We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byCody Hurley
Modified over 3 years ago
SACMAT 03© Mohammad Al-Kahtani1 Induced Role Hierarchies with Attribute-Based RBAC Mohammad A. Al-Kahtani Ravi Sandhu George Mason University NSD Security, Inc. & firstname.lastname@example.org George Mason University email@example.com
SACMAT 03© Mohammad Al-Kahtani2 Introduction Role-Based Access Control (RBAC): A proven alternative to DAC and MAC RBAC basic components: 1. Users 2. Roles 3. Permissions Role Hierarchy Users (UA) User Assignment (PA) Permission Assignment Roles Permiss- ions
SACMAT 03© Mohammad Al-Kahtani3 Introduction In RBAC, user-to-role assignment is done manually. Many enterprises have huge customer bases: Banks Utilities companies Popular web sites In this environment, manual assignment becomes a formidable task. RBAC is modified to allow automatic user-role assignment based on authorization rules.
SACMAT 03© Mohammad Al-Kahtani4 Introduction The modified RBAC is called RB-RBAC: Rule-Based RBAC. Authorization rule structure: RB-RBAC rules are in BNF notation. Constraints Attributes Expression Roles
SACMAT 03© Mohammad Al-Kahtani5 RB-RBAC Model Attributes Expressions: 1. Expressed in RB-RBAC language 2. Constitute LHS of authorization rules Attributes Values: 1. Stored locally 2. Provided by attribute servers 3. Other means Attributes Expressions Users Roles Permissions Attributes values
SACMAT 03© Mohammad Al-Kahtani6 Analysis of RB-RBAC Seniority Relations among authorization rules Rule i : Rule j : ae i ae j Rule i Rule j Attributes Expression ae i Roles Logically implies Attributes Expression ae j
SACMAT 03© Mohammad Al-Kahtani7 Analysis of RB-RBAC Example: Attribute ExpressionsRolesSeniority ae 1 = Salary > 1000 Λ age > 50r1r1 ae 1 ae 2, ae 1 ae 3, ae 1 ae 4 ae 2 = Salary > 1000 Λ age > 40r2r2 ae 2 ae 4 ae 2 ae 3 ae 3 = ( Salary 1000 V age 40)r3r3 ae 3 ae 4 ae 3 ae 2 ae 4 = Salary > 400r4r4 ae 5 = Age > 60r5r5 Not related to any attribute expression
SACMAT 03© Mohammad Al-Kahtani8 Analysis of RB-RBAC Example: (Continued) The seniority relations among the rules is reflected as a hierarchy among the attribute expressions of the rules. These relations induced a role hierarchy (IRH) among the roles produced by these rules. ae 1 ae 3 ae 2 ae 4 ae 5
SACMAT 03© Mohammad Al-Kahtani9 Analysis of RB-RBAC Example: (Continued) To assemble the IRH, we say r i is senior to r j if the following holds: ( ae g ) [r i RHS(ae g ) ( ae h ) [(ae g ae h ) Λ r j RHS(ae h )]] where RHS(ae g ) is a function that returns the role set produced by attribute expression ae g. r1r1 r3r3 r2r2 r4r4 r5r5
SACMAT 03© Mohammad Al-Kahtani10 Analysis of RB-RBAC Example: (Continued) In assembling the IRH, roles produced by equivalent attributes expressions may be: a.Grouped under one rule (Figure a): No impact on functionality. b.Consolidated into one role (Figure b): May not always be preferred from a functional perspective. r1r1 r 2,r 3 r4r4 r5r5 (a) r1r1 r6r6 r4r4 r5r5 (b)
SACMAT 03© Mohammad Al-Kahtani11 Analysis of RB-RBAC Given Role Hierarchy (GRH) vs. IRH GRH reflects the current business practice of an enterprise. Inheritance of permissions flows upward in the GRH. Users inheritance flows downward in the IRH. r1r1 r6r6 r9r9 IRH r2r2 r 10 Flow of user-role inheritance: r 2 inherits r 1 r8r8 r5r5 r 11 r 12 r 13 r1r1 r3r3 r6r6 r4r4 r2r2 r7r7 GRH Flow of permission-role inheritance: r 1 inherits r 2 r5r5 r 11 r 12 r 13
SACMAT 03© Mohammad Al-Kahtani12 Analysis of RB-RBAC Discrepancies between IRH and GRH Ideally, IRH and GRH should be mirror images of each other. In reality, discrepancies may occur. Types of discrepancies ( using IRH as the reference ): 1.Missing Nodes 2.Additional Nodes 3.Missing Edges 4.Additional Edges 5.Inconsistency
SACMAT 03© Mohammad Al-Kahtani13 Analysis of RB-RBAC Discrepancies between IRH and GRH 1. Missing Nodes a.Leaf Node: r 7Leaf Node Functional Impact: None Reconciliation Measure: Delete the node and assign its permissions to its parents in GRH.
