Presentation on theme: "Role-Based Access Control"— Presentation transcript:
1 Role-Based Access Control Overviewuser_sessions(RH)Role Hierarchysession_roles(UA)User Assign-ment(PA)PermissionAssignmentUSERSOBSOPSSESSIONSROLESPRMSSSDDSD
2 ObjectiveEstablish a common vocabulary for Role Based Access Control for use in SEPMPresent a Framework for Role Based Access Control for both Physical and Virtual DomainsDiscuss Various AC Models and why RBAC is a must!!!!
3 Think about this… The Time is NOW! “Although the fundamental concepts of roles are common knowledge, the capability to formalize model specifications needed to implement RBAC models is beyond the knowledge base of existing staff in may software companies”“The lack of knowledge and staff expertise in the area of RBAC increases the uncertainty of both the technical feasibility of developing successful RBAC-enabled products and the develop cost and time frame.”-The Economic Impact of Role-Based Access ControlThe Time is NOW!
4 Access Controls Types Discretionary Access Control Mandatory Access ControlRole-Based Access Control
5 Discretionary ACRestricts access to objects based solely on the identity of users who are trying to access them.IndividualsResourcesServer 1Server 3Server 2ApplicationAccess ListLegacy AppsName AccessTom YesJohn NoCindy Yes
6 Mandatory ACMAC mechanisms assign a security level to all information, assign a security clearance to each user, and ensure that all users only have access to that data for which they have a clearance.Principle: Read Down Accessequal or less ClearanceWrite Up Accessequal or higher ClearanceBetter security than DAC
7 Mandatory AC (cont) Individuals Resources Server 1 Server 2 Server 3 SIPRNETLegacy AppsIndividualsResourcesServer 1“Top Secret”Server 2“Secret”Server 3“Classified”
8 Role-Based ACA user has access to an object based on the assigned role.Roles are defined based on job functions.Permissions are defined based on job authority and responsibilities within a job function.Operations on an object are invocated based on the permissions.The object is concerned with the user’s role and not the user.“Ideally, the [RBAC] system is clearly defined and agile, making the addition of new applications, roles, and employees as efficient as possible”
9 Role-Based AC Individuals Roles Resources Role 1 Role 2 Role 3 Server 1Server 2Server 3User’s change frequently, Roles don’t
10 PrivilegeRoles are engineered based on the principle of least privileged .A role contains the minimum amount of permissions to instantiate an object.A user is assigned to a role that allows him or her to perform only what’s required for that role.No single role is given more permission than the same role for another user.
11 Role-Based AC Framework Core ComponentsConstraining ComponentsHierarchical RBACGeneralLimitedSeparation of Duty RelationsStaticDynamic
14 Constraint Components Role Hierarchies (rh)GeneralLimitedSeparation of DutiesStaticDynamic
15 RBAC Transition Most Complex Models Hierarchies Constraints RBAC0 No Least PrivilegedSeparation of DutiesModelsHierarchiesConstraintsRBAC0NoRBAC1YesRBAC2RBAC3MostComplexRBAC3EffortRBAC Model
16 RBAC System and Administrative Functional Specification Administrative OperationsCreate, Delete, Maintain elements and relationsAdministrative ReviewsQuery operationsSystem Level FunctionsCreation of user sessionsRole activation/deactivationConstraint enforcementAccess Decision Calculation
17 Core RBAC user_sessions session_roles (UA) User Assign- ment (PA) PermissionAssignmentUSERSOBSOPSSESSIONSROLESPRMSCore RBAC
19 ROLESAn organizational job function with a clear definition of inherent responsibility and authority (permissions).DirectorDeveloperBudgetManagerHelp DeskRepresentativeMTM relation betweenUSERS & PRMS
20 OPS (operations)An execution of an a program specific function that’s invocated by a user.Database – Update Insert Append DeleteLocks – Open CloseReports – Create View PrintApplications - Read Write ExecuteSQL
21 OBS (objects)An entity that contains or receives information, or has exhaustible system resources.OS Files or DirectoriesDB Columns, Rows, Tables, or ViewsPrinterDisk SpaceLock MechanismsRBAC will deal with all the objects listed in the permissions assigned to roles.
