Role Based Access Control

Slides:



Advertisements
Similar presentations
1 Formal Model and Analysis of Usage Control Dissertation defense Student: Xinwen Zhang Director: Ravi S. Sandhu Co-director: Francesco Parisi-Presicce.
Advertisements

Cyber-Identity, Authority and Trust in an Uncertain World
1 ACSAC 2002 © Mohammad al-Kahtani 2002 A Model for Attribute-Based User-Role Assignment Mohammad A. Al-Kahtani Ravi Sandhu George Mason University SingleSignOn.net,
1 Framework for Role-Based Delegation Models (RBDMs) By: Ezedin S.Barka and Ravi Sandhu Laboratory Of Information Security Technology George Mason University.
FRAMEWORK FOR AGENT-BASED ROLE DELEGATION Presentation by: Ezedin S. Barka UAE University.
© 2004 Ravi Sandhu Role-Based Access Control Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.
Institute for Cyber Security ASCAA Principles for Next- Generation Role-Based Access Control Ravi Sandhu Executive Director & Endowed Professor Institute.
INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.
Role-Based Access Control Prof. Ravi Sandhu George Mason University and NSD Security SACMAT 2003.
1 SACMAT 2002 © Oh and Sandhu 2002 A Model for Role Administration Using Organization Structure Sejong Oh Ravi Sandhu * George Mason University.
ARBAC99 (Model for Administration of Roles)
Ravi Sandhu Venkata Bhamidipati
Institute for Cyber Security
1 A Model of OASIS Role-Based Access Control and Its Support for Active Security Rick Murphy, IT 862, Spring 2005.
ARBAC 97 (ADMINISTRATIVE RBAC)
Role Activation Hierarchies Ravi Sandhu George Mason University.
Logical Model and Specification of Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University.
ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University.
SECURING CYBERSPACE: THE OM-AM, RBAC AND PKI ROADMAP Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University
Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.
Future Directions in Role-Based Access Control Models Ravi Sandhu Co-Founder and Chief Scientist SingleSignOn.Net & Professor of Information Technology.
Gail-Joon Ahn and Ravi Sandhu George Mason University Myong Kang and Joon Park Naval Research Laboratory Injecting RBAC to Secure a Web-based Workflow.
ENGINEERING AUTHORITY AND TRUST IN CYBERSPACE: A ROLE-BASED APPROACH Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.
A Logic Specification for Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University SACMAT 2004.
ISA 662 RBAC-MAC-DAC Prof. Ravi Sandhu. 2 © Ravi Sandhu RBAC96 ROLES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS ROLE.
An ORACLE Implementation of the PRA97 Model for Permission-Role Assignment Ravi Sandhu Venkata Bhamidipati George Mason University.
A Role-Based Delegation Model and some extensions By: Ezedin S.Barka Ravi Sandhu George Mason University.
ROLE-BASED ACCESS CONTROL: A MULTI-DIMENSIONAL VIEW Ravi Sandhu, Edward Coyne, Hal Feinstein and Charles Youman Seta Corporation McLean, VA Ravi Sandhu.
A THREE TIER ARCHITECTURE FOR ROLE-BASED ACCESS CONTROL Ravi Sandhu and Hal Feinstein Seta Corporation McLean, VA Ongoing NIST-funded project Other Project.
INFS 767 Fall 2003 Administrative RBAC
© 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George.
© 2005 Ravi Sandhu Role Usage and Activation Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security.
Flexible access control policy specification with constraint logic programming Steve Barker, Peter J. Stuckey Presenter: Vijayant Dhankhar.
Engineering Authority and Trust in Cyberspace: The OM-AM and RBAC Way Prof. Ravi Sandhu George Mason University
© 2005 Ravi Sandhu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology.
Operations Management Maintenance and Reliability Chapter 17
Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
Chapter 1 The Study of Body Function Image PowerPoint
Author: Julia Richards and R. Scott Hawley
1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.
Membership & Roster Maintenance Officers Training Workshop September 2012 Kevin Shanahan 1.
Aviation Security Training Module 4 Design and Conduct Exercise II 1.
FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.
1 Term 2, 2004, Lecture 3, NormalisationMarian Ursu, Department of Computing, Goldsmiths College Normalisation 5.
Time Management F OR A S MALL B USINESS. TIMEMANAGEMENT 2 Welcome 1. Agenda 2. Ground Rules 3. Introductions.
IP Multicast Information management 2 Groep T Leuven – Information department 2/14 Agenda •Why IP Multicast ? •Multicast fundamentals •Intradomain.
VOORBLAD.
Factor P 16 8(8-5ab) 4(d² + 4) 3rs(2r – s) 15cd(1 + 2cd) 8(4a² + 3b²)
Basel-ICU-Journal Challenge18/20/ Basel-ICU-Journal Challenge8/20/2014.
1..
© 2012 National Heart Foundation of Australia. Slide 2.
Lecture plan Outline of DB design process Entity-relationship model
Understanding Generalist Practice, 5e, Kirst-Ashman/Hull
Chapter 5 Test Review Sections 5-1 through 5-4.
Model and Relationships 6 M 1 M M M M M M M M M M M M M M M M
25 seconds left…...
Chapter 2 Entity-Relationship Data Modeling: Tools and Techniques
©Brooks/Cole, 2001 Chapter 12 Derived Types-- Enumerated, Structure and Union.
Database Administration
PSSA Preparation.
Essential Cell Biology
1 Programming Languages (CS 550) Mini Language Interpreter Jeremy R. Johnson.
The RBAC96 Model Prof. Ravi Sandhu. 2 © Ravi Sandhu WHAT IS RBAC?  multidimensional  open ended  ranges from simple to sophisticated.
CSCE 201 Introduction to Information Security Fall 2010 Access Control Models.
Role-Based Access Control (RBAC)
ASCAA Principles for Next-Generation Role-Based Access Control
Role-Based Access Control George Mason University and
Presentation transcript:

Role Based Access Control PhD Dissertation Architectures and Models for Administration of User-Role Assignment in Role Based Access Control Venkata Bhamidipati

Presentation Outline Introduction Decentralized user-role assignment (URA97) ASCAA principles Self service role assignment (SSRBAC08) Conclusions Contributions Future work Publications 2 Venkata Bhamidipati

Introduction Principal motivation of RBAC is to simplify administration. Using RBAC to manage itself is an appealing possibility Three components in administration of RBAC user–role, permission–role, role-role Focus of this work is on user-role administration 3 Venkata Bhamidipati

Introduction: Problem Statement In large systems administration is a big task. Frequent changes to user-role assignment roles: 100s or 1000s users: 1000s or 10,000s or more Less frequent changes for role hierarchy Need for decentralization and automation of user-role assignment Early Part of this work focuses on decentralization (URA97). Later part on automation (SSRBAC08) 4 Venkata Bhamidipati

Introduction: Contributions URA97 model for user role assignment Related work: Munawer 99, Oh 2002 PRA97 for permission role assignment URA97 proof of concept implementation in Oracle Related work: Ahn & Sandhu 98,01 Sandhu & Park 98 Push model for user assignment in distributed systems Related work: Dekker 2008 ASCAA principles for next generation RBAC Framework for self service assignment (SSRBAC08) Related work: Khatani 2004 5 Venkata Bhamidipati

Introduction: RBAC96 ... SSRBAC08 URA97 ROLES USERS PERMISSIONS ADMIN Constraints Sessions It shows a bird’s eye view of RBAC URA97 6 Venkata Bhamidipati

Introduction: OM-AM Decentralization and Automation URA97, PRA97, SSRBAC08 Push Model for URA97 Oracle Stored Procedures 7 Venkata Bhamidipati

User Role Assignment (URA97) Model to administer user-role assignment Decentralizes user-role administration Members of administrative roles perform assignment and revocation operations 8 Venkata Bhamidipati

Example Role Hierarchy Employee (E) Engineering Department (ED) Project Lead 1 (PL1) Engineer 1 (E1) Production 1 (P1) Quality 1 (Q1) Director (DIR) Project Lead 2 (PL2) Engineer 2 (E2) Production 2 (P2) Quality 2 (Q2) PROJECT 2 PROJECT 1 9 Venkata Bhamidipati

Example Administrative Role Hierarchy Senior Security Officer (SSO) Department Security Officer (DSO) Project Security Officer 1 (PSO1) Project Security Officer 2 (PSO2) 10 Venkata Bhamidipati

URA97 Grant Model: can-assign Imposes restrictions on which users can be added to a role by whom The can-assign relation can-assign (x,y,{a,b,c}) a member of administrative role x (or senior to x) can assign a user whose current membership, or non-membership, in regular roles satisfies the prerequisite condition y to be a member of regular roles a, b or c The prerequisite condition is a boolean expression on terms of the form z(u) where z(u) is a boolean function with the same name as role z which evaluates to true if user u is a member of role z and evaluates to false otherwise 11 Venkata Bhamidipati

