SACMAT 03© Mohammad Al-Kahtani1 Induced Role Hierarchies with Attribute-Based RBAC Mohammad A. Al-Kahtani Ravi Sandhu George Mason University NSD Security,

Slides:

Advertisements

Similar presentations

INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.

Advertisements

Chapter 13. Red-Black Trees

RBAC Role-Based Access Control

Cyber-Identity, Authority and Trust in an Uncertain World

Cyber-Identity and Authorization in an Uncertain World Ravi Sandhu Laboratory for Information Security Technology Department of Information.

ROWLBAC – Representing Role Based Access Control in OWL

1 ACSAC 2002 © Mohammad al-Kahtani 2002 A Model for Attribute-Based User-Role Assignment Mohammad A. Al-Kahtani Ravi Sandhu George Mason University SingleSignOn.net,

© 2004 Ravi Sandhu The Schematic Protection Model (SPM) Ravi Sandhu Laboratory for Information Security Technology George Mason University.

1 SACMAT 2002 © Oh and Sandhu 2002 A Model for Role Administration Using Organization Structure Sejong Oh Ravi Sandhu * George Mason University.

ARBAC99 (Model for Administration of Roles)

11 World-Leading Research with Real-World Impact! A Framework for Risk-Aware Role Based Access Control Khalid Zaman Bijon, Ram Krishnan and Ravi Sandhu.

Institute for Cyber Security

ARBAC 97 (ADMINISTRATIVE RBAC)

ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University.

How to do Discretionary Access Control Using Roles Ravi Sandhu Qamar Munawer.

Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.

Institute for Cyber Security

Gail-Joon Ahn and Ravi Sandhu George Mason University Myong Kang and Joon Park Naval Research Laboratory Injecting RBAC to Secure a Web-based Workflow.

© 2004 Ravi Sandhu The Typed Access Matrix Model (TAM) and Augmented TAM (ATAM) Ravi Sandhu Laboratory for Information Security Technology.

ROLE-BASED ACCESS CONTROL: A MULTI-DIMENSIONAL VIEW Ravi Sandhu, Edward Coyne, Hal Feinstein and Charles Youman Seta Corporation McLean, VA Ravi Sandhu.

INFS 767 Fall 2003 Administrative RBAC

© 2005 Ravi Sandhu Permissions and Inheritance (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology.

© 2005 Ravi Sandhu Administrative Scope (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology George.

© 2005 Ravi Sandhu Administrative Scope (continued) (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology.

© 2005 Ravi Sandhu Role Usage and Activation Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security.

OM-AM and RBAC Ravi Sandhu * Laboratory for Information Security Technology (LIST) George Mason University.

Flexible access control policy specification with constraint logic programming Steve Barker, Peter J. Stuckey Presenter: Vijayant Dhankhar.

Engineering Authority and Trust in Cyberspace: The OM-AM and RBAC Way Prof. Ravi Sandhu George Mason University

© 2005 Ravi Sandhu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology.

Professional Profiles Module 3 1. Objectives In this module you will learn: Professional Profile basics How to create a Professional Profile How to add.

Genes and Evolution Comparative Genome Structure and Evolution Synteny- comparison of chromosome order in related species.

CH14 Instruction Level Parallelism and Superscalar Processors

CSE 5317/4305 L9: Instruction Selection1 Instruction Selection Leonidas Fegaras.

Testing “Multiple Conditions” with Decision Table Technique

CSE 373 Data Structures and Algorithms

Non Trivial FD. Candidate Key FD’s that Hold on S.

FPA – IFPUG CPM 4.1 Rules.

SE-292 High Performance Computing

© Copyright 2011 John Wiley & Sons, Inc.

CIS 4004: Web Based Information Technology Spring 2013

RAT R1 R2 R3 R4 R5 R6 R7 Fetch Q RS MOB ROB Execute Retire.

Overheads for Computers as Components 2nd ed.

The Project Please read the project’s description first. Each router will have a unique ID, with your router’s ID of 0 Any two connected routers will have.

Access Control RBAC Database Activity Monitoring.

