RBAC-PAT: A Policy Analysis Tool as long as Role Based Access Control Mikhail I. Gofman

RBAC-PAT: A Policy Analysis Tool as long as Role Based Access Control Mikhail I. Gofman www.phwiki.com

RBAC-PAT: A Policy Analysis Tool as long as Role Based Access Control Mikhail I. Gofman

Mendivil, Sandra, Co-Host has reference to this Academic Journal, PHwiki organized this Journal RBAC-PAT: A Policy Analysis Tool as long as Role Based Access Control Mikhail I. Gofman, Ruiqi Luo, Ayla C. Solomon, Yingbin Zhang, Ping Yang in addition to Scott D. Stoller Outline RBAC-PAT Architecture in addition to Functionality Per as long as mance Results Demonstration Background: RBAC, ARBAC, in addition to Policy Analysis Role-Based Access Control (RBAC) Users are assigned to roles, e.g., doctor, nurse, patient. Example: UA = {(Bob, Doctor)} Permissions are associated with roles. Example: PA = {(Doctor,Modify,Prescriptions)} A user has a permission if he is a member of some role with that permission. RBAC is relatively simple in addition to widely used. User Role Permission UA PA User Assignment Permission Assignment

Elizabeth City State University NC www.phwiki.com

This Particular University is Related to this Particular Journal

Role Hierarchy r1 r2 (r1 is senior to r2) means every member of r1 is also an implicit member of r2. Thus, members of r1 have all the permissions that members of r2 have. Permission flows up. Membership flows down. Role hierarchy reduces redundancy in addition to eases administration. Project Manager Project Member Tester Programmer Permission Membership Administrative RBAC (ARBAC) ARBAC is a generic name as long as administrative policy models as long as RBAC. ARBAC97 [S in addition to hu+ 1999] is a classic ARBAC model ARBAC97 has three components: User-Role Administration: controls user assignment Permission-Role Administration: controls permission assignment Role-Role Administration: controls role hierarchy ARBAC Syntax Example: can-assign(President, Professor ¬DeptChair, Dean): Administrator in role President can assign a user in role Professor in addition to not in role DeptChair to role Dean. Professor is a positive precondition, DeptChair is a negative precondition in addition to Dean is postcondition. Professor is a positive role. DeptChair is a negative role. A role that is both positive in addition to negative is called mixed. Role President is administrative: has an administrative permission, ie. is the first component of a can-assign rule. Role Professor is regular: appears in the precondition of the rule. Example: can-revoke(DeptChair, TA): an administrator in role DeptChair can remove any user from role TA.

ARBAC Syntax Cont. can-assignp in addition to can-revokep: used to control permission-role assignment. Syntax similar to user-role administration. Separate Administration Restriction: administrative roles in addition to regular roles are disjoint. Motivation: Administrative Policy Analysis Large organizations have large in addition to complex policies which are managed by multiple administrators. The effects of an ARBAC policy are often hard to underst in addition to by manual inspection alone. Changes by one administrator may interact in unintended ways with changes by other administrators. We developed RBAC-PAT: a suite of policy analysis tools as long as ARBAC policies. Outline Background: RBAC, ARBAC, in addition to Policy Analysis RBAC-PAT Architecture in addition to Functionality Per as long as mance Results Demonstration

RBAC-PAT Architecture GUI Parser Hierarchy Converter Policy Analysis Engine Evidence Generator Parsed Policy Converted Policy Evidence ARBAC Policy Property FRONT-END BACK-END RBAC-PAT Architecture Front-End: Parser/Checker: Checks the policy as long as : Syntax Errors Hierarchy Converter: converts hierarchical policies into equivalent non-hierarchical policies [Sasturkar+ 2006]. Back-End: Policy Analysis Engine: Implements analysis algorithms. Evidence Generator: provides explanation of the analysis result. GUI Parser Hierarchy Converter Policy Analysis Engine Evidence Generator Parsed Policy Converted Policy Evidence ARBAC Policy Property FRONT-END BACK-END Policy Analysis Problems User-Role Reachability: given an initial RBAC policy, an ARBAC policy, a set of administrators, a target user, in addition to a set of roles (called the “goal”), is it possible as long as those administrators to modify the RBAC policy so that the target user is a member of those roles User-Role Availability: can a user u be removed from a role r by a group of administrators A Weakest Preconditions: what are the minimal sets of initial role memberships of the target user as long as which a given reachability goal is achievable

