1 | %!PS-Adobe-2.0
|
---|
2 | %%Creator: dvips 5.47 Copyright 1986-91 Radical Eye Software
|
---|
3 | %%Title: paper.dvi
|
---|
4 | %%Pages: 11 1
|
---|
5 | %%BoundingBox: 0 0 612 792
|
---|
6 | %%EndComments
|
---|
7 | %%BeginProcSet: texc.pro
|
---|
8 | /TeXDict 200 dict def TeXDict begin /N /def load def /B{bind def}N /S /exch
|
---|
9 | load def /X{S N}B /TR /translate load N /isls false N /vsize 10 N /@rigin{
|
---|
10 | isls{[0 1 -1 0 0 0]concat}if 72 Resolution div 72 VResolution div neg scale
|
---|
11 | Resolution VResolution vsize neg mul TR matrix currentmatrix dup dup 4 get
|
---|
12 | round 4 exch put dup dup 5 get round 5 exch put setmatrix}N /@letter{/vsize 10
|
---|
13 | N}B /@landscape{/isls true N /vsize -1 N}B /@a4{/vsize 10.6929133858 N}B /@a3{
|
---|
14 | /vsize 15.5531 N}B /@ledger{/vsize 16 N}B /@legal{/vsize 13 N}B /@manualfeed{
|
---|
15 | statusdict /manualfeed true put}B /@copies{/#copies X}B /FMat[1 0 0 -1 0 0]N
|
---|
16 | /FBB[0 0 0 0]N /nn 0 N /IE 0 N /ctr 0 N /df-tail{/nn 8 dict N nn begin
|
---|
17 | /FontType 3 N /FontMatrix fntrx N /FontBBox FBB N string /base X array
|
---|
18 | /BitMaps X /BuildChar{CharBuilder}N /Encoding IE N end dup{/foo setfont}2
|
---|
19 | array copy cvx N load 0 nn put /ctr 0 N[}B /df{/sf 1 N /fntrx FMat N df-tail}
|
---|
20 | B /dfs{div /sf X /fntrx[sf 0 0 sf neg 0 0]N df-tail}B /E{pop nn dup definefont
|
---|
21 | setfont}B /ch-width{ch-data dup length 5 sub get}B /ch-height{ch-data dup
|
---|
22 | length 4 sub get}B /ch-xoff{128 ch-data dup length 3 sub get sub}B /ch-yoff{
|
---|
23 | ch-data dup length 2 sub get 127 sub}B /ch-dx{ch-data dup length 1 sub get}B
|
---|
24 | /ch-image{ch-data dup type /stringtype ne{ctr get /ctr ctr 1 add N}if}B /id 0
|
---|
25 | N /rw 0 N /rc 0 N /gp 0 N /cp 0 N /G 0 N /sf 0 N /CharBuilder{save 3 1 roll S
|
---|
26 | dup /base get 2 index get S /BitMaps get S get /ch-data X pop /ctr 0 N ch-dx 0
|
---|
27 | ch-xoff ch-yoff ch-height sub ch-xoff ch-width add ch-yoff setcachedevice
|
---|
28 | ch-width ch-height true[1 0 0 -1 -.1 ch-xoff sub ch-yoff .1 add]/id ch-image N
|
---|
29 | /rw ch-width 7 add 8 idiv string N /rc 0 N /gp 0 N /cp 0 N{rc 0 ne{rc 1 sub
|
---|
30 | /rc X rw}{G}ifelse}imagemask restore}B /G{{id gp get /gp gp 1 add N dup 18 mod
|
---|
31 | S 18 idiv pl S get exec}loop}B /adv{cp add /cp X}B /chg{rw cp id gp 4 index
|
---|
32 | getinterval putinterval dup gp add /gp X adv}B /nd{/cp 0 N rw exit}B /lsh{rw
|
---|
33 | cp 2 copy get dup 0 eq{pop 1}{dup 255 eq{pop 254}{dup dup add 255 and S 1 and
|
---|
34 | or}ifelse}ifelse put 1 adv}B /rsh{rw cp 2 copy get dup 0 eq{pop 128}{dup 255
|
---|
35 | eq{pop 127}{dup 2 idiv S 128 and or}ifelse}ifelse put 1 adv}B /clr{rw cp 2
|
---|
36 | index string putinterval adv}B /set{rw cp fillstr 0 4 index getinterval
|
---|
37 | putinterval adv}B /fillstr 18 string 0 1 17{2 copy 255 put pop}for N /pl[{adv
|
---|
38 | 1 chg}bind{adv 1 chg nd}bind{1 add chg}bind{1 add chg nd}bind{adv lsh}bind{
|
---|
39 | adv lsh nd}bind{adv rsh}bind{adv rsh nd}bind{1 add adv}bind{/rc X nd}bind{1
|
---|
40 | add set}bind{1 add clr}bind{adv 2 chg}bind{adv 2 chg nd}bind{pop nd}bind]N /D{
|
---|
41 | /cc X dup type /stringtype ne{]}if nn /base get cc ctr put nn /BitMaps get S
|
---|
42 | ctr S sf 1 ne{dup dup length 1 sub dup 2 index S get sf div put}if put /ctr
|
---|
43 | ctr 1 add N}B /I{cc 1 add D}B /bop{userdict /bop-hook known{bop-hook}if /SI
|
---|
44 | save N @rigin 0 0 moveto}N /eop{clear SI restore showpage userdict /eop-hook
|
---|
45 | known{eop-hook}if}N /@start{userdict /start-hook known{start-hook}if
|
---|
46 | /VResolution X /Resolution X 1000 div /DVImag X /IE 256 array N 0 1 255{IE S 1
|
---|
47 | string dup 0 3 index put cvn put}for}N /p /show load N /RMat[1 0 0 -1 0 0]N
|
---|
48 | /BDot 260 string N /rulex 0 N /ruley 0 N /v{/ruley X /rulex X V}B /V
|
---|
49 | statusdict begin /product where{pop product dup length 7 ge{0 7 getinterval
|
---|
50 | (Display)eq}{pop false}ifelse}{false}ifelse end{{gsave TR -.1 -.1 TR 1 1 scale
|
---|
51 | rulex ruley false RMat{BDot}imagemask grestore}}{{gsave TR -.1 -.1 TR rulex
|
---|
52 | ruley scale 1 1 false RMat{BDot}imagemask grestore}}ifelse B /a{moveto}B
|
---|
53 | /delta 0 N /tail{dup /delta X 0 rmoveto}B /M{S p delta add tail}B /b{S p tail}
|
---|
54 | B /c{-4 M}B /d{-3 M}B /e{-2 M}B /f{-1 M}B /g{0 M}B /h{1 M}B /i{2 M}B /j{3 M}B
|
---|
55 | /k{4 M}B /w{0 rmoveto}B /l{p -4 w}B /m{p -3 w}B /n{p -2 w}B /o{p -1 w}B /q{p 1
|
---|
56 | w}B /r{p 2 w}B /s{p 3 w}B /t{p 4 w}B /x{0 S rmoveto}B /y{3 2 roll p a}B /bos{
|
---|
57 | /SS save N}B /eos{clear SS restore}B end
|
---|
58 | %%EndProcSet
|
---|
59 | %%BeginProcSet: special.pro
|
---|
60 | TeXDict begin /SDict 200 dict N SDict begin /@SpecialDefaults{/hs 612 N /vs
|
---|
61 | 792 N /ho 0 N /vo 0 N /hsc 1 N /vsc 1 N /ang 0 N /CLIP false N /BBcalc false N
|
---|
62 | /p 3 def}B /@scaleunit 100 N /@hscale{@scaleunit div /hsc X}B /@vscale{
|
---|
63 | @scaleunit div /vsc X}B /@hsize{/hs X /CLIP true N}B /@vsize{/vs X /CLIP true
|
---|
64 | N}B /@hoffset{/ho X}B /@voffset{/vo X}B /@angle{/ang X}B /@rwi{10 div /rwi X}
|
---|
65 | B /@llx{/llx X}B /@lly{/lly X}B /@urx{/urx X}B /@ury{/ury X /BBcalc true N}B
|
---|
66 | /magscale true def end /@MacSetUp{userdict /md known{userdict /md get type
|
---|
67 | /dicttype eq{md begin /letter{}N /note{}N /legal{}N /od{txpose 1 0 mtx
|
---|
68 | defaultmatrix dtransform S atan/pa X newpath clippath mark{transform{
|
---|
69 | itransform moveto}}{transform{itransform lineto}}{6 -2 roll transform 6 -2
|
---|
70 | roll transform 6 -2 roll transform{itransform 6 2 roll itransform 6 2 roll
|
---|
71 | itransform 6 2 roll curveto}}{{closepath}}pathforall newpath counttomark array
|
---|
72 | astore /gc xdf pop ct 39 0 put 10 fz 0 fs 2 F/|______Courier fnt invertflag{
|
---|
73 | PaintBlack}if}N /txpose{pxs pys scale ppr aload pop por{noflips{pop S neg S TR
|
---|
74 | pop 1 -1 scale}if xflip yflip and{pop S neg S TR 180 rotate 1 -1 scale ppr 3
|
---|
75 | get ppr 1 get neg sub neg ppr 2 get ppr 0 get neg sub neg TR}if xflip yflip
|
---|
76 | not and{pop S neg S TR pop 180 rotate ppr 3 get ppr 1 get neg sub neg 0 TR}if
|
---|
77 | yflip xflip not and{ppr 1 get neg ppr 0 get neg TR}if}{noflips{TR pop pop 270
|
---|
78 | rotate 1 -1 scale}if xflip yflip and{TR pop pop 90 rotate 1 -1 scale ppr 3 get
|
---|
79 | ppr 1 get neg sub neg ppr 2 get ppr 0 get neg sub neg TR}if xflip yflip not
|
---|
80 | and{TR pop pop 90 rotate ppr 3 get ppr 1 get neg sub neg 0 TR}if yflip xflip
|
---|
81 | not and{TR pop pop 270 rotate ppr 2 get ppr 0 get neg sub neg 0 S TR}if}
|
---|
82 | ifelse scaleby96{ppr aload pop 4 -1 roll add 2 div 3 1 roll add 2 div 2 copy
|
---|
83 | TR .96 dup scale neg S neg S TR}if}N /cp{pop pop showpage pm restore}N end}if}
|
---|
84 | if}N /normalscale{Resolution 72 div VResolution 72 div neg scale magscale{
|
---|
85 | DVImag dup scale}if}N /psfts{S 65536 div N}N /startTexFig{/psf$SavedState save
|
---|
86 | N userdict maxlength dict begin /magscale false def normalscale currentpoint
|
---|
87 | TR /psf$ury psfts /psf$urx psfts /psf$lly psfts /psf$llx psfts /psf$y psfts
|
---|
88 | /psf$x psfts currentpoint /psf$cy X /psf$cx X /psf$sx psf$x psf$urx psf$llx
|
---|
89 | sub div N /psf$sy psf$y psf$ury psf$lly sub div N psf$sx psf$sy scale psf$cx
|
---|
90 | psf$sx div psf$llx sub psf$cy psf$sy div psf$ury sub TR /showpage{}N
|
---|
91 | /erasepage{}N /copypage{}N /p 3 def @MacSetUp}N /doclip{psf$llx psf$lly
|
---|
92 | psf$urx psf$ury currentpoint 6 2 roll newpath 4 copy 4 2 roll moveto 6 -1 roll
|
---|
93 | S lineto S lineto S lineto closepath clip newpath moveto}N /endTexFig{end
|
---|
94 | psf$SavedState restore}N /@beginspecial{SDict begin /SpecialSave save N gsave
|
---|
95 | normalscale currentpoint TR @SpecialDefaults}N /@setspecial{CLIP{newpath 0 0
|
---|
96 | moveto hs 0 rlineto 0 vs rlineto hs neg 0 rlineto closepath clip}if ho vo TR
|
---|
97 | hsc vsc scale ang rotate BBcalc{rwi urx llx sub div dup scale llx neg lly neg
|
---|
98 | TR}if /showpage{}N /erasepage{}N /copypage{}N newpath}N /@endspecial{grestore
|
---|
99 | clear SpecialSave restore end}N /@defspecial{SDict begin}N /@fedspecial{end}B
|
---|
100 | /li{lineto}B /rl{rlineto}B /rc{rcurveto}B /np{/SaveX currentpoint /SaveY X N 1
|
---|
101 | setlinecap newpath}N /st{stroke SaveX SaveY moveto}N /fil{fill SaveX SaveY
|
---|
102 | moveto}N /ellipse{/endangle X /startangle X /yrad X /xrad X /savematrix matrix
|
---|
103 | currentmatrix N TR xrad yrad scale 0 0 1 startangle endangle arc savematrix
|
---|
104 | setmatrix}N end
|
---|
105 | %%EndProcSet
|
---|
106 | TeXDict begin 1000 300 300 @start /Fa 8 104 df<90381FFFFC90B5FCD803F0C7FCEA07
|
---|
107 | 80000EC8FC5A5A12301270126012E05AA77E12601270123012387E7E6C7EEA03F0C6B512FC131F
|
---|
108 | 90C8FCA8007FB512FCA21E277C9F27>18 D<156015701530153881150C150E81B712C082C91278
|
---|
109 | 163EEE0F80EE03E0EE0F80EE1E0016785EB712C05EC80007C7FC150E5DA25D1530157015602B1C
|
---|
110 | 7D9932>41 D<EB3FFF90B5FC3803E000EA0780000EC7FC5A5A123012701260A212E05AA2B6FCA2
|
---|
111 | 00C0C7FCA27E1260A21270123012387E7E6C7EEA03F0C6B5FC131F181E7C9A21>50
|
---|
112 | D<1403A214071406140E140C141C1418143814301470146014E014C013011480130314005B1306
|
---|
113 | 130E130C131C1318A2133813301370136013E05B12015B120390C7FC5A1206120E120C121C1218
|
---|
114 | 123812301270126012E05AA2183079A300>54 D<00C01430A26C147000601460007014E0003014
|
---|
115 | C0A20038130100181480A2001C1303000C1400000E5B3807FFFEA2EB000E6C130CA2EB801C0001
|
---|
116 | 1318EBC03800001330A2EBE070EB6060EB70E0EB30C0A21339EB1980A2131F6DC7FCA21306A21C
|
---|
117 | 2480A21D>56 D<1303A2EA01FBEA07FFEA0F0F381C0780A238380FC0130D007813E0EA700C131C
|
---|
118 | 131800F013F0A213381330A313701360A213E013C0A312F11380007113E0A21273EA7B01003B13
|
---|
119 | C0A2381F0380EA1E07380F0F00EA07FEEA0FF8000CC7FCA3142A7EA519>59
|
---|
120 | D<EB0FC0133FEBFE0013F8485A5BAF1203485A485AB4C7FC12FCB4FCEA0F806C7E6C7E1201AF7F
|
---|
121 | 6C7E13FEEB3FC0130F12317DA419>102 D<12FCB4FCEA1FC012076C7E1201AF7F6C7E137CEB3F
|
---|
122 | C0130F133FEB7C005B485A5BAF1203485A121FB4C7FC12FC12317DA419>I
|
---|
123 | E /Fb 18 121 df<127012F812FCA2127C120CA3121C1218A21238127012E0A2060F7C840E>59
|
---|
124 | D<EC01C0A21403A21407140FA2141B811431A2146114C1A2EB0181A2EB030113071306010C7FA2
|
---|
125 | EB1800EB3FFFA2EB6000A25BA2485A48C7FC5A81121F3AFFC00FFF80A221237EA225>65
|
---|
126 | D<90387FFFE090B512FC903807803E150F010F1480EC0007A349130F131EA2ED1F00013E131E01
|
---|
127 | 3C5B5D4A5A90387FFFC092C7FC9038780F80EC03C013F8EBF001811403120113E0A21407120301
|
---|
128 | C0EBC0C015E0000714E13A7FFC03E38000FF903801FF00C85A22237EA125>82
|
---|
129 | D<001FB512FEA2903801E03E003C140EEA3803003013C00070140C1260EAE007148012C0A2D800
|
---|
130 | 0F130091C7FCA35B131EA3133E133CA3137C1378A313F85BA21201387FFFC0B5FC1F227EA11D>
|
---|
131 | 84 D<EBFCE0EA03FEEA07CFEA0F07381E03C0A2123C127C00781380A2130712F800F01300140C
|
---|
132 | 130F1418EA701EEB3E383878FF30383FE7F0380F83E016157E941A>97 D<EA07C0123F5B1207A3
|
---|
133 | 90C7FCA35A120EA3121EEA1CFCEA1FFE138FEA3F07003E1380123C123812781270A2130F00F013
|
---|
134 | 0012E0A2131EA25BEA7078EA78F0EA3FE0EA1F8011237DA215>I<137F3801FFC0EA03E1EA0F83
|
---|
135 | 1303121E48C7FCA25AA312F85AA314C0EA7801EB0380383C1F00EA1FFEEA07F012157E9415>I<
|
---|
136 | 13FEEA03FF380F8380EA1F01123C127CEA780338F81F00EAFFFE13F000F0C7FCA25AA3EB0180EA
|
---|
137 | F00338700700EA7C3EEA3FFCEA0FE011157D9417>101 D<13381378A31300A9EA0F80EA1FC0EA
|
---|
138 | 3DE0123012701261EAE1C012011203138012071300A2EA0F0CEA0E1C1318121EEA1C38EA1E70EA
|
---|
139 | 0FE0EA07C00E2280A111>105 D<14E01301A390C7FCA9133E137FEBE780EA01C3EA03831303EA
|
---|
140 | 070712001400A25BA2130EA2131EA2131CA2133CA21338A21378A2137013F0EA70E012F1EAF3C0
|
---|
141 | B45A007EC7FC132C81A114>I<EA03E0121F13C01203A31380A21207A21300A25AA2120EA2121E
|
---|
142 | A2121CA2123CA21238A21278A21270EA718012F112F3EAE300A212F7127E123E0B237DA20F>
|
---|
143 | 108 D<381F03F8383F8FFC383BDE3C3871F81E3861F00E13E000E3131E3803C01CA21380000713
|
---|
144 | 3C14381300EC786048EB70E015C0000E13F014E1001EEBF380EC7F00001C133E1B1580941D>
|
---|
145 | 110 D<137F3801FF803803C3C0380F81E0381F00F0121E5AA25AA2130100F813E012F0130314C0
|
---|
146 | 13070070138038781F00EA3C3EEA1FF8EA0FE014157E9417>I<381F07E0383F9FF0383BFC70EA
|
---|
147 | 71F83861F0F013E038E3C0E0000313005BA21207A290C7FCA25AA2120EA2121EA2121C14158094
|
---|
148 | 16>114 D<137E3801FF80EA03C3EA07871307A2EB0300138013F813FE6C7EC67EEB0F80130712
|
---|
149 | 7000F01300A2485AEAF03EEA7FF8EA1FE011157E9417>I<136013E0A4120113C0A31203EAFFFC
|
---|
150 | A2EA038012071300A35A120EA3121E121C130C131CEA3C18EA38381370EA3CF0EA1FE0EA0F800E
|
---|
151 | 1F7F9E12>I<380F800EEA1FC0383DE01E12300070131C126138E1C03C12010003133813801478
|
---|
152 | 1207EB007015C014F0ECF180EB01E1EB03E3903887F3003803FE7F3801F83E1A1580941C>I<38
|
---|
153 | 03E1F0380FF3FC381C3F1CEA383E38701C3C126038E03C38000013001338A213781370A2140C38
|
---|
154 | 70F01C00F01318EBE03838F1F07038E3F8F0387F3FC0383E1F8016157E941C>120
|
---|
155 | D E /Fc 78 123 df<90381FC3F090387FEFF89038F0FE783801C0FC380380F800071400EB0070
|
---|
156 | A8B612C0A23907007000B1397FE3FF80A21D2380A21C>11 D<EB0FE0EB7FF0EBF878EA01E0EA03
|
---|
157 | C0EA0780EB003091C7FCA7B512F8A2380700781438B0397FE1FF80A2192380A21B>I<EB0FF813
|
---|
158 | 7FEBF878EA01E0EA03C0380780381300A8B512F8A238070038B1397FF3FF80A2192380A21B>I<
|
---|
159 | 90390FE03F8090397FF9FFC09039F83BE1E03901E03F81D803C013013807803E9039003C00C002
|
---|
160 | 1C1300A7B712E0A23907001C011500B03A7FF1FFCFFEA2272380A229>I<EA7038EAF87CEAFC7E
|
---|
161 | A2EA7C3EEA0C06A3EA1C0EEA180CA2EA381CEA7038EAE070A20F0F7EA218>34
|
---|
162 | D<127012F812FCA2127C120CA3121C1218A21238127012E0A2060F7CA20E>39
|
---|
163 | D<137013E0EA01C0A2EA0380EA0700120EA25AA25AA35AA4126012E0AE12601270A47EA37EA27E
|
---|
164 | A27EEA0380EA01C0A2EA00E013700C327DA413>I<12E012707EA27E7E7EA2EA0380A2EA01C0A3
|
---|
165 | EA00E0A413601370AE136013E0A4EA01C0A3EA0380A2EA0700A2120E5A5AA25A5A0C327DA413>
|
---|
166 | I<127012F812FCA2127C120CA3121C1218A21238127012E0A2060F7C840E>44
|
---|
167 | D<EAFFE0A30B037F8B10>I<127012F8A3127005057C840E>I<EB0180A213031400A25B1306A213
|
---|
168 | 0E130CA2131C1318A313381330A213701360A213E05BA212015BA2120390C7FCA25A1206A2120E
|
---|
169 | 120CA3121C1218A212381230A212701260A212E05AA211317DA418>I<EA01F0EA07FCEA0E0E48
|
---|
170 | 7E38380380A2007813C0EA7001A300F013E0AE007013C0A3EA780300381380A2381C0700EA0E0E
|
---|
171 | EA07FCEA01F013227EA018>I<EA01801203120F12FF12F31203B3A8EAFFFEA20F217CA018>I<EA
|
---|
172 | 03F8EA0FFEEA3C3F38380F80387007C0126038E003E012F8A21301A2EA7003120014C01307A2EB
|
---|
173 | 0F801400131E5B5B5B5B485A485A38070060120E5A4813E04813C0B5FCA313217EA018>I<EA03
|
---|
174 | F8EA0FFEEA1E1F38380F80387007C01278127C1278A21200A21480130FEB1F00133EEA03FC5BEA
|
---|
175 | 001E7FEB078014C0EB03E0A2127012F8A438E007C0127038780F80383E1F00EA0FFEEA03F81322
|
---|
176 | 7EA018>I<130EA2131EA2133EA2136E13EE13CE1201138EEA030E12071206120E120C1218A212
|
---|
177 | 301270126012E0B512F8A238000E00A73801FFF0A215217FA018>I<38180180EA1E07EA1FFF14
|
---|
178 | 0013FC13F00018C7FCA6EA19F8EA1FFE130F381E0780381C03C01218EA000114E0A4127012F0A3
|
---|
179 | 38E003C0A238700780EA380F383E1F00EA0FFCEA07F013227EA018>I<137E3801FF803803C3C0
|
---|
180 | EA0703120E121E123C0038C7FC1278A3EA7020EAF3FCEAF7FF38FE0F80EAFC0738F803C0A2EB01
|
---|
181 | E012F0A51270A2127814C0EA3803003C1380EA1E07380F1F00EA07FEEA03F813227EA018>I<12
|
---|
182 | 601270387FFFE0A3386001C000E01380EAC003EB07001306EA000E130C131C5B13301370A25BA3
|
---|
183 | 1201A25BA31203AA13237DA118>I<EA03F8EA0FFEEA1F1F383C0780EA3803007013C01301A312
|
---|
184 | 78EA7C03383E0780383F8700EA1FDEEA0FFC6C5A13FE487E381E3F80383C1FC0EA7807387003E0
