Lecture Chapter 4: Access Control Role-based models RBAC

Lecture Chapter 4 - Access Control Role-based models RBAC presentation of content: Role-based models, role based access control, administrative role-based access control model. | Access Control Role-based models RBAC Chapter 4 Agenda Role-based models Administrative role-based access control model 2 Role-based models Many organizations base access control decisions on “the roles that individual users take on as part of the organization”. They prefer to centrally control and maintain access rights that reflect the organization’s protection guidelines. With RBAC, role-permission relationships can be predefined, which makes it simple to assign users to the predefined roles. The combination of users and permissions tend to change over time, the permissions associated with a role are more stable. RBAC concept supports three well-known security principles: Least privilege Separation of duties Data abstraction Role Based Access . | Access Control Role-based models RBAC Chapter 4 Agenda Role-based models Administrative role-based access control model 2 Role-based models Many organizations base access control decisions on “the roles that individual users take on as part of the organization”. They prefer to centrally control and maintain access rights that reflect the organization’s protection guidelines. With RBAC, role-permission relationships can be predefined, which makes it simple to assign users to the predefined roles. The combination of users and permissions tend to change over time, the permissions associated with a role are more stable. RBAC concept supports three well-known security principles: Least privilege Separation of duties Data abstraction Role Based Access Control (RBAC) Access control in organizations is based on “roles that individual users take on as part of the organization” A role is “is a collection of permissions” Role Based Access Control (RBAC) RBAC Access depends on role/function, not identity Example: Allison is bookkeeper for Math Dept. She has access to financial records. If she leaves and Betty is hired as the new bookkeeper, Betty now has access to those records. The role of “bookkeeper” dictates access, not the identity of the individual. RBAC RBAC (cont’d) Is RBAC a discretionary or mandatory access control? RBAC is policy neutral; however individual RBAC configurations can support a mandatory policy, while others can support a discretionary policy. Role Hierarcies Role Administration Project Supervisor Test engineer Programmer Project Member Permissions RBAC (NIST Standard) Users Roles Operations Objects Sessions UA user_sessions (one-to-many) role_sessions (many-to-many) PA An important difference from classical models is .

Không thể tạo bản xem trước, hãy bấm tải xuống
TỪ KHÓA LIÊN QUAN
TÀI LIỆU MỚI ĐĂNG
Đã phát hiện trình chặn quảng cáo AdBlock
Trang web này phụ thuộc vào doanh thu từ số lần hiển thị quảng cáo để tồn tại. Vui lòng tắt trình chặn quảng cáo của bạn hoặc tạm dừng tính năng chặn quảng cáo cho trang web này.