Presentation is loading. Please wait.

Presentation is loading. Please wait.

TRBAC: A Temporal Role-Based Access Control Model Elisa Bertino CERIAS and CS Department Purdue University.

Published byKarin James Modified over 8 years ago

Similar presentations

Presentation on theme: "TRBAC: A Temporal Role-Based Access Control Model Elisa Bertino CERIAS and CS Department Purdue University."— Presentation transcript:

1

2 TRBAC: A Temporal Role-Based Access Control Model Elisa Bertino CERIAS and CS Department Purdue University

3 Elisa Bertino Purdue University What is TRBAC? RBAC Model [Sandhu 98] Temporal constraints on role activations/deactivations

4 Elisa Bertino Purdue University What is TRBAC? u An active role is a role that a user can activate during a session (that is,the user can acquire the role’s) u A role can be active in certain time periods and non active in other: íRole activation: non active active íRole deactivation: active non active

5 Elisa Bertino Purdue University Why TRBAC? u Often roles are characterized by a temporal dimension : íJob functions may have limited or periodic time duration íThere may be activation dependencies among roles

6 Elisa Bertino Purdue University TRBAC: Main Features u Periodic activations/deactivations of roles u Temporal dependencies among role activations/deactivations ROLE TRIGGERS

7 Elisa Bertino Purdue University TRBAC: Main Features u Role triggers may cause either: íImmediate activations/deactivations, or íDeferred activations/deactivations u Run-time requests to dynamically change the status of a role

8 Elisa Bertino Purdue University TRBAC: Main Features u Priorities for: íPeriodic activations/deactivations íRole triggers íRunt-time requests u Priorities are used for conflict resolution

9 Elisa Bertino Purdue University TRBAC: Periodic Events Definition: (Periodic Event) A periodic event is a tuple (I,P,p:E) where I is a time interval, P is a periodic expression, p:E is a prioritized event expression, E  {activate R, deactivate R}, R  Roles ([7/1/00,12/31/00], night-time, VH: activate, doctor-on-night-duty) ([7/1/00,12/31/00], day-time, VH: deactivate, doctor-on-night-duty)

10 Elisa Bertino Purdue University TRBAC: Role Triggers Definition: (Role Trigger) Role triggers are of the form: E1,…En,C1,…Ck p:E after  t where Ei’s are event expressions, Ei  {activate R, deactivate R}, Cj’s are role status expressions, Cj  {active R, not active R}, R  Roles, p:E is a prioritized event expression and  t is a temporal displacement

11 Elisa Bertino Purdue University Role Triggers: Example activate doctor-on-night-duty VH: activate nurse-on-nigth-duty activate nurse-on-day-duty H: activate nurse-on-training after 2 Hours

12 Elisa Bertino Purdue University Role Activation Base ([1/1/00,12/31/00], night-time, VH:activate doctor-on-night-duty) ([1/1/00,12/31/00], day-time, VH:deactivate doctor-on-night-duty) ([1/1/00,12/31/00], day-time, VH:activate doctor-on-day-duty) ([1/1/00,12/31/00], night-time, VH:deactivate doctor-on-day-duty) activate doctor-on-night-duty H: activate nurse-on-nigth-duty deactivate doctor-on-night-duty H: deactivate nurse-on-nigth-duty activate doctor-on-day-duty H: activate nurse-on-day-duty deactivate doctor-on-day-duty H: deactivate nurse-on-day-duty activate nurse-on-day-duty H: activate nurse-on-training after 2 Hours deactivate nurse-on-day-duty VH: deactivate nurse-on-training RAB = Periodic Events + Role Triggers

13 Elisa Bertino Purdue University TRBAC: Runtime Request Expressions Definition: (Runtime Request Expression) A runtime request expression has the form: p:E after  t where p:E is a prioritized event expression and  t is a temporal displacement deactivate nurse-on-training after 2 Hours activate emergency-doctor

14 Elisa Bertino Purdue University TRBAC: Formal Aspects u The Execution Model of a RAB specifies, for each istant t, the set of events that should occur at time t according to: íperiodic events & triggers in the RAB íruntime request expressions ípriorities

15 Elisa Bertino Purdue University TRBAC: Formal Aspects u Some specifications may yield no execution model, while some ambiguos specifications may admit two or more models activate R deactivate S activate S deactivate R Requests: activate R, activate S

16 Elisa Bertino Purdue University TRBAC: Formal Aspects u Safeness condition that guarantees that a given RAB has exactly one model u It exploits the notion of dependency graph íNo cycles involving conflicting events u Safeness check is polynomial in the RAB dimension

