Role-Based Access Control (RBAC)

Slides:



Advertisements
Similar presentations
INSTITUTE FOR CYBER SECURITY 1 The ASCAA * Principles Applied to Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
Advertisements

INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
Access Control Prof. Ravi Sandhu Executive Director and Endowed Chair
Institute for Cyber Security ASCAA Principles for Next- Generation Role-Based Access Control Ravi Sandhu Executive Director & Endowed Professor Institute.
INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.
Role-Based Access Control Prof. Ravi Sandhu George Mason University and NSD Security SACMAT 2003.
Role Activation Hierarchies Ravi Sandhu George Mason University.
ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University.
ROLE HIERARCHIES AND CONSTRAINTS FOR LATTICE-BASED ACCESS CONTROLS
How to do Discretionary Access Control Using Roles Ravi Sandhu Qamar Munawer.
Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.
Future Directions in Role-Based Access Control Models Ravi Sandhu Co-Founder and Chief Scientist SingleSignOn.Net & Professor of Information Technology.
ENGINEERING AUTHORITY AND TRUST IN CYBERSPACE: A ROLE-BASED APPROACH Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.
ISA 662 RBAC-MAC-DAC Prof. Ravi Sandhu. 2 © Ravi Sandhu RBAC96 ROLES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS ROLE.
ROLE-BASED ACCESS CONTROL: A MULTI-DIMENSIONAL VIEW Ravi Sandhu, Edward Coyne, Hal Feinstein and Charles Youman Seta Corporation McLean, VA Ravi Sandhu.
A THREE TIER ARCHITECTURE FOR ROLE-BASED ACCESS CONTROL Ravi Sandhu and Hal Feinstein Seta Corporation McLean, VA Ongoing NIST-funded project Other Project.
© 2005 Ravi Sandhu Role Usage and Activation Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security.
OM-AM and RBAC Ravi Sandhu * Laboratory for Information Security Technology (LIST) George Mason University.
Engineering Authority and Trust in Cyberspace: The OM-AM and RBAC Way Prof. Ravi Sandhu George Mason University
The RBAC96 Model Prof. Ravi Sandhu. 2 © Ravi Sandhu WHAT IS RBAC?  multidimensional  open ended  ranges from simple to sophisticated.
Access Control Chapter 3 Part 3 Pages 209 to 227.
1 Access Control Models Prof. Ravi Sandhu Executive Director and Endowed Chair January 25, 2013 & February 1, 2013
Access Control RBAC Database Activity Monitoring.
Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies (2000) Author: Sylvia Osborn, Ravi Sandhu,Qamar Munawer.
Attribute-Based Access Control Models and Beyond
Role Based Access Control Venkata Marella. Access Control System Access control is the ability to permit or deny the use of a particular resource by a.
Security Fall 2009McFadyen ACS How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.
Security Fall 2006McFadyen ACS How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
Fall 2010/Lecture 301 CS 426 (Fall 2010) Role Based Access Control.
Role Based Access Control Models Presented By Ankit Shah 2 nd Year Master’s Student.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
Li Xiong CS573 Data Privacy and Security Access Control.
1 Grand Challenges in Authorization Systems Prof. Ravi Sandhu Executive Director and Endowed Chair November 14, 2011
Li Xiong CS573 Data Privacy and Security Access Control.
1 © Ravi Sandhu OM-AM and PEI Prof. Ravi Sandhu. 2 © Ravi Sandhu THE OM-AM WAY Objectives Model Architecture Mechanism What? How? AssuranceAssurance.
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
CSCE 201 Introduction to Information Security Fall 2010 Access Control Models.
Computer Security: Principles and Practice
1 Role-Based Access Control (RBAC) Prof. Ravi Sandhu Executive Director and Endowed Chair January 29, © Ravi.
CSCE 522 Access Control.
Access Control Model SAM-5.
Information Security CS 526
Past, Present and Future
Attribute-Based Access Control (ABAC)
Attribute-Based Access Control: Insights and Challenges
Role-Based Access Control (RBAC)
Executive Director and Endowed Chair
On the Value of Access Control Models
Institute for Cyber Security
Mandatory Access Control (MAC)
Institute for Cyber Security
Discretionary Access Control (DAC)
Attribute-Based Access Control (ABAC)
Cyber Security Research: Applied and Basic Combined*
OM-AM and RBAC Ravi Sandhu*
RBAC-LBAC-DAC Prof. Ravi Sandhu.
Attribute-Based Access Control: Insights and Challenges
Role Based Access Control
NIST-ANSI RBAC Model Prof. Ravi Sandhu.
ASCAA Principles for Next-Generation Role-Based Access Control
Engineering Authority and Trust in Cyberspace: George Mason University
Role-Based Access Control George Mason University and
Assured Information Sharing
Institute for Cyber Security
Cyber Security Research: A Personal Perspective
Attribute-Based Access Control (ABAC)
Access Control Evolution and Prospects
Cyber Security R&D: A Personal Perspective
Access Control Evolution and Prospects
Presentation transcript:

Role-Based Access Control (RBAC) CS 5323 Role-Based Access Control (RBAC) Prof. Ravi Sandhu Executive Director and Endowed Chair Lecture 4 ravi.utsa@gmail.com www.profsandhu.com © Ravi Sandhu World-Leading Research with Real-World Impact!

Access Control Fixed policy Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? Flexible policy © Ravi Sandhu World-Leading Research with Real-World Impact! 2

Access Control Fixed policy Ownership gives discretion One-directional information flow Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 Policy neutral Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC), ???? Flexible policy © Ravi Sandhu World-Leading Research with Real-World Impact! 3

The RBAC Story Standard Adopted Proposed Standard RBAC96 paper Ludwig Fuchs, Gunther Pernul and Ravi Sandhu, Roles in Information Security-A Survey and Classification of the Research Area, Computers & Security, Volume 30, Number 8, Nov. 2011, pages 748-76 This is a somewhat busy slide It shows a bird’s eye view of RBAC There are many details that need to be debated and filled in Some of these will be discussed in the subsequent panel For our purpose the bird’s eye view will suffice © Ravi Sandhu World-Leading Research with Real-World Impact! 4

RBAC: Role-Based Access Control Access is determined by roles A user’s roles are assigned by security administrators A role’s permissions are assigned by security administrators First emerged: mid 1970s First models: mid 1990s Is RBAC MAC or DAC or neither? RBAC can be configured to do MAC RBAC can be configured to do DAC RBAC is policy neutral RBAC is neither MAC nor DAC! © Ravi Sandhu World-Leading Research with Real-World Impact! 5

RBAC96 Model World-Leading Research with Real-World Impact! © Ravi Sandhu World-Leading Research with Real-World Impact!

... RBAC96 Model Family ROLE HIERARCHIES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERS ROLES PERMISSIONS ... SESSIONS This is a somewhat busy slide It shows a bird’s eye view of RBAC There are many details that need to be debated and filled in Some of these will be discussed in the subsequent panel For our purpose the bird’s eye view will suffice CONSTRAINTS © Ravi Sandhu World-Leading Research with Real-World Impact! 7

RBAC96 Model Family RBAC3 ROLE HIERARCHIES + CONSTRAINTS RBAC1 ROLE BASIC RBAC This is a somewhat busy slide It shows a bird’s eye view of RBAC There are many details that need to be debated and filled in Some of these will be discussed in the subsequent panel For our purpose the bird’s eye view will suffice © Ravi Sandhu World-Leading Research with Real-World Impact! 8

Founding Principles of RBAC96 Abstraction of Privileges Credit is different from Debit even though both require read and write Separation of Administrative Functions Separation of user-role assignment from role-permission assignment Least Privilege Right-size the roles Don’t activate all roles all the time Limit roles of a user Limit users in a role Separation of Duty Static separation: purchasing manager versus accounts payable manager Dynamic separation: cash-register clerk versus cash-register manager © Ravi Sandhu World-Leading Research with Real-World Impact! 9

These collections will vary over time ROLES AS POLICY A role brings together a collection of users and a collection of permissions These collections will vary over time A role has significance and meaning beyond the particular users and permissions brought together at any moment © Ravi Sandhu World-Leading Research with Real-World Impact! 10

Groups are often defined as A role is ROLES VERSUS GROUPS Groups are often defined as a collection of users A role is a collection of users and a collection of permissions Some authors define role as Most Operating Systems support groups BUT do not support selective activation of groups Selective activation conflicts with negative groups (or roles) © Ravi Sandhu World-Leading Research with Real-World Impact! 11

HIERARCHICAL ROLES Primary-Care Physician Specialist Physician Health-Care Provider © Ravi Sandhu World-Leading Research with Real-World Impact! 12

