We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byCody Hurley
Modified over 3 years ago
SACMAT 03© Mohammad Al-Kahtani1 Induced Role Hierarchies with Attribute-Based RBAC Mohammad A. Al-Kahtani Ravi Sandhu George Mason University NSD Security, Inc. & George Mason University
SACMAT 03© Mohammad Al-Kahtani2 Introduction Role-Based Access Control (RBAC): A proven alternative to DAC and MAC RBAC basic components: 1. Users 2. Roles 3. Permissions Role Hierarchy Users (UA) User Assignment (PA) Permission Assignment Roles Permiss- ions
SACMAT 03© Mohammad Al-Kahtani3 Introduction In RBAC, user-to-role assignment is done manually. Many enterprises have huge customer bases: Banks Utilities companies Popular web sites In this environment, manual assignment becomes a formidable task. RBAC is modified to allow automatic user-role assignment based on authorization rules.
SACMAT 03© Mohammad Al-Kahtani4 Introduction The modified RBAC is called RB-RBAC: Rule-Based RBAC. Authorization rule structure: RB-RBAC rules are in BNF notation. Constraints Attributes Expression Roles
SACMAT 03© Mohammad Al-Kahtani5 RB-RBAC Model Attributes Expressions: 1. Expressed in RB-RBAC language 2. Constitute LHS of authorization rules Attributes Values: 1. Stored locally 2. Provided by attribute servers 3. Other means Attributes Expressions Users Roles Permissions Attributes values
SACMAT 03© Mohammad Al-Kahtani6 Analysis of RB-RBAC Seniority Relations among authorization rules Rule i : Rule j : ae i ae j Rule i Rule j Attributes Expression ae i Roles Logically implies Attributes Expression ae j
SACMAT 03© Mohammad Al-Kahtani7 Analysis of RB-RBAC Example: Attribute ExpressionsRolesSeniority ae 1 = Salary > 1000 Λ age > 50r1r1 ae 1 ae 2, ae 1 ae 3, ae 1 ae 4 ae 2 = Salary > 1000 Λ age > 40r2r2 ae 2 ae 4 ae 2 ae 3 ae 3 = ( Salary 1000 V age 40)r3r3 ae 3 ae 4 ae 3 ae 2 ae 4 = Salary > 400r4r4 ae 5 = Age > 60r5r5 Not related to any attribute expression
SACMAT 03© Mohammad Al-Kahtani8 Analysis of RB-RBAC Example: (Continued) The seniority relations among the rules is reflected as a hierarchy among the attribute expressions of the rules. These relations induced a role hierarchy (IRH) among the roles produced by these rules. ae 1 ae 3 ae 2 ae 4 ae 5
SACMAT 03© Mohammad Al-Kahtani9 Analysis of RB-RBAC Example: (Continued) To assemble the IRH, we say r i is senior to r j if the following holds: ( ae g ) [r i RHS(ae g ) ( ae h ) [(ae g ae h ) Λ r j RHS(ae h )]] where RHS(ae g ) is a function that returns the role set produced by attribute expression ae g. r1r1 r3r3 r2r2 r4r4 r5r5
SACMAT 03© Mohammad Al-Kahtani10 Analysis of RB-RBAC Example: (Continued) In assembling the IRH, roles produced by equivalent attributes expressions may be: a.Grouped under one rule (Figure a): No impact on functionality. b.Consolidated into one role (Figure b): May not always be preferred from a functional perspective. r1r1 r 2,r 3 r4r4 r5r5 (a) r1r1 r6r6 r4r4 r5r5 (b)
SACMAT 03© Mohammad Al-Kahtani11 Analysis of RB-RBAC Given Role Hierarchy (GRH) vs. IRH GRH reflects the current business practice of an enterprise. Inheritance of permissions flows upward in the GRH. Users inheritance flows downward in the IRH. r1r1 r6r6 r9r9 IRH r2r2 r 10 Flow of user-role inheritance: r 2 inherits r 1 r8r8 r5r5 r 11 r 12 r 13 r1r1 r3r3 r6r6 r4r4 r2r2 r7r7 GRH Flow of permission-role inheritance: r 1 inherits r 2 r5r5 r 11 r 12 r 13
SACMAT 03© Mohammad Al-Kahtani12 Analysis of RB-RBAC Discrepancies between IRH and GRH Ideally, IRH and GRH should be mirror images of each other. In reality, discrepancies may occur. Types of discrepancies ( using IRH as the reference ): 1.Missing Nodes 2.Additional Nodes 3.Missing Edges 4.Additional Edges 5.Inconsistency
SACMAT 03© Mohammad Al-Kahtani13 Analysis of RB-RBAC Discrepancies between IRH and GRH 1. Missing Nodes a.Leaf Node: r 7Leaf Node Functional Impact: None Reconciliation Measure: Delete the node and assign its permissions to its parents in GRH.