Policy Analysis Problems Cont. Role-Role Containment [Li+ 2006]: In every state reachable from a given initial state, is every member of role r1 also a member of role r2 Dead Roles: Does the policy contain roles which cannot be assigned to any users In as long as mation Flow: Can in as long as mation flow, directly or transitively, from object O1 to object O2 [Osborn+ 2002]. Permission-Role Reachability User-Permission Reachability Fixed Parameter Tractability (FPT) Reachability analysis as long as ARBAC is PSPACE complete in general [Sasturkar+ 2006]. We developed practical analysis algorithms that [Stoller+ 2007]: Exploit typical characteristics of realistic policies Are fixed-parameter tractable (FPT), i.e., have high complexity W.R.T. a (small) parameter k low complexity W.R.T. overall problem size, when value of k is fixed. [Sasturkar+2006] A. Sasturkar, P. Yang, S. Stoller, in addition to C. R. Ramakrishnan, Policy Analysis as long as Administrative Role Based Access Control, CSFW 2006 [Stoller+2007] S.D. Stoller, P. Yang, C. R. Ramakrishnan, M. Gofman, Efficient Policy Analysis of ARBAC policies, CCS 2007 Efficient Reachability Analysis Given an ARBAC policy, if the separate administration restriction holds: Forward Algorithm Backward algorithm Otherwise: Forward Algorithm

Forward Algorithm as long as ARBAC with Sep. Admin. With the separate administration assumption, it suffices to consider the role assignment of the target user u only. St in addition to ard reachability computation optimized with a reduction. A state is the set of roles that the target user u is in. Reduction Transitions that revoke non-negative roles or add non-positive roles are prohibited; Transitions that add non-negative roles or revoke non-positive roles are called invisible; others are called visible. Invisible transitions get combined with a preceding visible transition to as long as m a single composite transition. Forward Algorithm with Sep. Admin.: Example ARBAC Policy 1. can-assign(DeptChair, Grad, TA) 2. can-assign(GradAdmComm, ¬UnderGrad, Grad) 3. can-assign(Faculty, Undergrad, Grader) All Roles are revocable Can administrators in roles {DeptChair, GradAdmComm, Facutly} assign a user initially in {UnderGrad} to {TA, Grader} Grader ur(Undergrad) Grad TA Yes UnderGrad Grader Forward Algorithm as long as ARBAC with Sep. Admin. Cont. Slicing eliminates parts of the policy irrelevant to the given reachability query. FPT w.r.t number of mixed roles (mixed).

Backward Algorithm as long as ARBAC with Sep. Admin. Stage 1: use backwards search from goal to construct a graph (V, E). Nodes are user assignments (sets of roles). Edges are labeled with can-assign rules. Stage 1 cannot check if the negative precondition holds Stage 2: per as long as m as long as ward search to check if the goal is reachable UA UA {r} {p} can-assign(ar, p¬N, r) role set of roles r UA Backward Algorithm with Sep. Admin.: Example ARBAC Policy 1. can-assign(ar, true, r1) 2. can-assign(ar, r1, r2) 3. can-assign(ar, r2 r1, r3) 4. can-revoke(ar, r2) Initial state = {}, Goal = {r3}, The goal is not reachable, because r1 is irrevocable in addition to disables the last transition. Fixed-parameter tractable W.R.T. {goal, IR} as long as ARBAC with ppre 1, where IR is the number of irrevocable roles. cana(ar, true, r1) r2 r3 cana(ar, r2 r1, r3) r1 cana(ar, r1, r2) Ø Beyond Separate Administration In realistic ARBAC policies the sets of administrative in addition to regular roles may not always be disjoint. They violate the separate administration restriction Administrators may assign themselves to new roles. Example: DeptChair assigns himself to HonorsPgmDir in addition to then assigns students to HonorsStudent. Need to consider multiple users in addition to check their roles. The problem is FPT with respect to mixed roles in addition to administrators.