HIERARCHICAL ROLES Engineer Hardware Software Supervising © Ravi Sandhu World-Leading Research with Real-World Impact! 13

PRIVATE ROLES Engineer Hardware Software Supervising Engineer’ © Ravi Sandhu World-Leading Research with Real-World Impact! 14

Engineering Department (ED) EXAMPLE ROLE HIERARCHY Director (DIR) Project Lead 1 (PL1) Project Lead 2 (PL2) Production 1 (P1) Quality 1 (Q1) Production 2 (P2) Quality 2 (Q2) Engineer 1 (E1) Engineer 2 (E2) Engineering Department (ED) PROJECT 1 PROJECT 2 Employee (E) © Ravi Sandhu World-Leading Research with Real-World Impact! 15

Engineering Department (ED) EXAMPLE ROLE HIERARCHY Project Lead 1 (PL1) Project Lead 2 (PL2) Production 1 (P1) Quality 1 (Q1) Production 2 (P2) Quality 2 (Q2) Engineer 1 (E1) Engineer 2 (E2) Engineering Department (ED) PROJECT 1 PROJECT 2 Employee (E) © Ravi Sandhu World-Leading Research with Real-World Impact! 16

EXAMPLE ROLE HIERARCHY Director (DIR) Project Lead 1 (PL1) Project Lead 2 (PL2) Production 1 (P1) Quality 1 (Q1) Production 2 (P2) Quality 2 (Q2) Engineer 1 (E1) Engineer 2 (E2) PROJECT 1 PROJECT 2 © Ravi Sandhu World-Leading Research with Real-World Impact! 17

EXAMPLE ROLE HIERARCHY Project Lead 1 (PL1) Project Lead 2 (PL2) Production 1 (P1) Quality 1 (Q1) Production 2 (P2) Quality 2 (Q2) Engineer 1 (E1) Engineer 2 (E2) PROJECT 1 PROJECT 2 © Ravi Sandhu World-Leading Research with Real-World Impact! 18

Mutually Exclusive Roles CONSTRAINTS Mutually Exclusive Roles Static Exclusion: The same individual can never hold both roles Dynamic Exclusion: The same individual can never hold both roles in the same context Mutually Exclusive Permissions Static Exclusion: The same role should never be assigned both permissions Dynamic Exclusion: The same role can never hold both permissions in the same context Cardinality Constraints on User-Role Assignment At most k users can belong to the role At least k users must belong to the role Exactly k users must belong to the role Cardinality Constraints on Permissions-Role Assignment At most k roles can get the permission At least k roles must get the permission Exactly k roles must get the permission © Ravi Sandhu World-Leading Research with Real-World Impact! 19

Formalized in RCL2000 paper CONSTRAINTS Formalized in RCL2000 paper Ahn, G. J., & Sandhu, R. (2000). Role-based authorization constraints specification. ACM Transactions on Information and System Security (TISSEC), 3(4), 207-226. © Ravi Sandhu World-Leading Research with Real-World Impact! 20

NIST RBAC Model World-Leading Research with Real-World Impact! © Ravi Sandhu World-Leading Research with Real-World Impact!

NIST MODEL: CORE RBAC World-Leading Research with Real-World Impact! © Ravi Sandhu World-Leading Research with Real-World Impact! 22

NIST MODEL: HIERARCHICAL RBAC © Ravi Sandhu World-Leading Research with Real-World Impact! 23

SSD IN HIERARCHICAL RBAC © Ravi Sandhu World-Leading Research with Real-World Impact! 24

DSD IN HIERARCHICAL RBAC © Ravi Sandhu World-Leading Research with Real-World Impact! 25

NIST MODEL FAMILY World-Leading Research with Real-World Impact! © Ravi Sandhu World-Leading Research with Real-World Impact! 26

Compare RBAC96 Model Family ROLE HIERARCHIES + CONSTRAINTS RBAC1 ROLE HIERARCHIES RBAC2 CONSTRAINTS RBAC0 BASIC RBAC This is a somewhat busy slide It shows a bird’s eye view of RBAC There are many details that need to be debated and filled in Some of these will be discussed in the subsequent panel For our purpose the bird’s eye view will suffice © Ravi Sandhu World-Leading Research with Real-World Impact! 27

RBAC Administration World-Leading Research with Real-World Impact! © Ravi Sandhu World-Leading Research with Real-World Impact!