SACMAT 03© Mohammad Al-Kahtani14 Analysis of RB-RBAC Discrepancies between IRH and GRH 1. Missing Nodes a.Leaf Node b.Internal Node: r 3Internal Node Functional Impact: None Reconciliation Measure : Delete the node from GRH and assign its permissions to its parents
SACMAT 03© Mohammad Al-Kahtani15 Analysis of RB-RBAC Discrepancies between IRH and GRH 1. Missing Nodes a.Leaf Node b.Internal Node c.Stand-alone Node: r 4Stand-alone Node Functional Impact: Loss of functionality may occur. Reconciliation Measure: Modify the authorization rules via modifying the security policy.
SACMAT 03© Mohammad Al-Kahtani16 Analysis of RB-RBAC Discrepancies between IRH and GRH 1. Missing Nodes a.Leaf Node b.Internal Node c.Stand-alone Node d.Root Node: (assume r 1 is missing in IRH) r 1Root Node Functional Impact: Loss of r 1 functionality. Reconciliation: Modify the authorization rules via modifying the security policy.
SACMAT 03© Mohammad Al-Kahtani17 Analysis of RB-RBAC Discrepancies between IRH and GRH 2. Additional Nodes a.Leaf Node: r 8Leaf Node Functional Impact: None Reconciliation: Delete the node from IRH or modify GRH by adding r 8. IRH provides an insight: r8 permissions its parents permission
SACMAT 03© Mohammad Al-Kahtani18 Analysis of RB-RBAC Discrepancies between IRH and GRH 2. Additional Nodes a.Leaf Node b.Internal Node: r 10Internal Node Functional Impact: If r 10 has one child, then it is redundant. Reconciliation Measure: Delete r 10 from IRH and modify the policy to produce its child e.g. r 5 Or add r 10 to GRH such that: r5 permission r10 permission r2 permission If r 10 has more than one child, then add to GRH with: r 10 permissions = its childrens permissions
SACMAT 03© Mohammad Al-Kahtani19 Analysis of RB-RBAC Discrepancies between IRH and GRH 2. Additional Nodes a.Leaf Node b.Internal Node c.Stand-alone Node: r 9Stand-alone Node Functional Impact: None Reconciliation: Delete the node and modify the security policy so that authorization rules do not produce this role.
SACMAT 03© Mohammad Al-Kahtani20 Analysis of RB-RBAC Discrepancies between IRH and GRH 2. Additional Nodes a.Leaf Node b.Internal Node: c.Stand-alone Node d.Root Node: r 13Root Node Functional Impact: If r 13 has a single child, r 13 is redundant. Reconciliation: Delete r 13 from IRH, and the policy must be modified to produced its child instead. If r 13 has more than one child, then add it to GRH: r 13 permission = r 13 child nodes permissions
SACMAT 03© Mohammad Al-Kahtani21 Analysis of RB-RBAC Discrepancies between IRH and GRH 3.Missing Edges: r 1 - r 11Missing Edges Functional Impact: None Reconciliation: The enterprise business practice sees a functional relation between r 1 and r 11. However, the security policy does not capture this so it must be modified.
SACMAT 03© Mohammad Al-Kahtani22 Analysis of RB-RBAC Discrepancies between IRH and GRH 4.Additional Edges: r 1 - r 12Additional Edges Functional Impact: None Reconciliation: Modify the permissions of r 1 to include that of r 12 if the two hierarchies must be compatible.
SACMAT 03© Mohammad Al-Kahtani23 Analysis of RB-RBAC Discrepancies between IRH and GRH 5. Inconsistency: Normally, user-role assignment inheritance and permission-role inheritance flow in opposite directions. Figure (a): (r 2 r 3 ) r 2 users have (r 2 permissions r 3 permissions) r1r1 (a) IRH r2r2 (b) GRH r3r3 r1r1 r3r3 r2r2 (c) Consolidated IRH and GRH r1r1 r2r2 r3r3
SACMAT 03© Mohammad Al-Kahtani24 Analysis of RB-RBAC Discrepancies between IRH and GRH 5. Inconsistency: Figure (b): (r 2 r 3 ) r 3 users have (r 2 permissions r 3 permissions) r1r1 (a) IRH r2r2 (b) GRH r3r3 r1r1 r3r3 r2r2 (c) Consolidated IRH and GRH r1r1 r2r2 r3r3
SACMAT 03© Mohammad Al-Kahtani25 Analysis of RB-RBAC Discrepancies between IRH and GRH 5. Inconsistency: Figure (c): The inconsistency manifests itself in the form of double arrows heading in the same direction between r 2 and r 3. The enterprise business practice must be modified to remove this inconsistency. r1r1 (a) IRH r2r2 (b) GRH r3r3 r1r1 r3r3 r2r2 (c) Consolidated IRH and GRH r1r1 r2r2 r3r3
SACMAT 03© Mohammad Al-Kahtani26 Conclusion Seniority relations among authorization rules induce a role hierarchy (IRH). IRH is a useful tool to check the compliance of current business practices to a given security policy. IRH allows insight into what permissions to give to a specific role which, in turn, assists in drawing lines of responsibility and authority.
