We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byCody Hurley
Modified over 2 years ago
SACMAT 03© Mohammad Al-Kahtani1 Induced Role Hierarchies with Attribute-Based RBAC Mohammad A. Al-Kahtani Ravi Sandhu George Mason University NSD Security, Inc. & George Mason University
SACMAT 03© Mohammad Al-Kahtani2 Introduction Role-Based Access Control (RBAC): A proven alternative to DAC and MAC RBAC basic components: 1. Users 2. Roles 3. Permissions Role Hierarchy Users (UA) User Assignment (PA) Permission Assignment Roles Permiss- ions
SACMAT 03© Mohammad Al-Kahtani3 Introduction In RBAC, user-to-role assignment is done manually. Many enterprises have huge customer bases: Banks Utilities companies Popular web sites In this environment, manual assignment becomes a formidable task. RBAC is modified to allow automatic user-role assignment based on authorization rules.
SACMAT 03© Mohammad Al-Kahtani4 Introduction The modified RBAC is called RB-RBAC: Rule-Based RBAC. Authorization rule structure: RB-RBAC rules are in BNF notation. Constraints Attributes Expression Roles
SACMAT 03© Mohammad Al-Kahtani5 RB-RBAC Model Attributes Expressions: 1. Expressed in RB-RBAC language 2. Constitute LHS of authorization rules Attributes Values: 1. Stored locally 2. Provided by attribute servers 3. Other means Attributes Expressions Users Roles Permissions Attributes values
SACMAT 03© Mohammad Al-Kahtani6 Analysis of RB-RBAC Seniority Relations among authorization rules Rule i : Rule j : ae i ae j Rule i Rule j Attributes Expression ae i Roles Logically implies Attributes Expression ae j
SACMAT 03© Mohammad Al-Kahtani7 Analysis of RB-RBAC Example: Attribute ExpressionsRolesSeniority ae 1 = Salary > 1000 Λ age > 50r1r1 ae 1 ae 2, ae 1 ae 3, ae 1 ae 4 ae 2 = Salary > 1000 Λ age > 40r2r2 ae 2 ae 4 ae 2 ae 3 ae 3 = ( Salary 1000 V age 40)r3r3 ae 3 ae 4 ae 3 ae 2 ae 4 = Salary > 400r4r4 ae 5 = Age > 60r5r5 Not related to any attribute expression
SACMAT 03© Mohammad Al-Kahtani8 Analysis of RB-RBAC Example: (Continued) The seniority relations among the rules is reflected as a hierarchy among the attribute expressions of the rules. These relations induced a role hierarchy (IRH) among the roles produced by these rules. ae 1 ae 3 ae 2 ae 4 ae 5
SACMAT 03© Mohammad Al-Kahtani9 Analysis of RB-RBAC Example: (Continued) To assemble the IRH, we say r i is senior to r j if the following holds: ( ae g ) [r i RHS(ae g ) ( ae h ) [(ae g ae h ) Λ r j RHS(ae h )]] where RHS(ae g ) is a function that returns the role set produced by attribute expression ae g. r1r1 r3r3 r2r2 r4r4 r5r5
SACMAT 03© Mohammad Al-Kahtani10 Analysis of RB-RBAC Example: (Continued) In assembling the IRH, roles produced by equivalent attributes expressions may be: a.Grouped under one rule (Figure a): No impact on functionality. b.Consolidated into one role (Figure b): May not always be preferred from a functional perspective. r1r1 r 2,r 3 r4r4 r5r5 (a) r1r1 r6r6 r4r4 r5r5 (b)
SACMAT 03© Mohammad Al-Kahtani11 Analysis of RB-RBAC Given Role Hierarchy (GRH) vs. IRH GRH reflects the current business practice of an enterprise. Inheritance of permissions flows upward in the GRH. Users inheritance flows downward in the IRH. r1r1 r6r6 r9r9 IRH r2r2 r 10 Flow of user-role inheritance: r 2 inherits r 1 r8r8 r5r5 r 11 r 12 r 13 r1r1 r3r3 r6r6 r4r4 r2r2 r7r7 GRH Flow of permission-role inheritance: r 1 inherits r 2 r5r5 r 11 r 12 r 13
SACMAT 03© Mohammad Al-Kahtani12 Analysis of RB-RBAC Discrepancies between IRH and GRH Ideally, IRH and GRH should be mirror images of each other. In reality, discrepancies may occur. Types of discrepancies ( using IRH as the reference ): 1.Missing Nodes 2.Additional Nodes 3.Missing Edges 4.Additional Edges 5.Inconsistency
SACMAT 03© Mohammad Al-Kahtani13 Analysis of RB-RBAC Discrepancies between IRH and GRH 1. Missing Nodes a.Leaf Node: r 7Leaf Node Functional Impact: None Reconciliation Measure: Delete the node and assign its permissions to its parents in GRH.