|
---|
185 | EAF00112E01300A37E387001C0EA7803383C0780381E0F00EA0FFEEA03F813227EA018>I<EA03
|
---|
186 | F8EA0FFCEA1F1EEA3C0700381380EA7803007013C012F01301A214E0A513031278A2EA3C07EA3E
|
---|
187 | 0FEA1FFDEA07F9EA0081EB01C01303A21480EA780714005B131E137CEA3FF8EA0FE013227EA018
|
---|
188 | >I<127012F8A312701200AB127012F8A3127005157C940E>I<127012F8A312701200AB127012F8
|
---|
189 | A312781218A4123812301270A212E012C0051F7C940E>I<B612FEA2C9FCA8B612FEA21F0C7D91
|
---|
190 | 26>61 D<497E497EA3497EA3497E130CA2EB1CF8EB1878A2EB383C1330A2497EA3497EA348B512
|
---|
191 | 80A2EB800739030003C0A30006EB01E0A3000EEB00F0001F130139FFC00FFFA220237EA225>65
|
---|
192 | D<B512F814FE3907800F80EC07C0EC03E0140115F0A515E01403EC07C0EC0F8090B512005C9038
|
---|
193 | 801F80EC07C0EC03E0EC01F0140015F8A6EC01F0140315E0EC0FC0B6120014FC1D227EA123>I<
|
---|
194 | 90380FF030EB7FFC9038FC1E703803F0073907C003F0380F8001EA1F001400123E003C1470127C
|
---|
195 | A215305AA21500A71530127CA36C147015606C14E015C0380F80013907C003803903F007003800
|
---|
196 | FC1EEB7FFCEB0FF01C247DA223>I<B512F014FE3807801FEC07C01403EC01E0EC00F015F81578
|
---|
197 | 157C153CA3153EA9153CA2157C1578A215F0EC01E01403EC07C0EC1F00B512FE14F81F227EA125
|
---|
198 | >I<B612C0A23807800F14031401140015E0A215601460A3150014E0138113FFA2138113801460
|
---|
199 | A21518A214001530A4157015F01401EC07E0B6FCA21D227EA121>I<B612C0A23807800F140314
|
---|
200 | 01140015E0A21560A21460A21500A214E0138113FFA2138113801460A491C7FCA8EAFFFEA21B22
|
---|
201 | 7EA120>I<90380FF018EB3FFC9038FC0F383903F003B83907C001F8380F800090C7FC48147812
|
---|
202 | 3E15385AA215185AA21500A6EC1FFFA2007CEB0078A37EA27E6C7E7F6C6C13F83803F0013900FE
|
---|
203 | 079890383FFF1890380FF80020247DA226>I<39FFFC3FFFA239078001E0AD90B5FCA2EB8001AF
|
---|
204 | 39FFFC3FFFA220227EA125>I<EAFFFCA2EA0780B3ACEAFFFCA20E227EA112>I<3803FFF0A23800
|
---|
205 | 0F00B3A612F8A35BEAF01EEA703EEA787CEA3FF8EA0FE014237EA119>I<39FFFC07FFA2390780
|
---|
206 | 03F8EC01E04A5A4A5A92C7FC140E5C5C5C5CEB81C013831387EB8FE0EB9DF013BDEBF8F8EBF078
|
---|
207 | EBE07C497EEB801E141F6E7EA26E7E6E7EA26E7EA215FC3AFFFC07FF80A221227EA126>I<EAFF
|
---|
208 | FEA2EA0780B3EC0180A41403A215005CA25C143FB6FCA219227EA11E>I<D8FFC0EB03FF6D5B00
|
---|
209 | 0715E0A2D806F0130DA301781319A36D1331A36D1361A36D13C1A29038078181A3903803C301A3
|
---|
210 | EB01E6A3EB00FCA31478EA1F80D8FFF0EB3FFF143028227EA12D>I<39FF800FFF13C03907E001
|
---|
211 | F8EC00607F12067F137C133C133E131E131FEB0F80130714C0130314E0EB01F0130014F8147CA2
|
---|
212 | 143E141E141FEC0FE0A214071403A21401EA1F8038FFF000156020227EA125>I<EB0FE0EB7FFC
|
---|
213 | EBF83E3903E00F8039078003C0390F0001E0A2001EEB00F0003E14F8003C1478007C147CA20078
|
---|
214 | 143CA200F8143EA9007C147CA3003C1478003E14F8001E14F06CEB01E0EB80033907C007C03903
|
---|
215 | E00F803900F83E00EB7FFCEB0FE01F247DA226>I<B512F014FC3807803FEC0F801407EC03C0A2
|
---|
216 | 15E0A515C0A2EC0780140FEC3F00EBFFFC14F00180C7FCADEAFFFCA21B227EA121>I<EB0FE0EB
|
---|
217 | 7FFCEBF83E3903E00F803907C007C0390F8003E0EB0001001EEB00F0003E14F8003C1478007C14
|
---|
218 | 7CA20078143CA200F8143EA90078143C007C147CA2003C1478393E07C0F8391E0FE0F0390F1C71
|
---|
219 | E0EB98330007EB1BC03903F81F803900FC3E0090387FFC02EB0FECEB000CEC0E06A2EC0F1EEC07
|
---|
220 | FCA3EC03F8EC01F01F2D7DA226>I<B512E014F83807803E140F6E7E816E7EA64A5A5D4AC7FC14
|
---|
221 | 3EEBFFF85CEB80F8143C80A280A381A4ED818015C1EC07C3D8FFFCEBE7006EB4FCC85A21237EA1
|
---|
222 | 24>I<3807F060EA0FFE381E1FE0EA3807EA70031301EAE000A21460A27E14007E127C127FEA3F
|
---|
223 | F0EA1FFE380FFF80000313C0EA007FEB07E0130114F01300A200C01370A37E14F06C13E0EAF801
|
---|
224 | 00FC13C038FF078038C7FF00EAC1FC14247DA21B>I<007FB512F8A2387C078000701438006014
|
---|
225 | 18A200E0141C00C0140CA500001400B3A20003B5FCA21E227EA123>I<39FFFC0FFFA239078001
|
---|
226 | F8EC0060B3A515E06C6C13C01401D801E0138014033900F80700EB7C1EEB1FFCEB07F020237EA1
|
---|
227 | 25>I<D8FFF0EBFFC0A2D80F80EB3E00151C00071418A26C6C5BA36C6C5BA26D13E000005CA2EB
|
---|
228 | F80101785BA26D48C7FCA3EB1E06A2EB1F0EEB0F0CA2149CEB0798A2EB03F0A36D5AA36D5A2223
|
---|
229 | 7FA125>I<3BFFF03FFC07FEA23B1F8007C001F8260F0003EB00E0A2D807806D13C0A33B03C007
|
---|
230 | F001801406A216032701E00C781300A33A00F0183C06A3903978383E0CEC301EA2161C90393C60
|
---|
231 | 0F18A390391EC007B0A3010F14E0EC8003A36D486C5AA32F237FA132>I<387FFFFEA2EB003E00
|
---|
232 | 7C137C0070137814F838E001F0A238C003E014C01307EB0F801200EB1F00131E133E5BA25B5B00
|
---|
233 | 011303EA03E0A2EA07C01380000F1307EA1F001406003E130E003C131E007C133E4813FEB5FCA2
|
---|
234 | 18227DA11E>90 D<12FEA212C0B3B3A912FEA207317BA40E>I<EA1C0EA2EA381CEA7038EA6030
|
---|
235 | A2EAE070EAC060A3EAF87CEAFC7EA2EA7C3EEA381C0F0F7AA218>I<12FEA21206B3B3A912FEA2
|
---|
236 | 07317FA40E>I<EA1FF0EA3FFCEA3C3E130FA2C67EA25BEA03FF121FEA3F07127C12F8A200F013
|
---|
237 | 18A2130FEAF81F387C3FB8383FF3F0381FC3C015157E9418>97 D<120E12FEA2121E120EAAEB3F
|
---|
238 | C0EBFFE0380FE1F0EB8078EB003C120E141EA8143CA2000F137CEB80F8EBE1F0380CFFE0EB3F80
|
---|
239 | 17237FA21B>I<EA03FE380FFF80EA1F07123E123C48C7FCA25AA7127814C0EA3C01003E1380EA
|
---|
240 | 1F87380FFF00EA03FC12157E9416>I<14E0130FA213011300AAEA03F8EA0FFEEA1F0FEA3E03EA
|
---|
241 | 7C01EA7800A25AA71270EA7801A2EA3C03381F0FF0380FFEFEEA03F017237EA21B>I<EA01FCEA
|
---|
242 | 07FF381F0F80383E03C0EA3C01007813E0A2B5FCA200F0C7FCA5127814606C13E0383E01C0EA0F
|
---|
243 | 833807FF00EA01FC13157F9416>I<133E13FFEA01EFEA03CF138FEA0700A9EAFFF8A2EA0700B1
|
---|
244 | EA7FF8A2102380A20F>I<14F03803FBF83807FFB8380F1F38381E0F00383C0780A7381E0F00EA
|
---|
245 | 1F1E13FCEA1BF80018C7FCA2121CEA1FFF6C13C0003F13F0EA7C013870007812F0481338A36C13
|
---|
246 | 78007813F0383F07E0381FFFC03803FE0015217F9518>I<120E12FEA2121E120EAAEB3F80EBFF
|
---|
247 | E0EA0FE1EB80F0EB0070A2120EAD38FFE7FFA218237FA21B>I<121E123EA3121EC7FCA8120E12
|
---|
248 | FEA2121E120EAFEAFFC0A20A227FA10E>I<EA01C0EA03E0A3EA01C0C7FCA8EA01E0120FA21201
|
---|
249 | 1200B3A412F113C012F3EAFF80EA3E000B2C82A10F>I<120E12FEA2121E120EAAEB0FFCA2EB07
|
---|
250 | E014801400131E5B5B13F8EA0FFCA2131EEA0E0F14801307EB03C014E0130114F038FFE3FEA217
|
---|
251 | 237FA21A>I<120E12FEA2121E120EB3ABEAFFE0A20B237FA20E>I<390E3FC0FF26FEFFF313C039
|
---|
252 | FFE0F7833A1F807E01E0390F003C00A2000E1338AD3AFFE3FF8FFEA227157F942A>I<380E3F80
|
---|
253 | 38FEFFE0EAFFE1381F80F0380F0070A2120EAD38FFE7FFA218157F941B>I<EA01FCEA07FF380F
|
---|
254 | 0780381C01C0383800E0007813F00070137000F01378A700701370007813F0003813E0381C01C0
|
---|
255 | 380F07803807FF00EA01FC15157F9418>I<380E3FC038FEFFE038FFE1F0380F80F8EB007C000E
|
---|
256 | 133C143E141EA6143E143CA2000F137CEB80F8EBE1F0380EFFE0EB3F8090C7FCA8EAFFE0A2171F
|
---|
257 | 7F941B>I<3803F860EA0FFEEA1F0F383E03E0EA7C011278130012F85AA612781301EA7C03EA3E
|
---|
258 | 07EA1F0FEA0FFCEA03F0C7FCA8EB0FFEA2171F7E941A>I<EA0E7EEAFEFFEAFFEFEA1F8FEA0F0F
|
---|
259 | 1300A2120EACEAFFF0A210157F9413>I<EA1FD8EA3FF8EA7878EAF038EAE018A212F0EAF800EA
|
---|
260 | 7F8013E0EA1FF0EA03F8EA007CEAC03C131C12E0A2EAF03CEAF878EAFFF0EACFE00E157E9413>
|
---|
261 | I<1206A5120EA3121E123EEAFFF8A2EA0E00AA130CA5EA0F1CEA073813F8EA03E00E1F7F9E13>
|
---|
262 | I<000E137038FE07F0A2EA1E00000E1370AB14F0A21301380787F8EBFF7FEA01FC18157F941B>
|
---|
263 | I<38FFC3FEA2381E00F8000E137014E06C13C0A338038180A213C300011300A2EA00E6A3137CA3
|
---|
264 | 1338A217157F941A>I<39FF8FF9FFA2391E01E07C391C03C038000EEBE030A2EB06600007EB70
|
---|
265 | 60A2130E39038C30C01438139C3901D81980141DA2EBF00F00001400A2497EEB600620157F9423
|
---|
266 | >I<387FC1FFA2380781F8000313E03801C1C014803800E3001377133E133C131C133E13771367
|
---|
267 | EBC3803801C1C0380380E0000713F0001F13F838FFC1FFA2181580941A>I<38FFC3FEA2381E00
|
---|
268 | F8000E137014E06C13C0A338038180A213C300011300A2EA00E6A3137CA31338A21330A2137013
|
---|
269 | 60A2EAF0C012F1EAF380007FC7FC123E171F7F941A>I<383FFFC0A2383C0780EA380F00301300
|
---|
270 | EA701EEA603C5B13F8C65A485A3803C0C012071380EA0F00EA1E01003C1380EA7C03EA7807B5FC
|
---|
271 | A212157F9416>I E /Fd 37 122 df<EB01E01303130F137FEA1FFFB5FCA213BFEAE03F1200B3
|
---|
272 | AF007FB512F0A41C2E7AAD29>49 D<EB3FF00003B5FC4814C0001F14E0D83F8113F0397E003FF8
|
---|
273 | 007FEB1FFC39FF800FFEEBC00715FF80A3EA7F80EA3F00C7FCA2EC07FEA2EC0FFC15F8141F15F0
|
---|
274 | EC3FE0EC7FC0ECFF005C495AEB03F0495A90380FC00FEB1F80EB3E0049131F49131E485AD803C0
|
---|
275 | 133E48B512FE5A5A5A5AB612FCA4202E7CAD29>I<EB1FFC90387FFF8048B512E03903F83FF039
|
---|
276 | 07C00FF8D80FE07F381FF00701F87FA5EA0FF0D807E05B3801800FC75BA24A5A4A5AECFFC0011F
|
---|
277 | 90C7FC5CECFFC09038001FF0EC0FFC6E7E6E7E16808016C0120EEA3F80EA7FC0EAFFE0A316805C
|
---|
278 | A26C4848130001805B393FE01FFC6CB55A00075C0001148026003FFCC7FC222E7DAD29>I<15F8
|
---|
279 | 1401A214031407140F141F143FA2147F14F71301EB03E714C7EB0787EB0F07131E133E137C1378
|
---|
280 | 13F0EA01E01203EA07C01380EA0F00121E5A127C5AB712F0A4C7380FF800A8010FB512F0A4242E
|
---|
281 | 7EAD29>I<000E1438390FE003F890B5FC15F015E015C01580150014FC14F0148090C8FCA7EB1F
|
---|
282 | F890B5FC15C09038F03FF09038800FF8EB0007000E14FCC7EA03FEA315FFA2123EEA7F8012FF13
|
---|
283 | C0A3018013FE1407D87F0013FC007C130F003FEB1FF8391FE07FF06CB512E06C14800001EBFE00
|
---|
284 | 38007FF0202E7CAD29>I<ECFFC0010713F0011F7F90387FE0FC9038FF003E484813FED803F87F
|
---|
285 | 00075BEA0FF0121F13E0003F6D5AA2007F91C7FC5BA2142039FFC3FF8001C713E001CF13F89038
|
---|
286 | DC07FC9038F801FE01F07F80491480A216C05BA4127FA4123F6D1480121F4A1300EA0FF06D485A
|
---|
287 | 3907FE0FFC6CB55AC614E0013F5BD90FFEC7FC222E7DAD29>I<123C123F90B612C0A448158016
|
---|
288 | 005DA25D397C0001F80078495A4A5A00F85C48495A141F4AC7FCC7127E5C5C13015C13031307A2
|
---|
289 | 495AA3131FA25C133FA4137FAA6D5A6DC8FC22307BAF29>I<EB0FFC90387FFF8090B512E03901
|
---|
290 | F80FF03903E003F848486C7E380F800081001F147EA27F7F7F01FC13FE01FF5B14816CEBE3F8EC
|
---|
291 | FFF06C5C6C148081C614F0810003804880D80FE37FD81FC01480383F803F387F000F007E6D13C0
|
---|
292 | 00FE130148EB007F153F151F150FA26C1580A2007F141F6DEB3F006C6C137E391FF803FC6CB55A
|
---|
293 | 6C5C000114C026001FFEC7FC222E7DAD29>I<157CA215FEA34A7EA24A7FA24A7FA34A7F157F02
|
---|
294 | 1F7FEC1E3FA2023E7FEC3C1F027C7FEC780FA202F87FECF0070101804A7EA20103814A7E010781
|
---|
295 | 4A7EA249B67EA24981A2011EC7123F4981161F017C810178140FA2496E7EA2000182B5D8C001B5
|
---|
296 | 12FEA437317DB03E>65 D<B712F816FF17E083C6903980003FF8EE0FFC707E8382188082A55E18
|
---|
297 | 00A24C5A4C5A4C5AEEFFE091B6128094C7FC17E0913980001FF8EE07FE707E701380A27013C0A2
|
---|
298 | 18E0A718C05E18805E040F1300EE3FFEB85A17F017C04CC7FC33317EB03B>I<913A07FF800380
|
---|
299 | 027FEBF8070103B5EAFE0F010FECFF9F499038803FFF90397FFC0007D9FFE07F484913004890C8
|
---|
300 | 127F4848153F120F4848151F49150F123F5B1707127FA24992C7FC12FFAB127F7FEF0780123FA2
|
---|
301 | 7F001F160F6D16006C6C5D0007161E6C6C153E6C01C05C6C01F0495AD97FFCEB07F0903A1FFF80
|
---|
302 | 3FE06D90B55A010392C7FCD9007F13FC020713C031317BB03C>I<B712F016FF17C017F0C69039
|
---|
303 | C0007FFCEE0FFEEE03FF7013807013C0EF7FE0173F18F0171F18F8A2EF0FFCA418FEAB18FCA418
|
---|
304 | F8171FA2EF3FF018E0177FEFFFC04C13804C1300EE0FFEEE7FFCB812F05F94C7FC16F037317EB0
|
---|
305 | 3F>I<B812F0A4C69038C0007FEE0FF816031601A216001778A4923807803CA41700150F151F15
|
---|
306 | 3F91B5FCA4ECC03F151F150F1507A592C8FCABB612F0A42E317EB034>70
|
---|
307 | D<B612C0A4C6EBC000B3B3A5B612C0A41A317EB01F>73 D<B612F0A4C601C0C8FCB3A717F0A416
|
---|
308 | 0117E0A21603A31607160F161F163F16FF030313C0B8FCA42C317EB032>76
|
---|
309 | D<B712E016FEEEFF8017E0C6D9C00013F0EE3FF8EE1FFC160F17FE160717FFA717FEA2160F17FC
|
---|
310 | EE1FF8EE3FF0EEFFE091B612C0170016F802C0C8FCB2B612C0A430317EB038>80
|
---|
311 | D<B712C016FCEEFF8017E0C6D9C0007FEE3FF8EE0FFC707E838284A695C7FCA24C5AA24C5AEE3F
|
---|
312 | F8923801FFE091B6128004FCC8FC829139C007FF8003017F6F7F707E163F83161FA483A4F001E0
|
---|
313 | 17FEA21803EE0FFFB6D8C007EB87C070EBFF8004001400EF1FFC3B317EB03E>82
|
---|
314 | D<90393FF8038048B512074814CF000F14FF381FF00FEBC00148487E48C7123F007E141FA200FE
|
---|
315 | 140FA215077E7F6D90C7FC7F13FE387FFFE014FF6C14E0816C14FC6C806C807EC61580011F14C0
|
---|
316 | 1300140F020013E0157F153F151F12F0150FA37E16C06C141F6C15806C143F01C0EB7F009038FC
|
---|
317 | 01FE90B55A00F95CD8F07F13E0D8E007138023317BB02E>I<B6D8C003B512C0A4C601C0C73803
|
---|
318 | C000B3AD1707A26D6C5D170FA26D6C4AC7FC6D6C5C6D6C147E6D6C495A903A03FFC01FF86D90B5
|
---|
319 | 5A6D6C14C0020F91C8FC020013F03A317EB03F>85 D<EBFFFC0007EBFF804814E0391FE03FF090
|
---|
320 | 38F00FF86E7E14036E7EEA0FE0A2EA0100C7FCA2EB01FF133F3801FFF93807FE01EA1FF8EA3FE0
|
---|
321 | EA7FC0138012FF1300A3EB800314076C6C487E263FF03E13F8381FFFFC0007EBF07FC6EB801F25
|
---|
322 | 207E9F28>97 D<90380FFF80017F13F048B512F83903FE03FC3807F807EA0FF0EA1FE0EA3FC0EC
|
---|
323 | 03F8127F903880004000FF1400AA6C7EA2003F141E7F001F143E6C6C137CD807FC13F83903FF03
|
---|
324 | F06CEBFFE06C6C138090380FFE001F207D9F25>99 D<ED07E0EC03FFA4EC003F151FACEB0FFC90
|
---|
325 | 387FFF9F48B6FC3803FE07380FF8004848137F49133F4848131FA2127F5B12FFAA127F7FA2003F
|
---|
326 | 143F6C6C137F15FF260FF80113F02607FE0F13FF0001B512DF6C141FEB1FF828327DB12E>I<EB
|
---|
327 | 0FFE90387FFFC048B512F03903FE0FF8390FF803FC48486C7EEBE000003F147F485A811680485A
|
---|
328 | A390B6FCA30180C8FCA46C7EA2003FEC07807F001F140F6C6C131FD807FCEB3F003903FF01FEC6
|
---|
329 | EBFFF8013F13E0010790C7FC21207E9F26>I<ECFF80010713E0011F13F0EB7FC79038FF8FF848
|
---|
330 | 130F13FE120313FCEC07F0EC01C091C7FCA7B512F8A4D803FCC7FCB3A6387FFFF0A41D327EB119
|
---|
331 | >I<90393FF80FE09039FFFE3FF0000390B512F83907F83FF3390FE00FE3001F14F19039C007F0
|
---|
332 | F0003FECF800A7001F5CEBE00F000F5C3907F83FC090B55A000E49C7FCEB3FF890C9FC121EA212
|
---|
333 | 1F7F90B512C06C14FC15FF6C158016C016E0121F393F80007F007EC7EA0FF000FE1407481403A3
|
---|
334 | 6C1407007E15E0007F140FD83FC0EB3FC03A1FF801FF800007B5EAFE00000114F8D8001F138025
|
---|
335 | 2F7E9F29>I<EA03C0EA0FF0487EA27FA35BA26C5AEA03C0C8FCA8EA01F812FFA4120F1207B3A4
|
---|
336 | B51280A411337DB217>105 D<EA01F812FFA4120F1207B3B3A4B512C0A412327DB117>108
|
---|
337 | D<2703F00FFCEB1FF800FFD93FFFEB7FFE91B500C1B51280903BF1F83FC3F07F903CF3C01FE780
|
---|
338 | 3FC0260FF780EBEF0000079026000FFEEB1FE001FE5C495CA2495CB2B500C1B50083B5FCA44020
|
---|
339 | 7D9F47>I<3903F00FFC00FFEB3FFF91B512C09038F1F83F9039F3C01FE0380FF7800007496C7E
|
---|
340 | 13FE5BA25BB2B500C1B51280A429207D9F2E>I<EB07FE90383FFFC090B512F03903FC03FC3907
|
---|
341 | F000FE4848137F4848EB3F80003F15C0A24848EB1FE0A300FF15F0A8007F15E0A36C6CEB3FC0A2
|
---|
342 | 6C6CEB7F80000F15003907F801FE3903FE07FC6CB55AD8003F13C0D907FEC7FC24207E9F29>I<
|
---|
343 | 3901F81FF800FF90B5FC01FB14809039FFE07FE09138801FF03A07FE000FF84913074914FCED03
|
---|
344 | FEA3ED01FFA95D16FEA216FC6D1307ED0FF86D14F09038FF803F9138E0FFC001FBB5128001F8EB
|
---|
345 | FE00EC3FF091C8FCAAB512C0A4282E7E9F2E>I<3903F03F8000FFEBFFE001F113F0EBF3E79038
|
---|
346 | F78FF8000F130FEA07FEA29038FC07F0A2EC008015005BB0B512E0A41D207E9F22>114
|
---|
347 | D<3801FFC7000713FF121FEA3F80387C003F805A807E7E6C6CC7FC13FC387FFFE014F86C7F6C7F
|
---|
348 | 6C7F00031480EA003F010013C0143F00F0130FA26C1307A27E6CEB0F806C131F9038C07F00EBFF
|
---|
349 | FE00FB13F800E013E01A207D9F21>I<1378A513F8A41201A212031207120F381FFFFEB5FCA338
|
---|
350 | 07F800AF140FA7141F3803FC1EEBFE3E3801FFFC38007FF8EB1FE0182E7EAD20>I<D801F8EB03
|
---|
351 | F000FFEB01FFA4000FEB001F0007140FB1151FA2153F157F6C6C497E903AFE03EFFF806CB512CF
|
---|
352 | 6C6C130FEB1FFC29207D9F2E>I<B538803FFEA43A07F80003C06D1307000315806D130F000115
|
---|
353 | 006D5B6C141EA26D6C5AA2ECC07C013F1378ECE0F8011F5B14F1010F5B14F3903807FBC0A214FF
|
---|
354 | 6D5BA26D90C7FCA26D5AA2147CA227207E9F2C>I<B538803FFEA43A07F80003C06D1307000315
|
---|
355 | 806D130F000115006D5B6C141EA26D6C5AA2ECC07C013F1378ECE0F8011F5B14F1010F5B14F390
|
---|
356 | 3807FBC0A214FF6D5BA26D90C7FCA26D5AA2147CA21478A214F85CEA3C01007E5BEAFF035C495A
|
---|
