Changes between Version 8 and Version 9 of Internal/Rbac/OrbitRbacDesign/ThreatAnalysis


Ignore:
Timestamp:
Sep 8, 2006, 5:58:33 PM (18 years ago)
Author:
hedinger
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Internal/Rbac/OrbitRbacDesign/ThreatAnalysis

    v8 v9  
    11[[TOC(Internal/Rbac, Internal/Rbac/OrbitRbacLevels, Internal/Rbac/OrbitRbacDesign, Internal/Rbac/OrbitRbacDesign/ThreatAnalysis, Internal/Rbac/OrbitRbacDesign/AuditingTools, Internal/Rbac/OrbitRbacDesign/ConsistencyChecking, Internal/Rbac/OrbitRbacDesign/NistRbacSoftware, Internal/Rbac/OrbitRbacDesign/SolarisRbac, Internal/Rbac/OrbitRbacDesign/OasisRbac, Internal/Rbac/OrbitRbacDesign/DesignByWiki, Internal/Rbac/OrbitRbacDesign/OpenIssues, Internal/Rbac/LdapResources, Internal/Rbac/RbacResources)]]
    22==== ORBIT Threat Analysis ====
    3 The primary motivation for using role-based access control with the ORBIT Testbed is to insure that every user has complete access to each and every ORBIT resource he or she needs to perform each phase of an experiment without giving each user root privileges.  Each identifiable task of each phase could be a role and a user need only have the commensurate privileges when acting in a given role.
     3The primary motivation for using role-based access control with the ORBIT Testbed is to insure that every user has sufficient access to each and every ORBIT resource that he or she needs to perform each phase of an experiment without giving each user root privileges.  Each identifiable task of each phase of each type of experiment could be a role, and a user need only have the certain privileges when acting in a given role.
    44
    55Because ORBIT is designed to be operated as a service available to the research community, no one experiment should affect a future one, and each project must be protected from other projects.
    66
    7 It is assumed that all project members can see all project scripts, programs and data, but not all scripts, programs and data belonging to each member of the project.
     7It is assumed that all members of a given project can see all of that project's scripts, programs and data, but not all scripts, programs and data belonging to each member of the project.
    88
    99List of possible threats
     
    1111 * intentional or unintentional disruption of experiments by project members due to interference with ORBIT resources or project resources.
    1212 * unintended read access to a user's or a project's experimental scripts or locally developed components or data results by other users or projects.
    13  * intentional or unintentional modification of a user's or a project's scripts or own components or data results by nonproject members.
     13 * intentional or unintentional modification or deletion of a user's or a project's scripts or own components or data results by nonproject members.
    1414 * unauthorized access to ORBIT system code, esp., device driver source or controller scripts.
    1515
    16 Noting should affect the integrity of experimental results nor any project member's ability to properly interpret those results.
     16Nothing should affect the integrity of experimental results nor any project member's ability to properly interpret those results.
    1717
    18 Who (what role on the project) is allowed to change data, i.e., remove outliers or otherwise filter data?
     18Who (what role on the project) is allowed to change data, i.e., remove outliers, otherwise filter data, or delete data sets?
    1919
    2020Is it possible that user- or project-developed components may have hidden dependencies on its own or other component's history?
     
    2222Does the full support of real-time measurement require dedication of some resources above and beyond normal experiments, e.g., impairing other's access?
    2323
    24 Does the enforced use of web access to ORBIT services (as an ORBIT policy) have any access control implications?
     24Does the preferred use of web access to ORBIT services (as an ORBIT policy) have any access control implications?
    2525
    26 Are there any requirements related to version control?  Safe to assume that each project will keep track of it?
     26Are there any requirements related to version control?  Is it safe to assume that each project will keep track of it?
    2727
    2828Are there any other threats that might require the use of RBAC with ORBIT?