17 Elisa Bertino Purdue University TRBAC: Architectural Aspects u At each time it is necessary to know which are the active roles, on the basis of the RAB and runtime requests u A request by a user to activate a role is authorized if: íThe user has the authorization to play that role íThe role is active at the time of the request

18 Elisa Bertino Purdue University Trigger support Action Handler DA Handler RTR Handler PE Handler Deferred Actions Triggers Safeness Checker runtime requests triggers Actions Active Roles Events Periodic events It is in charge of firing triggers according to their priorities. If the action(s) caused by the trigger(s) are instantaneous, it returns them to the Action Handler. If the actions have to be deferred, it inserts them into Deferred_Actions A Possible Architecture A global event base which records The activations/deactivations of roles A table which contains the actions to be potentially executed on Active_Roles A table which contains the specified triggers It is in charge of managing periodic events and inserting/deleting the corresponding actions into/from table Deferred_Actions A table which contains an entry for each deferred action It is activated each time a trigger is inserted/modified to verify whether safeness is preserved It is activated each time a runtime request is issued. If the request is for an immediate action, it returns the action to the Action_Handler, if it is for a deferred action, it inserts the action into Deferred_Actions A table which contains the roles that can be activated It is in charge of executing deferred actions on the basis of the content of table Deferred_Actions It is in charge of updating table Active_Roles according to the requests of the other modules. It uses table Actions to solve potential conflicts

19 Elisa Bertino Purdue University Generalized TRBAC (GTRBAC) u Motivations: íTRBAC does not distinguish between a role being enabled and a role being active íA role is enabled if the temporal conditions associated with it are satisfied íA role is active if a user has logged in the role íOnly enabled roles can be activated íBecause of such limitations, TRBAC cannot support some forms of constraints, such as the maximum number of activations of a role by a user in a given time interval

20 Elisa Bertino Purdue University GTRBAC u GTRBAC extends TRBAC by introducing temporal conditions on: íUser-role assignments íRole-permission assignments u A large number of constraints can thus be supported

21 Elisa Bertino Purdue University GTRBAC – Examples of Constraints u Constraints on the number of concurrent activations í“there can be at most 10 users activating the role DayDoctor at a time” u Constraints on the number of total activations in a given period í“the role HeadNurse can be activated at most 2 times per day”

22 Elisa Bertino Purdue University X-GTRBAC - Motivations u Role Based Access Control Model íMany benefits over traditional access control models when applied to emerging applications u XML is a uniform platform for information interchange Our Goal XML + RBAC extension To provide access control framework for Web- Services environments

23 Elisa Bertino Purdue University X-GTRBAC - why XML? XML - main benefits: u Uniform, vendor-neutral representation of enterprise data u Mechanism for interchange of information across heterogeneous systems u Extensible syntax and semantics u Widespread support from main platforms and tool vendors

24 Elisa Bertino Purdue University X-RBAC Language XML User Sheet (XUS) u Users u Modeling RBAC Elements XML Role Sheet (XRS) u Roles XML Permission Sheet (XPS) u Permissions - credential typesXML CredType Definition - separation of dutyXML SoD Definition - temporal constraintsXML TempConst Definition - triggersXML Trigger Definition

25 Elisa Bertino Purdue University X-RBAC Language u Policy Administration XML User-to-Role Assignment Sheet (XURAS) u User-to-Role Assignment XUSXRS XURAS

26 Elisa Bertino Purdue University X-RBAC Language u Policy Administration XML Permission-to-Role Assignment Sheet (XPRAS) u Permission-to-Role Assignment XPSXRS XPRAS

27 Elisa Bertino Purdue University XUS Grammar ::= { }+ ::= (name) ::= (name) { }+ (number) ::= { (attribute value) }+

28 Elisa Bertino Purdue University An XML instance of XUS John Nurse 30 opthalmology 5 single 2 … ….

29 Elisa Bertino Purdue University XRS Grammar ::= { }+ ::= <Role role_id = (id) (role name) > [ ] { (id) }* { (name) }* [ (number) ]..