357 | 130FD87A3FC8FCEA7FFC6C5AEA0FE0272E7E9F2C>121 D E /Fe 34 123
|
---|
358 | df<13E0EA01C012031380EA0700120EA25AA25AA212301270A3126012E0AE12601270A3123012
|
---|
359 | 38A27EA27EA27EEA038013C01201EA00E00B2E7DA112>40 D<12E01270127812387E7EA27EA2EA
|
---|
360 | 0380A2120113C0A3120013E0AE13C01201A313801203A2EA0700A2120EA25A5A127812705A0B2E
|
---|
361 | 7DA112>I<127012F812FCA2127C120CA3121C12181238127012F01260060E7C840D>44
|
---|
362 | D<EAFFC0A30A037F8A0F>I<127012F8A3127005057C840D>I<EB0380A3497EA3EB0DE0A3EB18F0
|
---|
363 | A3EB3078A3497EA3EBE01E13C0EBFFFE487FEB800FA200031480EB0007A24814C01403EA0F8039
|
---|
364 | FFE03FFEA21F207F9F22>65 D<B512E014F83807803E80801580A515005C143E5CEBFFF880EB80
|
---|
365 | 1E801580140715C0A51580140FEC1F00143EB512FC14F01A1F7E9E20>I<90381FC0C0EBFFF038
|
---|
366 | 01F83D3807E00F380F80071300481303003E1301123C127C1400A25A1500A8007C14C0A3003C13
|
---|
367 | 01003E14807E6C130390388007003807E00E3801F83C3800FFF8EB1FE01A217D9F21>I<B512E0
|
---|
368 | 14FC3807803E140FEC0780EC03C015E0140115F01400A215F8A915F0A2140115E0A2EC03C0EC07
|
---|
369 | 80EC0F00143EB512FC14E01D1F7E9E23>I<B46CEB1FF86D133F00071500A2D806E0136FA30170
|
---|
370 | 13CFA3903838018FA390381C030FA3EB0E06A3EB070CA3EB0398A3EB01F0A3380F00E03AFFF0E1
|
---|
371 | FFF8A2251F7E9E2A>77 D<B57E14F0380780F8143C143E141E141FA4141E143E143C14F8EBFFF0
|
---|
372 | 14C0EB81E0EB80F0A21478A4147CA3150C147EEC3E1C38FFFC3FEC1FF8C7EA07F01E207E9E21>
|
---|
373 | 82 D<007FB512E0A238780F010070130000601460A200E0147000C01430A400001400B23807FF
|
---|
374 | FEA21C1F7E9E21>84 D<3BFFF07FF83FF0A23B1F000F800F806C0107EB0300A23A07800FC006A3
|
---|
375 | 913819E00ED803C0140CA214393A01E030F018A33A00F0607830A3ECE07C903978C03C60A39039
|
---|
376 | 3D801EC0A390383F000F6D5CA3010E6DC7FCA32C207F9E2F>87 D<EA3FE0EA7FF8EA787C131EA2
|
---|
377 | EA000EA3EA07FE121FEA3F0E127C12F800F01330A2131E12F8387C7F70383FFFE0381FC7801414
|
---|
378 | 7E9317>97 D<120E12FEA2120EA9133FEBFFC0380FC3E01381EB00F0120E1478A814F0120FEB81
|
---|
379 | E0EBC3C0380CFF80EB7F0015207F9F19>I<EA03FCEA0FFEEA1E1E123C127813005AA77E1278EA
|
---|
380 | 7C03EA3E07EA1F0EEA0FFCEA03F010147E9314>I<EB0380133FA21303A9EA07F3EA0FFFEA1E1F
|
---|
381 | EA3C071278130312F0A812781307EA3C0FEA3E1F381FFBF8EA07E315207E9F19>I<EA03F0EA0F
|
---|
382 | FCEA1E1E487E487E148012F01303B5FCA200F0C7FCA37E1278387C0180EA3E03381F8700EA0FFE
|
---|
383 | EA03F811147F9314>I<137E13FFEA01EFEA038F12071300A7EAFFF0A2EA0700B0EA7FF0A21020
|
---|
384 | 809F0E>I<EB01E03807F7F0380FFF70EA3E3E383C1E00487EA6EA3C1EEA3E3EEA3FF8EA37F000
|
---|
385 | 30C7FCA21238EA3FFE381FFFC04813E0EA780338F000F0481370A36C13F0387801E0383E07C038
|
---|
386 | 1FFF803803FC00141F7F9417>I<120E12FEA2120EA9137FEBFF80380FC7C013831301A2120EAC
|
---|
387 | 38FFE7FCA216207F9F19>I<121E123EA3121EC7FCA6120E127EA2120EAFEAFFC0A20A1F809E0C>
|
---|
388 | I<120E12FEA2120EB3A9EAFFE0A20B20809F0C>108 D<390E3F03F039FEFFCFFC39FFC3DC3C39
|
---|
389 | 0F81F81E903800F00EA2000E13E0AC3AFFE7FE7FE0A223147F9326>I<EA0E7F38FEFF8038FFC7
|
---|
390 | C0EA0F831301A2120EAC38FFE7FCA216147F9319>I<EA01F8EA07FE381E0780383C03C0EA3801
|
---|
391 | 387000E0A200F013F0A6007013E0EA7801003813C0EA3C03381E07803807FE00EA01F814147F93
|
---|
392 | 17>I<EA0E3F38FEFFC038FFC3E0EA0F81EB01F0EA0E0014F81478A614F814F0EA0F01EB81E0EB
|
---|
393 | C7C0380EFF80EB7F0090C7FCA7EAFFE0A2151D7F9319>I<EA0E7CEAFFFE13DEEA0F9E131E1300
|
---|
394 | 120EACEAFFE0A20F147F9312>114 D<EA1FB0EA7FF01278EAE0701330A2EAF00012FCEA7FC0EA
|
---|
395 | 3FE0EA0FF0EA00F8EAC078133812E0A2EAF078EAF8F0EAFFE0EACFC00D147E9312>I<1206A412
|
---|
396 | 0EA2121E123EEAFFF8A2EA0E00AA1318A5EA0F30EA07F0EA03E00D1C7F9B12>I<380E01C0EAFE
|
---|
397 | 1FA2EA0E01AC13031307EA0F0F3807FDFCEA03F916147F9319>I<38FF87F8A2381E03E0380E01
|
---|
398 | C01480A238070300A3EA0386A2138EEA01CCA213FC6C5AA21370A315147F9318>I<38FF87F8A2
|
---|
399 | 381E03E0380E01C01480A238070300A3EA0386A2138EEA01CCA213FC6C5AA21370A31360A35B12
|
---|
400 | F0EAF18012F3007FC7FC123C151D7F9318>121 D<EA3FFFA2EA381FEA301EEA703CEA6078A213
|
---|
401 | F0EA01E0EA03C0A2EA0783EA0F03121E1307EA3C061278EAF81EEAFFFEA210147F9314>I
|
---|
402 | E /Ff 7 117 df<14E0A2497EA3497EA2497EA2497E130CA2EB187FA201307F143F01707FEB60
|
---|
403 | 1FA201C07F140F48B57EA2EB800748486C7EA20006801401000E803AFFE01FFFE0A2231F7E9E28
|
---|
404 | >65 D<EA07FC381FFF80383F0FC01307EB03E0A2121E1200EA01FF120FEA3FC3EA7E0312FC12F8
|
---|
405 | A3EAFC07EA7E1F383FFDFEEA0FF017147F9319>97 D<B4FCA2121FAAEB1FC0EBFFF0EBE1F8EB80
|
---|
406 | 7CEB007E143E143FA8143E147EEB80FCEBE1F8381CFFF038183FC018207E9F1D>I<EA03FE380F
|
---|
407 | FF80381F8FC0EA3F0F127E127C38FC078090C7FCA7127E14606C13E0381FC3C0380FFF803803FE
|
---|
408 | 0013147E9317>I<EAFE3FEBFF80381EEFC0EA1FCF138FA2EB078090C7FCABEAFFF0A212147E93
|
---|
409 | 16>114 D<EA0FF6EA3FFEEA781EEAE00E130612F0EAF800EAFFC0EA7FF813FCEA1FFEEA03FFEA
|
---|
410 | 003FEAC00FEAE007A2EAF00FEAFC1EEAFFFCEACFF010147E9315>I<EA0180A31203A31207120F
|
---|
411 | 123FEAFFFCA2EA0F80AA1386A513CCEA07FCEA01F80F1D7F9C14>I E /Fg
|
---|
412 | 27 122 df<1207EA0F80121FA3120F1201A2EA0300A21206A25A5A12385A5A5A09127C8512>44
|
---|
413 | D<140814181430147014F01301EB07E0131F13F913C1EB03C0A4EB0780A4EB0F00A4131EA45BA4
|
---|
414 | 5BA45BA31201387FFFC0B5FC152879A71F>49 D<EB01F8EB07FEEB0E0F903838078090387003C0
|
---|
415 | 136001C013E0EA0186A2EA0306A21206A2130C000CEB07C013181580380E700F3907E01F003803
|
---|
416 | 801EC75A5C14E0EB03C049C7FC131E133813E0485A485A38060003120E120C48130648130E383F
|
---|
417 | 800C387FF03C3861FFF838E07FF038C01FE0EB07C01B297AA71F>I<0130136090383C03E09038
|
---|
418 | 3FFFC01500495A14F8EB6FC00160C7FC5BA4485AA3EB8FC038033FE0EBF070EBC078EB003C1206
|
---|
419 | C7FCA3143E143C147CA21238127C00FC5B5A485B38C001E0A2495A38600780D8700FC7FCEA383E
|
---|
420 | EA1FF8EA07C01B2979A71F>53 D<EB01F8EB07FEEB1E0F90383C0380137001F013C0EA01E0EA03
|
---|
421 | C0A212071380120FA21407EA1F00A3140F1580141F7E143F6CEB7F00EB80DF3803FF9F3801FE1E
|
---|
422 | C7123E143C147C1478A25C5C387801C0EAF803495A4848C7FCEAC01CEA6078EA7FE0EA1F801A29
|
---|
423 | 79A71F>57 D<913807F80291383FFE069138FC070E903903F0019E903907C000FC49C7FC013E14
|
---|
424 | 7C5B491478485A1638485A48481430A2485A121F166048C9FCA3127EA4127C12FCA2ED0180ED03
|
---|
425 | 00127CA21506A25D6C5CA2001E5C6C5C6D485A2603C003C7FC3801F81E3800FFF8EB1FC0272B77
|
---|
426 | A92B>67 D<D93FF8EBFFFCA2D900FCEB0FC00101EC0700160614BEA2D9033E5B80A301065CEC0F
|
---|
427 | 80A3496C6C5AA3EC03E001185CA3EC01F001305CA2EC00F8A249EBF980157DA349017FC7FC81A3
|
---|
428 | 4848131EA21203486C130ED87FFC130C12FF2E297CA82C>78 D<013FB5128016F0903901F801F8
|
---|
429 | 9138F0007C163EA2163F495AA44948137EA316FC494813F8ED01F0ED03E0ED07C090391F001F80
|
---|
430 | 9138FFFE0015F091C8FC133EA45BA45BA4485AA31203387FFF80B5FC28297CA829>80
|
---|
431 | D<EC3F01903801FFC3903803C0E7903807007F010E133E49131E5B13780170131C13F0A3000114
|
---|
432 | 18A215007F6C7E13FF14F0EB7FFE6D7E6D1380010313C0EB007FEC0FE01403A314011218A30038
|
---|
433 | EB03C0A21580140700781400007C130E5C00775B38E3C0F038C1FFE0D8807FC7FC202B7BA922>
|
---|
434 | 83 D<133EEBFF183801E1BC380380FC00075BEA0F00001E1378A2003E5B5AA348485AA448485A
|
---|
435 | ECC180A21307EC8300EA700F38781B86383873C6381FE1FC380F80F8191A79991F>97
|
---|
436 | D<EB1F80EB7FE03801F070EA03C0380780F0EA0F01121F381E00E0003E1300123C127CA25AA45A
|
---|
437 | A314201460007813C038380380383C0F00EA0FFCEA07F0141A79991B>99
|
---|
438 | D<EC03C0147FA214071580A4EC0F00A4141EA4EB3E3C13FF3801E1BC380380FC00075BEA0F0000
|
---|
439 | 1E1378A2003E5B5AA348485AA448485AECC180A21307EC8300EA700F38781B86383873C6381FE1
|
---|
440 | FC380F80F81A2A79A91F>I<EB1F80EB7FC03801F0E03803C060EA0780EA0F00121E003E13C012
|
---|
441 | 3C387C0380EBFF00EA7FF848C7FC12F8A45AA26C13200078136014C038380380381C0F00EA0FFC
|
---|
442 | EA07F0131A79991B>I<EC0780EC1FC0EC38E01471147314F3ECF1C0ECF000495AA5495AA390B5
|
---|
443 | FCA2EB0780A549C7FCA5131EA55BA513381378A45BA35B1230EA79C012F95B12F3007FC8FC123C
|
---|
444 | 1B3681A912>I<EB07C0EB1FE6EB3C7FEB703FEBE03E0001131EEA03C0A20007133CEA0F80A338
|
---|
445 | 1F0078A4001E13F0A4EB01E01303EA0E07EA070D3803FBC0EA01F3EA0003A2EB0780A3EB0F0012
|
---|
446 | 70EAF81E5B485AB45AEA3F8018267C991B>I<133CEA07FCA2EA007C1378A45BA4485AA43803C3
|
---|
447 | E0EBCFF8EBDC3CEBF01C3807E01E13C0A2138048485AA4001E5BA35C5A1560EB01E015C0127890
|
---|
448 | 3803C1801301ECC70038F000FE006013781B2A7BA91F>I<131C133EA2133C13381300A9EA0780
|
---|
449 | EA0FE01218EA30F0A21260A2EA61E012C11201EA03C0A2EA0780A3EA0F00A2130C121EA2131812
|
---|
450 | 3CEA1C301360EA0FC0EA07800F287BA712>I<1378EA0FF8A2120013F0A4EA01E0A4EA03C0A4EA
|
---|
451 | 0780A4EA0F00A4121EA45AA45A13C0A312F0EAF18012711279EA3F00121E0D2A7AA90F>108
|
---|
452 | D<2607807E13F83A0FC1FF83FE3A18E383C70F3A30F603CC079026FC01F81380D860F813F0A201
|
---|
453 | F013E000C1903903C00F00EA01E0A33A03C007801EA35E3907800F00171816781730380F001EEE
|
---|
454 | F0601670EE71C0001E49EB3F80000C0118EB1E002D1A7B9931>I<3807807C380FC1FF3918E387
|
---|
455 | 803830F60301FC13C0EA60F8A213F039C1E007801201A33903C00F00A3141EEA0780150C143C15
|
---|
456 | 18EA0F00EC7830143815E0001EEB1FC0000CEB0F001E1A7B9922>I<EB0FC0EB7FF0EBF0783803
|
---|
457 | C03C3807801C380F001E5A001E131F123E123C127CA248133EA3143C147C48137814F814F03878
|
---|
458 | 01E0EB03C038380780381E1F00EA0FFCEA03F0181A79991F>I<9038780F809038FC1FE039018E
|
---|
459 | 70F039030FE070ECC07800061380EC007CA2EA0C1E1200A34913F8A315F0EB7801A215E0EC03C0
|
---|
460 | 13F8EC07809038FC0F00EBFE1E3801E7F8EBE3E001E0C7FCA2485AA4485AA3120FEA7FF812FF1E
|
---|
461 | 267F991F>I<380781F0380FC3FC3818E60EEA30FCEBF81E0060133E13F0141C38C1E0001201A3
|
---|
462 | 485AA4485AA448C7FCA4121E120C171A7B9919>114 D<133FEBFFC03801E0E03803806014E0EA
|
---|
463 | 0701A2EB00C0140013C013FC7F6C7E6C1380EA003F130713031238127CA238F80700EA7006EA60
|
---|
464 | 0EEA783CEA3FF0EA0FC0131A7B9918>I<13301378A213F0A4EA01E0A4B5FCA2EA03C0A2EA0780
|
---|
465 | A4EA0F00A4121EA45A1306A2130C12781318EA3830EA3C70EA1FC0EA0F8010257AA414>I<3803
|
---|
466 | C0033907F00780EA0C70EA18780030EB0F00A2126013F000C0131E1200EA01E0A25CEA03C0A348
|
---|
467 | 485A1530A3ECF060A2D8038113C0EBC3783901FE3F8039007C1F001C1A7B9920>I<3803C00339
|
---|
468 | 07F00780EA0C70EA18780030EB0F00A2126013F000C0131E1200EA01E0A25CEA03C0A348485AA4
|
---|
469 | 5CA2EA038113C36CB45AEA007D1301A2495A1208383C0780123E4848C7FC130EEA301CEA3878EA
|
---|
470 | 1FF0EA0F8019267B991D>121 D E /Fh 35 122 df<127C12FEA212FFA3127F1203A312071206
|
---|
471 | A2120E121CA212381270126008137B8611>44 D<137F3801FFC03807C1F0380F0078000E133800
|
---|
472 | 1E133C487FA3487FA400F81480AF00781400A3007C5B003C131EA36C5B000E1338000F13783807
|
---|
473 | C1F03801FFC06C6CC7FC19297EA71E>48 D<EA01FE3807FF80381F0FE0383C03F0383801F83870
|
---|
474 | 00FC126000FC137C6C137EA3143EA2007C137EC7FCA2147C14FC14F81301EB03F014E0EB07C0EB
|
---|
475 | 0F80EB1F00131E5B5B5B3801E006EA03C013803807000C120E5A383FFFFC5AB512F8A317287DA7
|
---|
476 | 1E>50 D<137F3801FFE03807C1F0380F0078000E7F48131C0018131E0038130EA2123CA2003E13
|
---|
477 | 1E003F131CEBC03C381FF0786D5A6CB45A6C5B7EC67F000313F838079FFC380F0FFEEA1E03486C
|
---|
478 | 7E486C7E0070EB3F8000F0130F481307A21403A36C140000705B007813066C130E6C133C380FC0
|
---|
479 | F83803FFE0C6138019297EA71E>56 D<137F3803FFC03807C1F048C67E001E1378003E7F487FA2
|
---|
480 | 127800F8131F80A31580A4141F1278127C003C133F123E001E136F380F81EF3807FFCF6C130FD8
|
---|
481 | 0010130013005CA2141E121E003F5BA25C5CEA3E01381C03E0381E0FC06CB4C7FCEA03FC19297E
|
---|
482 | A71E>I<B612C015F83907F000FC0003143FED0F80ED07C0ED03E0ED01F0150016F8167CA3163E
|
---|
483 | A3163FAA163EA2167E167CA216F8A2ED01F0ED03E0ED07C0ED0F80ED1F00000714FEB612F815C0
|
---|
484 | 28297EA82E>68 D<B7FCA23907F0007F0003140FED07801503A21501A4ED00C01403A21600A35C
|
---|
485 | 5C90B5FCA2EBF00F8080A591C8FCAA487EB512F0A222297EA827>70 D<9138FF8030010713E090
|
---|
486 | 391FC0F87090397E003CF049130ED801F013074848130348481301485A001F140090C8FC481570
|
---|
487 | 123E127E1630A25A1600A84AB5FCA2007E90380007F01503A2123E123F7E7F6C7E12076C7E6C6C
|
---|
488 | 1307D800FC130F017F131C90391FC07870903907FFF0300100EB8000282B7DA92F>I<B512C0A2
|
---|
489 | 3807F8006C5AB3B1487EB512C0A212297EA816>73 D<B538C03FFFA23A07F8000FF06C48EB07C0
|
---|
490 | 5E4BC7FC151E5D5D5D5D4A5A4A5A4AC8FC140E5C143C147E14FF13F19038F3BF809038F71FC013
|
---|
491 | FE496C7E13F8496C7E6E7EA26E7E140081157FA26F7E6F7EA26F7E82486C497EB539C07FFF80A2
|
---|
492 | 29297EA82E>75 D<D8FFF0913807FFC06D5C0007EEF80000035E017C141BA36D1433A36D1463A2
|
---|
493 | 6D6C13C3A3903907C00183A3903903E00303A2903801F006A3903800F80CA3EC7C18A3EC3E30A2
|
---|
494 | EC1F60A3EC0FC0A33907800780D80FC04A7ED8FFFC91B512C06E5A32297EA837>77
|
---|
495 | D<D8FFF8EB3FFFA2D803FCEB03F06DEB01E0ED00C0137F6D7EA26D7E6D7EA26D7EA26D7E6D7EA2
|
---|
496 | 6D7E147FA2EC3F80EC1FC0A2EC0FE0EC07F0A2EC03F8EC01FCA2EC00FE157FA2153FA2151F150F
|
---|
497 | A21507486C1303487ED8FFFC1301150028297EA82D>I<B512FEECFFC03907F003F00003EB007C
|
---|
498 | 818182150F82A55E151F93C7FC153E5DEC03F090B512C0819038F007F0EC01FC6E7E157E157F81
|
---|
499 | A9EE0180A2ED1F81486C1483B539C00FC7006FB4FCC912FC292A7EA82C>82
|
---|
500 | D<EBFF03000713C3380F83E7381E007F487F487F80127000F07FA3807E7E91C7FCB4FCEA7FC013
|
---|
501 | FC383FFFC06C13F06C13FC6C7F00017FEA003F01031380EB003FEC1FC0140F140712C01403A37E
|
---|
502 | A26CEB0780A26CEB0F007EB4131E38E7E07C38C1FFF038C03FC01A2B7DA921>I<007FB612F8A2
|
---|
503 | 397E00FC010078EC00780070153800601518A200E0151CA248150CA5C71400B3A6497E48B512FE
|
---|
504 | A226297EA82B>I<EA07FE381FFF80383F07E0EB01F0130080001E1378C7FCA3EB1FF8EA01FF38
|
---|
505 | 07FC78EA1FC0EA3F00127E127C00FC14605AA214F8EAFC01EA7E03393F0FFCC0391FFE3F803907
|
---|
506 | F81F001B1A7E991E>97 D<EA078012FFA2120F1207ACEB83F8EB9FFE9038BC1F809038F007C090
|
---|
507 | 38E003E013C090388001F0A2140015F8A815F01401A29038C003E09038E007C09038700F809038
|
---|
508 | 3C3F00EB1FFE380607F81D2A7FA921>I<EB7FE03803FFF83807E0FCEA0F80EA1F00123E481378
|
---|
509 | 1400A25AA8127CA2007E130C003E131C6C1318380FC0383807F0F03803FFE038007F80161A7E99
|
---|
510 | 1B>I<140F49B4FCA2EB001F80AC13FF000313CF3807E1FF380F807F48487E003E7F487FA21278
|
---|
511 | 12F8A81278127CA26C5B001E5B001F5B390FC1EF803903FFCFF83800FE0F1D2A7EA921>I<13FF
|
---|
512 | 000313C03807C3E0381F01F0381E00F8003E13785A143C127812F8B512FCA200F8C7FCA5127CA2
|
---|
513 | 140C6C131C6C1318380F80383807E0F03803FFE038007F00161A7E991B>I<EB1FC0EB7FE0EBF9
|
---|
514 | F0EA01E3120313C3EA0783EB80C01400A8EAFFFEA2EA0780B3A37FEAFFFEA2142A7FA912>I<EC
|
---|
515 | 0F803901FC3FC03807FF7B380F8FE3381E03C3003EEBE180393C01E000007C7FA6003C5BEA3E03
|
---|
516 | 001E5B381F8F8048B4C7FCEA39FC0030C8FC1238A2123C383FFFE06C13F814FE80387C007F0078
|
---|
517 | EB0F80481307481303A46C13070078EB0F00003E133E381F80FC3807FFF0C613801A287E9A1E>
|
---|
518 | I<EA078012FFA2120F1207ACEB87F8EB9FFEEBBC3FEBF00F01E01380EBC007A31380B039FFFCFF
|
---|
519 | FCA21E2A7FA921>I<120FEA1F8013C0A31380EA0F00C7FCA8EA0780127FA2120F1207B3A2EAFF
|
---|
520 | F8A20D297FA811>I<EA078012FFA2120F1207B3B2EAFFFCA20E2A7FA911>108
|
---|
521 | D<3A0783FC01FE3BFF8FFF07FF80903ABC1F9E0FC03A0FF807BC03D807E001F013E00203130101
|
---|
522 | C013E0A2018013C0B03BFFFC7FFE3FFFA2301A7F9933>I<380787F838FF9FFEEBBC3F380FF00F
|
---|
523 | D807E01380EBC007A31380B039FFFCFFFCA21E1A7F9921>I<137F3801FFC03807C1F0380F0078
|
---|
524 | 001E7F487FA2487FA200F81480A800781400007C5B003C131EA26C5B6C5B3807C1F03801FFC06C
|
---|
525 | 6CC7FC191A7E991E>I<380783F838FF9FFE9038BC3F80390FF00FC03907E007E0EBC003018013
|
---|
526 | F01401A2EC00F8A7140115F0A2140301C013E09038E007C09038F00F809038BC3F00EB9FFEEB87
|
---|
527 | F80180C7FCAAEAFFFCA21D267F9921>I<38078FC038FF9FE0EBB9F0EA0FF1EA07E1A2EBC000A2
|
---|
528 | 5BAF7FEAFFFEA2141A7F9917>114 D<3807F8C0EA1FFFEA3C0FEA7003EAF001EAE000A27E6C13
|
---|
529 | 0012FEEA7FF0EA3FFE6C7E0007138038007FC0EB07E0EAC0031301EAE000A27EEB01C0EAF80338
|
---|
530 | FE078038EFFF00EAC3FC131A7E9918>I<487EA41203A31207A2120F123FB51280A238078000AD
