Modeling Role Based Access Control in UML

Precise Modeling UML Security 3 1

Modeling Role Based Access Control in UMLBased on

1. Towards A UML based approach to Role Engineering, by P. Epstein and R. Sandhu

2. UML-Based representation of RBAC, by Eonsuk Shin and Gail-Joon Ahn

3. RBAC Constraints Specification using OCL by Gail-Joon Ahn and Eonsuk Shin


A Brief Introduction to RBAC• Permissions assigned to roles• Users play roles, and then they are bestowed

with all permissions assigned to roles• Conflict exists between

– Roles– Users– Permissions

• Objective is to be able to play roles without conflicts


The RBAC Model


RBAC Continued• Users belong to groups• Groups, roles and objects may belong to

hierarchies• Generally (but not always) senior roles have all

permissions assigned to junior roles• Permissions can be + or -• RCL2000 is a language designed for RBAC

specifications


Towards A UML based approach to Role Engineering

P. Epstein and R. Sandhu


RBAC for Network Enterprises• Two groups

– Application developers– Local system administrator

• Application developer responsible for1. Objects 2. Object Handles 2. Application Constraints 4. Application keys

• Local System Administrator responsible for5. Enterprise keys 6. Key chains7. Enterprise constraints


Layers for Application Developer1. Objects: Attributes+ methods2. Object handles: Set of objects3. Application constraints: pre-requisite for

granting access permissions4. Application keys: Associates a role with

objects5. Application keys can be a leaf node of the

hierarchy or a non-leaf (considered abstract)


Layers for System Administrator

5. Enterprise Keys: Each application key is mapped to an enterprise

key or a key chain.6. Key Chains: Sets of enterprise keys7. Enterprise Constraints: Enterprise key permits user to access methods of

the object, if application constraints are satisfied


Layers Continued

• A user can be assigned enterprise keys that are part of different application key hierarchies

• If a key inherits methods more than key, then in worse case the key contains the same method with different constraint

• FNE Policy: constraints are logically “ored”



Applying UML

• Layer 1– objects


Layer 2: Object Handle


Layer 3: Constraints


Layer 4: Application Keys


Layer 5: Enterprise Key


Layer 6: Key Chains


Layer 7: Enterprise Constraints


Role Engineering of the 7 Layers


UML-Based Representation of RBAC

ByEonsuk Shin and Gail-Joon Ahn


RBAC Model Again


Details of the RBAC Model• U set of users, R set of disjoint roles, P set of

disjoint permissions, S set of sessions• UA user-to-role mapping• PA permission-to-role mapping• RH role hierarchy• User S -> U gives user of session• Role S -> 2**R gives roles of session• Constraints about conflicts


UML Static Model for RBAC


Attributes of Entity Classes


Use Cases in RBAC


RBAC Constraints Specification using OCL

ByGail-Joon Ahn and Eonsuk Shin


Example Application constraints in OCL

Context Company inv:Self.employee->size>200

Context Company inv:Self.employee->select(age>50)->notEmpty


RBAC Constraints 1

• Separation of duty constraintscontext User inv:let M : Set = {{accounts_mgr, purchase_mgr}, }in M->select{m|self.role->intersction(m)->size->1)->isEmpty


Prerequisite and Cardinality Constraints

• context User inv:self.role->includes(“tester”) impliesself.role->includes(“project_team”)

• context Role inv:self.user->select(u|self.name=“chairman”)->size =1

Documents

Modeling Role Based Access Control in UML