30 Elisa Bertino Purdue University An XML instance of XRS Nurse Eye_Doctor 8 Eye_Doctor DSD1 Nurse Eye_Surgeon 6

31 Elisa Bertino Purdue University XPS Grammar ::= { }+ ::= <Permission perm_id = id [ prop= (prop op)] > (access op)

32 Elisa Bertino Purdue University An XML instance of XPS all all navigate

33 Elisa Bertino Purdue University Example of XURAS Eye_Doctor Doctor eq field Eye lt age 60 gt level 7

34 Elisa Bertino Purdue University Example of XPRAS Nurse P3 Eye_Doctor P1 P2

35 Elisa Bertino Purdue University X-RBAC System Architecture RBAC Module UR,PR DataSet {TRIG DataSet} Sessions DataSet DOM XML Parser XML Sessions Log RBAC Processor X-RBAC Module Policy Loader Policy Validation Module XML Processor XML/SOAP Authorization Data Item Functional Module Legend: XML/SOAP Access Request Document Composition Module XML Policy Base

36 Elisa Bertino Purdue University On-going Work u Extension of the constraint language íConstraints on the set of roles a user can activate u Obbligations & Duties u Development of graphical tools for TRBAC administration u Testing on an Healthcare information system

Download ppt "TRBAC: A Temporal Role-Based Access Control Model Elisa Bertino CERIAS and CS Department Purdue University."

Similar presentations

1 Formal Model and Analysis of Usage Control Dissertation defense Student: Xinwen Zhang Director: Ravi S. Sandhu Co-director: Francesco Parisi-Presicce.

1 Formal Model and Analysis of Usage Control Dissertation defense Student: Xinwen Zhang Director: Ravi S. Sandhu Co-director: Francesco Parisi-Presicce.
ROWLBAC – Representing Role Based Access Control in OWL

ROWLBAC – Representing Role Based Access Control in OWL
Towards A Times-based Usage Control Model Baoxian Zhao 1, Ravi Sandhu 2, Xinwen Zhang 3, and Xiaolin Qin 4 1 George Mason University, Fairfax, VA, USA.

Towards A Times-based Usage Control Model Baoxian Zhao 1, Ravi Sandhu 2, Xinwen Zhang 3, and Xiaolin Qin 4 1 George Mason University, Fairfax, VA, USA.
CSCI N241: Fundamentals of Web Design Copyright ©2004 Department of Computer & Information Science Introducing XHTML: Module B: HTML to XHTML.

CSCI N241: Fundamentals of Web Design Copyright ©2004 Department of Computer & Information Science Introducing XHTML: Module B: HTML to XHTML.
Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.

Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.
Ümit Yalçınalp David Burdett Gunther Stuhec NetWeaver Platform EcoSystem Group, SAP Labs XML Schema User Experience Report.

Ümit Yalçınalp David Burdett Gunther Stuhec NetWeaver Platform EcoSystem Group, SAP Labs XML Schema User Experience Report.
Access Control A Meta-Model 1Dennis Kafura – CS5204 – Operating Systems.

Access Control A Meta-Model 1Dennis Kafura – CS5204 – Operating Systems.
RBAC and Usage Control System Security. Role Based Access Control Enterprises organise employees in different roles RBAC maps roles to access rights After.

RBAC and Usage Control System Security. Role Based Access Control Enterprises organise employees in different roles RBAC maps roles to access rights After.
On Comparing the Expressing Power of Access Control Model Frameworks Workshop on Logical Foundations of an Adaptive Security Infrastructure (WOLFASI) A.

On Comparing the Expressing Power of Access Control Model Frameworks Workshop on Logical Foundations of an Adaptive Security Infrastructure (WOLFASI) A.
Transaction Management and Concurrency Control

Transaction Management and Concurrency Control
Database Systems: Design, Implementation, and Management Eighth Edition Chapter 10 Transaction Management and Concurrency Control.

Database Systems: Design, Implementation, and Management Eighth Edition Chapter 10 Transaction Management and Concurrency Control.
1 Temporal Location-Aware Access Control Model Based on Composite Events Presented by Yu, Lijun

1 Temporal Location-Aware Access Control Model Based on Composite Events Presented by Yu, Lijun
SiS Technical Training Development Track Technical Training(s) Day 1 – Day 2.

SiS Technical Training Development Track Technical Training(s) Day 1 – Day 2.
Controlling Collaborative Systems -Srinivas Krishnan Dept of Computer Science UNC-Chapel Hill.

Controlling Collaborative Systems -Srinivas Krishnan Dept of Computer Science UNC-Chapel Hill.
Transaction Management and Concurrency Control

Transaction Management and Concurrency Control
Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.

Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.
Lecture 7 Access Control

Lecture 7 Access Control
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
Working with SQL and PL/SQL/ Session 1 / 1 of 27 SQL Server Architecture.

Working with SQL and PL/SQL/ Session 1 / 1 of 27 SQL Server Architecture.
Presented By: Matthew Garrison. Basics of Role Based Access Control  Roles are determined based on job functions within a given organization  Users.

Presented By: Matthew Garrison. Basics of Role Based Access Control  Roles are determined based on job functions within a given organization  Users.

Similar presentations

Ads by Google