1 ACSAC 2002 © Mohammad al-Kahtani 2002 A Model for Attribute-Based User-Role Assignment Mohammad A. Al-Kahtani Ravi Sandhu George Mason University SingleSignOn.net,
Fetch Q MOB RS ROB Execute Retire RAT R1 R2 R3 R4 R5 R6 R7.
© 2005 Ravi Sandhu Permissions and Inheritance (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology.
© 2005 Ravi Sandhu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology.
© 2005 Ravi Sandhu Administrative Scope (continued) (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology.
INFS 767 Fall 2003 Administrative RBAC
1 A Role Based Administration Model For Attribute Xin Jin, Ram Krishnan, Ravi Sandhu SRAS, Sep 19, 2012 World-Leading Research with Real-World Impact!
Institute for Cyber Security
Engineering Authority and Trust in Cyberspace: The OM-AM and RBAC Way Prof. Ravi Sandhu George Mason University
9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Extended ReBAC Administrative Models with Cascading Revocation and Provenance Support Yuan Cheng 1 ， 2, Khalid Bijon 2, and Ravi Sandhu 1 Institute for.
ARBAC 97 (ADMINISTRATIVE RBAC)
© 2005 Ravi Sandhu Role Usage and Activation Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security.
Cyber-Identity, Authority and Trust in an Uncertain World
ROLE-BASED ACCESS CONTROL: A MULTI-DIMENSIONAL VIEW Ravi Sandhu, Edward Coyne, Hal Feinstein and Charles Youman Seta Corporation McLean, VA Ravi Sandhu.
Enhanced/Extended Relationship-Diagram Indra Budi
Aims and Objectives In this session you will be able to: Define ELHs and describe why they are used in systems analysis. Recognise the structure of an.
ROLE BASED ACCESS CONTROL 1 Group 4 : Lê Qu ố c Thanh Tr ầ n Vi ệ t Tu ấ n Anh.
Flexible access control policy specification with constraint logic programming Steve Barker, Peter J. Stuckey Presenter: Vijayant Dhankhar.
INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.
CIS 4004: AJAX – Part 1 Page 1 © Dr. Mark Llewellyn CIS 4004: Web Based Information Technology Spring 2013 Introduction To AJAX – Part 2 Department of.
Role Based Access Control Venkata Marella. Access Control System Access control is the ability to permit or deny the use of a particular resource by a.
10.1 © 2004 Pearson Education, Inc. Lesson 10: Specifying Group Policy Settings Exam Microsoft® Windows® 2000 Directory Services Infrastructure.
Systems Analysis and Design 5th Edition Chapter 6. Data Modeling Roberta Roth, Alan Dennis, and Barbara Haley Wixom 6-0© Copyright 2011 John Wiley & Sons,
© 2005 Prentice Hall10-1 Stumpf and Teague Object-Oriented Systems Analysis and Design with UML.
Non Trivial FD. Candidate Key FD’s that Hold on S.
OM-AM and RBAC Ravi Sandhu * Laboratory for Information Security Technology (LIST) George Mason University.
1 SACMAT 2002 © Oh and Sandhu 2002 A Model for Role Administration Using Organization Structure Sejong Oh Ravi Sandhu * George Mason University.
Testing Multiple Conditions with Decision Table Technique.
Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.
Gail-Joon Ahn and Ravi Sandhu George Mason University Myong Kang and Joon Park Naval Research Laboratory Injecting RBAC to Secure a Web-based Workflow.
FPA – IFPUG CPM 4.1 Rules. Function Point Analysis Function of the Data and the Operations on that data Data –4 types 2 Basic, 2 Attributive Operations.
© 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George.
© 2004 Ravi Sandhu The Typed Access Matrix Model (TAM) and Augmented TAM (ATAM) Ravi Sandhu Laboratory for Information Security Technology.
ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University.
Access Control RBAC Database Activity Monitoring.
ROWLBAC – Representing Role Based Access Control in OWL
11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.
Cyber-Identity and Authorization in an Uncertain World Ravi Sandhu Laboratory for Information Security Technology Department of Information.
The Project Please read the project’s description first. Each router will have a unique ID, with your router’s ID of 0 Any two connected routers will have.
How to do Discretionary Access Control Using Roles Ravi Sandhu Qamar Munawer.
Genes and Evolution Comparative Genome Structure and Evolution Synteny- comparison of chromosome order in related species.
SE-292 High Performance Computing Pipelining R. Govindarajan
RBAC Role-Based Access Control
© 2008 Wayne Wolf Overheads for Computers as Components 2nd ed. ARM instruction set ARM versions. ARM assembly language. ARM programming model. ARM memory.
1 Introduction to Active Directory Active Directory Overview Understanding Active Directory Concepts.
FlexFlow: A Flexible Flow Policy Specification Framework Shipping Chen, Duminda Wijesekera and Sushil Jajodia Center for Secure Information Systems George.
CH14 Instruction Level Parallelism and Superscalar Processors CH01 TECH Computer Science Decode and issue more and one instruction at a time Executing.
CSE 373 Data Structures and Algorithms Lecture 12: Trees IV (AVL Trees)
© 2017 SlidePlayer.com Inc. All rights reserved.