ARBAC97 Model Separation of regular roles and administrative roles Formalized in ARBAC97 paper Sandhu, R., Bhamidipati, V., & Munawer, Q. (1999). The ARBAC97 model for role-based administration of roles. ACM Transactions on Information and System Security (TISSEC), 2(1), 105-135. This is a somewhat busy slide It shows a bird’s eye view of RBAC There are many details that need to be debated and filled in Some of these will be discussed in the subsequent panel For our purpose the bird’s eye view will suffice © Ravi Sandhu World-Leading Research with Real-World Impact! 29

Engineering Department (ED) EXAMPLE REGULAR ROLE HIERARCHY Director (DIR) Project Lead 1 (PL1) Project Lead 2 (PL2) Production 1 (P1) Quality 1 (Q1) Production 2 (P2) Quality 2 (Q2) Engineer 1 (E1) Engineer 2 (E2) Engineering Department (ED) PROJECT 1 PROJECT 2 Employee (E) © Ravi Sandhu World-Leading Research with Real-World Impact! 30

Senior Security Officer (SSO) Department Security Officer (DSO) EXAMPLE ADMIN ROLE HIERARCHY Senior Security Officer (SSO) Department Security Officer (DSO) Project Security Officer 1 (PSO1) Project Security Officer 2 (PSO2) © Ravi Sandhu World-Leading Research with Real-World Impact! 31

MAC in RBAC World-Leading Research with Real-World Impact! © Ravi Sandhu World-Leading Research with Real-World Impact!

MAC Liberal -Property + - H L M1 M2 - + Read Write This is a somewhat busy slide It shows a bird’s eye view of RBAC There are many details that need to be debated and filled in Some of these will be discussed in the subsequent panel For our purpose the bird’s eye view will suffice © Ravi Sandhu World-Leading Research with Real-World Impact! 33

RBAC96 Liberal -Property + HR LR M1R M2R LW HW M1W M2W - Read Write This is a somewhat busy slide It shows a bird’s eye view of RBAC There are many details that need to be debated and filled in Some of these will be discussed in the subsequent panel For our purpose the bird’s eye view will suffice © Ravi Sandhu World-Leading Research with Real-World Impact! 34

RBAC96 Liberal -Property user  xR, user has clearance x user  LW, independent of clearance Constraints session  xR iff session  xW read can be assigned only to xR roles write can be assigned only to xW roles (O,read) assigned to xR iff (O,write) assigned to xW © Ravi Sandhu World-Leading Research with Real-World Impact! 35

RBAC96 Liberal -Property user  xR, user has clearance x user  LW, independent of clearance Constraints session  xR iff session  xW read can be assigned only to xR roles write can be assigned only to xW roles (O,read) assigned to xR iff (O,write) assigned to xW NIST Model cannot express these constraints © Ravi Sandhu World-Leading Research with Real-World Impact! 36

+ - MAC Strict -Property H L M1 M2 Read This is a somewhat busy slide It shows a bird’s eye view of RBAC There are many details that need to be debated and filled in Some of these will be discussed in the subsequent panel For our purpose the bird’s eye view will suffice © Ravi Sandhu World-Leading Research with Real-World Impact! 37

RBAC96 Strict -Property + HR LR M1R M2R M1W LW HW M2W - Read Write This is a somewhat busy slide It shows a bird’s eye view of RBAC There are many details that need to be debated and filled in Some of these will be discussed in the subsequent panel For our purpose the bird’s eye view will suffice © Ravi Sandhu World-Leading Research with Real-World Impact! 38

RBAC96 Strict -Property user  xR, user has clearance x user  {LW,HW,M1W,M2W}, independent of clearance Constraints session  xR iff session  xW read can be assigned only to xR roles write can be assigned only to xW roles (O,read) assigned to xR iff (O,write) assigned to xW © Ravi Sandhu World-Leading Research with Real-World Impact! 39

DAC in RBAC World-Leading Research with Real-World Impact! © Ravi Sandhu World-Leading Research with Real-World Impact!