Role Based Access Control Venkata Marella. Access Control System Access control is the ability to permit or deny the use of a particular resource by a.

Aims and Objectives In this session you will be able to: Define ELHs and describe why they are used in systems analysis. Recognise the structure of an.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Administering Active Directory

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Role Based Access Control Models Presented By Ankit Shah 2 nd Year Master’s Student.

11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

April 27, The Role Graph Model and Tools for Design of Access Control Sylvia Osborn Dept. of Computer Science The University of Western Ontario.

1 A Role Based Administration Model For Attribute Xin Jin, Ram Krishnan, Ravi Sandhu SRAS, Sep 19, 2012 World-Leading Research with Real-World Impact!

© 2005 Prentice Hall10-1 Stumpf and Teague Object-Oriented Systems Analysis and Design with UML.

1 RABAC : Role-Centric Attribute-Based Access Control MMM-ACNS 2012 Xin Jin, Ravi Sandhu, Ram Krishnan University of Texas at San Antonio San Antonio,

FlexFlow: A Flexible Flow Policy Specification Framework Shipping Chen, Duminda Wijesekera and Sushil Jajodia Center for Secure Information Systems George.

SQL Based Knowledge Representation And Knowledge Editor UMAIR ABDULLAH AFTAB AHMED MOHAMMAD JAMIL SAWAR (Presented by Lei Jiang)

ROLE BASED ACCESS CONTROL 1 Group 4 : Lê Qu ố c Thanh Tr ầ n Vi ệ t Tu ấ n Anh.

CSCE 201 Introduction to Information Security Fall 2010 Access Control Models.

Introduction to Active Directory

Computer Security: Principles and Practice

10.1 © 2004 Pearson Education, Inc. Lesson 10: Specifying Group Policy Settings Exam Microsoft® Windows® 2000 Directory Services Infrastructure.

1 XACML for RBAC and CADABRA Constrained Delegation and Attribute-Based Role Assignment Brian Garback © Brian Garback 2005.

XML DOM Week 11 Web site:

Extended ReBAC Administrative Models with Cascading Revocation and Provenance Support Yuan Cheng 1 ， 2, Khalid Bijon 2, and Ravi Sandhu 1 Institute for.

Logical Database Design and the Rational Model

Institute for Cyber Security

ASCAA Principles for Next-Generation Role-Based Access Control

Engineering Authority and Trust in Cyberspace: George Mason University

Presentation transcript:

SACMAT 03© Mohammad Al-Kahtani1 Induced Role Hierarchies with Attribute-Based RBAC Mohammad A. Al-Kahtani Ravi Sandhu George Mason University NSD Security, Inc. & George Mason University

SACMAT 03© Mohammad Al-Kahtani2 Introduction Role-Based Access Control (RBAC): A proven alternative to DAC and MAC RBAC basic components: 1. Users 2. Roles 3. Permissions Role Hierarchy Users (UA) User Assignment (PA) Permission Assignment Roles Permiss- ions

SACMAT 03© Mohammad Al-Kahtani3 Introduction In RBAC, user-to-role assignment is done manually. Many enterprises have huge customer bases: Banks Utilities companies Popular web sites In this environment, manual assignment becomes a formidable task. RBAC is modified to allow automatic user-role assignment based on authorization rules.

SACMAT 03© Mohammad Al-Kahtani4 Introduction The modified RBAC is called RB-RBAC: Rule-Based RBAC. Authorization rule structure: RB-RBAC rules are in BNF notation. Constraints Attributes Expression Roles

SACMAT 03© Mohammad Al-Kahtani5 RB-RBAC Model Attributes Expressions: 1. Expressed in RB-RBAC language 2. Constitute LHS of authorization rules Attributes Values: 1. Stored locally 2. Provided by attribute servers 3. Other means Attributes Expressions Users Roles Permissions Attributes values

SACMAT 03© Mohammad Al-Kahtani6 Analysis of RB-RBAC Seniority Relations among authorization rules Rule i : Rule j : ae i ae j Rule i Rule j Attributes Expression ae i Roles Logically implies Attributes Expression ae j