SACMAT 03© Mohammad Al-Kahtani14 Analysis of RB-RBAC Discrepancies between IRH and GRH 1. Missing Nodes a.Leaf Node b.Internal Node: r 3Internal Node Functional Impact: None Reconciliation Measure : Delete the node from GRH and assign its permissions to its parents
SACMAT 03© Mohammad Al-Kahtani15 Analysis of RB-RBAC Discrepancies between IRH and GRH 1. Missing Nodes a.Leaf Node b.Internal Node c.Stand-alone Node: r 4Stand-alone Node Functional Impact: Loss of functionality may occur. Reconciliation Measure: Modify the authorization rules via modifying the security policy.
SACMAT 03© Mohammad Al-Kahtani16 Analysis of RB-RBAC Discrepancies between IRH and GRH 1. Missing Nodes a.Leaf Node b.Internal Node c.Stand-alone Node d.Root Node: (assume r 1 is missing in IRH) r 1Root Node Functional Impact: Loss of r 1 functionality. Reconciliation: Modify the authorization rules via modifying the security policy.
SACMAT 03© Mohammad Al-Kahtani17 Analysis of RB-RBAC Discrepancies between IRH and GRH 2. Additional Nodes a.Leaf Node: r 8Leaf Node Functional Impact: None Reconciliation: Delete the node from IRH or modify GRH by adding r 8. IRH provides an insight: r8 permissions its parents permission
SACMAT 03© Mohammad Al-Kahtani18 Analysis of RB-RBAC Discrepancies between IRH and GRH 2. Additional Nodes a.Leaf Node b.Internal Node: r 10Internal Node Functional Impact: If r 10 has one child, then it is redundant. Reconciliation Measure: Delete r 10 from IRH and modify the policy to produce its child e.g. r 5 Or add r 10 to GRH such that: r5 permission r10 permission r2 permission If r 10 has more than one child, then add to GRH with: r 10 permissions = its childrens permissions
SACMAT 03© Mohammad Al-Kahtani19 Analysis of RB-RBAC Discrepancies between IRH and GRH 2. Additional Nodes a.Leaf Node b.Internal Node c.Stand-alone Node: r 9Stand-alone Node Functional Impact: None Reconciliation: Delete the node and modify the security policy so that authorization rules do not produce this role.
SACMAT 03© Mohammad Al-Kahtani20 Analysis of RB-RBAC Discrepancies between IRH and GRH 2. Additional Nodes a.Leaf Node b.Internal Node: c.Stand-alone Node d.Root Node: r 13Root Node Functional Impact: If r 13 has a single child, r 13 is redundant. Reconciliation: Delete r 13 from IRH, and the policy must be modified to produced its child instead. If r 13 has more than one child, then add it to GRH: r 13 permission = r 13 child nodes permissions
SACMAT 03© Mohammad Al-Kahtani21 Analysis of RB-RBAC Discrepancies between IRH and GRH 3.Missing Edges: r 1 - r 11Missing Edges Functional Impact: None Reconciliation: The enterprise business practice sees a functional relation between r 1 and r 11. However, the security policy does not capture this so it must be modified.
SACMAT 03© Mohammad Al-Kahtani22 Analysis of RB-RBAC Discrepancies between IRH and GRH 4.Additional Edges: r 1 - r 12Additional Edges Functional Impact: None Reconciliation: Modify the permissions of r 1 to include that of r 12 if the two hierarchies must be compatible.
SACMAT 03© Mohammad Al-Kahtani23 Analysis of RB-RBAC Discrepancies between IRH and GRH 5. Inconsistency: Normally, user-role assignment inheritance and permission-role inheritance flow in opposite directions. Figure (a): (r 2 r 3 ) r 2 users have (r 2 permissions r 3 permissions) r1r1 (a) IRH r2r2 (b) GRH r3r3 r1r1 r3r3 r2r2 (c) Consolidated IRH and GRH r1r1 r2r2 r3r3
SACMAT 03© Mohammad Al-Kahtani24 Analysis of RB-RBAC Discrepancies between IRH and GRH 5. Inconsistency: Figure (b): (r 2 r 3 ) r 3 users have (r 2 permissions r 3 permissions) r1r1 (a) IRH r2r2 (b) GRH r3r3 r1r1 r3r3 r2r2 (c) Consolidated IRH and GRH r1r1 r2r2 r3r3
SACMAT 03© Mohammad Al-Kahtani25 Analysis of RB-RBAC Discrepancies between IRH and GRH 5. Inconsistency: Figure (c): The inconsistency manifests itself in the form of double arrows heading in the same direction between r 2 and r 3. The enterprise business practice must be modified to remove this inconsistency. r1r1 (a) IRH r2r2 (b) GRH r3r3 r1r1 r3r3 r2r2 (c) Consolidated IRH and GRH r1r1 r2r2 r3r3
SACMAT 03© Mohammad Al-Kahtani26 Conclusion Seniority relations among authorization rules induce a role hierarchy (IRH). IRH is a useful tool to check the compliance of current business practices to a given security policy. IRH allows insight into what permissions to give to a specific role which, in turn, assists in drawing lines of responsibility and authority.