Hierarchical Role Assignment A query satisfies hierarchical role assignment if can-assign(ari, c, r) implies ari r as long as each ari. Each administrator is already an implicit member of roles to which he can be assigned, so such assignments can be ignored. Algorithms that assume separate administration apply. In our university policy, most queries satisfy this. Outline Background: RBAC, ARBAC, in addition to Policy Analysis RBAC-PAT Architecture in addition to Functionality Per as long as mance Results Demonstration Per as long as mance Results Evaluate algorithms on case studies in addition to synthetic policies. University policy in addition to Health care case study results: University policy: 372 rules. Healthcare policy: 13 rules Analysis algorithms terminate in at most 0.2 seconds R in addition to omly generated policies: vary the size parameters, while maintaining similar characteristics as case studies (distribution of can-assign rules per role, positive in addition to negative preconditions per rule, ).

Mendivil, Sandra El Show de Jose Fierros - KBKO-AM Co-Host www.phwiki.com

Per as long as mance Results: Synthetic Policies Largest of states: 5593 Largest of transitions: 50511 Largest of states: 74 Largest of transitions: 266 Per as long as mance Results: Synthetic Policies Cont. Largest of states: 14395 Largest of transitions: 215396 Largest of states: 401 Largest of transitions: 1789 Demonstration: Separate Administration Checker

Demonstration: User-Role Reachability with Sep. Admin. 9999 Demonstration: Role-Role Containment 9999 Demonstration: Weakest Precondition

Backward Algorithm as long as ARBAC with Sep. Admin.: Stage 2 To detect if the goal is reachable, Stage 2 per as long as ms a as long as ward analysis, labeling each node R with sets I1, I2, of additional irrevocable roles. represents states R I1, R I2, Example: Irrev = {r1} Initial state = {}, Goal = {r3} The goal is not reachable, because r1 is irrevocable in addition to disables the last transition. Fixed-parameter tractable W.R.T. {goal, IR} as long as ARBAC with ppre 1, where IR is the number of irrevocable roles. cana(ar, true, r1) r2 r3 cana(ar, r2 r1, r3) r1 cana(ar, r1, r2) Ø {Ø} {{r1}} {Ø} {} Demonstration: Hierarchical Role Assignment Checker

Mendivil, Sandra Co-Host

Mendivil, Sandra is from United States and they belong to El Show de Jose Fierros – KBKO-AM and they are from  Santa Barbara, United States got related to this Particular Journal. and Mendivil, Sandra deal with the subjects like Local News; Regional News

Journal Ratings by Elizabeth City State University

This Particular Journal got reviewed and rated by Elizabeth City State University and short form of this particular Institution is NC and gave this Journal an Excellent Rating.

 

In as long as mation Visualization: Principles, Promise, in addition to Pragmatics Marti Hearst CHI

In as long as mation Visualization: Principles, Promise, in addition to Pragmatics Marti Hearst CHI www.phwiki.com

In as long as mation Visualization: Principles, Promise, in addition to Pragmatics Marti Hearst CHI

Hawley, Chris, Mexico City Reporter has reference to this Academic Journal, PHwiki organized this Journal In as long as mation Visualization: Principles, Promise, in addition to Pragmatics Marti Hearst CHI 2003 Tutorial Agenda Introduction Visual Principles What Works Visualization in Analysis & Problem Solving Visualizing Documents & Search Comparing Visualization Techniques Design Exercise Wrap-Up Introduction Goals of In as long as mation Visualization Case Study: The Journey of the TreeMap Key Questions

Elizabeth City State University US www.phwiki.com

This Particular University is Related to this Particular Journal

What is In as long as mation Visualization Visualize: to as long as m a mental image or vision of Visualize: to imagine or remember as if actually seeing. American Heritage dictionary, Concise Ox as long as d dictionary What is In as long as mation Visualization “Trans as long as mation of the symbolic into the geometric” (McCormick et al., 1987) “ finding the artificial memory that best supports our natural means of perception.” (Bertin, 1983) The depiction of in as long as mation using spatial or graphical representations, to facilitate comparison, pattern recognition, change detection, in addition to other cognitive skills by making use of the visual system. In as long as mation Visualization Problem: HUGE Datasets: How to underst in addition to them Solution Take better advantage of human perceptual system Convert in as long as mation into a graphical representation. Issues How to convert abstract in as long as mation into graphical as long as m Do visualizations do a better job than other methods