22 UA (user assignment) ROLES set USERS set A user can be assigned to one or more rolesDeveloperA role can be assignedto one or more usersHelp Desk Rep
23 UA (user assignment) Mapping of role r onto a set of users ROLES set USERS setUser.F1User.F2User.F3User.DB1ViewUpdateAppendUser.DB1permissionsobjectUser.DB1
24 PRMS (permissions)The set of permissions that each grant the approval to perform an operation on a protected object.User.DB1ViewUpdateAppendpermissionsobjectUser.F1ReadWriteExecutepermissionsobject
25 PA (prms assignment) ROLES set PRMS set A prms can be assigned to one or more rolesCreateDeleteDropAdmin.DB1ViewUpdateAppendA role can be assignedto one or more prmsUser.DB1
26 PA (prms assignment) Mapping of role r onto a set of permissions ROLES setPRMS setUser.F1User.F2User.F3Admin.DB1ReadWriteExecuteViewUpdateAppendCreateDropSQL
27 PA (prms assignment) READ Mapping of operations to permissions OPS set PRMS setpublic int read(byteBuffer dst)throws IOExceptionInherited methods from java.nio.channlsclose()isOpen()READGives the set of ops associated with the permission
28 PA (prms assignment) Mapping of permissions to objects PRMS set OpenCloseViewUpdateAppendCreateDropGives the set of objects associated with the prmsBLD1.door2SQLDB1.table1
29 SESSIONS The set of sessions that each user invokes. USER SESSION SQL guestuseradmininvokesFIN1.report1SQLDB1.table1APP1.desktop
30 SESSIONS The mapping of user u onto a set of sessions. USERS SESSION guestuseradmininvokesUser2.FIN1.report1.sessionUSER1SQLUser2.DB1.table1.sessionUSER2User2.APP1.desktop.session
31 SESSIONS The mapping of session s onto a set of roles SESSION ROLES SQLAdminUserGuestDB1.table1.session
32 SESSIONS Permissions available to a user in a session. ROLE PRMS SQLDB1.table1.sessionDB1.ADMINViewUpdateAppendCreateDrop
33 Hierarchal RBAC (RH) Role Hierarchy (UA) User Assign- ment (PA) PermissionAssignmentUSERSROLESOPSOBSPRMSuser_sessionssession_rolesSESSIONSHierarchal RBAC
34 Tree Hierarchies Tree Inverted Tree Production Engineer 1 Quality Engineering DeptEngineer 2TreeInverted TreeProductionEngineer 1Project Lead 1QualityDirectorEngineer 2Project Lead 2
35 Lattice Hierarchy Production Engineer 1 Quality Engineering Dept Project Lead 1DirectorProject Lead 2
36 RH (Role Hierarchies)Natural means of structuring roles to reflect organizational lines of authority and responsibilitiesGeneral and LimitedDefine the inheritance relation among rolesi.e r1 inherits r2Userr-w-hGuest-r-
37 General RH i.e. r1 inherits r2 User r-w-h Guest -r- Support Multiple InheritanceGuest Role SetUser Role SetPower User Role SetAdmin Role SetOnly if all permissions of r1 are also permissions of r2i.e r1 inherits r2Only if all users of r1 are also users of r2Userr-w-hGuest-r-
38 authorized usersMapping of a role onto a set of users in the presence of a role hierarchyROLES setFirst Tier USERS setAdmin.DB1User.DB2User.DB3User.DB1ViewUpdateAppendUser.DB1permissionsobjectUser.DB1
39 authorized permissions Mapping of a role onto a set of permissions in the presence of a role hierarchyROLES setPRMS setUser.DB1User.DB2User.DB3Admin.DB1ViewUpdateAppendCreateDropSQL
40 Limited RHA restriction on the immediate descendants of the general role hierarchyRole2Role2 inherits from Role1Role3Role3 does not inherit fromRole1 or Role2Role1
41 Limited RH (cont) Accounting Role TomAcctRecAcctRecSpvAccountingTammyCashierCashierSpvFredSallyAuditingJoeFrankBillingBillingSpvCurtTuanAccounting RoleNotice that Frank has two roles: Billing and CashierThis requires the union of two distinct roles and prevents Frank from being a node to others
42 Constrained RBAC user_sessions (RH) Role Hierarchy session_roles (UA) User Assign-ment(PA)PermissionAssignmentUSERSOBSOPSSESSIONSROLESPRMSSSDDSDConstrained RBAC
43 Separation of DutiesEnforces conflict of interest policies employed to prevent users from exceeding a reasonable level of authority for their position.Ensures that failures of omission or commission within an organization can be caused only as a result of collusion among individuals.Two Types:Static Separation of Duties (SSD)Dynamic Separation of Duties (DSD)
44 SSDSSD places restrictions on the set of roles and in particular on their ability to form UA relations.No user is assigned to n or more roles from the same role set, where n or more roles conflict with each other.A user may be in one role, but not in another—mutually exclusive.Prevents a person from submitting and approving their own request.
45 SSD in Presence of RHA constraint on the authorized users of the roles that have an SSD relation.Based on the authorized users rather than assigned users.Ensures that inheritance does not undermine SSD policies.Reduce the number of potential permissions that can be made available to a user by placing constraints on the users that can be assigned to a set of roles.
46 DSDPlaces constraints on the users that can be assigned to a set of roles, thereby reducing the number of potential prms that can be made available to a user.Constraints are across or within a user’s session.No user may activate n or more roles from the roles set in each user session.Timely Revocation of Trust ensures that prms do not persist beyond the time that they are required for performance of duty.