URA97 Grant Model : can-assign Alice is a member of admin role PSO1 She can assign a user regular role E1, if the user satisfies condition of having membership in role ED She can assign a user regular role Q1, if the user satisfies condition of having membership in ED and not having P1 She can assign a user regular role PL1, if the user satisfies condition of having membership in P1 and Q1 Bob is a member of admin role DSO He can assign a user regular roles in the range (ED, DIR), if the user satisfies condition of having membership in role ED 12 Venkata Bhamidipati

URA97 Grant Model “redundant” assignments to senior and junior roles are allowed are useful 13 Venkata Bhamidipati

URA97 Revoke Model : can-revoke The can-revoke relation can-revoke (x,Y), when Y: range of revocation. a member of the administrative role x (or senior to x) can revoke membership of a user from any regular role yY. Weak revocation revokes explicit membership in a role independent of who did the assignment Strong Revocation revokes explicit membership in a role and its seniors authorized only if corresponding weak revokes are authorized alternatives all-or-nothing, revoke within range 14 Venkata Bhamidipati

URA97 Revoke Model : can-revoke ARole Role Range PSO1 [E1,PL1) PSO2 [E2,PL2) DSO (ED,DIR) SSO [ED,DIR] 15 Venkata Bhamidipati

Introduction: Contributions URA97 model for user role assignment Related work: Munawer 99, Oh 2002 PRA97 for permission role assignment URA97 proof of concept implementation in Oracle Related work: Ahn & Sandhu 98,01 Sandhu & Park 98 Push model for user assignment in distributed systems Related work: Dekker 2008 ASCAA principles for next generation RBAC Framework for self service assignment (SSRBAC08) Related work: Al-Khatani 2004 16 Venkata Bhamidipati

ASCAA Principles RBAC96 based on four foundation principles Abstraction of privileges Separation of administrative functions Least privilege Separation of duty Manual intervention in RBAC administration is cumbersome New concepts like usage control, rate limits have gained traction Accountability is receiving renewed interest 17 Venkata Bhamidipati

ASCAA Principles Abstraction Separation of Administrative functions Remains unchanged from RBAC96 Separation of Administrative functions Containment Subsumes least privilege, separation of duties Includes usage control, rate limits Automation Assignment, revocation Accountability Re-authentication, obligations, notification and alerts 18 Venkata Bhamidipati

Self Service User Assignment (SSRBAC08) URA97 requires administrative effort Simplify administration A framework for self service user assignment Based on ASCAA principles 19 Venkata Bhamidipati

SSRBAC08 contd.. Modifies RBAC96 Constraints are classified into four categories Assignment Criteria Administrative Criteria Usage Criteria Revocation Criteria Role attributes hold criteria 20 Venkata Bhamidipati

SSRBAC08 contd.. SSRBAC08 Framework 21 Venkata Bhamidipati

SSRBAC08 contd.. Assignment Criteria (AC) Defines criteria that need to be satisfied by assignee for role assignment Example criteria include membership or non membership in roles, approvals, obligations, cardinality limits, rate limits Administrative Criteria (ADC) Defines criteria that control administrative functions people who are allowed to grant the role, specify if self assignment is allowed, rate limits, approvals, obligations 22 Venkata Bhamidipati

SSRBAC08 contd.. Usage Criteria (UC) Revocation Criteria (RC) Defines criteria that control role usage Example criteria include environmental conditions, temporal limits, rate limits, dynamic separation of duties, cardinality limits, approvals , obligations Revocation Criteria (RC) Defines criteria that control role revocation role expiration and time limits, approvals, obligations 23 Venkata Bhamidipati

Example Hierarchy 24 Venkata Bhamidipati

SSRBAC08 Example ADC for Role E1 AC for Role E1 1. Users who have consultant role can perform self assignment. 2. Members with PL1 or higher role can assign E1 role to others. 3. Only 2 assignments in a day can be made by members of roles junior to Eng VP role. 4. No more than 20 assignments of this role per week. 5. There is a cardinality limit of 30 members for users with consultant role. 6. To override cardinality rule need an approval from Eng VP. 7. Members with Dir or higher can perform revocation. AC for Role E1 1. Assignee should have role EMP and not belong to E2. 2. Approval of Dir or higher needed to override prerequisite condition. 3. Assignee should not have exceeded 5 self assignment operations in the current month. 4. Obligation to complete mandatory system training 5 days from assignment. 25 Venkata Bhamidipati

