LectureNote9-RBAC

LectureNote9-RBAC - R OLE B ASED A CCESS C ONTROL C LARK-W...

Info iconThis preview shows pages 1–7. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: R OLE B ASED A CCESS C ONTROL C LARK-W ILSON M ODEL C HINESE W ALL M ODEL R OLE B ASED A CCESS C ONTROL C OVERT C HANNELS CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University 49 / 92 Role Based Access Control Models C LARK-W ILSON M ODEL C HINESE W ALL M ODEL R OLE B ASED A CCESS C ONTROL C OVERT C HANNELS CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University 50 / 92 Owner-based discretionary access control (DAC) Origins: academia Mandatory access control (MAC) Origins: military Role based access control (RBAC) Origins: business There is more to access control than DAC / MAC Owner Based DAC C LARK-W ILSON M ODEL C HINESE W ALL M ODEL R OLE B ASED A CCESS C ONTROL C OVERT C HANNELS CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University 51 / 92 Owner has all-or-nothing power Superuser fallacy Spaghetti of intent Negative permissions make for messier spaghetti Trojan horses can subvert intent Military Style MAC C LARK-W ILSON M ODEL C HINESE W ALL M ODEL R OLE B ASED A CCESS C ONTROL C OVERT C HANNELS CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University 52 / 92 Enforce one-directional information flow in a lattice of security labels Rigid and simple-minded Can be used for Confidentiality Integrity Aggregation (Chinese Wall) RBAC C LARK-W ILSON M ODEL C HINESE W ALL M ODEL R OLE B ASED A CCESS C ONTROL C OVERT C HANNELS CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University 53 / 92 A users permissions are determined by the users roles rather than users identity (DAC) users clearance (MAC) Facilitates administration of permissions articulation of policy RBAC C LARK-W ILSON M ODEL C HINESE W ALL M ODEL R OLE B ASED A CCESS C ONTROL C OVERT C HANNELS CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University 54 / 92 Policy neutral Policy oriented least privilege separation of duties encapsulation of primitive permissions separation of administration and access Roles are a semantic construct around which to build policy RBAC...
View Full Document

Page1 / 27

LectureNote9-RBAC - R OLE B ASED A CCESS C ONTROL C LARK-W...

This preview shows document pages 1 - 7. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online