View
212
Download
0
Category
Tags:
Preview:
Citation preview
ENGINEERING AUTHORITY AND TRUST IN CYBERSPACE:
A ROLE-BASED APPROACH
Prof. Ravi SandhuLaboratory for Information Security Technology
George Mason University
sandhu@gmu.edu
www.list.gmu.edu
AUTHORIZATION, TRUST AND RISK
Information security management is fundamentally about managing authorization and trust
so as to manage risk
ENGINEERING AUTHORITY & TRUST4 LAYERS
Policy
Model
Architecture
Mechanism
What?
How?
ENGINEERING AUTHORITY & TRUST4 LAYERS
What?
How?
No information leakage
Lattices (Bell-LaPadula)
Security kernel
Security labels
Multilevel Security
ENGINEERING AUTHORITY & TRUST4 LAYERS
What?
How?
Policy neutral
RBAC96
user-pull, server-pull, etc.
certificates, tickets, PACs, etc.
Role-Based Access Control (RBAC)
ROLE-BASED ACCESS CONTROL (RBAC)
A user’s permissions are determined by the user’s roles rather than identity or clearance roles can encode arbitrary attributes
multi-faceted ranges from very simple to very
sophisticated
RBAC SECURITY PRINCIPLES
least privilege separation of duties separation of administration and
access abstract operations
RBAC96IEEE Computer Feb. 1996
Policy neutral can be configured to do MAC
roles simulate clearances (ESORICS 96) can be configured to do DAC
roles simulate identity (RBAC98)
RBAC96 FAMILY OF MODELS
RBAC0BASIC RBAC
RBAC3ROLE HIERARCHIES +
CONSTRAINTS
RBAC1ROLE
HIERARCHIES
RBAC2CONSTRAINTS
RBAC0
ROLES
USER-ROLEASSIGNMENT
PERMISSION-ROLEASSIGNMENT
USERS PERMISSIONS
... SESSIONS
RBAC1
ROLES
USER-ROLEASSIGNMENT
PERMISSION-ROLEASSIGNMENT
USERS PERMISSIONS
... SESSIONS
ROLE HIERARCHIES
HIERARCHICAL ROLES
Health-Care Provider
Physician
Primary-CarePhysician
SpecialistPhysician
EXAMPLE ROLE HIERARCHY
Employee (E)
Engineering Department (ED)
Project Lead 1(PL1)
Engineer 1(E1)
Production 1(P1)
Quality 1(Q1)
Director (DIR)
Project Lead 2(PL2)
Engineer 2(E2)
Production 2(P2)
Quality 2(Q2)
PROJECT 2PROJECT 1
RBAC3
ROLES
USER-ROLEASSIGNMENT
PERMISSIONS-ROLEASSIGNMENT
USERS PERMISSIONS
... SESSIONS
ROLE HIERARCHIES
CONSTRAINTS
ADMINISTRATIVE RBAC
ROLES
USERS
PERMISSIONS
...
ADMINROLES
ADMINPERMISSIONS
CONSTRAINTS
EXAMPLE ROLE HIERARCHY
Employee (E)
Engineering Department (ED)
Project Lead 1(PL1)
Engineer 1(E1)
Production 1(P1)
Quality 1(Q1)
Director (DIR)
Project Lead 2(PL2)
Engineer 2(E2)
Production 2(P2)
Quality 2(Q2)
PROJECT 2PROJECT 1
EXAMPLE ADMINISTRATIVE ROLE HIERARCHY
Senior Security Officer (SSO)
Department Security Officer (DSO)
Project SecurityOfficer 1 (PSO1)
Project SecurityOfficer 2 (PSO2)
RBAC PARAMETERS
RBAC has many facets, including number of roles: large or small flat roles versus hierarchical roles permission-role review capability static separation of duties dynamic separation of duties role-activation capability
at least 64 variations
NIST RBAC MODELin progress
Level 1: flat RBAC user-role review
Level 2: hierarchical RBAC plus role hierarchies
Level 3: constrained RBAC plus separation constraints
Level 4: true RBAC plus permission-role review
CLASS I SYSTEMSENFORCEMENT ARCHITECTURE
Client Server
CLASS I SYSTEMSADMINISTRATION ARCHITECTURE
AdministrativeClient
Server2
Server1
ServerN
AuthorizationCenter
CLASS II SYSTEMSSERVER-PULL
Client Server
AuthorizationServer
AuthenticationServer
CLASS II SYSTEMSUSER-PULL
Client Server
AuthorizationServer
AuthenticationServer
R&D IN INTERNET TIME
new technology needs to be developed and deployed continuously in the very short term
need focused applied research need synergy between Universities
and Industry
Recommended