Visualization Success Stories The Power of Visualization 1. Start out going Southwest on ELLSWORTH AVE Towards BROADWAY by turning right. 2: Turn RIGHT onto BROADWAY. 3. Turn RIGHT onto QUINCY ST. 4. Turn LEFT onto CAMBRIDGE ST. 5. Turn SLIGHT RIGHT onto MASSACHUSETTS AVE. 6. Turn RIGHT onto RUSSELL ST. The Power of Visualization Line drawing tool by Maneesh Agrawala http://graphics.stan as long as d.edu/~maneesh/

Visualization Success Story Mystery: what is causing a cholera epidemic in London in 1854 Visualization Success Story From Visual Explanations by Edward Tufte, Graphics Press, 1997 Illustration of John Snow’s deduction that a cholera epidemic was caused by a bad water pump, circa 1854. Horizontal lines indicate location of deaths. Visualization Success Story From Visual Explanations by Edward Tufte, Graphics Press, 1997 Illustration of John Snow’s deduction that a cholera epidemic was caused by a bad water pump, circa 1854. Horizontal lines indicate location of deaths.

Purposes of In as long as mation Visualization To help: Explore Calculate Communicate Decorate Two Different Primary Goals: Two Different Types of Viz Explore/Calculate Analyze Reason about In as long as mation Communicate Explain Make Decisions Reason about In as long as mation Goals of In as long as mation Visualization More specifically, visualization should: Make large datasets coherent (Present huge amounts of in as long as mation compactly) Present in as long as mation from various viewpoints Present in as long as mation at several levels of detail (from overviews to fine structure) Support visual comparisons Tell stories about the data

Why Visualization Use the eye as long as pattern recognition; people are good at scanning recognizing remembering images Graphical elements facilitate comparisons via length shape orientation texture Animation shows changes across time Color helps make distinctions Aesthetics make the process appealing A Key Question How do we Convert abstract in as long as mation into a visual representation While still preserving the underlying meaning And at the same time providing new insight The Need as long as Critical Analysis We see many creative ideas, but they often fail in practice The hard part: how to apply it judiciously Inventors usually do not accurately predict how their invention will be used This tutorial will emphasize Getting past the coolness factor Examining usability studies

Case Study: The Journey of the TreeMap The TreeMap (Johnson & Shneiderman ‘91) Idea: Show a hierarchy as a 2D layout Fill up the space with rectangles representing objects Size on screen indicates relative size of underlying objects. Early Treemap Applied to File System Treemap Problems Too disorderly What does adjacency mean Aspect ratios uncontrolled leads to lots of skinny boxes that clutter Color not used appropriately In fact, is meaningless here Wrong application Don’t need all this to just see the largest files in the OS

Successful Application of Treemaps Think more about the use Break into meaningful groups Fix these into a useful aspect ratio Use visual properties properly Use color to distinguish meaningfully Use only two colors: Can then distinguish one thing from another When exact numbers aren’t very important Provide excellent interactivity Access to the real data Makes it into a useful tool TreeMaps in Action http://www.smartmoney.com/maps http://www.peets.com/tast/11/coffee-selector.asp A Good Use of TreeMaps in addition to Interactivity www.smartmoney.com/marketmap

Hawley, Chris Arizona Republic Mexico City Reporter www.phwiki.com

Treemaps in Peets site Analysis vs. Communication MarketMap’s use of TreeMaps allows as long as sophisticated analysis Peets’ use of TreeMaps is more as long as presentation in addition to communication This is a key contrast Open Issues Does visualization help The jury is still out Still supplemental at best as long as text collections A correlation with spatial ability Learning effects: with practice ability on visual display begins to equal that of text Does visualization sell Jury is still out on this one too! This is a hot area! More ideas will appear!

