Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 8 Access Control (cont) modified from slides of Lawrie Brown.

Similar presentations


Presentation on theme: "Lecture 8 Access Control (cont) modified from slides of Lawrie Brown."— Presentation transcript:

1 Lecture 8 Access Control (cont) modified from slides of Lawrie Brown

2 Mandatory Access Control (MAC) 2 Unclassified Confidential Secret Top Secret can-flow dominance  Labeling Mechanism is used Military Security Require a strict classification of subjects and objects in security levels Drawback of being too rigid Applicable only to very few environments Prevent any illegal flow of information through the enforcement of multilevel security Adopted from : Role-Based Access Control by Prof.Ravi Sandhu

3 Compartments and Sensitivity Levels Unclassified Restricted Confidential Secret Top Secret Compartment 1 Compartment 3 Compartment 2 Information access is limited by the need-to-know Compartment: Each piece of classified information may be associated with one or more projects called compartments

4 Classification & Clearance – class of a piece of information Clearance: an indication that a person is trusted to access information up to a certain level of sensitivity – clearance of a subject

5 Dominance Relation We say that s dominates o (or o is dominated by s) if o <= s For a subject s and an object o, o <= s if and only if rank(o) <= rank(s) and compartments(o) is subset of compartments(s) A subject can read an object if the subject dominates the object.

6 Example Information classified as Which of the following subject clearances can read the above information? –

7 Role-Based Access Control (RBAC)

8 Access Control Matrix

9 Role-Based Access Control ROLES Usrer-Role Assignment Permission-Role Assignment USERSPERMISSIONS... Sessions Role Hierarchies Users are human beings or other active agents Business function the user perform is role A user can be a member of many roles Each role can have many users as members A user can invoke multiple sessions In each session a user can invoke any subset of roles that the user is a member of A permission can be assigned to many roles Each role can have many permissions ‐ read, write, append, execute Health-Care Provider Physician Primary-Care Physician Specialist Physician Adopted from : Role-Based Access Control by Prof.Ravi Sandhu

10 Role-Based Access Control

11 Scope RBAC Models

12 Example of Role Hierarchy

13 Constraints - RBAC provide a means of adapting RBAC to the specifics of administrative and security policies of an organization a defined relationship among roles or a condition related to roles mutually exclusive roles a user can only be assigned to one role in the set (during a session or statically) any permission can be granted to only one role in the set cardinality setting a maximum number with respect to roles prerequisite roles dictates that a user can only be assigned to a particular role if it is already assigned to some other specified role

14 RBAC System administrative functions provide the capability to create, delete, and maintain RBAC elements and relations supporting system functions provide functions for session management and for making access control decisions review functions provide the capability to perform query operations on RBAC elements and relations

15 NIST RBAC Basic Definitions object – any system resource subject to access control, such as a file, printer, terminal, database record operation – an executable image of a program, which upon invocation executes some function for the user permission – an approval to perform an operation on one or more RBAC protected objects

16 NIST RBAC Model

17 Core RBAC administrative functions add and delete users from the set of users add and delete roles from the set of roles create and delete instances of user- to-role assignment create and delete instances of permission-to-role assignment supporting system functions create a user session with a default set of active roles add an active role to a session delete a role from a session check if the session subject has permission to perform a request operation on an object review functions enable an administrator to view but not modify all the elements of the model and their relations

18 Hierarchical RBAC general role hierarchies allow an arbitrary partial ordering of the role hierarchy supports multiple inheritance, in which a role may inherit permissions from multiple subordinate roles and more than one role can inherit from the same subordinate role supports multiple inheritance, in which a role may inherit permissions from multiple subordinate roles and more than one role can inherit from the same subordinate role limited role hierarchies impose restrictions resulting in a simpler tree structure role may have one or more immediate ascendants but is restricted to a single immediate descendant role may have one or more immediate ascendants but is restricted to a single immediate descendant

19 Static Separation of Duty enables the definition of a set of mutually exclusive roles, – if a user is assigned to one role in the set, the user may not be assigned to any other role in the set can place a cardinality constraint on a set of roles – defined as a pair (role set, n) where no user is assigned to n or more roles from the role set includes administrative functions for creating and deleting role sets and adding and deleting role members includes review functions for viewing the properties of existing SSD sets

20 Dynamic Separation of Duty limit the permissions available to a user – places constraints on the roles that can be activated within or across a user’s sessions define constraints as a pair (role set, n) with the property that no user session may activate n or more roles from the role set – where n is a natural number n ≤ 2 enables the administrator to specify certain capabilities for a user at different, time spans includes administrative and review functions for defining and viewing DSD relations

