: Query Processing Outline introduction selection projection join set & aggregate operations Prakash 2018 VT CS 4604 2
More informationCS 1653: Applied Cryptography and Network Security Fall Term Project, Phase 2
CS 1653: Applied Cryptography and Network Security Fall 2017 Term Project, Phase 2 Assigned: Tuesday, September 12 Due: Tuesday, October 3, 11:59 PM 1 Background Over the course of this semester, we will
More information2. Getting Started with the Graphical User Interface
February 2011 NII52017-10.1.0 2. Getting Started with the Graphical User Interace NII52017-10.1.0 The Nios II Sotware Build Tools (SBT) or Eclipse is a set o plugins based on the popular Eclipse ramework
More informationAttribute-Based Access and Communication Control Models for Cloud and Cloud-Enabled Internet of Things
Attribute-Based Access and Communication Control Models for Cloud and Cloud-Enabled Internet of Things Ph.D. Dissertation Defense: Smriti Bhatt Institute for Cyber Security (ICS) Department of Computer
More informationThe Future of Access Control: Attributes, Automation and Adaptation
Institute for Cyber Security The Future of Access Control: Attributes, Automation and Adaptation Prof. Ravi Sandhu Executive Director and Endowed Chair NSS 2012 November 21, 2012 ravi.sandhu@utsa.edu www.profsandhu.com
More informationACON: Activity-Centric Access Control for Social Computing
2011 Sixth International Conference on Availability, Reliability and Security ACON: Activity-Centric Access Control for Social Computing Jaehong Park, Ravi Sandhu, and Yuan Cheng Institute for Cyber Security
More informationExtended ReBAC Administrative Models with Cascading Revocation and Provenance Support
Extended ReBAC Administrative Models with Cascading Revocation and Provenance Support Yuan Cheng Institute for Cyber Security Univ. of Texas at San Antonio yuan@ycheng.org Khalid Bijon MosaixSoft khalid@mosaixsoft.com
More informationXV. The Entity-Relationship Model
XV. The Entity-Relationship Model The Entity-Relationship Model Entities, Relationships and Attributes Cardinalities, Identifiers and Generalization Documentation of E-R Diagrams and Business Rules Acknowledgment:
More informationCS122 Lecture 4 Winter Term,
CS122 Lecture 4 Winter Term, 2014-2015 2 SQL Query Transla.on Last time, introduced query evaluation pipeline SQL query SQL parser abstract syntax tree SQL translator relational algebra plan query plan
More informationDatabase Systems: Design, Implementation, and Management Tenth Edition. Chapter 4 Entity Relationship (ER) Modeling
Database Systems: Design, Implementation, and Management Tenth Edition Chapter 4 Entity Relationship (ER) Modeling 4.1 The Entity Relationship Model (ERM) ER model forms the basis of an ER diagram ERD
More informationA database can be modeled as: + a collection of entities, + a set of relationships among entities.
The Relational Model Lecture 2 The Entity-Relationship Model and its Translation to the Relational Model Entity-Relationship (ER) Model + Entity Sets + Relationship Sets + Database Design Issues + Mapping
More informationAgenda: Understanding Relationship Types Degree and Cardinality with Examples
Data Processing AAOC C311 I Semester 2012 2013 CLASS 4 Agenda: Understanding Relationship Types Degree and Cardinality with Examples Prentice Hall, 2002 1 More on Relationships (A set of meaningful associations
More informationExtra readings beyond the lecture slides are important:
1 Notes To preview next lecture: Check the lecture notes, if slides are not available: http://web.cse.ohio-state.edu/~sun.397/courses/au2017/cse5243-new.html Check UIUC course on the same topic. All their
More informationUnderstanding Signal to Noise Ratio and Noise Spectral Density in high speed data converters
Understanding Signal to Noise Ratio and Noise Spectral Density in high speed data converters TIPL 4703 Presented by Ken Chan Prepared by Ken Chan 1 Table o Contents What is SNR Deinition o SNR Components
More informationIS 263 Database Concepts
IS 263 Database Concepts Lecture 1: Database Design Instructor: Henry Kalisti 1 Department of Computer Science and Engineering The Entity-Relationship Model? 2 Introduction to Data Modeling Semantic data
More informationDatabase Management System (15ECSC208) UNIT I: Chapter 1: Introduction to DBMS and ER-Model
Database Management System (15ECSC208) UNIT I: Chapter 1: Introduction to DBMS and ER-Model Data Modeling Using the Entity Relationship Model Part 3 Review Conceptual Schema Outcome of the high-level
More informationMATRIX ALGORITHM OF SOLVING GRAPH CUTTING PROBLEM
UDC 681.3.06 MATRIX ALGORITHM OF SOLVING GRAPH CUTTING PROBLEM V.K. Pogrebnoy TPU Institute «Cybernetic centre» E-mail: vk@ad.cctpu.edu.ru Matrix algorithm o solving graph cutting problem has been suggested.