Key Questions to Ask about a Viz What does it teach/show/elucidate What is the key contribution What are some compelling, useful examples Could it have been done more simply Have there been usability studies done What do they show What we are not covering Scientific visualization Statistics Cartography (maps) Education Games Computer graphics in general Computational geometry Agenda Introduction Visual Principles What Works Visualization in Analysis & Problem Solving Visualizing Documents & Search Comparing Visualization Techniques Design Exercise Wrap-Up

For more in as long as mation My course: http://www.sims.berkeley.edu/courses/is247/s02/Lectures.html Atlas of Cyberspaces: http://www.geog.ucl.ac.uk/casa/martin/atlas/atlas.html Gallery of Data Visualization; The Best in addition to Worst of Statistical Graphics http://www.math.yorku.ca/SCS/Gallery/ Tamara Munzner’s collection: http://graphics.stan as long as d.edu/courses/cs348c-96-fall/resources.html Thank you!

Hawley, Chris Mexico City Reporter

Hawley, Chris is from United States and they belong to Arizona Republic and they are from  Phoenix, United States got related to this Particular Journal. and Hawley, Chris deal with the subjects like Central America; Regional News; South America

Journal Ratings by Elizabeth City State University

This Particular Journal got reviewed and rated by Elizabeth City State University and short form of this particular Institution is US and gave this Journal an Excellent Rating.

 

Why Problems of file systems Extensible File Systems

 www.phwiki.com

 

The Above Picture is Related Image of Another Journal

 

Why Problems of file systems Extensible File Systems

Elizabeth City State University, NC has reference to this Academic Journal, Extensible File Systems Yong Yao CS614 May 1st, 2001 Problems of file systems Evolution of filing services is slow Many innovations have been proposed, but few have become widely available Why File systems are large in addition to difficult so that implement Key part of an operating system Interact alongside other core services No well-defined interface so that introduce new service easily Interfaces vary from system so that system

 Sabalow, Ryan Elizabeth City State University www.phwiki.com

 

Related University That Contributed for this Journal are Acknowledged in the above Image

 

Benefit alongside an extensible interface Compared so that the way that additional services obtained at the user level More available services at a far faster rate Motivation Modularity Sun Network File System A system in consideration of accessing remote files across LANs Goal: Allow some degree of sharing among a set of independent file systems.

NFS Architecture Three major layers Unix file-system interface VFS layer NFS protocol layer But If interface is evolving: Compatibility problems arise ? A change so that the interface requires changes so that each existing filing services If keep static: Difficult so that provide new services cleanly Desirable characteristics Extensibility: Filing must be robust so that both internal in addition to external change ? change management Stacking: add new functionality so that existing services ? Modularity Coherence: Data is consistent across multiple layers ? Successful design

Trust Management

Stacking in addition to Extensibility A conflict between two characteristics Stacking: layer is bounded(above in addition to below) by the same interface Extensibility: layer is robust so that change Stackable Design Decomposed a complex filing service into several layers Each layers can be developed independently Decomposition Make individual components most reusable Each encompasses a single abstraction Example: Disk partition Files service Directory service

Possible division Physical storage management Directory services Compression in addition to decompression Encryption in addition to decryption Cache management Remote-access services Replication Layer substitution Support the evolution in addition to replacement of layers Symmetric interface Construct complex filing services from a number of simple layers Interfaces are identical above in addition to below a layer Compared so that Shell programming: The pipe mechanism provides a simple byte-stream of data ls -l | wc

Bypass routine Interface is evolving, in addition to any layer can add new operations NFS: A routine in consideration of each operation Default routine-pass unknown operations so that a lower layer Handle variety of argument Metadata Nonlinear Stacking Not necessary so that be a strict stack Fan In Fan Out Address-space independence Layers can execute in different address spaces or even on different machines Distributed file system

Transport Layer A stackable layer that transfers operations from one address space so that another NFS: only a fixed set of operations, not extensible Extend NFS so that bypass new operations Example- replication layer of Ficus Ficus: a distributed file system developed at UCLA Provide a large scale replication service Logical layer: single-copy, highly available file Physical layer: implement the concept of a file replica Interposition Layers are interposed between existing users of the stack in addition to the old stack-top Useful when operations must happen at run-time

Implementation Existing File-System Interfaces Vnode:individual files Vfs: subtree Mounting Delayed binding Interface Extensibility Vnode interface: fix the formal definition of all operations before kernel compilation UCLA interface: maintain all interface definition until execution, then dynamically constructing the interface Each one provide a list of all operations Take the union of these operations Customized so that each file system Stack Creation Mounting in consideration of layer construction Instantiate a new UFS from /layer/ufs/crypt.raw Create an encryption layer(/usr/data) on top of the lower layer (/ayer/ufs/crypt.raw)