SACMAT 03© Mohammad Al-Kahtani7 Analysis of RB-RBAC Example: Attribute ExpressionsRolesSeniority ae 1 = Salary > 1000 Λ age > 50r1r1 ae 1 ae 2, ae 1 ae 3, ae 1 ae 4 ae 2 = Salary > 1000 Λ age > 40r2r2 ae 2 ae 4 ae 2 ae 3 ae 3 = ( Salary 1000 V age 40)r3r3 ae 3 ae 4 ae 3 ae 2 ae 4 = Salary > 400r4r4 ae 5 = Age > 60r5r5 Not related to any attribute expression

SACMAT 03© Mohammad Al-Kahtani8 Analysis of RB-RBAC Example: (Continued) The seniority relations among the rules is reflected as a hierarchy among the attribute expressions of the rules. These relations induced a role hierarchy (IRH) among the roles produced by these rules. ae 1 ae 3 ae 2 ae 4 ae 5

SACMAT 03© Mohammad Al-Kahtani9 Analysis of RB-RBAC Example: (Continued) To assemble the IRH, we say r i is senior to r j if the following holds: ( ae g ) [r i RHS(ae g ) ( ae h ) [(ae g ae h ) Λ r j RHS(ae h )]] where RHS(ae g ) is a function that returns the role set produced by attribute expression ae g. r1r1 r3r3 r2r2 r4r4 r5r5

SACMAT 03© Mohammad Al-Kahtani10 Analysis of RB-RBAC Example: (Continued) In assembling the IRH, roles produced by equivalent attributes expressions may be: a.Grouped under one rule (Figure a): No impact on functionality. b.Consolidated into one role (Figure b): May not always be preferred from a functional perspective. r1r1 r 2,r 3 r4r4 r5r5 (a) r1r1 r6r6 r4r4 r5r5 (b)

SACMAT 03© Mohammad Al-Kahtani11 Analysis of RB-RBAC Given Role Hierarchy (GRH) vs. IRH GRH reflects the current business practice of an enterprise. Inheritance of permissions flows upward in the GRH. Users inheritance flows downward in the IRH. r1r1 r6r6 r9r9 IRH r2r2 r 10 Flow of user-role inheritance: r 2 inherits r 1 r8r8 r5r5 r 11 r 12 r 13 r1r1 r3r3 r6r6 r4r4 r2r2 r7r7 GRH Flow of permission-role inheritance: r 1 inherits r 2 r5r5 r 11 r 12 r 13

SACMAT 03© Mohammad Al-Kahtani12 Analysis of RB-RBAC Discrepancies between IRH and GRH Ideally, IRH and GRH should be mirror images of each other. In reality, discrepancies may occur. Types of discrepancies ( using IRH as the reference ): 1.Missing Nodes 2.Additional Nodes 3.Missing Edges 4.Additional Edges 5.Inconsistency

SACMAT 03© Mohammad Al-Kahtani13 Analysis of RB-RBAC Discrepancies between IRH and GRH 1. Missing Nodes a.Leaf Node: r 7Leaf Node Functional Impact: None Reconciliation Measure: Delete the node and assign its permissions to its parents in GRH.

SACMAT 03© Mohammad Al-Kahtani14 Analysis of RB-RBAC Discrepancies between IRH and GRH 1. Missing Nodes a.Leaf Node b.Internal Node: r 3Internal Node Functional Impact: None Reconciliation Measure : Delete the node from GRH and assign its permissions to its parents

SACMAT 03© Mohammad Al-Kahtani15 Analysis of RB-RBAC Discrepancies between IRH and GRH 1. Missing Nodes a.Leaf Node b.Internal Node c.Stand-alone Node: r 4Stand-alone Node Functional Impact: Loss of functionality may occur. Reconciliation Measure: Modify the authorization rules via modifying the security policy.

SACMAT 03© Mohammad Al-Kahtani16 Analysis of RB-RBAC Discrepancies between IRH and GRH 1. Missing Nodes a.Leaf Node b.Internal Node c.Stand-alone Node d.Root Node: (assume r 1 is missing in IRH) r 1Root Node Functional Impact: Loss of r 1 functionality. Reconciliation: Modify the authorization rules via modifying the security policy.

