Upload
ramponnet
View
219
Download
0
Embed Size (px)
Citation preview
7/29/2019 lecture01-2
1/20
INFS 767 Fall 2003
The RBAC96 Model
Prof. Ravi Sandhu
George Mason University
2 Ravi Sandhu
AUTHORIZATION, TRUST AND RISK
v Information security is fundamentallyabout managing
authorization and
trustso as to manage risk
7/29/2019 lecture01-2
2/20
3 Ravi Sandhu
SOLUTIONS
vOM-AM
vRBAC
vPKI
v and others
4 Ravi Sandhu
THE OM-AM WAY
Objectives
Model
Architecture
Mechanism
What?
How?
A
s
s
u
ra
n
c
e
7/29/2019 lecture01-2
3/20
5 Ravi Sandhu
LAYERS AND LAYERS
vMultics rings
vLayered abstractions
vWaterfall model
vNetwork protocol stacks
vOM-AM
6 Ravi Sandhu
OM-AM AND MANDATORY ACCESSCONTROL (MAC)
What?
How?
No information leakage
Lattices (Bell-LaPadula)
Security kernel
Security labels
A
s
s
u
ra
n
c
e
7/29/2019 lecture01-2
4/20
7 Ravi Sandhu
OM-AM AND DISCRETIONARY
ACCESS CONTROL (DAC)
What?
How?
Owner-based discretion
numerous
numerous
ACLs, Capabilities, etc
A
s
s
u
r
a
nc
e
8 Ravi Sandhu
OM-AM AND ROLE-BASED ACCESSCONTROL (RBAC)
What?
How?
Policy neutral
RBAC96
user-pull, server-pull, etc.
certificates, tickets, PACs, etc.
A
s
s
u
ra
n
c
e
7/29/2019 lecture01-2
5/20
9 Ravi Sandhu
ROLE-BASED ACCESS
CONTROL (RBAC)
vA users permissions are determinedby the users roles
rather than identity or clearance
roles can encode arbitrary attributes
vmulti-faceted
v
ranges from very simple to verysophisticated
10 Ravi Sandhu
WHAT IS THE POLICY IN RBAC?
vRBAC is a framework to help inarticulating policy
vThe main point of RBAC is to
facilitate security management
7/29/2019 lecture01-2
6/20
11 Ravi Sandhu
RBAC SECURITY
PRINCIPLES
v least privilege
v separation of duties
v separation of administration andaccess
v abstract operations
12 Ravi Sandhu
RBAC96IEEE Computer Feb. 1996
vPolicy neutral
v can be configured to do MAC
roles simulate clearances (ESORICS 96)
v can be configured to do DAC roles simulate identity (RBAC98)
7/29/2019 lecture01-2
7/20
13 Ravi Sandhu
WHAT IS RBAC?
vmultidimensional
vopen ended
v ranges from simple to sophisticated
14 Ravi Sandhu
RBAC CONUNDRUM
v turn on all roles all the time
v turn on one role only at a time
v turn on a user-specified subset of
roles
7/29/2019 lecture01-2
8/20
15 Ravi Sandhu
RBAC96 FAMILY OF
MODELS
RBAC0BASIC RBAC
RBAC3ROLE HIERARCHIES +
CONSTRAINTS
RBAC1ROLE
HIERARCHIES
RBAC2CONSTRAINTS
16 Ravi Sandhu
RBAC0
ROLES
USER-ROLEASSIGNMENT
PERMISSION-ROLEASSIGNMENT
USERS PERMISSIONS
... SESSIONS
7/29/2019 lecture01-2
9/20
17 Ravi Sandhu
PERMISSIONS
vPrimitive permissions
read, write, append, execute
vAbstract permissions
credit, debit, inquiry
18 Ravi Sandhu
PERMISSIONS
vSystem permissions
Auditor
vObject permissions
read, write, append, execute, credit,debit, inquiry
7/29/2019 lecture01-2
10/20
19 Ravi Sandhu
PERMISSIONS
vPermissions are positive
vNo negative permissions or denials
negative permissions and denials canbe handled by constraints
vNo duties or obligations
outside scope of access control
20 Ravi Sandhu
ROLES AS POLICY
vA role brings together
a collection of users and
a collection of permissions
vThese collections will vary over timeA role has significance and meaning
beyond the particular users andpermissions brought together at anymoment
7/29/2019 lecture01-2
11/20
21 Ravi Sandhu
ROLES VERSUS GROUPS
vGroups are often defined as
a collection of users