|
---|
531 | 14C0A613C10003138013E33801FF00EA007E12257FA417>I<390780078000FF13FFA2000F130F
|
---|
532 | 00071307AF140FA2141F3803C03F9038E0F7C03901FFE7FC38007F871E1A7F9921>I<39FFF01F
|
---|
533 | F8A2390F800FC00007EB0780150013C000031306A26C6C5AA2EBF01C00001318A2EB7830A36D5A
|
---|
534 | A26D5AA36D5AA36DC7FCA21D1A7F9920>I<39FFF01FF8A2390F800FC00007EB0780150013C000
|
---|
535 | 031306A26C6C5AA2EBF01C00001318A2EB7830A36D5AA26D5AA36D5AA36DC7FCA21306A2130E13
|
---|
536 | 0C1230EAFC18A25B1370EA78E0EA3FC06CC8FC1D267F9920>121 D E /Fi
|
---|
537 | 15 117 df<B512FCA516057F941D>45 D<150C151EA3153FA34B7EA34B7EA24A7F159FA202037F
|
---|
538 | 150FA202067F1507A24A6C7EA34A6C7EA202387FEC3000A20270800260137FA24A80163FA24948
|
---|
539 | 6D7EA349B67EA249810106C71207A249811603A249811601A2496E7EA3496F7E13F084EA03F8D8
|
---|
540 | 0FFE913801FFF0B500C0013FEBFFC0A33A3C7DBB41>65 D<B712F816FF17E0C69039C0001FF06D
|
---|
541 | 48EB07FC707E707E82EF7F8018C0173F18E0A718C0A2EF7F8017FF18004C5A4C5AEE0FF8EE3FE0
|
---|
542 | 91B61280A2913980001FE0EE03F8EE01FE707EEF7F80EF3FC018E0171F18F0170F18F8A8EF1FF0
|
---|
543 | A218E0173FEF7FC0EFFF804C13004C5A496CEB1FFCB812F017C04CC7FC353B7EBA3D>I<DBFFC0
|
---|
544 | 1360020F01F813E0023F13FE9139FFC03F81903A03FE0007C3D90FF8EB01E7D91FE0EB00F74948
|
---|
545 | 143F4948141F49C8FC4848150F48481507491503120748481501A2485A1700123F5B1860127FA3
|
---|
546 | 48481600AD6C7E1860A2123FA27F001F17E018C06C7E17016C6C1680000316037F6C6CED07006C
|
---|
547 | 6C150E6D6C141E6D6C5C6D6C5CD90FF8495AD903FEEB07E0903A00FFC03F80023FB5C7FC020F13
|
---|
548 | FC020013C0333D7BBB3E>I<B77E16F816FEC69039C001FF80903A7F80003FE0EE0FF0707E707E
|
---|
549 | 707EA2838284A795C7FC5E5F5F4C5A4C5A4C5AEE3F80DB01FEC8FC91B512F85E91388003FCED00
|
---|
550 | FEEE7F80707E707E160F83A2707EA683A61930831603197004011460496C6E13E0B6D8C000EB80
|
---|
551 | C0EF3FC394381FFF80CA3801FE003C3C7EBA3F>82 D<EBFFE0000713FC381F807FEC1F80486C6C
|
---|
552 | 7E6E7E6E7EA26C486C7EA2C7FCA4143FEB07FFEB7FF93801FF01EA07FCEA0FF0EA1FC0123F1380
|
---|
553 | EA7F00A200FE150CA31403A26C13076C13069039800EFC1C3A3FC03C7E383A1FE0F87FF03A07FF
|
---|
554 | E03FE0C69038800F8026257CA42B>97 D<903807FFC0011F13F090387E007CD801F813FC3903F0
|
---|
555 | 01FEEA07E0EA0FC0121F90388000FC123F90C8FC5AA2127E12FEA9127E127FA26C14037F001F14
|
---|
556 | 076D1306000F140E6C6C131C6C6C13386C6C13F039007E03E090381FFF80903807FE0020257DA4
|
---|
557 | 26>99 D<ED07E0EC03FFA3EC001F1507B2EB03FE90381FFF8790387F03E79038FC00F7D803F013
|
---|
558 | 3F4848131F4848130FA248481307123F90C7FC5AA2127E12FEA9127E127FA27EA26C6C130FA26C
|
---|
559 | 6C131F6C6C133F6C6C13776C6CEBE7F83B007E07C7FFC090381FFF87903803FC072A3C7DBB30>
|
---|
560 | I<EB07FE90383FFF8090387E0FE03901F801F048486C7E4848137C4848137E4848133E153F48C7
|
---|
561 | 7EA2481580A2127E12FEB7FCA248C9FCA6127E127FA26CEC01807F001F14036C6C14005D6C6C13
|
---|
562 | 0E6C6C5BD800FC137890387F03F090381FFFC0D903FEC7FC21257EA426>I<EA01F812FFA31207
|
---|
563 | 1201B3B3AF487EB512F0A3143C7FBB17>108 D<3901F807F800FFEB3FFF91387C1F809138E00F
|
---|
564 | C03A07F9C007E03801FB809039FF0003F05B5BA35BB3A4486C497EB500F1B512E0A32B257EA430
|
---|
565 | >110 D<EB01FE90380FFFC090383E01F09038F8007C48487FD803C0130F000715804848EB07C0
|
---|
566 | 48C7EA03E04815F0A2007EEC01F8A300FE15FCA9007E15F8A2007F14036C15F0A26C6CEB07E000
|
---|
567 | 0F15C06D130F6C6CEB1F80D801F0EB3E006C6C5B90387F03F890381FFFE0D901FEC7FC26257EA4
|
---|
568 | 2B>I<3903F01F8000FFEB7FE0ECF3F09038F1C7F83807F3873801F70713F613FE9038FC03F0EC
|
---|
569 | 00C01500A25BB3A3487EB512F8A31D257EA422>114 D<9038FFC180000713F3380F807F381E00
|
---|
570 | 1F0038130F007813070070130312F01401A27E7EB490C7FCEA7FE013FF6C13F06C13FC6C7F6C7F
|
---|
571 | C61480010F13C0EB007FEC1FE000C013071403A26C1301A27EA26CEB03C07E6CEB07806CEB0F00
|
---|
572 | 38F3C07E38E1FFF838C07FE01B257DA422>I<1318A51338A41378A213F8A2120112031207001F
|
---|
573 | B5FCB6FCA2D801F8C7FCB2EC0180A91403D800FC1300A2EB7E07EB3F0EEB1FFCEB03F819357EB4
|
---|
574 | 21>I E end
|
---|
575 | %%EndProlog
|
---|
576 | %%BeginSetup
|
---|
577 | %%Feature: *Resolution 300
|
---|
578 | TeXDict begin
|
---|
579 | %%EndSetup
|
---|
580 | %%Page: 1 1
|
---|
581 | bop 470 396 a Fi(Role-Based)30 b(Access)f(Con)n(trol)519 544
|
---|
582 | y Fh(Da)n(vid)19 b(F)-5 b(erraiolo)19 b(and)h(Ric)n(hard)g(Kuhn)350
|
---|
583 | 619 y(National)f(Institute)h(of)g(Standards)h(and)f(T)-5 b(ec)n(hnology)574
|
---|
584 | 694 y(Gaithersburg,)20 b(Maryland)f(20899)775 843 y(Reprin)n(ted)h(from)111
|
---|
585 | 918 y Fg(Pr)m(o)m(c)m(e)m(e)m(dings)j(of)e(15th)f(National)g(Computer)h(Se)m
|
---|
586 | (curity)i(Confer)m(enc)m(e,)f(1992)875 1103 y Ff(Abstract)190
|
---|
587 | 1186 y Fe(While)14 b(Mandatory)d(Access)h(Con)o(trols)g(\(MA)o(C\))e(are)i
|
---|
588 | (appropriate)g(for)g(m)o(ultilev)o(el)i(secure)f(mil-)122 1243
|
---|
589 | y(itary)e(applications,)j(Discretionary)e(Access)g(Con)o(trols)g(\(D)o(A)o
|
---|
590 | (C\))e(are)h(often)h(p)q(erceiv)o(ed)h(as)e(meeting)122 1299
|
---|
591 | y(the)16 b(securit)o(y)h(pro)q(cessing)g(needs)h(of)e(industry)h(and)f
|
---|
592 | (civilian)j(go)o(v)o(ernmen)o(t.)k(This)17 b(pap)q(er)f(argues)122
|
---|
593 | 1356 y(that)g(reliance)j(on)e(D)o(A)o(C)f(as)g(the)h(principal)j(metho)q(d)d
|
---|
594 | (of)f(access)h(con)o(trol)g(is)h(unfounded)g(and)f(in-)122
|
---|
595 | 1412 y(appropriate)h(for)g(man)o(y)g(commercial)h(and)g(civilian)i(go)o(v)o
|
---|
596 | (ernmen)o(t)c(organizations.)29 b(The)19 b(pap)q(er)122 1468
|
---|
597 | y(describ)q(es)14 b(a)f(t)o(yp)q(e)g(of)f(non-discretionary)i(access)f(con)o
|
---|
598 | (trol)f(-)h(role-based)h(access)f(con)o(trol)f(\(RBA)o(C\))122
|
---|
599 | 1525 y(-)g(that)g(is)g(more)g(cen)o(tral)g(to)g(the)g(secure)g(pro)q(cessing)
|
---|
600 | h(needs)g(of)f(non-military)h(systems)f(then)g(D)o(A)o(C.)0
|
---|
601 | 1691 y Fd(1)83 b(In)n(tro)r(duction)0 1801 y Fc(The)16 b(U.S.)e(go)o(v)o
|
---|
602 | (ernmen)o(t)f(has)k(b)q(een)e(in)o(v)o(olv)o(ed)f(in)h(dev)o(eloping)g
|
---|
603 | (securit)o(y)f(tec)o(hnology)h(for)h(computer)e(and)0 1861
|
---|
604 | y(comm)o(unic)o(ations)h(systems)g(for)j(some)d(time.)21 b(Although)c(adv)m
|
---|
605 | (ances)g(ha)o(v)o(e)f(b)q(een)h(great,)g(it)f(is)h(generally)0
|
---|
606 | 1921 y(p)q(erceiv)o(ed)d(that)i(the)g(curren)o(t)f(state)h(of)g(securit)o(y)f
|
---|
607 | (tec)o(hnology)g(has,)h(to)h(some)d(exten)o(t)h(failed)g(to)h(address)0
|
---|
608 | 1981 y(the)i(needs)h(of)g(all.)28 b([1],)18 b([2])g(This)h(is)f(esp)q
|
---|
609 | (ecially)g(true)g(of)h(organizations)h(outside)e(the)h(Departmen)o(t)e(of)0
|
---|
610 | 2041 y(Defense)f(\(DoD\).)g([3])150 2102 y(The)f(curren)o(t)f(set)i(of)f
|
---|
611 | (securit)o(y)f(criteria,)f(criteria)h(in)o(terpretations,)h(and)g(guidelines)
|
---|
612 | f(has)i(gro)o(wn)0 2162 y(out)22 b(of)g(researc)o(h)f(and)h(dev)o(elopmen)o
|
---|
613 | (t)d(e\013orts)j(on)g(the)g(part)g(of)g(the)f(DoD)i(o)o(v)o(er)e(a)h(p)q
|
---|
614 | (erio)q(d)g(of)g(t)o(w)o(en)o(t)o(y)0 2222 y(plus)14 b(y)o(ears.)20
|
---|
615 | b(T)l(o)q(da)o(y)15 b(the)f(b)q(est)h(kno)o(wn)f(U.S.)f(computer)g(securit)o
|
---|
616 | (y)f(standard)k(is)e(the)g(T)l(rusted)g(Computer)0 2282 y(System)21
|
---|
617 | b(Ev)m(aluation)j(Criteria)f(\(TCSEC)h([4])e(\).)42 b(It)23
|
---|
618 | b(con)o(tains)g(securit)o(y)f(features)h(and)g(assurances,)0
|
---|
619 | 2342 y(exclusiv)o(ely)18 b(deriv)o(ed,)i(engineered)f(and)j(rationalized)e
|
---|
620 | (based)h(on)h(DoD)f(securit)o(y)f(p)q(olicy)l(,)g(created)h(to)0
|
---|
621 | 2403 y(meet)e(one)j(ma)s(jor)e(securit)o(y)g(ob)s(jectiv)o(e)g(-)h(prev)o(en)
|
---|
622 | o(ting)f(the)h(unauthorized)h(observ)m(ation)g(of)f(classi\014ed)0
|
---|
623 | 2463 y(information.)f(The)14 b(result)g(is)g(a)g(collection)f(of)i(securit)o
|
---|
624 | (y)e(pro)q(ducts)i(that)g(do)f(not)h(fully)e(address)i(securit)o(y)0
|
---|
625 | 2523 y(issues)k(as)g(they)f(p)q(ertain)h(to)g(unclassi\014ed)f(sensitiv)o(e)f
|
---|
626 | (pro)q(cessing)i(en)o(vironmen)o(ts.)26 b(Although)19 b(existing)0
|
---|
627 | 2583 y(securit)o(y)e(mec)o(hanisms)e(ha)o(v)o(e)j(b)q(een)g(partially)g
|
---|
628 | (successful)g(in)g(promoting)g(securit)o(y)f(solutions)i(outside)0
|
---|
629 | 2643 y(of)e(the)g(DoD)h([2])e(,)h(in)f(man)o(y)g(instances)g(these)h(con)o
|
---|
630 | (trols)g(are)g(less)f(then)h(p)q(erfect,)f(and)i(are)f(used)g(in)f(lieu)0
|
---|
631 | 2704 y(of)h(a)f(more)f(appropriate)i(set)f(of)h(con)o(trols.)963
|
---|
632 | 2828 y(1)p eop
|
---|
633 | %%Page: 2 2
|
---|
634 | bop 150 195 a Fc(The)22 b(TCSEC)i(sp)q(eci\014es)e(t)o(w)o(o)g(t)o(yp)q(es)g
|
---|
635 | (of)h(access)f(con)o(trols:)33 b(Discretionary)22 b(Access)g(Con)o(trols)0
|
---|
636 | 255 y(\(D)o(A)o(C\))12 b(and)g(Mandatory)i(Access)d(Con)o(trols)i(\(MA)o
|
---|
637 | (C\).)e(Since)g(the)h(TCSEC's)h(app)q(earance)g(in)f(Decem)o(b)q(er)0
|
---|
638 | 315 y(of)k(1983,)i(D)o(A)o(C)d(requiremen)o(ts)e(ha)o(v)o(e)i(b)q(een)h(p)q
|
---|
639 | (erceiv)o(ed)e(as)j(b)q(eing)f(tec)o(hnically)e(correct)i(for)g(commerci)o
|
---|
640 | (al)0 376 y(and)h(civilian)e(go)o(v)o(ernmen)o(t)f(securit)o(y)h(needs,)h(as)
|
---|
641 | h(w)o(ell)e(as)j(for)f(single-lev)o(el)d(military)g(systems.)21
|
---|
642 | b(MA)o(C)15 b(is)0 436 y(used)k(for)h(m)o(ulti-lev)n(el)c(secure)i(military)f
|
---|
643 | (systems,)h(but)h(its)g(use)h(in)e(other)i(applications)f(is)g(rare.)30
|
---|
644 | b(The)0 496 y(premise)13 b(of)i(this)g(pap)q(er)g(is)g(that)g(there)f(exists)
|
---|
645 | g(a)i(con)o(trol,)e(referred)g(to)h(as)g(Role-Based)g(Access)f(Con)o(trol)0
|
---|
646 | 556 y(\(RBA)o(C\),)k(that)i(can)g(b)q(e)g(more)e(appropriate)j(and)f(cen)o
|
---|
647 | (tral)f(to)h(the)f(secure)h(pro)q(cessing)g(needs)g(within)0
|
---|
648 | 616 y(industry)12 b(and)i(civilian)c(go)o(v)o(ernmen)o(t)g(than)k(that)f(of)f
|
---|
649 | (D)o(A)o(C,)g(although)h(the)g(need)f(for)h(D)o(A)o(C)f(will)f(con)o(tin)o
|
---|
650 | (ue)0 677 y(to)17 b(exist.)0 843 y Fd(2)83 b(Asp)r(ects)26
|
---|
651 | b(of)i(Securit)n(y)e(P)n(olicies)0 953 y Fc(Recen)o(tly)l(,)19
|
---|
652 | b(considerable)g(atten)o(tion)h(has)i(b)q(een)e(paid)g(to)h(researc)o(hing)e
|
---|
653 | (and)i(addressing)g(the)f(securit)o(y)0 1013 y(needs)e(of)h(commercial)c(and)
|
---|
654 | 20 b(civilian)c(go)o(v)o(ernmen)o(t)h(organizations.)29 b(It)19
|
---|
655 | b(is)f(apparen)o(t)h(that)g(signi\014can)o(t)0 1073 y(and)i(broad)h(sw)o
|
---|
656 | (eeping)f(securit)o(y)e(requiremen)o(ts)f(exist)i(outside)h(the)g(Departmen)o
|
---|
657 | (t)e(of)i(Defense.)35 b([2])20 b(,)0 1133 y([5])g(,)h([6])f(Civilian)f(go)o
|
---|
658 | (v)o(ernmen)o(t)f(and)j(corp)q(orations)h(also)g(rely)d(hea)o(vily)g(on)i
|
---|
659 | (information)e(pro)q(cessing)0 1193 y(systems)c(to)i(meet)d(their)h
|
---|
660 | (individual)g(op)q(erational,)i(\014nancial,)e(and)i(information)e(tec)o
|
---|
661 | (hnology)h(require-)0 1253 y(men)o(ts.)i(The)13 b(in)o(tegrit)o(y)l(,)e(a)o
|
---|
662 | (v)m(ailabilit)o(y)l(,)g(and)i(con\014den)o(tialit)o(y)e(of)i(k)o(ey)f(soft)o
|
---|
663 | (w)o(are)g(systems,)g(databases,)i(and)0 1314 y(data)i(net)o(w)o(orks)e(are)h
|
---|
664 | (ma)s(jor)f(concerns)h(throughout)h(all)f(sectors.)21 b(The)15
|
---|
665 | b(corruption,)g(unauthorized)g(dis-)0 1374 y(closure,)h(or)h(theft)g(of)g
|
---|
666 | (corp)q(orate)h(resources)e(could)h(disrupt)g(an)g(organization's)g(op)q
|
---|
667 | (erations)h(and)g(ha)o(v)o(e)0 1434 y(immedi)o(ate,)i(serious)j(\014nancial,)
|
---|
668 | g(legal,)g(h)o(uman)e(safet)o(y)l(,)i(p)q(ersonal)g(priv)m(acy)e(and)i
|
---|
669 | (public)f(con\014dence)0 1494 y(impact.)150 1554 y(Lik)o(e)f(DoD)h(agencies,)
|
---|
670 | g(civilian)e(go)o(v)o(ernmen)o(t)f(and)k(commerc)o(ial)18 b(\014rms)j(are)h
|
---|
671 | (v)o(ery)e(m)o(uc)o(h)g(con-)0 1615 y(cerned)g(with)g(protecting)g(the)h
|
---|
672 | (con\014den)o(tialit)o(y)d(of)j(information.)33 b(This)21 b(includes)e(the)h
|
---|
673 | (protection)h(of)0 1675 y(p)q(ersonnel)16 b(data,)h(mark)o(eting)d(plans,)i
|
---|
674 | (pro)q(duct)h(announcemen)o(ts,)e(form)o(ulas,)f(man)o(ufacturing)h(and)i
|
---|
675 | (de-)0 1735 y(v)o(elopmen)o(t)g(tec)o(hniques.)30 b(But)20
|
---|
676 | b(man)o(y)e(of)i(these)g(organizations)h(ha)o(v)o(e)e(ev)o(en)g(greater)h
|
---|
677 | (concern)f(for)h(in-)0 1795 y(tegrit)o(y)l(.)g([1])150 1855
|
---|
678 | y(Within)f(industry)h(and)g(civilian)e(go)o(v)o(ernmen)o(t,)g(in)o(tegrit)o
|
---|
679 | (y)h(deals)g(with)h(broader)h(issues)f(of)g(se-)0 1916 y(curit)o(y)f(than)h
|
---|
680 | (con\014den)o(tialit)o(y)l(.)30 b(In)o(tegrit)o(y)19 b(is)g(particularly)g
|
---|
681 | (relev)m(an)o(t)g(to)h(suc)o(h)g(applications)g(as)h(funds)0
|
---|
682 | 1976 y(transfer,)15 b(clinical)f(medicine,)e(en)o(vironmen)o(tal)h(researc)o
|
---|
683 | (h,)h(air)i(tra\016c)f(con)o(trol,)g(and)h(a)o(vionics.)k(The)c(im-)0
|
---|
684 | 2036 y(p)q(ortance)g(of)g(in)o(tegrit)o(y)e(concerns)i(in)f(defense)g
|
---|
685 | (systems)g(has)h(also)h(b)q(een)e(studied)h(in)f(recen)o(t)g(y)o(ears.)20
|
---|
686 | b([7])15 b(,)0 2096 y([8])150 2156 y(A)21 b(wide)h(gam)o(ut)f(of)h(securit)o
|
---|
687 | (y)e(p)q(olicies)h(and)i(needs)f(exist)f(within)g(civilian)f(go)o(v)o(ernmen)
|
---|
688 | o(t)f(and)0 2217 y(priv)m(ate)e(organizations.)24 b(An)17 b(organizational)h
|
---|
689 | (meaning)e(of)h(securit)o(y)f(cannot)h(b)q(e)g(presupp)q(osed.)25
|
---|
690 | b(Eac)o(h)0 2277 y(organization)d(has)g(unique)f(securit)o(y)f(requiremen)n
|
---|
691 | (ts,)g(man)o(y)f(of)j(whic)o(h)f(are)g(di\016cult)f(to)h(meet)f(using)0
|
---|
692 | 2337 y(traditional)c(MA)o(C)g(and)g(D)o(A)o(C)g(con)o(trols.)150
|
---|
693 | 2397 y(As)22 b(de\014ned)g(in)g(the)g(TCSEC)h(and)g(commonly)d(implem)o(en)n
|
---|
694 | (ted,)h(D)o(A)o(C)g(is)h(an)h(access)f(con)o(trol)0 2457 y(mec)o(hanism)e
|
---|
695 | (that)k(p)q(ermits)f(system)f(users)i(to)g(allo)o(w)f(or)h(disallo)o(w)f
|
---|
696 | (other)h(users)g(access)f(to)h(ob)s(jects)0 2518 y(under)16
|
---|
697 | b(their)g(con)o(trol:)122 2632 y(A)f(means)f(of)h(restricting)g(access)g(to)g
|
---|
698 | (ob)s(jects)g(based)h(on)f(the)g(iden)o(tit)o(y)e(of)j(sub)s(jects)f(and/or)
|
---|
699 | 122 2692 y(groups)21 b(to)g(whic)o(h)e(they)g(b)q(elong.)34
|
---|
700 | b(The)20 b(con)o(trols)g(are)g(discretionary)f(in)h(the)g(sense)g(that)963
|
---|
701 | 2828 y(2)p eop
|
---|
702 | %%Page: 3 3
|
---|
703 | bop 122 195 a Fc(a)17 b(sub)s(ject)g(with)g(a)g(certain)g(access)g(p)q
|
---|
704 | (ermission)e(is)i(capable)g(of)h(passing)g(that)f(p)q(ermission)122
|
---|
705 | 255 y(\(p)q(erhaps)23 b(indirectly\))d(on)j(to)g(an)o(y)f(other)g(sub)s(ject)
|
---|
706 | g(\(unless)g(restrained)g(b)o(y)f(mandatory)122 315 y(access)16
|
---|
707 | b(con)o(trol\).)21 b([4])150 429 y(D)o(A)o(C,)16 b(as)h(the)f(name)g
|
---|
708 | (implies,)d(p)q(ermits)i(the)i(gran)o(ting)g(and)g(rev)o(oking)f(of)h(access)
|
---|
709 | g(privileges)e(to)0 490 y(b)q(e)h(left)f(to)i(the)e(discretion)h(of)g(the)g
|
---|
710 | (individual)f(users.)21 b(A)15 b(D)o(A)o(C)h(mec)o(hanism)d(allo)o(ws)j
|
---|
711 | (users)g(to)g(gran)o(t)h(or)0 550 y(rev)o(ok)o(e)e(access)i(to)g(an)o(y)g(of)
|
---|
712 | g(the)f(ob)s(jects)h(under)g(their)f(con)o(trol)g(without)h(the)g(in)o
|
---|
713 | (tercession)e(of)i(a)g(system)0 610 y(administrator.)150 670
|
---|
714 | y(In)i(man)o(y)e(organizations,)j(the)f(end)g(users)g(do)g(not)h(\\o)o(wn")g
|
---|
715 | (the)e(information)g(for)h(whic)o(h)g(they)0 730 y(are)c(allo)o(w)o(ed)g
|
---|
716 | (access.)20 b(F)l(or)c(these)f(organizations,)h(the)f(corp)q(oration)h(or)g
|
---|
717 | (agency)f(is)g(the)g(actual)g(\\o)o(wner")0 791 y(of)f(system)e(ob)s(jects)h
|
---|
718 | (as)h(w)o(ell)e(as)j(the)e(programs)h(that)f(pro)q(cess)i(it.)20
|
---|
719 | b(Con)o(trol)13 b(is)h(often)f(based)h(on)g(emplo)o(y)o(ee)0
|
---|
720 | 851 y(functions)i(rather)h(than)f(data)i(o)o(wnership.)150
