Unformatted text preview: on RBAC Reference Model •  The NIST RBAC model is defined in terms of four model components . •  •  •  •  Core RBAC Hierarchical RBAC StaIc SeparaIon of Duty RelaIons Dynamic SeparaIon of Duty RelaIons •  Each Component is defined by subcomponents: •  Set of basic elements sets •  A set of RBAC relaIons involving those elements sets. •  A set of mapping funcIons that yield instances of members from one element set for a given instance from another element set. Core RBAC •  Contains the essenIal aspects of RBAC. •  users are assigned to roles, and users acquire permissions by being members of roles. •  Includes requirements that user- role and permission- role assignment can be many- to- many. •  It includes requirements for user- role review whereby the roles assigned to a specific user can be determined as well as users assigned to specific role. A similar requirement for permission- role review is imposed as an advanced review feature. •  It allows includes the concept of user sessions, which allows selecIve acIvaIon and deacIvaIon of roles. •  Finally it requires that users be able to simultaneously exercise permission of mulIple roles. This precludes products that restrict users of acIvaIon of one role at a Ime. Core RBAC •  Same as RBAC0 (users, roles, permissions, sessions) –  Object: any resource –  OperaIon: executable image of a program –  Permission: approval to perform an opera/on on object(s) •  Administra9ve func9ons: add/delete users and roles, create/delete user- to- role and permission- to- role assignments •  Suppor9ng system func9ons: session ß། create, add/delete role, check permission •  Review func9ons: enable admin. to view enIre model Core RBAC Defini&...
This note was uploaded on 02/03/2014 for the course ECE 422 taught by Professor Nicol during the Fall '08 term at University of Illinois, Urbana Champaign.