Variations of Grant Strict DAC Liberal DAC Only owner has discretionary authority to grant access to an object. Example: Alice has created an object (she is owner) and grants access to Bob. Now Bob cannot grant propagate the access to another user. Liberal DAC Owner can delegate discretionary authority for granting access to other users. One Level grant Two Level Grant Multilevel Grant © Ravi Sandhu World-Leading Research with Real-World Impact! 41

One-Level versus Two-Level-Grant Owner can delegate authority to another user but they cannot further delegate this power. In addition to a one level grant the owner can allow some users to delegate grant authority to other users. Alice Bob Charles Alice Bob Charles Dorothy © Ravi Sandhu World-Leading Research with Real-World Impact! 42

Variations of Revoke Grant-Independent Revocation Any authorized revoker can revoke Easier to do in RBAC Grant-Dependent Revocation Only original grantor can revoke Need additional roles to accomplish in RBAC © Ravi Sandhu World-Leading Research with Real-World Impact! 43

Common Aspects Creation of an object O in the system requires the simultaneous creation of 3 administrative roles OWN_O, PARENT_O, PARENTwithGRANT_O 1 regular role READ_O Also simultaneous creation of 8 Permissions canRead_O destroyObject_O addReadUser_O, deleteReadUser_O addParent_O, deleteParent_O addParentWithGrant_O, deleteParentWithGrant_O Destroying an object O requires deletion of 4 roles and 8 permissions in addition of destroying the object O © Ravi Sandhu World-Leading Research with Real-World Impact! 44

Administrative role hierarchy Common Aspects Administrative role hierarchy OWN_O PARENTwithGRANT_O PARENT_O Administration of roles associated with object O OWN_O PARENTwithGRANT_O PARENT_O READ_O destroyObject_O addParentWithGrant_O deleteParentWithgrant_O addParent_O deleteParent_O addReadUser_O deleteReadUser_O canRead_O Role permissions © Ravi Sandhu World-Leading Research with Real-World Impact! 45

Grant Variations in RBAC96 Strict DAC cardinality constraints Role OWN_O = 1 Role PARENTwithGRANT_O = 0 Role PARENT_O = 0 One-level grant cardinality constraints Two-level grant cardinality constraints © Ravi Sandhu World-Leading Research with Real-World Impact! 46

Grant Variations in RBAC96 Strict DAC cardinality constraints Role OWN_O = 1 Role PARENTwithGRANT_O = 0 Role PARENT_O = 0 One-level grant cardinality constraints Two-level grant cardinality constraints NIST Model cannot express these constraints © Ravi Sandhu World-Leading Research with Real-World Impact! 47

Grant-Dependent Revoke in RBAC96 U1_PARENT_O U1_READ_O U2_PARENT_O Un_PARENT_O U2_READ_O Un_READ_O READ_O role associated with members of PARENT_O © Ravi Sandhu World-Leading Research with Real-World Impact! 48

OM-AM and PEI World-Leading Research with Real-World Impact! © Ravi Sandhu World-Leading Research with Real-World Impact!

OM-AM A What? s u r a n c e How? Objectives Model Architecture Mechanism How? © Ravi Sandhu World-Leading Research with Real-World Impact! 50

PEI Models Idealized Enforceable (Approximate) Codeable © Ravi Sandhu World-Leading Research with Real-World Impact! 51

RBAC: SERVER PULL E model Client Server User-role Authorization Server This is a somewhat busy slide It shows a bird’s eye view of RBAC There are many details that need to be debated and filled in Some of these will be discussed in the subsequent panel For our purpose the bird’s eye view will suffice © Ravi Sandhu World-Leading Research with Real-World Impact! 52

RBAC: CLIENT PULL E model Client Server User-role Authorization Server This is a somewhat busy slide It shows a bird’s eye view of RBAC There are many details that need to be debated and filled in Some of these will be discussed in the subsequent panel For our purpose the bird’s eye view will suffice © Ravi Sandhu World-Leading Research with Real-World Impact! 53

RBAC: PROXY-BASED E model Client Proxy Server Server User-role Authorization Server This is a somewhat busy slide It shows a bird’s eye view of RBAC There are many details that need to be debated and filled in Some of these will be discussed in the subsequent panel For our purpose the bird’s eye view will suffice © Ravi Sandhu World-Leading Research with Real-World Impact! 54

MAC or LBAC or BLP (or Biba) BLP enforces one-directional information flow in a lattice of security labels BLP can enforce one-directional information flow policies for Confidentiality Integrity Separation of duty Combinations thereof Policy Objective © Ravi Sandhu World-Leading Research with Real-World Impact! 55

MAC Confidentiality Integrity Separation One-Direction Information Flow © Ravi Sandhu World-Leading Research with Real-World Impact! 56

Access Control Relations DAC Owner Discretion Access Matrix Capabilities, Access Control Lists Access Control Relations © Ravi Sandhu World-Leading Research with Real-World Impact! 57

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.