|
---|
721 | 911 y(Access)h(con)o(trol)g(decisions)h(are)f(often)h(determined)d(b)o(y)j
|
---|
722 | (the)f(roles)h(individual)e(users)i(tak)o(e)g(on)0 971 y(as)i(part)f(of)g(an)
|
---|
723 | g(organization.)36 b(This)21 b(includes)f(the)h(sp)q(eci\014cation)g(of)g
|
---|
724 | (duties,)g(resp)q(onsibilities,)f(and)0 1031 y(quali\014cations.)29
|
---|
725 | b(F)l(or)19 b(example,)e(the)h(roles)h(an)g(individual)f(asso)q(ciated)i
|
---|
726 | (with)e(a)i(hospital)f(can)g(assume)0 1091 y(include)c(do)q(ctor,)h(n)o
|
---|
727 | (urse,)g(clinician,)e(and)j(pharmacist.)j(Roles)c(in)f(a)i(bank)f(include)f
|
---|
728 | (teller,)g(loan)h(o\016cer,)0 1152 y(and)24 b(accoun)o(tan)o(t.)43
|
---|
729 | b(Roles)23 b(can)g(also)h(apply)f(to)h(military)d(systems;)k(for)f(example,)e
|
---|
730 | (target)i(analyst,)0 1212 y(situation)d(analyst,)h(and)f(tra\016c)g(analyst)g
|
---|
731 | (are)g(common)e(roles)h(in)h(tactical)f(systems.)34 b(A)20
|
---|
732 | b(role)h(based)0 1272 y(access)13 b(con)o(trol)f(\(RBA)o(C\))g(p)q(olicy)g
|
---|
733 | (bases)h(access)g(con)o(trol)f(decisions)h(on)g(the)g(functions)f(a)i(user)e
|
---|
734 | (is)h(allo)o(w)o(ed)0 1332 y(to)20 b(p)q(erform)f(within)h(an)g
|
---|
735 | (organization.)33 b(The)20 b(users)g(cannot)h(pass)f(access)g(p)q(ermissions)
|
---|
736 | f(on)i(to)f(other)0 1392 y(users)c(at)h(their)f(discretion.)k(This)c(is)g(a)h
|
---|
737 | (fundamen)o(tal)e(di\013erence)g(b)q(et)o(w)o(een)g(RBA)o(C)h(and)g(D)o(A)o
|
---|
738 | (C.)150 1453 y(Securit)o(y)g(ob)s(jectiv)o(es)g(often)i(supp)q(ort)h(a)f
|
---|
739 | (higher)g(lev)o(el)e(organizational)i(p)q(olicy)l(,)f(suc)o(h)h(as)g(main-)0
|
---|
740 | 1513 y(taining)d(and)h(enforcing)f(the)f(ethics)h(asso)q(ciated)h(with)f(a)g
|
---|
741 | (judge's)g(c)o(ham)o(b)q(ers,)e(or)j(the)f(la)o(ws)g(and)g(resp)q(ect)0
|
---|
742 | 1573 y(for)g(priv)m(acy)g(asso)q(ciated)h(with)f(the)g(diagnosis)h(of)g
|
---|
743 | (ailmen)o(ts,)c(treatmen)o(t)h(of)j(disease,)f(and)g(the)g(adminis-)0
|
---|
744 | 1633 y(tering)f(of)g(medicine)e(with)i(a)g(hospital.)21 b(T)l(o)15
|
---|
745 | b(supp)q(ort)g(suc)o(h)f(p)q(olicies,)g(a)g(capabilit)o(y)f(to)i(cen)o
|
---|
746 | (trally)d(con)o(trol)0 1693 y(and)h(main)o(tain)d(access)i(righ)o(ts)g(is)g
|
---|
747 | (required.)19 b(The)12 b(securit)o(y)f(administrator)g(is)h(resp)q(onsible)g
|
---|
748 | (for)g(enforcing)0 1754 y(p)q(olicy)k(and)g(represen)o(ts)g(the)g
|
---|
749 | (organization.)150 1814 y(The)h(determination)e(of)i(mem)o(b)q(ership)d(and)j
|
---|
750 | (the)g(allo)q(cation)g(of)h(transactions)g(to)f(a)g(role)g(is)g(not)0
|
---|
751 | 1874 y(so)i(m)o(uc)o(h)d(in)i(accordance)h(with)f(discretionary)g(decisions)g
|
---|
752 | (on)h(the)f(part)h(of)f(a)h(system)e(administrator,)0 1934
|
---|
753 | y(but)23 b(rather)g(in)f(compliance)f(with)h(organization-sp)q(eci\014c)h
|
---|
754 | (protection)g(guidelines.)39 b(These)23 b(p)q(olicies)0 1994
|
---|
755 | y(are)d(deriv)o(ed)f(from)f(existing)i(la)o(ws,)g(ethics,)g(regulations,)h
|
---|
756 | (or)f(generally)f(accepted)g(practices.)32 b(These)0 2055 y(p)q(olicies)17
|
---|
757 | b(are)i(non-discretionary)f(in)g(the)g(sense)h(that)f(they)g(are)g(una)o(v)o
|
---|
758 | (oidably)g(imp)q(osed)g(on)g(all)g(users.)0 2115 y(F)l(or)e(example,)d(a)j
|
---|
759 | (do)q(ctor)g(can)g(b)q(e)g(pro)o(vided)e(with)i(the)f(transaction)h(to)g
|
---|
760 | (prescrib)q(e)f(medicine,)e(but)i(do)q(es)0 2175 y(not)i(p)q(ossess)g(the)f
|
---|
761 | (authorit)o(y)h(to)f(pass)h(that)g(transaction)g(on)g(to)f(a)h(n)o(urse.)150
|
---|
762 | 2235 y(RBA)o(C)d(is)g(in)g(fact)h(a)g(form)f(of)h(mandatory)f(access)h(con)o
|
---|
763 | (trol,)f(but)h(it)f(is)g(not)h(based)h(on)f(m)o(ultile)o(v)o(e)o(l)0
|
---|
764 | 2295 y(securit)o(y)g(requiremen)o(ts.)j(As)e(de\014ned)g(in)g(the)g(TCSEC,)h
|
---|
765 | (MA)o(C)e(is)122 2409 y(A)c(means)f(of)i(restricting)e(access)h(to)h(ob)s
|
---|
766 | (jects)f(based)h(on)f(the)g(sensitivit)o(y)f(\(as)i(represen)o(ted)e(b)o(y)
|
---|
767 | 122 2469 y(a)15 b(lab)q(el\))f(of)h(the)f(information)g(con)o(tained)g(in)g
|
---|
768 | (the)g(ob)s(jects)h(and)g(the)f(formal)g(authorization)122
|
---|
769 | 2530 y(\(i.e.)20 b(clearance\))15 b(of)i(sub)s(jects)f(to)g(access)g
|
---|
770 | (information)g(of)g(suc)o(h)g(sensitivit)o(y)l(.)j([4])150
|
---|
771 | 2643 y(Role)13 b(based)h(access)f(con)o(trol,)h(in)f(man)o(y)f(applications)h
|
---|
772 | (\(e.g.)20 b([9])13 b(,)h([10])f(,)h([11])f(is)g(concerned)g(more)0
|
---|
773 | 2704 y(with)j(access)g(to)h(functions)f(and)h(information)e(than)i(strictly)e
|
---|
774 | (with)h(access)g(to)h(information.)963 2828 y(3)p eop
|
---|
775 | %%Page: 4 4
|
---|
776 | bop 150 195 a Fc(The)24 b(act)h(of)f(gran)o(ting)h(mem)o(b)q(ership)c(and)k
|
---|
777 | (sp)q(ecifying)f(transactions)h(for)f(a)h(role)f(is)g(lo)q(osely)0
|
---|
778 | 255 y(analogous)16 b(to)f(the)f(pro)q(cess)h(of)f(clearing)g(users)h(\(gran)o
|
---|
779 | (ting)f(mem)o(b)q(ership\))d(and)k(the)f(lab)q(eling)g(\(asso)q(ciate)0
|
---|
780 | 315 y(op)q(erational)f(sensitivities\))c(of)j(ob)s(jects)g(within)f(the)g
|
---|
781 | (DoD.)h(The)g(military)d(p)q(olicy)i(is)h(with)f(resp)q(ect)h(to)g(one)0
|
---|
782 | 376 y(t)o(yp)q(e)i(of)g(capabilit)o(y:)19 b(who)c(can)g(read)f(what)h
|
---|
783 | (information.)20 b(F)l(or)14 b(these)g(systems)f(the)h(unauthorized)h(\015o)o
|
---|
784 | (w)0 436 y(of)h(information)f(from)g(a)h(high)g(lev)o(el)e(to)i(a)g(lo)o(w)g
|
---|
785 | (lev)o(el)d(is)j(the)f(principal)g(concern.)21 b(As)16 b(suc)o(h,)f
|
---|
786 | (constrain)o(ts)0 496 y(on)24 b(b)q(oth)g(reads)g(and)g(writes)f(are)g(in)h
|
---|
787 | (supp)q(ort)g(of)g(that)g(rule.)42 b(Within)22 b(a)i(role-based)g(system,)f
|
---|
788 | (the)0 556 y(principal)15 b(concern)g(is)g(protecting)g(the)h(in)o(tegrit)o
|
---|
789 | (y)e(of)i(information:)j(\\who)e(can)f(p)q(erform)e(what)j(acts)f(on)0
|
---|
790 | 616 y(what)h(information.")150 677 y(A)g(role)f(can)h(b)q(e)g(though)o(t)h
|
---|
791 | (of)f(as)h(a)f(set)g(of)g(transactions)h(that)g(a)f(user)g(or)g(set)g(of)g
|
---|
792 | (users)h(can)f(p)q(er-)0 737 y(form)e(within)h(the)g(con)o(text)g(of)g(an)h
|
---|
793 | (organization.)23 b(T)l(ransactions)17 b(are)g(allo)q(cated)f(to)h(roles)f(b)
|
---|
794 | o(y)g(a)g(system)0 797 y(administrator.)26 b(Suc)o(h)18 b(transactions)h
|
---|
795 | (include)e(the)h(abilit)o(y)f(for)i(a)f(do)q(ctor)h(to)g(en)o(ter)e(a)i
|
---|
796 | (diagnosis,)g(pre-)0 857 y(scrib)q(e)14 b(medication,)f(and)i(add)g(a)g(en)o
|
---|
797 | (try)f(to)h(\(not)g(simply)e(mo)q(dify\))g(a)i(record)f(of)h(treatmen)o(ts)e
|
---|
798 | (p)q(erformed)0 917 y(on)20 b(a)g(patien)o(t.)30 b(The)19 b(role)g(of)h(a)f
|
---|
799 | (pharmacist)g(includes)f(the)h(transactions)i(to)e(disp)q(ense)h(but)f(not)h
|
---|
800 | (pre-)0 978 y(scrib)q(e)g(prescription)g(drugs.)34 b(Mem)o(b)q(ership)19
|
---|
801 | b(in)h(a)h(role)f(is)g(also)h(gran)o(ted)g(and)g(rev)o(ok)o(ed)e(b)o(y)h(a)g
|
---|
802 | (system)0 1038 y(administrator.)150 1098 y(Roles)g(are)h(group)h(orien)o
|
---|
803 | (ted.)33 b(F)l(or)21 b(eac)o(h)f(role,)h(a)g(set)f(of)h(transactions)h(allo)q
|
---|
804 | (cated)f(the)f(role)g(is)0 1158 y(main)o(tained.)h(A)c(transaction)h(can)f(b)
|
---|
805 | q(e)g(though)o(t)g(of)h(as)f(a)h(transformation)e(pro)q(cedure)h([1])g(\(a)g
|
---|
806 | (program)0 1218 y(or)h(p)q(ortion)h(of)f(a)g(program\))g(plus)g(a)g(set)f(of)
|
---|
807 | i(asso)q(ciated)f(data)h(items.)24 b(In)17 b(addition,)h(eac)o(h)g(role)f
|
---|
808 | (has)i(an)0 1279 y(asso)q(ciated)g(set)e(of)h(individual)e(mem)o(b)q(ers.)23
|
---|
809 | b(As)17 b(a)h(result,)f(RBA)o(Cs)g(pro)o(vide)g(a)h(means)f(of)h(naming)e
|
---|
810 | (and)0 1339 y(describing)f(man)o(y-to-man)o(y)e(relationships)j(b)q(et)o(w)o
|
---|
811 | (een)f(individuals)f(and)i(righ)o(ts.)21 b(Figure)15 b(1)h(depicts)f(the)0
|
---|
812 | 1399 y(relationships)f(b)q(et)o(w)o(een)g(individual)f(users,)i
|
---|
813 | (roles/groups,)g(transformation)g(pro)q(cedures,)f(and)h(system)0
|
---|
814 | 1459 y(ob)s(jects.)150 1519 y(The)j(term)e(transaction)i(is)g(used)g(in)f
|
---|
815 | (this)h(pap)q(er)g(as)g(a)g(con)o(v)o(enience)e(to)i(refer)f(to)h(a)g
|
---|
816 | (binding)g(of)0 1579 y(transformation)f(pro)q(cedure)g(and)g(data)h(storage)g
|
---|
817 | (access.)23 b(This)17 b(is)g(not)g(unlik)o(e)f(con)o(v)o(en)o(tional)f(usage)
|
---|
818 | j(of)0 1640 y(the)f(term)e(in)h(commercial)d(systems.)22 b(F)l(or)17
|
---|
819 | b(example,)e(a)i(sa)o(vings)g(dep)q(osit)g(transaction)h(is)f(a)g(pro)q
|
---|
820 | (cedure)0 1700 y(that)12 b(up)q(dates)g(a)g(sa)o(vings)f(database)i(and)f
|
---|
821 | (transaction)g(\014le.)19 b(A)11 b(transaction)h(ma)o(y)e(also)i(b)q(e)f
|
---|
822 | (quite)g(general,)0 1760 y(e.g.)30 b(\\read)20 b(sa)o(vings)f(\014le".)30
|
---|
823 | b(Note)19 b(ho)o(w)o(ev)o(er,)f(that)i(\\read")g(is)f(not)h(a)g(transaction)g
|
---|
824 | (in)f(the)g(sense)g(used)0 1820 y(here,)c(b)q(ecause)i(the)f(read)g(is)g(not)
|
---|
825 | h(b)q(ound)g(to)g(a)f(particular)g(data)h(item,)d(as)j(\\read)g(sa)o(vings)f
|
---|
826 | (\014le")g(is.)150 1880 y(The)21 b(imp)q(ortance)f(of)i(con)o(trol)f(o)o(v)o
|
---|
827 | (er)f(transactions,)j(as)f(opp)q(osed)g(to)g(simple)d(read)i(and)h(write)0
|
---|
828 | 1941 y(access,)j(can)f(b)q(e)g(seen)g(b)o(y)f(considering)h(t)o(ypical)e
|
---|
829 | (banking)i(transactions.)45 b(T)l(ellers)23 b(ma)o(y)f(execute)h(a)0
|
---|
830 | 2001 y(sa)o(vings)14 b(dep)q(osit)g(transaction,)g(requiring)f(read)g(and)h
|
---|
831 | (write)f(access)h(to)g(sp)q(eci\014c)f(\014elds)g(within)g(a)h(sa)o(vings)0
|
---|
832 | 2061 y(\014le)j(and)i(a)f(transaction)g(log)h(\014le.)25 b(An)17
|
---|
833 | b(accoun)o(ting)h(sup)q(ervisor)g(ma)o(y)f(b)q(e)h(able)f(to)h(execute)f
|
---|
834 | (correction)0 2121 y(transactions,)f(requiring)e(exactly)f(the)i(same)f(read)
|
---|
835 | h(and)g(write)f(access)h(to)g(the)g(same)f(\014les)g(as)h(the)g(teller.)0
|
---|
836 | 2181 y(The)h(di\013erence)f(is)h(the)g(pro)q(cess)h(executed)e(and)i(the)f(v)
|
---|
837 | m(alues)g(written)g(to)h(the)f(transaction)h(log)f(\014le.)150
|
---|
838 | 2242 y(The)k(applicabilit)o(y)d(of)j(RBA)o(C)f(to)h(commerc)o(ial)c(systems)j
|
---|
839 | (is)g(apparen)o(t)h(from)f(its)g(widespread)0 2302 y(use.)i(Baldwin)14
|
---|
840 | b([9])g(describ)q(es)g(a)h(database)h(system)d(using)i(roles)f(to)h(con)o
|
---|
841 | (trol)f(access.)21 b(Nash)15 b(and)g(P)o(oland)0 2362 y([10])i(discuss)f(the)
|
---|
842 | h(application)f(of)h(role)g(based)g(access)g(con)o(trol)f(to)h(cryptographic)
|
---|
843 | g(authen)o(tication)f(de-)0 2422 y(vices)g(commonly)e(used)j(in)g(the)g
|
---|
844 | (banking)g(industry)l(.)23 b(W)l(orking)18 b(with)f(industry)f(groups,)i(the)
|
---|
845 | f(National)0 2482 y(Institute)j(of)g(Standards)i(and)f(T)l(ec)o(hnology)f
|
---|
846 | (has)i(dev)o(elop)q(ed)d(a)i(prop)q(osed)h(standard,)g(\\Securit)o(y)d(Re-)0
|
---|
847 | 2543 y(quiremen)o(ts)e(for)i(Cryptographic)h(Mo)q(dules,")g(\(F)l(ederal)e
|
---|
848 | (Information)h(Pro)q(cessing)h(Standard)g(140-1\))0 2603 y([11])d(that)h
|
---|
849 | (will)e(require)g(supp)q(ort)i(for)g(access)f(con)o(trol)g(and)h
|
---|
850 | (administration)e(through)i(roles.)24 b(T)l(o)18 b(date,)0
|
---|
851 | 2663 y(these)h(role)f(based)i(systems)e(ha)o(v)o(e)g(b)q(een)h(dev)o(elop)q
|
---|
852 | (ed)f(b)o(y)h(a)h(v)m(ariet)o(y)e(of)h(organizations,)h(with)f(no)h(com-)963
|
---|
853 | 2828 y(4)p eop
|
---|
854 | %%Page: 5 5
|
---|
855 | bop 273 154 a
|
---|
856 | 22168453 13156352 0 0 22168453 13156352 startTexFig
|
---|
857 | 273 154 a
|
---|
858 | %%BeginDocument: fig1.eps
|
---|
859 | /$F2psDict 200 dict def
|
---|
860 | $F2psDict begin
|
---|
861 | $F2psDict /mtrx matrix put
|
---|
862 | /col-1 {} def
|
---|
863 | /col0 {0.000 0.000 0.000 srgb} bind def
|
---|
864 | /col1 {0.000 0.000 1.000 srgb} bind def
|
---|
865 | /col2 {0.000 1.000 0.000 srgb} bind def
|
---|
866 | /col3 {0.000 1.000 1.000 srgb} bind def
|
---|
867 | /col4 {1.000 0.000 0.000 srgb} bind def
|
---|
868 | /col5 {1.000 0.000 1.000 srgb} bind def
|
---|
869 | /col6 {1.000 1.000 0.000 srgb} bind def
|
---|
870 | /col7 {1.000 1.000 1.000 srgb} bind def
|
---|
871 | /col8 {0.000 0.000 0.560 srgb} bind def
|
---|
872 | /col9 {0.000 0.000 0.690 srgb} bind def
|
---|
873 | /col10 {0.000 0.000 0.820 srgb} bind def
|
---|
874 | /col11 {0.530 0.810 1.000 srgb} bind def
|
---|
875 | /col12 {0.000 0.560 0.000 srgb} bind def
|
---|
876 | /col13 {0.000 0.690 0.000 srgb} bind def
|
---|
877 | /col14 {0.000 0.820 0.000 srgb} bind def
|
---|
878 | /col15 {0.000 0.560 0.560 srgb} bind def
|
---|
879 | /col16 {0.000 0.690 0.690 srgb} bind def
|
---|
880 | /col17 {0.000 0.820 0.820 srgb} bind def
|
---|
881 | /col18 {0.560 0.000 0.000 srgb} bind def
|
---|
882 | /col19 {0.690 0.000 0.000 srgb} bind def
|
---|
883 | /col20 {0.820 0.000 0.000 srgb} bind def
|
---|
884 | /col21 {0.560 0.000 0.560 srgb} bind def
|
---|
885 | /col22 {0.690 0.000 0.690 srgb} bind def
|
---|
886 | /col23 {0.820 0.000 0.820 srgb} bind def
|
---|
887 | /col24 {0.500 0.190 0.000 srgb} bind def
|
---|
888 | /col25 {0.630 0.250 0.000 srgb} bind def
|
---|
889 | /col26 {0.750 0.380 0.000 srgb} bind def
|
---|
890 | /col27 {1.000 0.500 0.500 srgb} bind def
|
---|
891 | /col28 {1.000 0.630 0.630 srgb} bind def
|
---|
892 | /col29 {1.000 0.750 0.750 srgb} bind def
|
---|
893 | /col30 {1.000 0.880 0.880 srgb} bind def
|
---|
894 | /col31 {1.000 0.840 0.000 srgb} bind def
|
---|
895 |
|
---|
896 | end
|
---|
897 | save
|
---|
898 | -35.0 235.0 translate
|
---|
899 | 1 -1 scale
|
---|
900 |
|
---|
901 | /clp {closepath} bind def
|
---|
902 | /ef {eofill} bind def
|
---|
903 | /gr {grestore} bind def
|
---|
904 | /gs {gsave} bind def
|
---|
905 | /l {lineto} bind def
|
---|
906 | /m {moveto} bind def
|
---|
907 | /n {newpath} bind def
|
---|
908 | /s {stroke} bind def
|
---|
909 | /slc {setlinecap} bind def
|
---|
910 | /slj {setlinejoin} bind def
|
---|
911 | /slw {setlinewidth} bind def
|
---|
912 | /srgb {setrgbcolor} bind def
|
---|
913 | /rot {rotate} bind def
|
---|
914 | /sc {scale} bind def
|
---|
915 | /tr {translate} bind def
|
---|
916 | /tnt {dup dup currentrgbcolor
|
---|
917 | 4 -2 roll dup 1 exch sub 3 -1 roll mul add
|
---|
918 | 4 -2 roll dup 1 exch sub 3 -1 roll mul add
|
---|
919 | 4 -2 roll dup 1 exch sub 3 -1 roll mul add srgb}
|
---|
920 | bind def
|
---|
921 | /shd {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul
|
---|
922 | 4 -2 roll mul srgb} bind def
|
---|
923 | /$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def
|
---|
924 | /$F2psEnd {$F2psEnteredState restore end} def
|
---|
925 |
|
---|
926 | $F2psBegin
|
---|
927 | 10 setmiterlimit
|
---|
928 | 0.06000 0.06000 sc
|
---|
929 | 7.500 slw
|
---|
930 | n 600 600 m 1800 600 l 1800 1500 l 600 1500 l clp gs col-1 s gr
|
---|
931 | n 2505 1800 m 2400 1800 2400 2595 105 arcto 4 {pop} repeat 2400 2700 3495 2700 105 arcto 4 {pop} repeat 3600 2700 3600 1905 105 arcto 4 {pop} repeat 3600 1800 2505 1800 105 arcto 4 {pop} repeat clp gs col-1 s gr
|
---|
932 | n 600 3000 m 1800 3000 l 1800 3900 l 600 3900 l clp gs col-1 s gr
|
---|
933 | n 1800 1200 m 2400 1800 l gs col-1 s gr
|
---|
934 | n 1863.64 1306.07 m 1800.00 1200.00 l 1906.07 1263.64 l 1885.35 1285.35 l 1863.64 1306.07 l clp gs 0.00 setgray ef gr gs col-1 s gr
|
---|
935 | n 1800 3300 m 2400 2700 l gs col-1 s gr
|
---|
936 | n 1906.07 3236.36 m 1800.00 3300.00 l 1863.64 3193.93 l 1885.35 3215.65 l 1906.07 3236.36 l clp gs 0.00 setgray ef gr gs col-1 s gr
|
---|
937 | n 3615 2100 m 5700 900 l gs col-1 s gr
|
---|
938 | n 3733.97 2066.14 m 3615.00 2100.00 l 3704.04 2014.14 l 3719.50 2040.64 l 3733.97 2066.14 l clp gs 0.00 setgray ef gr gs col-1 s gr
|
---|
939 | n 3615 2385 m 5700 3585 l gs col-1 s gr