vA role is
a collection of users and
a collection of permissions
vSome authors define role as a collection of permissions
22 Ravi Sandhu
USERS
vUsers are
human beings or
other active agents
vEach individual should be known asexactly one user
7/29/2019 lecture01-2
12/20
23 Ravi Sandhu
USER-ROLE ASSIGNMENT
vA user can be a member of manyroles
vEach role can have many users asmembers
24 Ravi Sandhu
SESSIONS
vA user can invoke multiple sessions
v In each session a user can invokeany subset of roles that the user is a
member of
7/29/2019 lecture01-2
13/20
25 Ravi Sandhu
PERMISSION-ROLE ASSIGNMENT
vA permission can be assigned tomany roles
vEach role can have manypermissions
26 Ravi Sandhu
MANAGEMENT OF RBAC
vOption 1:
USER-ROLE-ASSIGNMENT andPERMISSION-ROLE ASSIGNMENT
can be changed only by the chiefsecurity officer
vOption 2:
Use RBAC to manage RBAC
7/29/2019 lecture01-2
14/20
27 Ravi Sandhu
RBAC1
ROLES
USER-ROLEASSIGNMENT
PERMISSION-ROLEASSIGNMENT
USERS PERMISSIONS
... SESSIONS
ROLE HIERARCHIES
28 Ravi Sandhu
HIERARCHICAL ROLES
Health-Care Provider
Physician
Primary-CarePhysician
SpecialistPhysician
7/29/2019 lecture01-2
15/20
29 Ravi Sandhu
HIERARCHICAL ROLES
Engineer
HardwareEngineer
SoftwareEngineer
SupervisingEngineer
30 Ravi Sandhu
PRIVATE ROLES
Engineer
HardwareEngineer
SoftwareEngineer
SupervisingEngineer
HardwareEngineer
SoftwareEngineer
7/29/2019 lecture01-2
16/20
31 Ravi Sandhu
EXAMPLE ROLE HIERARCHY
Employee (E)
Engineering Department (ED)
Project Lead 1
(PL1)
Engineer 1(E1)
Production 1(P1)
Quality 1(Q1)
Director (DIR)
Project Lead 2
(PL2)
Engineer 2(E2)
Production 2(P2)
Quality 2(Q2)
PROJECT 2PROJECT 1
32 Ravi Sandhu
EXAMPLE ROLE HIERARCHY
Employee (E)
Engineering Department (ED)
Project Lead 1(PL1)
Engineer 1(E1)
Production 1(P1)
Quality 1(Q1)
Project Lead 2(PL2)
Engineer 2(E2)
Production 2(P2)
Quality 2(Q2)
PROJECT 2PROJECT 1
7/29/2019 lecture01-2
17/20
33 Ravi Sandhu
EXAMPLE ROLE HIERARCHY
Project Lead 1
(PL1)
Engineer 1(E1)
Production 1(P1)
Quality 1(Q1)
Director (DIR)
Project Lead 2
(PL2)
Engineer 2(E2)
Production 2(P2)
Quality 2(Q2)
PROJECT 2PROJECT 1
34 Ravi Sandhu
EXAMPLE ROLE HIERARCHY
Project Lead 1(PL1)
Engineer 1(E1)
Production 1(P1)
Quality 1(Q1)
Project Lead 2(PL2)
Engineer 2(E2)
Production 2(P2)
Quality 2(Q2)
PROJECT 2PROJECT 1
7/29/2019 lecture01-2
18/20
35 Ravi Sandhu
RBAC3
ROLES
USER-ROLEASSIGNMENT
PERMISSIONS-ROLEASSIGNMENT
USERS PERMISSIONS
... SESSIONS
ROLE HIERARCHIES
CONSTRAINTS
36 Ravi Sandhu
CONSTRAINTS
vMutually Exclusive Roles
Static Exclusion: The same individualcan never hold both roles
Dynamic Exclusion: The sameindividual can never hold both roles inthe same context
7/29/2019 lecture01-2
19/20
37 Ravi Sandhu
CONSTRAINTS
vMutually Exclusive Permissions
Static Exclusion: The same role shouldnever be assigned both permissions
Dynamic Exclusion: The same role cannever hold both permissions in thesame context
38 Ravi Sandhu
CONSTRAINTS
vCardinality Constraints on User-RoleAssignment
At most k users can belong to the role
At least k users must belong to the role Exactly k users must belong to the role
7/29/2019 lecture01-2
20/20
39 Ravi Sandhu
CONSTRAINTS
vCardinality Constraints onPermissions-Role Assignment
At most k roles can get the permission
At least k roles must get the permission
Exactly k roles must get the permission