SACMAT 03© Mohammad Al-Kahtani17 Analysis of RB-RBAC Discrepancies between IRH and GRH 2. Additional Nodes a.Leaf Node: r 8Leaf Node Functional Impact: None Reconciliation: Delete the node from IRH or modify GRH by adding r 8. IRH provides an insight: r8 permissions its parents permission

SACMAT 03© Mohammad Al-Kahtani18 Analysis of RB-RBAC Discrepancies between IRH and GRH 2. Additional Nodes a.Leaf Node b.Internal Node: r 10Internal Node Functional Impact: If r 10 has one child, then it is redundant. Reconciliation Measure: Delete r 10 from IRH and modify the policy to produce its child e.g. r 5 Or add r 10 to GRH such that: r5 permission r10 permission r2 permission If r 10 has more than one child, then add to GRH with: r 10 permissions = its childrens permissions

SACMAT 03© Mohammad Al-Kahtani19 Analysis of RB-RBAC Discrepancies between IRH and GRH 2. Additional Nodes a.Leaf Node b.Internal Node c.Stand-alone Node: r 9Stand-alone Node Functional Impact: None Reconciliation: Delete the node and modify the security policy so that authorization rules do not produce this role.

SACMAT 03© Mohammad Al-Kahtani20 Analysis of RB-RBAC Discrepancies between IRH and GRH 2. Additional Nodes a.Leaf Node b.Internal Node: c.Stand-alone Node d.Root Node: r 13Root Node Functional Impact: If r 13 has a single child, r 13 is redundant. Reconciliation: Delete r 13 from IRH, and the policy must be modified to produced its child instead. If r 13 has more than one child, then add it to GRH: r 13 permission = r 13 child nodes permissions

SACMAT 03© Mohammad Al-Kahtani21 Analysis of RB-RBAC Discrepancies between IRH and GRH 3.Missing Edges: r 1 - r 11Missing Edges Functional Impact: None Reconciliation: The enterprise business practice sees a functional relation between r 1 and r 11. However, the security policy does not capture this so it must be modified.

SACMAT 03© Mohammad Al-Kahtani22 Analysis of RB-RBAC Discrepancies between IRH and GRH 4.Additional Edges: r 1 - r 12Additional Edges Functional Impact: None Reconciliation: Modify the permissions of r 1 to include that of r 12 if the two hierarchies must be compatible.

SACMAT 03© Mohammad Al-Kahtani23 Analysis of RB-RBAC Discrepancies between IRH and GRH 5. Inconsistency: Normally, user-role assignment inheritance and permission-role inheritance flow in opposite directions. Figure (a): (r 2 r 3 ) r 2 users have (r 2 permissions r 3 permissions) r1r1 (a) IRH r2r2 (b) GRH r3r3 r1r1 r3r3 r2r2 (c) Consolidated IRH and GRH r1r1 r2r2 r3r3

SACMAT 03© Mohammad Al-Kahtani24 Analysis of RB-RBAC Discrepancies between IRH and GRH 5. Inconsistency: Figure (b): (r 2 r 3 ) r 3 users have (r 2 permissions r 3 permissions) r1r1 (a) IRH r2r2 (b) GRH r3r3 r1r1 r3r3 r2r2 (c) Consolidated IRH and GRH r1r1 r2r2 r3r3

SACMAT 03© Mohammad Al-Kahtani25 Analysis of RB-RBAC Discrepancies between IRH and GRH 5. Inconsistency: Figure (c): The inconsistency manifests itself in the form of double arrows heading in the same direction between r 2 and r 3. The enterprise business practice must be modified to remove this inconsistency. r1r1 (a) IRH r2r2 (b) GRH r3r3 r1r1 r3r3 r2r2 (c) Consolidated IRH and GRH r1r1 r2r2 r3r3

SACMAT 03© Mohammad Al-Kahtani26 Conclusion Seniority relations among authorization rules induce a role hierarchy (IRH). IRH is a useful tool to check the compliance of current business practices to a given security policy. IRH allows insight into what permissions to give to a specific role which, in turn, assists in drawing lines of responsibility and authority.