|
---|
940 | n 3704.04 2470.86 m 3615.00 2385.00 l 3733.97 2418.86 l 3719.50 2445.36 l 3704.04 2470.86 l clp gs 0.00 setgray ef gr gs col-1 s gr
|
---|
941 | n 3615 2280 m 5685 2280 l gs col-1 s gr
|
---|
942 | n 3735.00 2310.00 m 3615.00 2280.00 l 3735.00 2250.00 l 3735.50 2280.50 l 3735.00 2310.00 l clp gs 0.00 setgray ef gr gs col-1 s gr
|
---|
943 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
944 | 900 1200 m
|
---|
945 | gs 1 -1 sc (Object 1) col-1 show gr
|
---|
946 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
947 | 900 3600 m
|
---|
948 | gs 1 -1 sc (Object 2) col-1 show gr
|
---|
949 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
950 | 5700 900 m
|
---|
951 | gs 1 -1 sc (User 4) col-1 show gr
|
---|
952 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
953 | 5700 2400 m
|
---|
954 | gs 1 -1 sc (User 5) col-1 show gr
|
---|
955 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
956 | 5700 3600 m
|
---|
957 | gs 1 -1 sc (User 6) col-1 show gr
|
---|
958 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
959 | 4500 2100 m
|
---|
960 | gs 1 -1 sc (member_of) col-1 show gr
|
---|
961 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
962 | 4800 3000 m
|
---|
963 | gs 1 -1 sc (member_of) col-1 show gr
|
---|
964 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
965 | 4500 1200 m
|
---|
966 | gs 1 -1 sc (member_of) col-1 show gr
|
---|
967 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
968 | 2100 1500 m
|
---|
969 | gs 1 -1 sc (trans_a) col-1 show gr
|
---|
970 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
971 | 2100 3300 m
|
---|
972 | gs 1 -1 sc (trans_b) col-1 show gr
|
---|
973 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
974 | 2700 2400 m
|
---|
975 | gs 1 -1 sc (Role 1) col-1 show gr
|
---|
976 | $F2psEnd
|
---|
977 | restore
|
---|
978 | %%EndDocument
|
---|
979 | 273 154 a
|
---|
980 | endTexFig
|
---|
981 | 661 1089 a Fc(Figure)16 b(1:)22 b(Role)16 b(Relationships)0
|
---|
982 | 1219 y(monly)d(agreed)j(up)q(on)g(de\014nition)e(or)i(recognition)e(in)h
|
---|
983 | (formal)f(standards.)22 b(Role)15 b(based)g(access)g(con)o(trols)0
|
---|
984 | 1280 y(describ)q(ed)i(in)g(this)g(pap)q(er)h(address)g(securit)o(y)e
|
---|
985 | (primarily)f(for)i(application-lev)o(el)f(systems,)g(as)i(opp)q(osed)0
|
---|
986 | 1340 y(to)f(general)f(purp)q(ose)h(op)q(erating)g(systems.)0
|
---|
987 | 1505 y Fd(3)83 b(F)-7 b(ormal)25 b(Description)i(of)h(RBA)n(C)0
|
---|
988 | 1615 y Fc(T)l(o)15 b(clarify)f(the)g(notions)i(presen)o(ted)e(in)g(the)h
|
---|
989 | (previous)f(section,)h(w)o(e)f(giv)o(e)g(a)h(simple)e(formal)g(description,)0
|
---|
990 | 1675 y(in)19 b(terms)g(of)h(sets)f(and)i(relations,)f(of)g(role)f(based)h
|
---|
991 | (access)g(con)o(trol.)31 b(No)20 b(particular)f(implem)o(en)o(tation)0
|
---|
992 | 1735 y(mec)o(hanism)13 b(is)j(implied.)0 1842 y(F)l(or)g(eac)o(h)g(sub)s
|
---|
993 | (ject,)f(the)h(activ)o(e)f(role)h(is)g(the)g(one)h(that)f(the)g(sub)s(ject)g
|
---|
994 | (is)g(curren)o(tly)f(using:)150 1902 y Fb(AR)p Fc(\()p Fb(s)f
|
---|
995 | Fc(:)f Fb(subj)s(ect)p Fc(\))i(=)h Fa(f)h Fc(the)f(activ)o(e)e(role)i(for)h
|
---|
996 | (sub)s(ject)e Fb(s)i Fa(g)0 1962 y Fc(Eac)o(h)f(sub)s(ject)g(ma)o(y)f(b)q(e)h
|
---|
997 | (authorized)g(to)h(p)q(erform)e(one)h(or)h(more)e(roles:)150
|
---|
998 | 2022 y Fb(RA)p Fc(\()p Fb(s)f Fc(:)f Fb(subj)s(ect)p Fc(\))i(=)h
|
---|
999 | Fa(f)p Fc(authorized)g(fo)q(els)h(for)f(sub)s(ject)g Fb(s)g
|
---|
1000 | Fa(g)0 2082 y Fc(Eac)o(h)g(role)g(ma)o(y)f(b)q(e)h(authorized)g(to)h(p)q
|
---|
1001 | (erform)e(one)i(or)f(more)f(transactions:)150 2143 y Fb(T)7
|
---|
1002 | b(A)p Fc(\()p Fa(f)p Fb(r)14 b Fc(:)f Fb(r)q(ol)q(e)p Fa(g)p
|
---|
1003 | Fc(\))k(=)f Fa(f)p Fc(transactions)h(authorized)f(for)h(role)e
|
---|
1004 | Fb(r)j Fa(g)0 2203 y Fc(Sub)s(jects)f(ma)o(y)f(execute)g(transactions.)27
|
---|
1005 | b(The)18 b(predicate)e(exec\(s,t\))h(is)g(true)g(if)h(sub)s(ject)f(s)h(can)f
|
---|
1006 | (execute)0 2263 y(transaction)g(t)f(at)h(the)f(curren)o(t)f(time,)f
|
---|
1007 | (otherwise)i(it)g(is)g(false:)150 2323 y Fb(exec)p Fc(\()p
|
---|
1008 | Fb(s)d Fc(:)g Fb(subj)s(ect;)8 b(t)k Fc(:)h Fb(tr)q(an)p Fc(\))j(=)h(true)e
|
---|
1009 | (i\013)i(sub)s(ject)e Fb(s)i Fc(can)f(execute)f(transaction)i
|
---|
1010 | Fb(t)p Fc(.)0 2430 y(Three)f(basic)g(rules)g(are)g(required:)0
|
---|
1011 | 2536 y(1.)23 b(Role)16 b(assignmen)o(t:)21 b(A)c(sub)s(ject)f(can)h(execute)e
|
---|
1012 | (a)i(transaction)h(only)e(if)g(the)h(sub)s(ject)f(has)h(selected)f(or)0
|
---|
1013 | 2596 y(b)q(een)g(assigned)h(a)g(role:)150 2704 y Fa(8)p Fb(s)12
|
---|
1014 | b Fc(:)i Fb(subj)s(ect;)8 b(t)k Fc(:)h Fb(tr)q(an)p Fc(\()p
|
---|
1015 | Fb(exec)p Fc(\()p Fb(s;)8 b(t)p Fc(\))k Fa(\))i Fb(AR)p Fc(\()p
|
---|
1016 | Fb(s)p Fc(\))f Fa(6)p Fc(=)h Fa(;)p Fc(\))779 b(\(1\))963 2828
|
---|
1017 | y(5)p eop
|
---|
1018 | %%Page: 6 6
|
---|
1019 | bop 0 195 a Fc(The)20 b(iden)o(ti\014cation)f(and)h(authen)o(tication)g(pro)q
|
---|
1020 | (cess)g(\(e.g.)32 b(login\))20 b(is)g(not)g(considered)f(a)i(transaction.)0
|
---|
1021 | 255 y(All)16 b(other)h(user)g(activities)e(on)i(the)g(system)f(are)h
|
---|
1022 | (conducted)f(through)i(transactions.)25 b(Th)o(us)17 b(all)f(activ)o(e)0
|
---|
1023 | 315 y(users)g(are)h(required)e(to)h(ha)o(v)o(e)g(some)f(activ)o(e)g(role.)0
|
---|
1024 | 425 y(2.)22 b(Role)15 b(authorization:)22 b(A)16 b(sub)s(ject's)f(activ)o(e)g
|
---|
1025 | (role)h(m)o(ust)f(b)q(e)h(authorized)h(for)f(the)g(sub)s(ject:)150
|
---|
1026 | 540 y Fa(8)p Fb(s)c Fc(:)i Fb(subj)s(ect)p Fc(\()p Fb(AR)p
|
---|
1027 | Fc(\()p Fb(s)p Fc(\))e Fa(\022)i Fb(RA)p Fc(\()p Fb(s)p Fc(\)\))1116
|
---|
1028 | b(\(2\))0 654 y(With)24 b(\(1\))g(ab)q(o)o(v)o(e,)i(this)e(rule)g(ensures)g
|
---|
1029 | (that)g(users)h(can)f(tak)o(e)g(on)g(only)g(roles)g(for)h(whic)o(h)e(they)h
|
---|
1030 | (are)0 714 y(authorized.)0 824 y(3.)e(T)l(ransaction)17 b(authorization:)k(A)
|
---|
1031 | 16 b(sub)s(ject)f(can)h(execute)f(a)h(transaction)h(only)f(if)g(the)f
|
---|
1032 | (transaction)i(is)0 884 y(authorized)f(for)h(the)f(sub)s(ject's)f(activ)o(e)g
|
---|
1033 | (role:)150 998 y Fa(8)p Fb(s)d Fc(:)i Fb(subj)s(ect;)8 b(t)k
|
---|
1034 | Fc(:)h Fb(tr)q(an)p Fc(\()p Fb(exec)p Fc(\()p Fb(s;)8 b(t)p
|
---|
1035 | Fc(\))k Fa(\))i Fb(t)f Fa(2)h Fb(T)7 b(A)p Fc(\()p Fb(RA)p
|
---|
1036 | Fc(\()p Fb(s)p Fc(\)\)\))680 b(\(3\))0 1112 y(With)17 b(\(1\))g(and)h(\(2\),)
|
---|
1037 | f(this)g(rule)g(ensures)g(that)g(users)h(can)f(execute)f(only)h(transactions)
|
---|
1038 | h(for)f(whic)o(h)g(they)0 1173 y(are)12 b(authorized.)20 b(Note)12
|
---|
1039 | b(that,)i(b)q(ecause)e(the)g(conditional)h(is)f(\\only)g(if)s(",)h(this)g
|
---|
1040 | (rule)e(allo)o(ws)i(the)f(p)q(ossibilit)o(y)0 1233 y(that)18
|
---|
1041 | b(additional)f(restrictions)g(ma)o(y)f(b)q(e)i(placed)e(on)i(transaction)h
|
---|
1042 | (execution.)k(That)18 b(is,)f(the)h(rule)e(do)q(es)0 1293 y(not)21
|
---|
1043 | b(guaran)o(tee)h(a)f(transaction)h(to)f(b)q(e)g(executable)f(just)h(b)q
|
---|
1044 | (ecause)g(it)g(is)g(in)f Fb(T)7 b(A)p Fc(\()p Fb(AR)p Fc(\()p
|
---|
1045 | Fb(s)p Fc(\)\),)21 b(the)g(set)g(of)0 1353 y(transactions)16
|
---|
1046 | b(p)q(oten)o(tially)e(executable)g(b)o(y)h(the)g(sub)s(ject's)f(activ)o(e)g
|
---|
1047 | (role.)21 b(F)l(or)15 b(example,)e(a)j(trainee)e(for)i(a)0
|
---|
1048 | 1413 y(sup)q(ervisory)i(role)g(ma)o(y)e(b)q(e)j(assigned)f(the)g(role)g(of)g
|
---|
1049 | (\\Sup)q(ervisor",)h(but)f(ha)o(v)o(e)g(restrictions)f(applied)h(to)0
|
---|
1050 | 1474 y(his)g(or)g(her)f(user)h(role)f(that)h(limit)d(accessible)h
|
---|
1051 | (transactions)j(to)f(a)g(subset)g(of)g(those)g(normally)e(allo)o(w)o(ed)0
|
---|
1052 | 1534 y(for)h(the)f(Sup)q(ervisor)g(role.)150 1594 y(In)h(the)f(preceding)g
|
---|
1053 | (discussion,)h(a)h(transaction)f(has)h(b)q(een)f(de\014ned)g(as)g(a)g
|
---|
1054 | (transformation)g(pro-)0 1654 y(cedure,)d(plus)h(a)g(set)g(of)g(data)h(items)
|
---|
1055 | d(accessed)h(b)o(y)h(the)f(transformation)h(pro)q(cedure.)21
|
---|
1056 | b(Access)14 b(con)o(trol)g(in)0 1714 y(the)h(rules)f(ab)q(o)o(v)o(e)h(do)q
|
---|
1057 | (es)g(not)g(require)f(an)o(y)h(c)o(hec)o(ks)e(on)i(the)g(user's)f(righ)o(t)h
|
---|
1058 | (to)g(access)f(a)i(data)f(ob)s(ject,)f(or)i(on)0 1775 y(the)g(transformation)
|
---|
1059 | g(pro)q(cedure's)f(righ)o(t)h(to)g(access)g(a)g(data)h(item,)c(since)j(the)f
|
---|
1060 | (data)i(accesses)f(are)g(built)0 1835 y(in)o(to)j(the)h(transaction.)32
|
---|
1061 | b(Securit)o(y)19 b(issues)g(are)h(addressed)g(b)o(y)g(binding)f(op)q
|
---|
1062 | (erations)i(and)g(data)f(in)o(to)g(a)0 1895 y(transaction)c(at)g(design)g
|
---|
1063 | (time,)d(suc)o(h)j(as)g(when)g(priv)m(acy)f(issues)h(are)g(addressed)g(in)f
|
---|
1064 | (an)h(insurance)g(query)0 1955 y(transaction.)150 2015 y(It)f(is)g(also)h(p)q
|
---|
1065 | (ossible)f(to)h(rede\014ne)f(the)g(meaning)f(of)h(\\transaction")i(in)e(the)g
|
---|
1066 | (ab)q(o)o(v)o(e)g(rules)g(to)h(refer)0 2076 y(only)i(to)i(the)e
|
---|
1067 | (transformation)h(pro)q(cedure,)f(without)h(including)f(a)h(binding)g(to)g
|
---|
1068 | (ob)s(jects.)28 b(This)19 b(w)o(ould)0 2136 y(require)g(a)j(fourth)f(rule)f
|
---|
1069 | (to)h(enforce)f(con)o(trol)h(o)o(v)o(er)f(the)g(mo)q(des)g(in)h(whic)o(h)f
|
---|
1070 | (users)h(can)g(access)f(ob)s(jects)0 2196 y(through)d(transaction)g
|
---|
1071 | (programs.)22 b(F)l(or)16 b(example,)e(a)i(fourth)h(rule)e(suc)o(h)h(as)150
|
---|
1072 | 2310 y Fa(8)p Fb(s)c Fc(:)i Fb(subj)s(ect;)8 b(t)k Fc(:)h Fb(tr)q(an;)8
|
---|
1073 | b(o)14 b Fc(:)f Fb(obj)s(ect)p Fc(\()p Fb(exec)p Fc(\()p Fb(s;)8
|
---|
1074 | b(t)p Fc(\))k Fa(\))i Fb(access)p Fc(\()p Fb(AR)p Fc(\()p Fb(s)p
|
---|
1075 | Fc(\))p Fb(;)8 b(t;)g(o;)g(x)p Fc(\)\))344 b(\(4\))0 2424 y(could)13
|
---|
1076 | b(b)q(e)g(de\014ned)g(using)h(a)f(transaction)h(\(rede\014ned)e(to)i
|
---|
1077 | (transformation)f(pro)q(cedure\))g(to)h(ob)s(ject)e(access)0
|
---|
1078 | 2484 y(function)17 b Fb(access)p Fc(\()p Fb(r)o(;)8 b(i;)g(o;)g(x)p
|
---|
1079 | Fc(\))15 b(whic)o(h)i(indicates)g(if)f(it)h(is)g(p)q(ermissible)e(for)j(a)g
|
---|
1080 | (sub)s(ject)e(in)h(role)g(r)g(to)h(access)0 2545 y(ob)s(ject)12
|
---|
1081 | b(o)i(in)f(mo)q(de)f(x)h(using)g(transaction)h(t,)f(where)g(x)g(is)f(tak)o
|
---|
1082 | (en)h(from)f(some)g(set)h(of)g(mo)q(des)g(suc)o(h)g(as)g(read,)0
|
---|
1083 | 2605 y(write,)19 b(app)q(end.)30 b(Note)19 b(that)g(the)g(Clark-Wilson)g
|
---|
1084 | (access)g(con)o(trol)g(triple)f(could)h(b)q(e)g(implem)o(en)o(te)o(d)e(b)o(y)
|
---|
1085 | 0 2665 y(letting)e(the)h(mo)q(des)f(x)h(b)q(e)g(the)g(access)g(mo)q(des)f
|
---|
1086 | (required)g(b)o(y)h(transaction)g(t,)g(and)g(ha)o(ving)g(a)h(one-to-one)963
|
---|
1087 | 2828 y(6)p eop
|
---|
1088 | %%Page: 7 7
|
---|
1089 | bop 0 195 a Fc(relationship)19 b(b)q(et)o(w)o(een)g(sub)s(jects)g(and)i
|
---|
1090 | (roles.)31 b(RBA)o(C,)18 b(as)j(presen)o(ted)e(in)g(this)h(pap)q(er,)g(th)o
|
---|
1091 | (us)g(includes)0 255 y(Clark)c(and)h(Wilson)f(access)g(con)o(trol)g(as)h(a)g
|
---|
1092 | (sp)q(ecial)f(case.)150 315 y(Use)j(of)g(this)h(fourth)f(rule)g(migh)o(t)f(b)
|
---|
1093 | q(e)h(appropriate,)i(for)e(example,)f(in)h(a)g(hospital)h(setting.)30
|
---|
1094 | b(A)0 376 y(do)q(ctor)22 b(could)f(b)q(e)g(pro)o(vided)f(with)h(read/write)g
|
---|
1095 | (access)g(to)g(a)h(prescription)e(\014le,)h(while)f(the)h(hospital)0
|
---|
1096 | 436 y(pharmacist)i(migh)o(t)f(ha)o(v)o(e)h(only)g(read)h(access.)43
|
---|
1097 | b(\(Recall)23 b(that)h(use)f(of)h(the)g(\014rst)g(three)f(rules)g(alone)0
|
---|
1098 | 496 y(requires)d(binding)i(the)f(transaction)h(program)g(t)f(and)h(data)h(ob)
|
---|
1099 | s(jects)e(that)h(t)f(can)h(access,)g(and)g(only)0 556 y(con)o(trols)c(access)
|
---|
1100 | f(to)i(the)e(transactions.\))27 b(This)18 b(alternativ)o(e)e(approac)o(h)j
|
---|
1101 | (using)f(the)f(fourth)i(rule)e(migh)o(t)0 616 y(b)q(e)f(helpful)g(in)g
|
---|
1102 | (enforcing)g(con\014den)o(tialit)o(y)e(requiremen)o(ts.)150
|
---|
1103 | 677 y(Another)i(use)g(of)g(RBA)o(C)f(is)h(to)h(supp)q(ort)g(in)o(tegrit)o(y)l
|
---|
1104 | (.)j(In)o(tegrit)o(y)14 b(has)j(b)q(een)f(de\014ned)g(in)g(a)g(v)m(ariet)o(y)
|
---|
1105 | 0 737 y(of)f(w)o(a)o(ys,)g(but)g(one)h(asp)q(ect)f([8])g(of)g(in)o(tegrit)o
|
---|
1106 | (y)e(is)i(a)g(requiremen)o(t)d(that)k(data)g(and)f(pro)q(cesses)h(b)q(e)f(mo)
|
---|
1107 | q(di\014ed)0 797 y(only)d(in)g(authorized)g(w)o(a)o(ys)h(b)o(y)f(authorized)g
|
---|
1108 | (users.)20 b(This)12 b(seems)f(to)i(b)q(e)f(a)h(reasonable)g(securit)o(y)e
|
---|
1109 | (ob)s(jectiv)o(e)0 857 y(for)17 b(man)o(y)d(real)i(systems,)f(and)i(RBA)o(C)e
|
---|
1110 | (should)h(b)q(e)h(applicable)e(to)i(suc)o(h)f(systems.)150
|
---|
1111 | 917 y(In)23 b(general,)h(the)f(problem)f(of)h(determining)e(whether)i(data)h
|
---|
1112 | (ha)o(v)o(e)e(b)q(een)h(mo)q(di\014ed)f(only)h(in)0 978 y(authorized)c(w)o(a)
|
---|
1113 | o(ys)g(can)g(b)q(e)h(as)f(complex)e(as)j(the)f(transaction)h(that)f(did)g
|
---|
1114 | (the)g(mo)q(di\014cation.)29 b(F)l(or)19 b(this)0 1038 y(reason,)d(the)f
|
---|
1115 | (practical)g(approac)o(h)h(is)f(for)h(transactions)g(to)g(b)q(e)g
|
---|
1116 | (certi\014ed)e(and)i(trusted.)21 b(If)15 b(transactions)0 1098
|
---|
1117 | y(m)o(ust)23 b(b)q(e)h(trusted)g(then)g(access)g(con)o(trol)g(can)h(b)q(e)f
|
---|
1118 | (incorp)q(orated)h(directly)d(in)o(to)i(eac)o(h)g(transaction.)0
|
---|
1119 | 1158 y(Requiring)13 b(the)g(system)f(to)i(con)o(trol)f(access)g(of)h
|
---|
1120 | (transaction)h(programs)e(to)h(ob)s(jects)f(through)i(the)e(access)0
|
---|
1121 | 1218 y(function)20 b(used)f(in)h(rule)f(\(4\))h(migh)o(t)e(then)i(b)q(e)f(a)i
|
---|
1122 | (useful)e(form)g(of)h(redundancy)l(,)g(but)f(it)h(could)f(in)o(v)o(olv)o(e)0
|
---|
1123 | 1279 y(signi\014can)o(t)k(o)o(v)o(erhead)f(for)h(a)h(limited)c(b)q(ene\014t)j
|
---|
1124 | (in)f(enforcing)h(in)o(tegrit)o(y)e(requiremen)o(ts.)39 b(Therefore,)0
|
---|
1125 | 1339 y(inclusion)22 b(of)g(a)h(transaction)g(to)g(ob)s(ject)f(access)g(con)o
|
---|
1126 | (trol)g(function)g(in)g(RBA)o(C)g(w)o(ould)g(b)q(e)g(useful)g(in)0
|
---|
1127 | 1399 y(some,)15 b(but)h(not)h(all)f(applications.)0 1565 y
|
---|
1128 | Fd(4)83 b(Cen)n(trally)26 b(Administerin)o(g)f(Securit)n(y)h(Using)h(RBA)n(C)
|
---|
1129 | 0 1675 y Fc(RBA)o(C)15 b(is)h(\015exible)e(in)i(that)g(it)g(can)g(tak)o(e)f
|
---|
1130 | (on)i(organizational)g(c)o(haracteristics)e(in)g(terms)g(of)h(p)q(olicy)f
|
---|
1131 | (and)0 1735 y(structure.)21 b(One)16 b(of)g(RBA)o(C's)f(greatest)i(virtues)e
|
---|
1132 | (is)h(the)g(administrativ)o(e)e(capabilities)h(it)h(supp)q(orts.)150
|
---|
1133 | 1795 y(Once)i(the)g(transactions)i(of)e(a)h(Role)f(are)h(established)f
|
---|
1134 | (within)g(a)h(system,)e(these)h(transactions)0 1855 y(tend)23
|
---|
1135 | b(to)g(remain)e(relativ)o(ely)g(constan)o(t)i(or)h(c)o(hange)f(slo)o(wly)f(o)
|
---|
1136 | o(v)o(er)g(time.)39 b(The)23 b(administrativ)o(e)e(task)0 1916
|
---|
1137 | y(consists)i(of)f(gran)o(ting)h(and)f(rev)o(oking)g(mem)n(b)q(ership)e(to)i
|
---|
1138 | (the)g(set)g(of)h(sp)q(eci\014ed)e(named)h(roles)g(within)0
|
---|
1139 | 1976 y(the)d(system.)30 b(When)20 b(a)g(new)g(p)q(erson)g(en)o(ters)f(the)h
|
---|
1140 | (organization,)h(the)e(administrator)g(simply)e(gran)o(ts)0
|
---|
1141 | 2036 y(mem)o(b)q(ership)c(to)j(an)h(existing)e(role.)21 b(When)16
|
---|
1142 | b(a)h(p)q(erson's)g(function)f(c)o(hanges)g(within)g(the)g(organization,)0
|
---|
1143 | 2096 y(the)c(user)g(mem)o(b)q(ership)d(to)j(his)g(existing)g(roles)g(can)g(b)
|
---|
1144 | q(e)g(easily)f(deleted)g(and)i(new)f(ones)h(gran)o(ted.)20
|
---|
1145 | b(Finally)l(,)0 2156 y(when)h(a)h(p)q(erson)g(lea)o(v)o(es)e(the)h
|
---|
1146 | (organization,)i(all)e(mem)o(b)q(erships)e(to)i(all)g(Roles)g(are)h(deleted.)