Stack Data Caching Individual stack layers cache data so that improve performance A cache manager coordinate page caching so that keep consistent. Page-naming policy [stack identifier, file offset] Performance Layer overhead compared so that monolithic file system Facilitate file-system development Compatibility problems Layer Performance Interface Performance Compare a kernel supporting UCLA interface alongside a standard kernel

Multiple-Layer Performance Null layers: forward all operations so that the next layer of the stack Object-Orientation in addition to Stacking Strong parallels exist between ?object-oriented? design in addition to Stacking Data encapsulation Late binding vs. run time stack configuration Inheritance vs. bypass routine Conclusion Focus: Improve the file-system development process Stacking: build new services on old system Extensible interface: add new services without invalidating existing work

Fault Tolerance Replicate data storage so that improve reliability ? two copies are enough Replicate storage access paths(Name service volumes) so that improve availability Elect a primary by majority voting scheme Overview Performance was better than most NFS Global naming was satisfactory Reasonable availability

Sabalow, Ryan Co-Host

Sabalow, Ryan is from United States and they belong to Co-Host and work for World Famous Morning Show – KSFM-FM in the CA state United States got related to this Particular Article.

Journal Ratings by Elizabeth City State University

This Particular Journal got reviewed and rated by Stack Data Caching Individual stack layers cache data so that improve performance A cache manager coordinate page caching so that keep consistent. Page-naming policy [stack identifier, file offset] Performance Layer overhead compared so that monolithic file system Facilitate file-system development Compatibility problems Layer Performance Interface Performance Compare a kernel supporting UCLA interface alongside a standard kernel and short form of this particular Institution is NC and gave this Journal an Excellent Rating.

 

Nationally, the demand in consideration of graduates alongside Bachelor?s D

 www.phwiki.com

 

The Above Picture is Related Image of Another Journal

 

Nationally, the demand in consideration of graduates alongside Bachelor?s D

Elizabeth City State University, US has reference to this Academic Journal, Nationally, the demand in consideration of graduates alongside Bachelor?s Degrees in the areas most of our graduates are initially employed is rising.Computer Science Graduates are in Demand.The number of students declaring Computer Science as their major has grown significantly in the past ten years. The number of declared majors has grown 89% in the past 5 years in addition to 178% in the past 10 years.The Computer Science Program is growing rapidly.Number of CS Majors By ClassificationThe number of sections needed so that support the needs of the students in the Computer Science Program is growing.The number of sections offered is growing.Number of CS Sections Per Year

 Gould, Lark Ellen Elizabeth City State University www.phwiki.com

 

Related University That Contributed for this Journal are Acknowledged in the above Image

 

Computer Science faculty members consider 24 so that be the ideal size of many of the project-oriented sections which make up the majority of sections offered. The average section size of 22.93 in consideration of the 2016 academic year means that many of the sections offered are larger than ideal.The average number of students per section is growing.Number of Students Per SectionExamining the number of students majoring in CS from the freshman level in one year so that the sophomore level in the following year (from fall so that fall), reveals the following improvement in retention from year so that following year.ÿRetention is rising.Number of CS Freshmen so that Next-Year Sophomores 2010-2011 33% 2011-2012 51% 2012-2013 42% 2013-2014 65% 2014-2015 72%Faculty Mix.CS Faculty Mix 2012 2013 2014 2015Tenured Faculty 0 0 0 0Tenure-Track Faculty 0 1 2 2Contract Faculty 1 1 1 1One-Year Contract Faculty 1 1 0 0Adjunct Faculty 2 2 2 2

Lecture 6 Derivation of Continuity Equation Derivation of Minority Carrier Diffusion Equations Carrier Concentration Notation Simplifications (Special Cases) Example Minority Carrier Diffusion Length Quasi-Fermi Levels Example: Quasi-Fermi Levels Summary

Gould, Lark Ellen Midday Personality

Gould, Lark Ellen is from United States and they belong to Midday Personality and work for KZZP-FM in the AZ state United States got related to this Particular Article.

Journal Ratings by Elizabeth City State University

This Particular Journal got reviewed and rated by and short form of this particular Institution is US and gave this Journal an Excellent Rating.