More information3-D TERRAIN RECONSTRUCTION WITH AERIAL PHOTOGRAPHY
3-D TERRAIN RECONSTRUCTION WITH AERIAL PHOTOGRAPHY Bin-Yih Juang ( 莊斌鎰 ) 1, and Chiou-Shann Fuh ( 傅楸善 ) 3 1 Ph. D candidate o Dept. o Mechanical Engineering National Taiwan University, Taipei, Taiwan Instructor
More informationTrees and Tree Traversal
Trees and Tree Traversal Material adapted courtesy of Prof. Dave Matuszek at UPENN Definition of a tree A tree is a node with a value and zero or more children Depending on the needs of the program, the
More informationToday. Lecture 17: Reality Mining. Last time
Today We will introduce the idea of a relational database, discuss its underlying data model and present a slightly simplified view of how to access its information Lecture 17: As with all new technologies
More informationSecurity Analysis of Relationship-Based Access Control Policies
Security Analysis of Relationship-Based Access Control Policies Amirreza Masoumzadeh University at Albany SUNY Albany, NY amasoumzadeh@albany.edu ABSTRACT Relationship-based access control (ReBAC) policies
More informationES 240: Scientific and Engineering Computation. a function f(x) that can be written as a finite series of power functions like
Polynomial Deinition a unction () that can be written as a inite series o power unctions like n is a polynomial o order n n ( ) = A polynomial is represented by coeicient vector rom highest power. p=[3-5
More informationMIDTERM EXAMINATION Spring 2010 CS403- Database Management Systems (Session - 4) Ref No: Time: 60 min Marks: 38
Student Info StudentID: Center: ExamDate: MIDTERM EXAMINATION Spring 2010 CS403- Database Management Systems (Session - 4) Ref No: 1356458 Time: 60 min Marks: 38 BC080402322 OPKST 5/28/2010 12:00:00 AM
More informationAN 459: Guidelines for Developing a Nios II HAL Device Driver
AN 459: Guidelines or Developing a Nios II HAL Device Driver November 2008 AN-459-2.0 Introduction This application note explains the process o developing and debugging a hardware abstraction layer (HAL)
More informationConnecting Definition and Use? Tiger Semantic Analysis. Symbol Tables. Symbol Tables (cont d)
Tiger source program Tiger Semantic Analysis lexical analyzer report all lexical errors token get next token parser construct variable deinitions to their uses report all syntactic errors absyn checks
More informationContents. Before You Start 2. Configuring Rumpus 3. Testing Accessible Directory Service Access 5. Specifying Home Folders 6
Contents Before You Start 2 Configuring Rumpus 3 Testing Accessible Directory Service Access 5 Specifying Home Folders 6 Active Directory Groups 7 Specifying An Alternate Users Container 8 Maxum Development
More informationAn Equivalent Access Based Approach for Building Collaboration Model between Distinct Access Control Models
An Equivalent Access Based Approach for Building Collaboration Model between Distinct Access Control Models Xiaofeng Xia To cite this version: Xiaofeng Xia. An Equivalent Access Based Approach for Building
More informationIntroduction. Introduction. Router Architectures. Introduction. Recent advances in routing architecture including
Router Architectures By the end of this lecture, you should be able to. Explain the different generations of router architectures Describe the route lookup process Explain the operation of PATRICIA algorithm
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.
CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How
More informationCS 405G: Introduction to Database Systems
CS 405G: Introduction to Database Systems Entity Relationship Model Jinze Liu 9/11/2014 1 CS685 : Special The UNIVERSITY Topics in Data of Mining, KENTUCKY UKY Review A database is a large collection of
More informationPrinciples of Data Management. Lecture #13 (Query Optimization II)
Principles of Data Management Lecture #13 (Query Optimization II) Instructor: Mike Carey mjcarey@ics.uci.edu Database Management Systems 3ed, R. Ramakrishnan and J. Gehrke 1 Today s Notable News v Reminder:
More informationAccess Control Models Part II
Access Control Models Part II CERIAS and CS &ECE Departments Pag. 1 Introduction Other models: The Chinese Wall Model it combines elements of DAC and MAC RBAC Model it is a DAC model; however, it is sometimes
More informationLecture 6.2: Protocols - Authentication and Key Exchange II. CS 436/636/736 Spring Nitesh Saxena. Course Admin
Lecture 6.2: Protocols - Authentication and Key II CS 436/636/736 Spring 2012 Nitesh Saxena Mid-Term Grading Course Admin Will be done over the break Scores will be posted online and graded exams distribute
More informationATTRIBUTE-BASED ACCESS CONTROL MODELS AND IMPLEMENTATION IN CLOUD INFRASTRUCTURE AS A SERVICE
ATTRIBUTE-BASED ACCESS CONTROL MODELS AND IMPLEMENTATION IN CLOUD INFRASTRUCTURE AS A SERVICE APPROVED BY SUPERVISING COMMITTEE: Ravi Sandhu, Ph.D., Co-Chair Ram Krishnan, Ph.D., Co-Chair Rajendra V. Boppana,
More informationCIS 771: Software Specifications. Lecture 4: More Alloy Basics
CIS 771: Software Specifications Lecture 4: More Alloy Basics Copyright 2001-2002, Matt Dwyer, John Hatcliff, and Rod Howell. The syllabus and all lectures for this course are copyrighted materials and
More informationComputer Security 3e. Dieter Gollmann. Chapter 5: 1
Computer Security 3e Dieter Gollmann www.wiley.com/college/gollmann Chapter 5: 1 Chapter 5: Access Control Chapter 5: 2 Introduction Access control: who is allowed to do what? Traditionally, who is a person.
More informationDATA MODELS FOR SEMISTRUCTURED DATA
Chapter 2 DATA MODELS FOR SEMISTRUCTURED DATA Traditionally, real world semantics are captured in a data model, and mapped to the database schema. The real world semantics are modeled as constraints and
More informationHGABAC: Towards a Formal Model of Hierarchical Attribute-Based Access Control
HGABAC: Towards a Formal Model of Hierarchical Attribute-Based Access Control Daniel Servos dservos5@uwo.ca Sylvia L. Osborn sylvia@csd.uwo.ca Department of Computer Science The 7th International Symposium
More informationHow to translate ER Model to Relational Model
How to translate ER Model to Relational Model Review - Concepts 2 Relational Model is made up of tables A row of table = a relational instance/tuple A column of table = an attribute A table = a schema/relation
More informationII. Data Models. Importance of Data Models. Entity Set (and its attributes) Data Modeling and Data Models. Data Model Basic Building Blocks
Data Modeling and Data Models II. Data Models Model: Abstraction of a real-world object or event Data modeling: Iterative and progressive process of creating a specific data model for a specific problem
More informationModule 4: Access Control
Module 4: Access Control Dr. Natarajan Meghanathan Associate Professor of Computer Science Jackson State University, Jackson, MS 39232 E-mail: natarajan.meghanathan@jsums.edu Access Control In general,
More informationCourse Design Document. IS436: Data Security and Privacy. Version 1.0
Course Design Document IS436: Data Security and Privacy Version 1.0 7 July 2014 Table of Content 1 Versions History... 3 2 Overview of Data Security and Privacy Course... 3 2.1 Synopsis... 3 2.2 Prerequisites...
More information