Role Based Access Control

Slides:



Advertisements
Similar presentations
RBAC Role-Based Access Control
Advertisements

ROWLBAC – Representing Role Based Access Control in OWL
Institute for Cyber Security ASCAA Principles for Next- Generation Role-Based Access Control Ravi Sandhu Executive Director & Endowed Professor Institute.
INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.
ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University.
Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.
Institute for Cyber Security
ENGINEERING AUTHORITY AND TRUST IN CYBERSPACE: A ROLE-BASED APPROACH Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.
ROLE-BASED ACCESS CONTROL: A MULTI-DIMENSIONAL VIEW Ravi Sandhu, Edward Coyne, Hal Feinstein and Charles Youman Seta Corporation McLean, VA Ravi Sandhu.
A THREE TIER ARCHITECTURE FOR ROLE-BASED ACCESS CONTROL Ravi Sandhu and Hal Feinstein Seta Corporation McLean, VA Ongoing NIST-funded project Other Project.
Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.
Role-Based Access Control CS461/ECE422 Fall 2011.
ROLE BASED ACCESS CONTROL
The RBAC96 Model Prof. Ravi Sandhu. 2 © Ravi Sandhu WHAT IS RBAC?  multidimensional  open ended  ranges from simple to sophisticated.
Access Control RBAC Database Activity Monitoring.
RBAC and Usage Control System Security. Role Based Access Control Enterprises organise employees in different roles RBAC maps roles to access rights After.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Role Based Access Control Venkata Marella. Access Control System Access control is the ability to permit or deny the use of a particular resource by a.
Security Fall 2009McFadyen ACS How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.
Security Fall 2006McFadyen ACS How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.
“A Service-enabled Access Control Model for Distributed Data” Mark Turner, Philip Woodall Pennine Forum - 16 th September 2004.
Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.
Fall 2010/Lecture 301 CS 426 (Fall 2010) Role Based Access Control.
Role Based Access Control Models Presented By Ankit Shah 2 nd Year Master’s Student.
Role-Based Access Control Standard
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.
Li Xiong CS573 Data Privacy and Security Access Control.
1 A Role Based Administration Model For Attribute Xin Jin, Ram Krishnan, Ravi Sandhu SRAS, Sep 19, 2012 World-Leading Research with Real-World Impact!
Role-Based Access Control Richard Newman (c) 2012 R. Newman.
CSCE 201 Introduction to Information Security Fall 2010 Access Control.
1 Grand Challenges in Authorization Systems Prof. Ravi Sandhu Executive Director and Endowed Chair November 14, 2011
11 World-Leading Research with Real-World Impact! Risk-Aware RBAC Sessions Khalid Zaman Bijon, Ram Krishnan and Ravi Sandhu Institute for Cyber Security.
Role Based Access Control Update HL7 Working Group Meeting San Diego, CA - January 2007 Presented by: Suzanne Gonzales-Webb, CPhT VHA Office of Information.
Li Xiong CS573 Data Privacy and Security Access Control.
Advanced CAMP: BoF Summaries. 2 Role-based Access Control (RBAC)
ROLE BASED ACCESS CONTROL 1 Group 4 : Lê Qu ố c Thanh Tr ầ n Vi ệ t Tu ấ n Anh.
CSCE 201 Introduction to Information Security Fall 2010 Access Control Models.
Computer Security: Principles and Practice
Access Control.
1 XACML for RBAC and CADABRA Constrained Delegation and Attribute-Based Role Assignment Brian Garback © Brian Garback 2005.
1 Role-Based Access Control (RBAC) Prof. Ravi Sandhu Executive Director and Endowed Chair January 29, © Ravi.
Presented By: Smriti Bhatt
CSCE 522 Access Control.
Role-Based Access Control (RBAC)
Information Security CS 526
Institute for Cyber Security
Past, Present and Future
Software Security II Karl Lieberherr.
Institute for Cyber Security
Institute for Cyber Security
Access Control Role-based models RBAC
Security Enhanced Administrative Role Based Access Control Models
Role-Based Access Control (RBAC)
Institute for Cyber Security
Attribute-Based Access Control (ABAC)
Role-Based Access Control Richard Newman (c) 2012 R. Newman
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
NIST-ANSI RBAC Model Prof. Ravi Sandhu.
ASCAA Principles for Next-Generation Role-Based Access Control
Engineering Authority and Trust in Cyberspace: George Mason University
Role-Based Access Control George Mason University and
Institute for Cyber Security
Attribute-Based Access Control (ABAC)
Access Control Evolution and Prospects
Cyber Security R&D: A Personal Perspective
NIST Standard for Role-Based Access Control
Access Control Evolution and Prospects
Presentation transcript:

Role Based Access Control CS 426 (Fall 2010) Role Based Access Control Fall 2010/Lecture 30

Background: Role Based Access Control Non-role-based systems Role-Based Access Control Systems (RBAC) Alice Bob Carl Dave Eva Users: DB2 Account WebSphere Account Windows Account Linux Account Permissions: Alice Bob Carl Dave Eva Users: DB Admin Web Admin Software Developer Roles: DB2 Account WebSphere Account Windows Account Linux Account Permissions: Fall 2010/Lecture 30

ROLE-BASED ACCESS CONTROL (RBAC) Motivating Problem: how to administer user-permission relation Different from DAC and MAC, which deal with processes in operating systems Roles as a level of indirection Butler Lampson: "all problems in Computer Science can be solved by another level of indirection" RBAC is multi-faceted and open ended Extensions: ARBAC (administrative), CBRAC (constraint), dRBAC (dynamic), ERBAC (enterprise), fRBAC (flexible), GRBAC (generalized), HRBAC (hierarchical), IRBAC (interoperability), JRBAC (Java), LRBAC (Location), MRBAC (Management), PRBAC (privacy), QRBAC (QoS), RRBAC(Rule), SRBAC(Spatial), TRBAC (temporal), V, W, x. Non extension: OrBAC Fall 2010/Lecture 30

Why Roles? Fewer relationships to manage possibly from O(mn) to O(m+n), where m is the number of users and n is the number of permissions Roles add a useful level of abstraction Organizations operate based on roles A role may be more stable than the collection of users and the collection of permissions that are associated with it Fall 2010/Lecture 30

Groups vs. Roles Depending on the precise definition, can be the same or different. Some differences that may or may not be important, depending on the situation Answer 1: sets of users vs. sets of users as well as permissions Answer 2: roles can be activated and deactivated, groups cannot Groups can be used to prevent access with negative authorization. Roles can be deactivated for least privilege Answer 3: can easily enumerate permissions that a role has, but not for groups Fall 2010/Lecture 30

RBAC96 FAMILY OF MODELS (Sandhu et al.) ROLE HIERARCHIES + CONSTRAINTS RBAC1 ROLE HIERARCHIES RBAC2 CONSTRAINTS RBAC0 BASIC RBAC Fall 2010/Lecture 30

RBAC0 ... ROLES USER-ROLE ASSIGNMENT PERMISSION-ROLE USERS PERMISSIONS SESSIONS This is a somewhat busy slide It shows a bird’s eye view of RBAC There are many details that need to be debated and filled in Some of these will be discussed in the subsequent panel For our purpose the bird’s eye view will suffice Fall 2010/Lecture 30

PERMISSIONS Left abstract in the RBAC96 model Permissions are positive No negative permissions or denials RBAC defines a closed policy, i.e., all accesses are denied unless they are explicitly authorized No duties or obligations Example obligation: can access patient document, but must notify patient, or must delete after 30 days RBAC should be a flexible concept that can accommodate all of these Fall 2010/Lecture 30

RBAC0: Formal Model Static relations: Dynamic relations: Vocabulary: U, R, P, S (users, roles, permissions, and sessions) Static relations: PA  P × R (permission assignment) UA  U × R (user assignment) Dynamic relations: user: S  U each session has one user roles: S  2R and some activated roles requires roles(s)  { r | (user(s), r)  UA } Session s has permissions  r  roles(s) { p | (p, r)  PA } Fall 2010/Lecture 30