SACMAT 03© Mohammad Al-Kahtani14 Analysis of RB-RBAC Discrepancies between IRH and GRH 1. Missing Nodes a.Leaf Node b.Internal Node: r 3Internal Node Functional Impact: None Reconciliation Measure : Delete the node from GRH and assign its permissions to its parents
SACMAT 03© Mohammad Al-Kahtani15 Analysis of RB-RBAC Discrepancies between IRH and GRH 1. Missing Nodes a.Leaf Node b.Internal Node c.Stand-alone Node: r 4Stand-alone Node Functional Impact: Loss of functionality may occur. Reconciliation Measure: Modify the authorization rules via modifying the security policy.
SACMAT 03© Mohammad Al-Kahtani16 Analysis of RB-RBAC Discrepancies between IRH and GRH 1. Missing Nodes a.Leaf Node b.Internal Node c.Stand-alone Node d.Root Node: (assume r 1 is missing in IRH) r 1Root Node Functional Impact: Loss of r 1 functionality. Reconciliation: Modify the authorization rules via modifying the security policy.
SACMAT 03© Mohammad Al-Kahtani17 Analysis of RB-RBAC Discrepancies between IRH and GRH 2. Additional Nodes a.Leaf Node: r 8Leaf Node Functional Impact: None Reconciliation: Delete the node from IRH or modify GRH by adding r 8. IRH provides an insight: r8 permissions its parents permission
SACMAT 03© Mohammad Al-Kahtani18 Analysis of RB-RBAC Discrepancies between IRH and GRH 2. Additional Nodes a.Leaf Node b.Internal Node: r 10Internal Node Functional Impact: If r 10 has one child, then it is redundant. Reconciliation Measure: Delete r 10 from IRH and modify the policy to produce its child e.g. r 5 Or add r 10 to GRH such that: r5 permission r10 permission r2 permission If r 10 has more than one child, then add to GRH with: r 10 permissions = its childrens permissions
SACMAT 03© Mohammad Al-Kahtani19 Analysis of RB-RBAC Discrepancies between IRH and GRH 2. Additional Nodes a.Leaf Node b.Internal Node c.Stand-alone Node: r 9Stand-alone Node Functional Impact: None Reconciliation: Delete the node and modify the security policy so that authorization rules do not produce this role.
SACMAT 03© Mohammad Al-Kahtani20 Analysis of RB-RBAC Discrepancies between IRH and GRH 2. Additional Nodes a.Leaf Node b.Internal Node: c.Stand-alone Node d.Root Node: r 13Root Node Functional Impact: If r 13 has a single child, r 13 is redundant. Reconciliation: Delete r 13 from IRH, and the policy must be modified to produced its child instead. If r 13 has more than one child, then add it to GRH: r 13 permission = r 13 child nodes permissions
SACMAT 03© Mohammad Al-Kahtani21 Analysis of RB-RBAC Discrepancies between IRH and GRH 3.Missing Edges: r 1 - r 11Missing Edges Functional Impact: None Reconciliation: The enterprise business practice sees a functional relation between r 1 and r 11. However, the security policy does not capture this so it must be modified.
SACMAT 03© Mohammad Al-Kahtani22 Analysis of RB-RBAC Discrepancies between IRH and GRH 4.Additional Edges: r 1 - r 12Additional Edges Functional Impact: None Reconciliation: Modify the permissions of r 1 to include that of r 12 if the two hierarchies must be compatible.