SSRBAC08 Example UC for Role E1 RC for Role E1 1. Cannot activate if E2 is active. 2. Extranet activation allowed if role C is active. 3. Activation of role allowed from extranet only during 9 AM-5 PM Mon-Fri. RC for Role E1 1. Revoke if assignment obligations are not met. 2. Revoked 1 year from assignment date. 3. Need extension approval from Dir or above to override 1 year rule. 4. Revocation if no activation in 3 months period. 5. Self revoke requires Dir approval. 26 Venkata Bhamidipati

URA97 in SSRBAC08 Prerequisite Conditions Role ADC AC ED Assignor needs to have SSO Assignee needs to have E E1 Assignor needs to have PSO1 or senior Assignee needs to have ED PE1 If assignor is PSO1 then assignee should have ED and not have QE1. If assignor is DSO or higher then assignee should have ED. QE1 If assignor is PSO1 then assignee should have ED and not have PE1. If assignor is DSO or higher then assignee should have ED. PL1 If assignor is PSO1 then assignee should have QE1 and PE1. If assignor is DSO or higher then assignee should have ED. DIR 27 Venkata Bhamidipati

URA97 in SSRBAC08 Revocation ED SSO or higher can revoke E1 Role ADC ED SSO or higher can revoke E1 PSO1 or higher can revoke PE1 QE1 E2 PSO2 or Higher can revoke PE2 PSO2 or higher can revoke QE2 PL1 DSO or higher can revoke PL2 DIR 28 Venkata Bhamidipati

Conclusions RBAC can be used to manage itself URA97 model allows to decentralize user-role assignment URA97 is viable Proof of concept implementation in Oracle SSRBAC08 framework allows to realize self service assignment Related Work URA97 Implementations on other platforms (Nt, Unix, and Web) URA02 Attributed Based RBAC 29 Venkata Bhamidipati

Contributions URA97 PRA97 Implemented URA97 in Oracle One of the earliest RBAC administrative model Decentralizes User-Roles Assignment Needs Administrative roles. PRA97 Dual of URA97 Decentralizes permission-Role Assignment Implemented URA97 in Oracle Proof of concept implementation 30 Venkata Bhamidipati

Contributions Push Model ASCAA Principles Deals with User-role assignment in distributed systems. Global hierarchy is maintained in a centralized location Pushes assignment and revocation information to local systems ASCAA Principles Extend RBAC foundation principles Containment includes SOD, least privilege and usage control Automation and accountability are introduced 31 Venkata Bhamidipati

Contributions SSRBAC08 Framework for self service user-role assignment built on ASCAA principles. Modifies RBAC96 by classifying constraints into four categories Assignment and Administrative Criteria determine assignment policy Usage Criteria determines usage policy Revocation and Administrative Criteria determine Revocation policy 32 Venkata Bhamidipati

Future Work Policy Language for SSRBAC08 criteria Extend Attribute based RBAC to use How to model RORBAC in SSRBAC08 framework 33 Venkata Bhamidipati

Publications Ravi Sandhu and Venkata Bhamidipati, "The URA97 Model for Role-Based User-Role Assignment", IFIP11.3 1997. Ravi Sandhu, Venkata Bhamidipati, Edward Coyne, Srinivas Ganta and Charles Youman, "The ARBAC97 Model for Role-Based Administration of Roles: Preliminary Description and Outline", ACM RBAC 1997 Ravi Sandhu and Venkata Bhamidipati, "An Oracle Implementation of the PRA97 Model for Permission-Role Assignment", ACM RBAC 1998. Ravi Sandhu, Venkata Bhamidipati and Qamar Munawer, "The ARBAC97 Model for Role-Based Administration of Roles", ACM Transactions on Information and Systems Security (TISSEC), Volume 2, Number, February 1999. Ravi Sandhu and Venkata Bhamidipati, "Role-Based Administration of User-Role Assignment: The URA97 Model and its Oracle Implementation", Journal of Computer Security, Volume 7, 1999. Venkata Bhamidipati and Ravi Sandhu, "Push Architectures for User-Role Assignment", NISSC 2000. Ravi Sandhu and Venkata Bhamidipati, "The ASCAA Principles for Next-Generation Role-Based Access Control". Proc. 3rd International Conference on Availability, Reliability and Security (ARES), 2008 34 Venkata Bhamidipati

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.