21 Task Based Access Control 21 P – Permission S – Subject O – Object A – Actions U – Usage and Validity Counts AS – Authorization step Active Security Model Dynamic authorization gives flexibility No Roles Involved Constraints for this model is still under study For each authorization step consumes permission, usage count is incremented Usage Count reaches its limit, the associated permission is deactivated Adopted from Source: Task based authorization controls by R.S.Sandhu and R.K.Thomas Classical subject-object access control P S x O x A TBAC view of access control P S x O x A x U x AS TBAC extensions

22 TBAC with Constraints 22 Users Alice Bob Tasks Check Patient Do Physical Exam Non- Workflow Workflow Start Do Physical Exam (T1) Check Patient (T2) Perform Lab Test (T3) View Lab Results (T4) Write Prescription (T5) Refer another specialist (T6) End Out Patient Workflow Non-Workflow View Current Patient List

23 TBAC with Constraints 23 Non- Workflow Workflow Task Instances Check Patient task Permissions Objects – Health Records or Files. Operations – Read, Update, Write, Copy, Print etc AliceCheck Patient Josh Bob Check Patient Grace Task Instance 1 Task Instance 2

24 Constraints 24 Users are not given more permission than is necessary to perform their duties Constraints User Instance Tasks Permissions Task constraints – Least Privilege Achieved through task instances AliceCheck Patient Josh Access Permissions starts when the instance is initiated Access Permissions end when the instance is completed or revoked Fine Grained Access Control Initiated Active Completed Revoked status

25 Static and Dynamic Separation of Duty 25 No single individual can execute all tasks within the workflow Do Physical Exam (T1) Check Patient (T2) Perform Lab Test (T3) View Lab Results (T4) Write Prescription (T5) End Start AliceCheck Patient Josh Task Instance 1 Protects against fraudulent activities of users Static SOD - Defining the tasks in workflow or non workflow govern the administration or design-time associations between users and permissions. Dynamic SOD - permissions or task instances are granted at run-time. NursePhysicianTechnician Physician

26 Delegation of Tasks 26 Initially assigned user is not available to complete the task Supervisor can delegate task to another junior user in the same hierarchy Access rights revoked once the task is completed AliceCheck Patient Josh Task Instance Physician (Alice) Physician (Bob) Senior Physician (Jan) BobCheck Patient Josh Task Instance Jan can delegate task to Bob

27 Spatial and Temporal Constraints Accessed from anywhere and at anytime – User’s location and time is taken into consideration for granting access to a task 27 Family Practice Physician Nurse Location Constraint (Reno Office) Time Constraint (8 - 5) Tasks

28 Passive and Active Access Control 28 Start Do Physical Exam (T1) Check Patient (T2) Perform Lab Test (T3) View Lab Results (T4) Write Prescription (T5) Refer another specialist (T6) End Workflow Physician Write Prescription View Current Patient List File 2 File 1 Read Write Passive Access Active Access

29 Classification of Tasks Non-InheritableInheritable Passive Access ControlPrivateSupervision Active Access controlWorkflowApproval 29 Class Private Class Supervision Start Do Physical Exam (T1) Check Patient (T2) Perform Lab Test (T3) View Lab Results (T4) Write Prescription (T5) Refer another specialist (T6) End View Current Patient List Family Practice Physician (Alice) Senior Physician (Jan) Workflow Diagnosis Details

30 Class Workflow Class Approval Classification of Tasks 30 Start Do Physical Exam (T1) Check Patient (T2) Perform Lab Test (T3) View Lab Results (T4) Write Prescription (T5) Refer another specialist (T6) End Workflow Check Patient Family Practice Physician (Alice) Senior Physician (Jan) Physician (Alice) Physician (Bob) Senior Physician (Jan) Same Hierarchy

31 Functions and Roles for Banking Example (a)Functions and Official Positions

32 Functions and Roles for Banking Example (b) Permission Assignments

33 Functions and Roles for Banking Example (c) Permission Assignment with Inheritance

34 Example of Access Control Administration

35 Summary access control – prevent unauthorized users from gaining access to resources – prevent legitimate users from accessing resources in an unauthorized manner – enable legitimate users to access resources – subjects, objects, access rights – authentication, authorization, audit discretionary access controls (DAC) – controls access based on identity mandatory access control (MAC) – controls access based on security labels role-based access control (RBAC) controls access based on roles


Download ppt "Lecture 8 Access Control (cont) modified from slides of Lawrie Brown."

Similar presentations


Ads by Google