1 ACSAC 2002 © Mohammad al-Kahtani 2002 A Model for Attribute-Based User-Role Assignment Mohammad A. Al-Kahtani Ravi Sandhu George Mason University SingleSignOn.net,
Chapter 2: Entity-Relationship Model Entity Sets Relationship Sets Design Issues Mapping Constraints Keys E-R Diagram Extended E-R Features Design of an.
A Role-Based Delegation Model and some extensions By: Ezedin S.Barka Ravi Sandhu George Mason University.
FPA – IFPUG CPM 4.1 Rules. Function Point Analysis Function of the Data and the Operations on that data Data –4 types 2 Basic, 2 Attributive Operations.
7- Sicurezza delle basi di dati. 2 Sommario 1 Database Security and Authorization 1.1 Introduction to Database Security Issues 1.2 Types of Security 1.3.
Data Modeling using ER- Diagram Indra Budi
©Silberschatz, Korth and Sudarshan2.1Database System Concepts Chapter 2: Entity-Relationship Model Entity Sets Relationship Sets Design Issues Mapping.
© 2005 Ravi Sandhu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology.
ROLE BASED ACCESS CONTROL MODELS Dr. Saeed Rajput & Reena Cherukuri.
Database System Concepts, 5th Ed. ©Silberschatz, Korth and Sudarshan See for conditions on re-usewww.db-book.com Chapter 6: Entity-Relationship.
Database System Concepts, 6 th Ed. ©Silberschatz, Korth and Sudarshan See for conditions on re-usewww.db-book.com Chapter 23: XML.
©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 7 Slide 1 Chapter 7 System Models.
Copyright: Silberschatz, Korth and Sudarshan 1 Chapter 23: Advanced Data Types and New Applications.
Chapter 13. Red-Black Trees A variation of binary search trees. Balanced: height is O(lg n), where n is the number of nodes. Operations will take O(lg.
1 Scalable Role & Organization Based Access Control and Its Administration A PhD Dissertation Defense Zhixiong "Jim" Zhang Co-Director: Professor Ravi.
McGraw-Hill/Irwin Copyright © 2007 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 10 Object-Oriented Analysis and Modeling Using the UML.
© 2005 by Prentice Hall Chapter 9 Structuring System Data Requirements Modern Systems Analysis and Design Fourth Edition Jeffrey A. Hoffer Joey F. George.
ER-Miner: A New Method to Mine Essential Rules and Constrained Essential Rules Donghui Zhang CCIS, Northeastern University Unpublished work of our group.
Information Systems Analysis and Design. Systems Modeling Enterprise Model graphically represents organizational entities and the relationships between.
1 Access Control. 2 Objects and Subjects A multi-user distributed computer system offers access to objects such as resources (memory, printers), data.
1 Notes content copyright © 2004 Ian Sommerville. NU-specific content copyright © 2004 M. E. Kabay. All rights reserved. System Models IS301 – Software.
Manage Scientific Metadata Using XML Yang, R., M. Kafatos and X. Wang, Managing Scientific Metadata Using XML, IEEE Internet Computing, Volume: 6, Issue:
Understand and appreciate Object Oriented Programming (OOP) Objects are self-contained modules or subroutines that contain data as well as the functions.
Telecooperation/RBG Technische Universität Darmstadt Copyrighted material; for TUD student use only Introduction to Computer Science I Topic 16: Static.
Windows 2008 Active Directory Configuration – Week 4 of 6 Microsoft Test: Mark McCoy MCSE, CNE, CISSP.
Adding User Interactions actionscript 3.0. Common event-handling tasks Writing code to respond to events Stopping code from responding to events Working.
Presenter Mohamed K. Kamara. Presentation Topic Improving the Granularity of Access Control for Windows 2000 Granularity: Relative fineness to which an.
MSc IT UFCE8K-15-M Data Management Prakash Chatterjee Room 2Q18
Software Process Modeling with UML and SPEM Chris Armstrong Armstrong Process Group
© 2016 SlidePlayer.com Inc. All rights reserved.