Presentation is loading. Please wait.

Presentation is loading. Please wait.

ARBAC99 (Model for Administration of Roles) Ravi Sandhu Qamar Munawer George Mason University Laboratory for Information Security Technology www.list.gmu.edu.

Similar presentations


Presentation on theme: "ARBAC99 (Model for Administration of Roles) Ravi Sandhu Qamar Munawer George Mason University Laboratory for Information Security Technology www.list.gmu.edu."— Presentation transcript:

1 ARBAC99 (Model for Administration of Roles) Ravi Sandhu Qamar Munawer George Mason University Laboratory for Information Security Technology

2 2 © Ravi Sandhu 1999 RBAC96 (simplified) ROLES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERSPERMISSIONS ROLE HIERARCHIES

3 3 © Ravi Sandhu 1999 ARBAC97 DECENTRALIZES u user-role assignment (URA97) u permission-role assignment (PRA97) u role-role hierarchy (RRA99)

4 4 © Ravi Sandhu 1999 ARBAC99 EXTENDS ARBAC97 u URA99 l mobile and immobile membership l prerequisite-based revocation u PRA99 l dual of URA99 u RRA99 l no change

5 5 © Ravi Sandhu 1999 EXAMPLE ROLE HIERARCHY Employee (E) Engineering Department (ED) Project Lead 1 (PL1) Engineer 1 (E1) Production 1 (P1) Quality 1 (Q1) Director (DIR) Project Lead 2 (PL2) Engineer 2 (E2) Production 2 (P2) Quality 2 (Q2) PROJECT 2PROJECT 1

6 6 © Ravi Sandhu 1999 EXAMPLE ADMINISTRATIVE ROLE HIERARCHY Senior Security Officer (SSO) Department Security Officer (DSO) Project Security Officer 1 (PSO1) Project Security Officer 2 (PSO2)

7 7 © Ravi Sandhu 1999 Motivation for ARBAC99 u URA97 consequences l Users can use permissions of the role and junior roles. l User become eligible for assignment to other roles.

8 8 © Ravi Sandhu 1999 Motivation for ARBAC99 u Examples that require decomposition of these two aspects: l trainee l visitor l consultant

9 9 © Ravi Sandhu 1999 New Concepts in URA99 u Mobile Users: l user u can use permissions of role x and administrative role can use this membership to put user u in another role. u Immobile Users: l user u can use permissions of role x but administrative role cannot use this membership to put user u in another role.

10 10 © Ravi Sandhu 1999 URA99 Model u Builds upon the concept of mobile and immobile membership of users. u To formalize this we consider a role x as consisting of two sub-roles Mx and IMx. u The membership in Mx in mobile where as in IMx is immobile.

11 11 © Ravi Sandhu 1999 Role in URA99 u Definition: For a given set of roles R1 we define a role in URA99 as R = {Mx, IMx | x R1}

12 12 © Ravi Sandhu 1999 User Memberships in URA99 u There are four kinds of user-role memberships in URA99. l Explicit Mobile Member EMx u EMx (u, Mx) UA l Explicit Immobile Member EIMx u EIMx (u, IMx) UA l Implicit Mobile Member ImMx u ImMx ( x > x) (u, Mx) UA l Implicit Immobile Member ImIMx u ImIMx ( x > x) (u, IMx) UA

13 13 © Ravi Sandhu 1999 Precedence Rule in URA99 u URA99 allows a user to have all four kinds of memberships in a role at the same time. u only one will be effective by the following strict precedence rule l EMx > EIMx > ImMx > ImIMx

14 14 © Ravi Sandhu 1999 Inheritance of Mobility and Immobility X1 X2 X1 X3 X2X3 X1X2 Single Multiple Divergent

15 15 © Ravi Sandhu 1999 Prerequisite condition for URA99 Grant Model u URA97 prerequisite condition is quite straight forward. u In URA99 it is evaluated for a user u by interpreting x to be true if u EMx ( u ImMx u EIMx) and x to be true if u EMx u EIMx u ImMx u ImIMx

16 16 © Ravi Sandhu 1999 Can-assign relations for URA99 Grant Model u Assignment as Mobile membership is authorized by can-assign-M AR CR 2 R u Assignment as Immobile membership is authorized by can-assign-IM AR CR 2 R

17 17 © Ravi Sandhu 1999 EXAMPLE ROLE HIERARCHY Employee (E) Engineering Department (ED) Project Lead 1 (PL1) Engineer 1 (E1) Production 1 (P1) Quality 1 (Q1) Director (DIR) Project Lead 2 (PL2) Engineer 2 (E2) Production 2 (P2) Quality 2 (Q2) PROJECT 2PROJECT 1

18 18 © Ravi Sandhu 1999 EXAMPLE ADMINISTRATIVE ROLE HIERARCHY Senior Security Officer (SSO) Department Security Officer (DSO) Project Security Officer 1 (PSO1) Project Security Officer 2 (PSO2)

19 19 © Ravi Sandhu 1999 Can-assign-M

20 20 © Ravi Sandhu 1999 Can-assign-IM

21 21 © Ravi Sandhu 1999 URA99 Grant Model authorizations u no implication in general that authority to grant mobile membership implies authority to grant immobile memberships.

22 22 © Ravi Sandhu 1999 URA99 - Revoke Model u URA99 revoke model fixes a lack of symmetry between grant and revoke models. u It deals with revocation of mobile and immobile memberships. u URA99 introduces two relations to authorize revocation.

23 23 © Ravi Sandhu 1999 Can-revoke relations for URA99 Revoke Model u Revocation as Mobile membership is authorized by can-revoke-M AR CR 2 R u Revocation as Immobile membership is authorized by can-revoke-IM AR CR 2 R

24 24 © Ravi Sandhu 1999 Can-revoke-M

25 25 © Ravi Sandhu 1999 Can-revoke-IM

26 26 © Ravi Sandhu 1999 Prerequisite condition for URA99 - Revoke Model u For revoke model we do not distinguish the mobile and immobile memberships u We interpret x to be true iff u EMx u ImMx u IMx u ImIMx and x to be true iff u Emx u EIMx u ImMx u ImIMx

27 27 © Ravi Sandhu 1999 Relation between URA97 and URA99 u If all users are restricted to be mobile then URA99 is identical with URA97. u This can be achieved by setting can- assign-IM and can-revoke-IM to be empty.

28 28 © Ravi Sandhu 1999 PRA99 - Model u Like user, permissions can also be assigned to roles as mobile and immobile. u PRA99 is exact dual of URA99. u In PRA99 the implicit permission is inherited upwards in the hierarchy.

29 29 © Ravi Sandhu 1999 Conclusion u ARBAC99 is first model that incorporates mobile and immobile users and permissions u Basic intuition of ARBAC97 is not altered u It is a useful extension to ARBAC97


Download ppt "ARBAC99 (Model for Administration of Roles) Ravi Sandhu Qamar Munawer George Mason University Laboratory for Information Security Technology www.list.gmu.edu."

Similar presentations


Ads by Google