LectureNote9-RBAC

LectureNote9-RBAC - R OLE B ASED A CCESS C ONTROL C LARK-W...

Info iconThis preview shows pages 1–7. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: R OLE B ASED A CCESS C ONTROL C LARK-W ILSON M ODEL C HINESE W ALL M ODEL R OLE B ASED A CCESS C ONTROL C OVERT C HANNELS CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University – 49 / 92 Role Based Access Control Models C LARK-W ILSON M ODEL C HINESE W ALL M ODEL R OLE B ASED A CCESS C ONTROL C OVERT C HANNELS CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University – 50 / 92 ● Owner-based discretionary access control (DAC) ✦ Origins: academia ● Mandatory access control (MAC) ✦ Origins: military ● Role based access control (RBAC) ✦ Origins: business ● There is more to access control than DAC / MAC Owner Based DAC C LARK-W ILSON M ODEL C HINESE W ALL M ODEL R OLE B ASED A CCESS C ONTROL C OVERT C HANNELS CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University – 51 / 92 ● Owner has all-or-nothing power ✦ Superuser fallacy ● Spaghetti of intent ● Negative permissions make for messier spaghetti ● Trojan horses can subvert intent Military Style MAC C LARK-W ILSON M ODEL C HINESE W ALL M ODEL R OLE B ASED A CCESS C ONTROL C OVERT C HANNELS CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University – 52 / 92 ● Enforce one-directional information flow in a lattice of security labels ● Rigid and simple-minded ● Can be used for ✦ Confidentiality ✦ Integrity ✦ Aggregation (Chinese Wall) RBAC C LARK-W ILSON M ODEL C HINESE W ALL M ODEL R OLE B ASED A CCESS C ONTROL C OVERT C HANNELS CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University – 53 / 92 ● A user’s permissions are determined by the user’s roles rather than ✦ user’s identity (DAC) ✦ user’s clearance (MAC) ● Facilitates ✦ administration of permissions ✦ articulation of policy RBAC C LARK-W ILSON M ODEL C HINESE W ALL M ODEL R OLE B ASED A CCESS C ONTROL C OVERT C HANNELS CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University – 54 / 92 ● Policy neutral ● Policy oriented ✦ least privilege ✦ separation of duties ✦ encapsulation of primitive permissions ✦ separation of administration and access ● Roles are a semantic construct around which to build policy RBAC...
View Full Document

{[ snackBarMessage ]}

Page1 / 27

LectureNote9-RBAC - R OLE B ASED A CCESS C ONTROL C LARK-W...

This preview shows document pages 1 - 7. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online