SACMAT 03© Mohammad Al-Kahtani23 Analysis of RB-RBAC Discrepancies between IRH and GRH 5. Inconsistency: Normally, user-role assignment inheritance and permission-role inheritance flow in opposite directions. Figure (a): (r 2 r 3 ) r 2 users have (r 2 permissions r 3 permissions) r1r1 (a) IRH r2r2 (b) GRH r3r3 r1r1 r3r3 r2r2 (c) Consolidated IRH and GRH r1r1 r2r2 r3r3
SACMAT 03© Mohammad Al-Kahtani24 Analysis of RB-RBAC Discrepancies between IRH and GRH 5. Inconsistency: Figure (b): (r 2 r 3 ) r 3 users have (r 2 permissions r 3 permissions) r1r1 (a) IRH r2r2 (b) GRH r3r3 r1r1 r3r3 r2r2 (c) Consolidated IRH and GRH r1r1 r2r2 r3r3
SACMAT 03© Mohammad Al-Kahtani25 Analysis of RB-RBAC Discrepancies between IRH and GRH 5. Inconsistency: Figure (c): The inconsistency manifests itself in the form of double arrows heading in the same direction between r 2 and r 3. The enterprise business practice must be modified to remove this inconsistency. r1r1 (a) IRH r2r2 (b) GRH r3r3 r1r1 r3r3 r2r2 (c) Consolidated IRH and GRH r1r1 r2r2 r3r3
SACMAT 03© Mohammad Al-Kahtani26 Conclusion Seniority relations among authorization rules induce a role hierarchy (IRH). IRH is a useful tool to check the compliance of current business practices to a given security policy. IRH allows insight into what permissions to give to a specific role which, in turn, assists in drawing lines of responsibility and authority.
1 ACSAC 2002 © Mohammad al-Kahtani 2002 A Model for Attribute-Based User-Role Assignment Mohammad A. Al-Kahtani Ravi Sandhu George Mason University SingleSignOn.net,
Aims and Objectives In this session you will be able to: Define ELHs and describe why they are used in systems analysis. Recognise the structure of an.
1 Chapter 4 Database Processing. 2 Learning Objectives Know the purpose of database processing. List the components of a database system. Understand.
Chapter 2: Entity-Relationship Model Entity Sets Relationship Sets Design Issues Mapping Constraints Keys E-R Diagram Extended E-R Features Design of an.
Data Modeling using ER- Diagram Indra Budi
FPA – IFPUG CPM 4.1 Rules. Function Point Analysis Function of the Data and the Operations on that data Data –4 types 2 Basic, 2 Attributive Operations.
A Role-Based Delegation Model and some extensions By: Ezedin S.Barka Ravi Sandhu George Mason University.
9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Enhanced/Extended Relationship-Diagram Indra Budi
7- Sicurezza delle basi di dati. 2 Sommario 1 Database Security and Authorization 1.1 Introduction to Database Security Issues 1.2 Types of Security 1.3.
Administrative Scope and Role-Based Administration Jason Crampton Information Security Group Royal Holloway, University of London.
© Ilmu Komputer UGM Chapter 2: Entity-Relationship Model Entity Sets Relationship Sets Design Issues Mapping Constraints Keys E-R.
©Silberschatz, Korth and Sudarshan2.1Database System Concepts Chapter 2: Entity-Relationship Model Entity Sets Relationship Sets Design Issues Mapping.
April 27, The Role Graph Model and Tools for Design of Access Control Sylvia Osborn Dept. of Computer Science The University of Western Ontario.
INTRODUCTION lecture1 1. Data base concept Data is a meaningless static value. What does 3421 means? Information is the data you process in a manner that.
Ver 1,12/09/2012Kode :CCs 111,Sistem basis DataFASILKOM Database System Concepts, 5th Ed. ©Silberschatz, Korth and Sudarshan See for conditions.
Database Design: Conceptual Modeling with ER Model CENG 351.
ROLE BASED ACCESS CONTROL 1 Group 4 : Lê Qu ố c Thanh Tr ầ n Vi ệ t Tu ấ n Anh.
©Silberschatz, Korth and Sudarshan2.1Database System Concepts DB Schema Design: the Entity-Relationship Model What’s the use of the E-R model? Entity Sets.
“INTRODUCTION TO DATABASE AND SQL”. Outlines 2 Introduction To Database Database Concepts Database Properties What is Database Management System.
© 2005 Ravi Sandhu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology.
Databases Foundations of Computer Science Cengage Learning.
Chapter 4 The Enhanced Entity-Relationship (EER) Model Dr. Bernard Chen Ph.D. University of Central Arkansas.
Hands-On Microsoft Windows Server 2008 Chapter 4 Introduction to Active Directory and Account Manager.
Slides adapted from A. Silberschatz et al. Database System Concepts, 5th Ed. Entity-Relationship Model Database Management Systems I Alex Coman, Winter.
ISYS 200Week #41 Systems Analysis I Data Flow Diagrams ISYS 200 Glenn Booker.
Data Modeling Overview By: Dave Wentzel. What we will accomplish u Review of DBMS u Issues related to DBMS u Entity Relationship Modeling –Process flow.
MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 4: Active Directory Design and Security Concepts.
Introduction to Database Design Entity Relationship Model.
© 2017 SlidePlayer.com Inc. All rights reserved.