|
---|
1147 | 35 b(F)l(or)22 b(an)0 2217 y(organization)e(that)f(exp)q(eriences)f(a)h
|
---|
1148 | (large)g(turno)o(v)o(er)g(of)g(p)q(ersonnel,)g(a)h(role-based)f(securit)o(y)f
|
---|
1149 | (p)q(olicy)g(is)0 2277 y(the)e(only)g(logical)g(c)o(hoice.)150
|
---|
1150 | 2337 y(In)g(addition,)g(roles)h(can)g(b)q(e)f(comp)q(osed)g(of)h(roles.)22
|
---|
1151 | b(F)l(or)17 b(example,)d(a)i(Healer)g(within)g(a)h(hospital)0
|
---|
1152 | 2397 y(can)j(b)q(e)f(comp)q(osed)g(of)h(the)f(roles)g(Healer,)g(In)o(tern,)g
|
---|
1153 | (and)h(Do)q(ctor.)31 b(Figure)19 b(2)h(depicts)f(an)h(example)d(of)0
|
---|
1154 | 2457 y(suc)o(h)f(a)h(relationship.)150 2518 y(By)22 b(gran)o(ting)h(mem)o(b)q
|
---|
1155 | (ership)d(to)j(the)f(Role)h(Do)q(ctor,)i(it)d(implies)e(access)j(to)g(all)f
|
---|
1156 | (transactions)0 2578 y(de\014ned)16 b(b)o(y)h(In)o(tern)e(and)j(Healer,)d(as)
|
---|
1157 | i(w)o(ell)e(as)j(those)f(of)g(a)g(Do)q(ctor.)23 b(On)17 b(the)g(other)f
|
---|
1158 | (hand,)h(b)o(y)g(gran)o(ting)0 2638 y(mem)o(b)q(ership)g(to)j(the)g(In)o
|
---|
1159 | (tern)f(role,)h(this)g(implies)e(transactions)j(of)f(the)g(In)o(tern)f(and)i
|
---|
1160 | (Healer)e(not)h(the)963 2828 y(7)p eop
|
---|
1161 | %%Page: 8 8
|
---|
1162 | bop 423 544 a
|
---|
1163 | 17432166 26181140 0 0 17432166 26181140 startTexFig
|
---|
1164 | 423 544 a
|
---|
1165 | %%BeginDocument: fig2.eps
|
---|
1166 | /$F2psDict 200 dict def
|
---|
1167 | $F2psDict begin
|
---|
1168 | $F2psDict /mtrx matrix put
|
---|
1169 | /col-1 {} def
|
---|
1170 | /col0 {0.000 0.000 0.000 srgb} bind def
|
---|
1171 | /col1 {0.000 0.000 1.000 srgb} bind def
|
---|
1172 | /col2 {0.000 1.000 0.000 srgb} bind def
|
---|
1173 | /col3 {0.000 1.000 1.000 srgb} bind def
|
---|
1174 | /col4 {1.000 0.000 0.000 srgb} bind def
|
---|
1175 | /col5 {1.000 0.000 1.000 srgb} bind def
|
---|
1176 | /col6 {1.000 1.000 0.000 srgb} bind def
|
---|
1177 | /col7 {1.000 1.000 1.000 srgb} bind def
|
---|
1178 | /col8 {0.000 0.000 0.560 srgb} bind def
|
---|
1179 | /col9 {0.000 0.000 0.690 srgb} bind def
|
---|
1180 | /col10 {0.000 0.000 0.820 srgb} bind def
|
---|
1181 | /col11 {0.530 0.810 1.000 srgb} bind def
|
---|
1182 | /col12 {0.000 0.560 0.000 srgb} bind def
|
---|
1183 | /col13 {0.000 0.690 0.000 srgb} bind def
|
---|
1184 | /col14 {0.000 0.820 0.000 srgb} bind def
|
---|
1185 | /col15 {0.000 0.560 0.560 srgb} bind def
|
---|
1186 | /col16 {0.000 0.690 0.690 srgb} bind def
|
---|
1187 | /col17 {0.000 0.820 0.820 srgb} bind def
|
---|
1188 | /col18 {0.560 0.000 0.000 srgb} bind def
|
---|
1189 | /col19 {0.690 0.000 0.000 srgb} bind def
|
---|
1190 | /col20 {0.820 0.000 0.000 srgb} bind def
|
---|
1191 | /col21 {0.560 0.000 0.560 srgb} bind def
|
---|
1192 | /col22 {0.690 0.000 0.690 srgb} bind def
|
---|
1193 | /col23 {0.820 0.000 0.820 srgb} bind def
|
---|
1194 | /col24 {0.500 0.190 0.000 srgb} bind def
|
---|
1195 | /col25 {0.630 0.250 0.000 srgb} bind def
|
---|
1196 | /col26 {0.750 0.380 0.000 srgb} bind def
|
---|
1197 | /col27 {1.000 0.500 0.500 srgb} bind def
|
---|
1198 | /col28 {1.000 0.630 0.630 srgb} bind def
|
---|
1199 | /col29 {1.000 0.750 0.750 srgb} bind def
|
---|
1200 | /col30 {1.000 0.880 0.880 srgb} bind def
|
---|
1201 | /col31 {1.000 0.840 0.000 srgb} bind def
|
---|
1202 |
|
---|
1203 | end
|
---|
1204 | save
|
---|
1205 | -35.0 433.0 translate
|
---|
1206 | 1 -1 scale
|
---|
1207 |
|
---|
1208 | /clp {closepath} bind def
|
---|
1209 | /ef {eofill} bind def
|
---|
1210 | /gr {grestore} bind def
|
---|
1211 | /gs {gsave} bind def
|
---|
1212 | /l {lineto} bind def
|
---|
1213 | /m {moveto} bind def
|
---|
1214 | /n {newpath} bind def
|
---|
1215 | /s {stroke} bind def
|
---|
1216 | /slc {setlinecap} bind def
|
---|
1217 | /slj {setlinejoin} bind def
|
---|
1218 | /slw {setlinewidth} bind def
|
---|
1219 | /srgb {setrgbcolor} bind def
|
---|
1220 | /rot {rotate} bind def
|
---|
1221 | /sc {scale} bind def
|
---|
1222 | /tr {translate} bind def
|
---|
1223 | /tnt {dup dup currentrgbcolor
|
---|
1224 | 4 -2 roll dup 1 exch sub 3 -1 roll mul add
|
---|
1225 | 4 -2 roll dup 1 exch sub 3 -1 roll mul add
|
---|
1226 | 4 -2 roll dup 1 exch sub 3 -1 roll mul add srgb}
|
---|
1227 | bind def
|
---|
1228 | /shd {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul
|
---|
1229 | 4 -2 roll mul srgb} bind def
|
---|
1230 | /$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def
|
---|
1231 | /$F2psEnd {$F2psEnteredState restore end} def
|
---|
1232 |
|
---|
1233 | $F2psBegin
|
---|
1234 | 10 setmiterlimit
|
---|
1235 | 0.06000 0.06000 sc
|
---|
1236 | 7.500 slw
|
---|
1237 | n 600 600 m 1500 600 l 1500 1200 l 600 1200 l clp gs col-1 s gr
|
---|
1238 | n 600 1800 m 1500 1800 l 1500 2400 l 600 2400 l clp gs col-1 s gr
|
---|
1239 | n 600 3000 m 1500 3000 l 1500 3600 l 600 3600 l clp gs col-1 s gr
|
---|
1240 | n 600 4200 m 1500 4200 l 1500 4800 l 600 4800 l clp gs col-1 s gr
|
---|
1241 | n 600 5400 m 1500 5400 l 1500 6000 l 600 6000 l clp gs col-1 s gr
|
---|
1242 | n 600 6600 m 1500 6600 l 1500 7200 l 600 7200 l clp gs col-1 s gr
|
---|
1243 | n 2505 1200 m 2400 1200 2400 1695 105 arcto 4 {pop} repeat 2400 1800 3195 1800 105 arcto 4 {pop} repeat 3300 1800 3300 1305 105 arcto 4 {pop} repeat 3300 1200 2505 1200 105 arcto 4 {pop} repeat clp gs col-1 s gr
|
---|
1244 | n 2505 3600 m 2400 3600 2400 4095 105 arcto 4 {pop} repeat 2400 4200 3195 4200 105 arcto 4 {pop} repeat 3300 4200 3300 3705 105 arcto 4 {pop} repeat 3300 3600 2505 3600 105 arcto 4 {pop} repeat clp gs col-1 s gr
|
---|
1245 | n 2505 6000 m 2400 6000 2400 6495 105 arcto 4 {pop} repeat 2400 6600 3195 6600 105 arcto 4 {pop} repeat 3300 6600 3300 6105 105 arcto 4 {pop} repeat 3300 6000 2505 6000 105 arcto 4 {pop} repeat clp gs col-1 s gr
|
---|
1246 | n 1500 900 m 2400 1200 l gs col-1 s gr
|
---|
1247 | n 1604.36 966.41 m 1500.00 900.00 l 1623.33 909.49 l gs col-1 s gr
|
---|
1248 | n 1500 2100 m 2400 1800 l gs col-1 s gr
|
---|
1249 | n 1623.33 2090.51 m 1500.00 2100.00 l 1604.36 2033.59 l gs col-1 s gr
|
---|
1250 | n 1500 3300 m 2400 3600 l gs col-1 s gr
|
---|
1251 | n 1604.36 3366.41 m 1500.00 3300.00 l 1623.33 3309.49 l gs col-1 s gr
|
---|
1252 | n 1500 4500 m 2400 4200 l gs col-1 s gr
|
---|
1253 | n 1623.33 4490.51 m 1500.00 4500.00 l 1604.36 4433.59 l gs col-1 s gr
|
---|
1254 | n 1500 5700 m 2400 6000 l gs col-1 s gr
|
---|
1255 | n 1604.36 5766.41 m 1500.00 5700.00 l 1623.33 5709.49 l gs col-1 s gr
|
---|
1256 | n 1500 6900 m 2400 6600 l gs col-1 s gr
|
---|
1257 | n 1623.33 6890.51 m 1500.00 6900.00 l 1604.36 6833.59 l gs col-1 s gr
|
---|
1258 | n 3300 1200 m 4500 900 l gs col-1 s gr
|
---|
1259 | n 3423.69 1200.00 m 3300.00 1200.00 l 3409.14 1141.79 l gs col-1 s gr
|
---|
1260 | n 3300 1500 m 4500 1500 l gs col-1 s gr
|
---|
1261 | n 3420.00 1530.00 m 3300.00 1500.00 l 3420.00 1470.00 l gs col-1 s gr
|
---|
1262 | n 3300 1800 m 4500 2100 l gs col-1 s gr
|
---|
1263 | n 3409.14 1858.21 m 3300.00 1800.00 l 3423.69 1800.00 l gs col-1 s gr
|
---|
1264 | n 3300 3600 m 4500 3300 l gs col-1 s gr
|
---|
1265 | n 3423.69 3600.00 m 3300.00 3600.00 l 3409.14 3541.79 l gs col-1 s gr
|
---|
1266 | n 3300 3900 m 4500 3900 l gs col-1 s gr
|
---|
1267 | n 3420.00 3930.00 m 3300.00 3900.00 l 3420.00 3870.00 l gs col-1 s gr
|
---|
1268 | n 3300 4200 m 4500 4500 l gs col-1 s gr
|
---|
1269 | n 3409.14 4258.21 m 3300.00 4200.00 l 3423.69 4200.00 l gs col-1 s gr
|
---|
1270 | n 3300 6000 m 4500 5700 l gs col-1 s gr
|
---|
1271 | n 3423.69 6000.00 m 3300.00 6000.00 l 3409.14 5941.79 l gs col-1 s gr
|
---|
1272 | n 3300 6300 m 4500 6300 l gs col-1 s gr
|
---|
1273 | n 3420.00 6330.00 m 3300.00 6300.00 l 3420.00 6270.00 l gs col-1 s gr
|
---|
1274 | n 3300 6600 m 4500 6900 l gs col-1 s gr
|
---|
1275 | n 3409.14 6658.21 m 3300.00 6600.00 l 3423.69 6600.00 l gs col-1 s gr
|
---|
1276 | n 2835 4215 m 2835 6000 l gs col-1 s gr
|
---|
1277 | n 2805.00 4335.00 m 2835.00 4215.00 l 2865.00 4335.00 l gs col-1 s gr
|
---|
1278 | n 2835 1800 m 2835 3615 l gs col-1 s gr
|
---|
1279 | n 2805.00 1920.00 m 2835.00 1800.00 l 2865.00 1920.00 l gs col-1 s gr
|
---|
1280 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
1281 | 750 900 m
|
---|
1282 | gs 1 -1 sc (Object 1) col-1 show gr
|
---|
1283 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
1284 | 750 2100 m
|
---|
1285 | gs 1 -1 sc (Object 2) col-1 show gr
|
---|
1286 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
1287 | 750 3300 m
|
---|
1288 | gs 1 -1 sc (Object 3) col-1 show gr
|
---|
1289 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
1290 | 750 4500 m
|
---|
1291 | gs 1 -1 sc (Object 4) col-1 show gr
|
---|
1292 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
1293 | 750 5700 m
|
---|
1294 | gs 1 -1 sc (Object 5) col-1 show gr
|
---|
1295 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
1296 | 750 6900 m
|
---|
1297 | gs 1 -1 sc (Object 6) col-1 show gr
|
---|
1298 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
1299 | 2550 1500 m
|
---|
1300 | gs 1 -1 sc (Healer) col-1 show gr
|
---|
1301 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
1302 | 2550 3900 m
|
---|
1303 | gs 1 -1 sc (Intern) col-1 show gr
|
---|
1304 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
1305 | 2550 6300 m
|
---|
1306 | gs 1 -1 sc (Doctor) col-1 show gr
|
---|
1307 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
1308 | 4500 900 m
|
---|
1309 | gs 1 -1 sc (User 1) col-1 show gr
|
---|
1310 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
1311 | 4500 1500 m
|
---|
1312 | gs 1 -1 sc (User 2) col-1 show gr
|
---|
1313 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
1314 | 4500 2100 m
|
---|
1315 | gs 1 -1 sc (User 3) col-1 show gr
|
---|
1316 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
1317 | 4500 3300 m
|
---|
1318 | gs 1 -1 sc (User 4) col-1 show gr
|
---|
1319 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
1320 | 4500 3900 m
|
---|
1321 | gs 1 -1 sc (User 5) col-1 show gr
|
---|
1322 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
1323 | 4500 4500 m
|
---|
1324 | gs 1 -1 sc (User 6) col-1 show gr
|
---|
1325 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
1326 | 4500 5700 m
|
---|
1327 | gs 1 -1 sc (User 7) col-1 show gr
|
---|
1328 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
1329 | 4500 6300 m
|
---|
1330 | gs 1 -1 sc (User 8) col-1 show gr
|
---|
1331 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
1332 | 4500 6900 m
|
---|
1333 | gs 1 -1 sc (User 9) col-1 show gr
|
---|
1334 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
1335 | 1800 975 m
|
---|
1336 | gs 1 -1 sc (trans_a) col-1 show gr
|
---|
1337 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
1338 | 1800 2100 m
|
---|
1339 | gs 1 -1 sc (trnas_b) col-1 show gr
|
---|
1340 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
1341 | 1800 3375 m
|
---|
1342 | gs 1 -1 sc (trans_c) col-1 show gr
|
---|
1343 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
1344 | 1800 4500 m
|
---|
1345 | gs 1 -1 sc (trans_d) col-1 show gr
|
---|
1346 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
1347 | 1800 5775 m
|
---|
1348 | gs 1 -1 sc (trans_e) col-1 show gr
|
---|
1349 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
1350 | 1800 6900 m
|
---|
1351 | gs 1 -1 sc (trans_f) col-1 show gr
|
---|
1352 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
1353 | 2550 5100 m
|
---|
1354 | gs 1 -1 sc (member_of) col-1 show gr
|
---|
1355 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
1356 | 2550 2700 m
|
---|
1357 | gs 1 -1 sc (member_of) col-1 show gr
|
---|
1358 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
1359 | 3600 1050 m
|
---|
1360 | gs 1 -1 sc (member_of) col-1 show gr
|
---|
1361 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
1362 | 3600 1500 m
|
---|
1363 | gs 1 -1 sc (member_of) col-1 show gr
|
---|
1364 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
1365 | 3600 1875 m
|
---|
1366 | gs 1 -1 sc (member_of) col-1 show gr
|
---|
1367 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
1368 | 3600 3450 m
|
---|
1369 | gs 1 -1 sc (member_of) col-1 show gr
|
---|
1370 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
1371 | 3600 3900 m
|
---|
1372 | gs 1 -1 sc (member_of) col-1 show gr
|
---|
1373 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
1374 | 3600 4275 m
|
---|
1375 | gs 1 -1 sc (member_of) col-1 show gr
|
---|
1376 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
1377 | 3600 5850 m
|
---|
1378 | gs 1 -1 sc (member_of) col-1 show gr
|
---|
1379 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
1380 | 3600 6300 m
|
---|
1381 | gs 1 -1 sc (member_of) col-1 show gr
|
---|
1382 | /Times-Roman findfont 180.00 scalefont setfont
|
---|
1383 | 3600 6675 m
|
---|
1384 | gs 1 -1 sc (member_of) col-1 show gr
|
---|
1385 | $F2psEnd
|
---|
1386 | restore
|
---|
1387 | %%EndDocument
|
---|
1388 | 423 544 a
|
---|
1389 | endTexFig
|
---|
1390 | 609 2304 a Fc(Figure)16 b(2:)22 b(Mult-Role)15 b(Relationships)963
|
---|
1391 | 2828 y(8)p eop
|
---|
1392 | %%Page: 9 9
|
---|
1393 | bop 0 195 a Fc(Do)q(ctor.)21 b(Ho)o(w)o(ev)o(er,)11 b(b)o(y)h(gran)o(ting)i
|
---|
1394 | (mem)n(b)q(ership)c(to)j(the)g(Healer)e(role,)i(this)g(only)f(allo)o(ws)h
|
---|
1395 | (access)g(to)g(those)0 255 y(resources)j(allo)o(w)o(ed)g(under)g(the)g(role)g
|
---|
1396 | (Healer.)0 422 y Fd(5)83 b(Principle)26 b(of)i(Least)f(Privilege)0
|
---|
1397 | 531 y Fc(The)20 b(principle)f(of)h(least)g(privilege)f(has)i(b)q(een)f
|
---|
1398 | (describ)q(ed)g(as)h(imp)q(ortan)o(t)e(for)i(meeting)d(in)o(tegrit)o(y)g(ob-)
|
---|
1399 | 0 591 y(jectiv)o(es.)24 b([8])18 b(The)f(principle)g(of)h(least)g(privilege)e
|
---|
1400 | (requires)g(that)j(a)f(user)g(b)q(e)g(giv)o(en)f(no)h(more)f(privilege)0
|
---|
1401 | 652 y(than)d(necessary)f(to)h(p)q(erform)e(a)i(job.)21 b(Ensuring)14
|
---|
1402 | b(least)f(privilege)f(requires)g(iden)o(tifying)g(what)i(the)f(user's)0
|
---|
1403 | 712 y(job)i(is,)g(determining)e(the)i(minim)n(um)c(set)k(of)g(privileges)f
|
---|
1404 | (required)g(to)h(p)q(erform)f(that)i(job,)f(and)h(restrict-)0
|
---|
1405 | 772 y(ing)j(the)g(user)g(to)h(a)f(domain)f(with)h(those)h(privileges)d(and)j
|
---|
1406 | (nothing)g(more.)28 b(By)19 b(den)o(ying)f(to)h(sub)s(jects)0
|
---|
1407 | 832 y(transactions)g(that)f(are)g(not)g(necessary)g(for)g(the)g(p)q
|
---|
1408 | (erformance)f(of)h(their)f(duties,)g(those)i(denied)e(privi-)0
|
---|
1409 | 892 y(leges)d(cannot)i(b)q(e)f(used)g(to)g(circum)o(v)n(en)o(t)c(the)k
|
---|
1410 | (organizational)h(securit)o(y)d(p)q(olicy)l(.)20 b(Although)15
|
---|
1411 | b(the)f(concept)0 953 y(of)21 b(least)g(privilege)e(curren)o(tly)g(exists)h
|
---|
1412 | (within)g(the)h(con)o(text)e(of)j(the)e(TCSEC,)h(requiremen)o(ts)d(restrict)0
|
---|
1413 | 1013 y(those)e(privileges)d(of)j(the)f(system)f(administrator.)20
|
---|
1414 | b(Through)d(the)e(use)g(of)h(RBA)o(C,)d(enforced)i(minim)n(um)0
|
---|
1415 | 1073 y(privileges)g(for)h(general)g(system)f(users)h(can)h(b)q(e)f(easily)g
|
---|
1416 | (ac)o(hiev)o(ed.)0 1239 y Fd(6)83 b(Separation)27 b(of)h(Duties)0
|
---|
1417 | 1349 y Fc(RBA)o(C)12 b(mec)o(hanism)o(s)e(can)k(b)q(e)f(used)f(b)o(y)h(a)g
|
---|
1418 | (system)e(administrator)i(in)f(enforcing)h(a)g(p)q(olicy)f(of)h(separation)0
|
---|
1419 | 1409 y(of)23 b(duties.)39 b(Separation)24 b(of)e(duties)h(is)f(considered)g
|
---|
1420 | (v)m(aluable)g(in)g(deterring)g(fraud)h(since)f(fraud)h(can)0
|
---|
1421 | 1469 y(o)q(ccur)h(if)f(an)h(opp)q(ortunit)o(y)g(exists)f(for)h(collab)q
|
---|
1422 | (oration)g(b)q(et)o(w)o(een)f(v)m(arious)h(job)g(related)f(capabilities.)0
|
---|
1423 | 1529 y(Separation)c(of)g(dut)o(y)e(requires)h(that)g(for)h(particular)f(sets)
|
---|
1424 | g(of)h(transactions,)g(no)g(single)f(individual)f(b)q(e)0 1590
|
---|
1425 | y(allo)o(w)o(ed)g(to)i(execute)e(all)g(transactions)i(within)f(the)g(set.)27
|
---|
1426 | b(The)18 b(most)f(commonly)f(used)i(examples)e(are)0 1650 y(the)21
|
---|
1427 | b(separate)h(transactions)h(needed)e(to)h(initiate)e(a)i(pa)o(ymen)o(t)e(and)
|
---|
1428 | i(to)g(authorize)g(a)g(pa)o(ymen)o(t.)35 b(No)0 1710 y(single)20
|
---|
1429 | b(individual)f(should)i(b)q(e)g(capable)f(of)h(executing)f(b)q(oth)h
|
---|
1430 | (transactions.)35 b(Separation)21 b(of)g(dut)o(y)f(is)0 1770
|
---|
1431 | y(an)k(imp)q(ortan)o(t)f(consideration)g(in)h(real)f(systems.)42
|
---|
1432 | b([1])23 b(,)i([12])f(,)h([13])e(,)i([14])f(The)f(sets)h(in)f(question)0
|
---|
1433 | 1830 y(will)c(v)m(ary)i(dep)q(ending)f(on)h(the)f(application.)34
|
---|
1434 | b(In)20 b(real)g(situations,)h(only)f(certain)g(transactions)h(need)0
|
---|
1435 | 1891 y(to)g(b)q(e)g(restricted)f(under)g(separation)i(of)f(dut)o(y)f
|
---|
1436 | (requiremen)o(ts.)32 b(F)l(or)21 b(example,)e(w)o(e)i(w)o(ould)g(exp)q(ect)f
|
---|
1437 | (a)0 1951 y(transaction)e(for)f(\\authorize)h(pa)o(ymen)o(t")d(to)i(b)q(e)h
|
---|
1438 | (restricted,)d(but)j(a)f(transaction)h(\\submit)e(suggestion)0
|
---|
1439 | 2011 y(to)h(administrator")e(w)o(ould)i(not)f(b)q(e.)150 2071
|
---|
1440 | y(Separation)j(of)f(dut)o(y)f(can)h(b)q(e)g(either)f(static)h(or)g(dynamic.)
|
---|
1441 | 24 b(Compliance)17 b(with)g(static)h(separa-)0 2131 y(tion)h(requiremen)o(ts)
|
---|
1442 | d(can)j(b)q(e)g(determined)d(simply)h(b)o(y)h(the)h(assignmen)o(t)f(of)h
|
---|
1443 | (individuals)f(to)h(roles)f(and)0 2192 y(allo)q(cation)j(of)g(transactions)g
|
---|
1444 | (to)g(roles.)34 b(The)21 b(more)e(di\016cult)g(case)i(is)f(dynamic)f
|
---|
1445 | (separation)j(of)e(dut)o(y)0 2252 y(where)c(compliance)e(with)i(requiremen)o
|
---|
1446 | (ts)d(can)k(only)f(b)q(e)h(determined)c(during)k(system)e(op)q(eration.)22
|
---|
1447 | b(The)0 2312 y(ob)s(jectiv)o(e)14 b(b)q(ehind)h(dynamic)f(separation)i(of)g
|
---|
1448 | (dut)o(y)f(is)h(to)f(allo)o(w)h(more)e(\015exibilit)o(y)f(in)i(op)q
|
---|
1449 | (erations.)22 b(Con-)0 2372 y(sider)16 b(the)h(case)g(of)g(initiating)f(and)h
|
---|
1450 | (authorizing)g(pa)o(ymen)o(ts.)k(A)16 b(static)h(p)q(olicy)f(could)h(require)
|
---|
1451 | e(that)j(no)0 2432 y(individual)d(who)i(can)g(serv)o(e)e(as)i(pa)o(ymen)o(t)d
|
---|
1452 | (initiator)i(could)g(also)h(serv)o(e)e(as)i(pa)o(ymen)o(t)e(authorizer.)21
|
---|
1453 | b(This)0 2492 y(could)15 b(b)q(e)g(implem)o(en)o(te)o(d)d(b)o(y)j(ensuring)g
|
---|
1454 | (that)h(no)f(one)h(who)f(can)h(p)q(erform)e(the)g(initiator)h(role)g(could)f
|
---|
1455 | (also)0 2553 y(p)q(erform)h(the)g(authorizer)h(role.)k(Suc)o(h)c(a)g(p)q
|
---|
1456 | (olicy)f(ma)o(y)f(b)q(e)i(to)q(o)g(rigid)g(for)g(commerc)o(ial)c(use,)k
|
---|
1457 | (making)e(the)0 2613 y(cost)21 b(of)g(securit)o(y)e(greater)i(than)g(the)f
|
---|
1458 | (loss)h(that)g(migh)o(t)e(b)q(e)i(exp)q(ected)e(without)i(the)g(securit)o(y)l
|
---|
1459 | (.)32 b(More)0 2673 y(\015exibilit)o(y)14 b(could)j(b)q(e)h(allo)o(w)o(ed)e
|
---|
1460 | (b)o(y)g(a)i(dynamic)d(p)q(olicy)i(that)g(allo)o(ws)h(the)e(same)h
|
---|
1461 | (individual)e(to)j(tak)o(e)f(on)963 2828 y(9)p eop
|
---|
1462 | %%Page: 10 10
|
---|
1463 | bop 0 195 a Fc(b)q(oth)15 b(initiator)e(and)h(authorizer)g(roles,)f(with)h
|
---|
1464 | (the)f(exception)g(that)h(no)g(one)g(could)f(authorize)h(pa)o(ymen)o(ts)0
|
---|
1465 | 255 y(that)i(he)g(or)g(she)g(had)h(initiated.)j(The)c(static)g(p)q(olicy)f
|
---|
1466 | (could)h(b)q(e)g(implem)o(e)o(n)o(ted)d(b)o(y)i(c)o(hec)o(king)f(only)i
|
---|
1467 | (roles)0 315 y(of)f(users;)g(for)g(the)g(dynamic)e(case,)h(the)h(system)e(m)o
|
---|
1468 | (ust)g(use)i(b)q(oth)h(role)e(and)h(user)g(ID)g(in)f(c)o(hec)o(king)f(access)
|
---|
1469 | 0 376 y(to)k(transactions.)150 436 y(Separation)g(of)h(dut)o(y)e(is)h
|
---|
1470 | (necessarily)e(determined)g(b)o(y)h(conditions)h(external)f(to)h(the)f
|
---|
1471 | (computer)0 496 y(system.)j(The)13 b(Clark-Wilson)h([1])f(sc)o(heme)f
|
---|
1472 | (includes)g(the)h(requiremen)o(t)e(that)j(the)f(system)f(main)o(tain)g(the)0
|
---|
1473 | 556 y(separation)21 b(of)f(dut)o(y)g(requiremen)n(t)d(expressed)j(in)f(the)h
|
---|
1474 | (access)g(con)o(trol)f(triples.)32 b(Enforcemen)o(t)18 b(is)i(on)0
|
---|
1475 | 616 y(a)e(p)q(er-user)g(basis,)g(using)g(the)f(user)g(ID)h(from)e(the)h
|
---|
1476 | (access)h(con)o(trol)f(triple.)24 b(As)17 b(discussed)h(ab)q(o)o(v)o(e,)f
|
---|
1477 | (user)0 677 y(functions)12 b(can)g(b)q(e)g(con)o(v)o(enien)o(tly)e(separated)
|
---|
1478 | i(b)o(y)g(role,)g(since)f(man)o(y)g(users)h(in)g(an)g(organization)h(t)o
|
---|
1479 | (ypically)0 737 y(p)q(erform)19 b(the)g(same)g(function)h(and)g(ha)o(v)o(e)f
|
---|
1480 | (the)h(same)f(access)h(righ)o(ts)f(on)i(TPs)f(and)h(data.)33
|
---|
1481 | b(Allo)q(cating)0 797 y(access)14 b(righ)o(ts)g(according)h(to)f(role)g(is)g
|
---|
1482 | (also)h(helpful)e(in)h(de\014ning)g(separation)h(of)f(dut)o(y)g(in)g(a)g(w)o
|
---|
1483 | (a)o(y)g(that)h(can)0 857 y(b)q(e)h(enforced)g(b)o(y)g(the)g(system.)0
|
---|
1484 | 1024 y Fd(7)83 b(Summ)n(ary)24 b(and)j(Conclusions)0 1133 y
|
---|
1485 | Fc(In)22 b(man)o(y)f(organizations)i(in)f(industry)g(and)h(civilian)d(go)o(v)
|
---|
1486 | o(ernmen)o(t,)h(the)h(end)g(users)g(do)h(not)g(\\o)o(wn")0
|
---|
1487 | 1193 y(the)16 b(information)g(for)h(whic)o(h)f(they)g(are)h(allo)o(w)o(ed)f
|
---|
1488 | (access.)23 b(F)l(or)16 b(these)h(organizations,)g(the)g(corp)q(oration)0
|
---|
1489 | 1253 y(or)22 b(agency)g(is)g(the)g(actual)g(\\o)o(wner")h(of)g(system)d(ob)s
|
---|
1490 | (jects,)j(and)f(discretionary)g(access)g(con)o(trol)g(ma)o(y)0
|
---|
1491 | 1314 y(not)15 b(b)q(e)f(appropriate.)21 b(Role-Based)14 b(Access)g(Con)o
|
---|
1492 | (trol)g(\(RBA)o(C\))f(is)h(a)h(nondiscretionary)f(access)g(con)o(trol)0
|
---|
1493 | 1374 y(mec)o(hanism)8 b(whic)o(h)i(allo)o(ws)h(and)g(promotes)f(the)h(cen)o
|
---|
1494 | (tral)f(administration)f(of)j(an)f(organizational)h(sp)q(eci\014c)0
|
---|
1495 | 1434 y(securit)o(y)j(p)q(olicy)l(.)150 1494 y(Access)g(con)o(trol)h
|
---|
1496 | (decisions)f(are)h(often)g(based)h(on)f(the)g(roles)f(individual)g(users)h
|
---|
1497 | (tak)o(e)g(on)g(as)h(part)0 1554 y(of)22 b(an)h(organization.)39
|
---|
1498 | b(A)22 b(role)f(sp)q(eci\014es)h(a)g(set)g(of)g(transactions)h(that)g(a)f
|
---|
1499 | (user)g(or)g(set)g(of)h(users)f(can)0 1615 y(p)q(erform)g(within)h(the)g(con)
|
---|
1500 | o(text)g(of)h(an)g(organization.)43 b(RBA)o(C)22 b(pro)o(vide)h(a)h(means)e
|
---|
1501 | (of)i(naming)e(and)0 1675 y(describing)16 b(relationships)h(b)q(et)o(w)o(een)
|
---|
1502 | g(individuals)f(and)h(righ)o(ts,)g(pro)o(viding)g(a)g(metho)q(d)g(of)g
|
---|
1503 | (meeting)e(the)0 1735 y(secure)h(pro)q(cessing)h(needs)f(of)g(man)o(y)f
|
---|
1504 | (commerci)o(al)e(and)k(civilian)e(go)o(v)o(ernmen)o(t)e(organizations.)150
|
---|
1505 | 1795 y(V)l(arious)j(forms)g(of)h(role)f(based)g(access)h(con)o(trol)f(ha)o(v)
|
---|
1506 | o(e)f(b)q(een)h(describ)q(ed)g(and)h(some)f(are)g(used)g(in)0
|
---|
1507 | 1855 y(commerci)o(al)10 b(systems)i(to)q(da)o(y)l(,)i(but)f(there)g(is)g(no)h
|
---|
1508 | (commonly)c(accepted)i(de\014nition)h(or)h(formal)e(standards)0
|
---|
1509 | 1916 y(encompassing)17 b(RBA)o(C.)e(As)i(suc)o(h,)f(ev)m(aluation)i(and)f
|
---|
1510 | (testing)g(programs)g(for)h(these)e(systems)g(ha)o(v)o(e)h(not)0
|
---|
1511 | 1976 y(b)q(een)22 b(established)f(as)h(they)g(ha)o(v)o(e)f(for)h(systems)e
|
---|
1512 | (conforming)h(to)h(the)g(T)l(rusted)g(Computer)f(Securit)o(y)0
|
---|
1513 | 2036 y(Ev)m(aluation)13 b(Criteria.)19 b(This)13 b(pap)q(er)g(prop)q(osed)h
|
---|
1514 | (a)f(de\014nition)f(of)h(The)f(requiremen)o(ts)e(and)j(access)f(con)o(trol)0
|
---|
1515 | 2096 y(rules)17 b(for)h(RBA)o(C)f(prop)q(osed)i(in)e(this)h(pap)q(er)g(could)
|
---|
1516 | f(b)q(e)h(used)g(as)g(the)g(basis)g(for)g(a)g(common)d(de\014nition)0
|
---|
1517 | 2156 y(of)i(access)f(con)o(trols)g(based)h(on)f(user)h(roles.)0
|
---|
1518 | 2323 y Fd(8)83 b(References)0 2432 y Fc(1)25 b(D.D.)f(Clark)g(and)h(D.R.)f
|
---|
1519 | (Wilson.)45 b(A)24 b(Comparison)g(of)h(Commercial)c(and)k(Military)e
|
---|
1520 | (Computer)0 2492 y(Securit)o(y)15 b(P)o(olicies.)k(In)d(IEEE)h(Symp)q(osium)d
|
---|
1521 | (on)j(Computer)e(Securit)o(y)g(and)h(Priv)m(acy)l(,)g(April)f(1987.)150
|
---|
1522 | 2553 y(2)i(Computers)e(at)i(Risk.)j(National)d(Researc)o(h)e(Council,)h
|
---|
1523 | (National)g(Academ)o(y)d(Press,)j(1991.)150 2613 y(3)j(Minim)o(um)14
|
---|
1524 | b(Securit)o(y)j(F)l(unctionalit)o(y)f(Requiremen)o(ts)f(for)k(Multi-User)e
|
---|
1525 | (Op)q(erating)h(Systems)0 2673 y(\(draft\).)j(Computer)16 b(Systems)f(Lab)q
|
---|
1526 | (oratory)l(,)j(NIST,)d(Jan)o(uary)h(27)i(1992.)951 2828 y(10)p
|
---|
1527 | eop
|
---|
1528 | %%Page: 11 11
|
---|
1529 | bop 150 195 a Fc(4)20 b(T)l(rusted)g(Computer)f(Securit)o(y)f(Ev)m(aluation)i
|
---|
1530 | (Criteria,)g(DOD)g(5200.28-STD.)i(Departmen)o(t)0 255 y(of)17
|
---|
1531 | b(Defense,)e(1985.)150 315 y(5)20 b(Z.G.)e(Ruth)o(b)q(erg)h(and)h(W.T.)f(P)o
|
---|
1532 | (olk,)g(Editors.)30 b(Rep)q(ort)20 b(of)f(the)g(In)o(vitational)f(W)l
|
---|
1533 | (orkshop)j(on)0 376 y(Data)c(In)o(tegrit)o(y)l(.)j(SP)c(500-168.)24
|
---|
1534 | b(Natl.)d(Inst.)g(of)16 b(Stds.)22 b(and)17 b(T)l(ec)o(hnology)l(,)e(1989.)
|
---|
1535 | 150 436 y(6)h(S.W.)g(Katzk)o(e)f(and)h(Z.G.)f(Ruth)o(b)q(erg,)h(Editors.)21
|
---|
1536 | b(Rep)q(ort)c(of)f(the)g(In)o(vitational)f(W)l(orkshop)i(on)0
|
---|
1537 | 496 y(In)o(tegrit)o(y)g(P)o(olicy)h(in)g(Computer)g(Information)g(Systems.)27
|
---|
1538 | b(SP)19 b(500-160.)32 b(Natl.)c(Inst.)h(of)19 b(Stds.)29 b(and)0
|
---|
1539 | 556 y(T)l(ec)o(hnology)l(,)16 b(1987.)150 616 y(7)j(J.E.)f(Rosk)o(os,)i(S.R.)
|
---|
1540 | e(W)l(elk)o(e,)f(J.M.)h(Bo)q(one,)i(and)f(T.)g(Ma)o(y\014eld.)28
|
---|
1541 | b(In)o(tegrit)o(y)17 b(in)h(T)l(actical)g(and)0 677 y(Em)o(b)q(edded)d
|
---|
1542 | (Systems.)20 b(Institute)15 b(for)i(Defense)e(Analyses,)h(HQ)f(89-034883)q
|
---|
1543 | (/1)q(,)j(Octob)q(er)f(1989.)150 737 y(8)e(In)o(tegrit)o(y)e(in)h(Automated)f
|
---|
1544 | (Information)g(Systems.)20 b(National)14 b(Computer)f(Securit)o(y)l(,)g(Cen)o
|
---|
1545 | (ter,)0 797 y(Septem)o(b)q(er)h(1991.)150 857 y(9)h(R.W.)f(Baldwin.)21
|
---|
1546 | b(Naming)13 b(and)j(Grouping)f(Privileges)f(to)h(Simplify)d(Securit)o(y)h
|
---|
1547 | (Managemen)o(t)0 917 y(in)j(Large)h(Databases.)23 b(In)16 b(IEEE)g(Symp)q
|
---|
1548 | (osium)e(on)j(Computer)e(Securit)o(y)g(and)i(Priv)m(acy)l(,)e(1990.)150
|
---|
1549 | 978 y(10)20 b(K.R.)d(P)o(oland)i(M.J.)f(Nash.)29 b(Some)18
|
---|
1550 | b(Con)o(undrums)g(Concerning)h(Separation)h(of)f(Dut)o(y)l(.)28
|
---|
1551 | b(In)0 1038 y(IEEE)16 b(Symp)q(osium)f(on)h(Computer)g(Securit)o(y)e(and)j
|
---|
1552 | (Priv)m(acy)l(,)e(1990.)150 1098 y(11)d(Securit)o(y)d(Requiremen)o(ts)f(for)j
|
---|
1553 | (Cryptographic)h(Mo)q(dules.)19 b(F)l(ederal)10 b(Information)g(Pro)q
|
---|
1554 | (cessing)0 1158 y(Standard)17 b(140-1,)h(National)e(Institute)g(of)g
|
---|
1555 | (Standards)i(and)f(T)l(ec)o(hnology)l(,)e(1992.)150 1218 y(12)20
|
---|
1556 | b(W.R.)f(Sho)q(c)o(kley)l(.)30 b(Impleme)o(n)o(ti)o(ng)18 b(the)h
|
---|
1557 | (Clark/Wilson)h(In)o(tegrit)o(y)e(P)o(olicy)g(Using)h(Curren)o(t)0
|
---|
1558 | 1279 y(T)l(ec)o(hnology)l(.)i(In)16 b(Pro)q(ceedings)g(of)g(11th)h(National)f
|
---|
1559 | (Computer)f(Securit)o(y)g(Conference,)g(Octob)q(er)h(1988.)150
|
---|
1560 | 1339 y(13)i(R.)e(Sandh)o(u.)25 b(T)l(ransaction)18 b(Con)o(trol)f
|
---|
1561 | (Expressions)h(for)f(Separation)h(of)f(Duties.)24 b(In)17 b(F)l(ourth)0
|
---|
1562 | 1399 y(Aerospace)f(Computer)f(Securit)o(y)g(Applications)g(Conference,)h
|
---|
1563 | (Decem)o(b)q(er)d(1988.)150 1459 y(14)20 b(S.)f(Wiseman)g(P)l(.)g(T)l(erry)l
|
---|
1564 | (.)30 b(A)19 b('New')f(Securit)o(y)g(P)o(olicy)h(Mo)q(del.)30
|
---|
1565 | b(In)19 b(IEEE)h(Symp)q(osium)e(on)0 1519 y(Computer)d(Securit)o(y)g(and)i
|
---|
1566 | (Priv)m(acy)l(,)e(Ma)o(y)h(1989.)951 2828 y(11)p eop
|
---|
1567 | %%Trailer
|
---|
1568 | end
|
---|
1569 | userdict /end-hook known{end-hook}if
|
---|
1570 | %%EOF
|
---|
1571 |
|
---|