RBAC1 ... ROLE HIERARCHIES USER-ROLE ASSIGNMENT PERMISSION-ROLE USERS ROLES PERMISSIONS ... SESSIONS This is a somewhat busy slide It shows a bird’s eye view of RBAC There are many details that need to be debated and filled in Some of these will be discussed in the subsequent panel For our purpose the bird’s eye view will suffice Fall 2010/Lecture 30

HIERARCHICAL ROLES (ex 1) Primary-Care Physician Specialist Physician Physician Health-Care Provider Fall 2010/Lecture 30

HIERARCHICAL ROLES (ex 2) Engineer Hardware Software Supervising Fall 2010/Lecture 30

Semantics of Role Hierarchies User inheritance r1r2 means every user that is a member of r1 is also a member of r2 Permission inheritance r1r2 means every permission that is authorized for r2 is also authorized r1 Activation inheritance r1r2 means that activating r1 will also activate r2 Physician Health-Care Provider Permission and Activation inheritance have different effect when there are constraints about activation. Fall 2010/Lecture 30

RBAC1: Formal Model U, R, R, S, PA, UA, and user unchanged from RBAC0 RH  R × R : a partial order on R, written as  When r1  r2, we say r1 is a senior than r1, and r2 is a junior than r1 roles: S  2R requires roles(s)  { r |  r’ [(r’  r) & (user(s), r’)  UA] } Session s includes permissions  r  roles(s) { p |  r’’ [(r  r’’) & (p, r’’)  PA] } Fall 2010/Lecture 30

RBAC2: RBAC0 + Constraints No formal model specified Example constraints Mutual exclusion Pre-condition: Must satisfy some condition to be member of some role E.g., a user must be an undergrad student before being assigned the UTA role Cardinality Fall 2010/Lecture 30

Mutual Exclusion Constraints Mutually Exclusive Roles Static Exclusion: No user can hold both roles often referred to as Static Separation of Duty constraints Preventing a single user from having too much permissions Dynamic Exclusion: No user can activate both roles in one session Often referred to as Dynamic Separation of Duty constraints Interact with role hierarchy interpretation Fall 2010/Lecture 30

Cardinality Constraints On User-Role Assignment at most k users can belong to the role at least k users must belong to the role exactly k users must belong to the role On activation at most k users can activate a role … Fall 2010/Lecture 30

Why Using Constraints? For laying out higher level organization policy Only a tool for convenience and error checking when admin is centralized Not absolutely necessary if admin is always vigilant, as admin can check all organization policies are met when making any changes to RBAC policies A tool to enforce high-level policies when admin is decentralized Fall 2010/Lecture 30

RBAC3 ... ROLE HIERARCHIES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE USERS ROLES PERMISSIONS ... SESSIONS CONSTRAINTS This is a somewhat busy slide It shows a bird’s eye view of RBAC There are many details that need to be debated and filled in Some of these will be discussed in the subsequent panel For our purpose the bird’s eye view will suffice Fall 2010/Lecture 30

Products Using RBAC Data Base Management Systems (DBMS) Enterprise Security Management IBM Tivoli Identity Manager (central administration and provisioning of accounts, resources, etc) Many operating systems claim to use roles Though only in very limited way Fall 2010/Lecture 30

RBAC Economic Impact Study in 2002 Based on interviews with software developers and companies that integrate RBAC products into their business operations (end users), the Research Triangle Institute (RTI) estimates that by 2006 between 30 and 50 percent of employees in the service sector and between 10 and 25 percent of employees in the non-service sectors will be managed by RBAC systems. RTI also estimates that this degree of market penetration will result in economic benefits to the U.S. economy through 2006 of approximately $671 million in net present value terms. This estimate is conservative because it reflects only the administrative and productivity benefits from RBAC. Fall 2010/Lecture 30

The NIST Standard Proposed NIST Standard for Role-Based Access Control. David F. Ferraiolo, Ravi S. Sandhu, Serban I. Gavrila, D. Richard Kuhn, and Ramaswamy Chandramouli. TISSEC, August 2001. American National Standards Institute Standard, 2004 Has a number of flaws, including with typos, errors in math definitions, and others high-level design choices Fall 2010/Lecture 30

Overview of the NIST Standard for RBAC Static Separation of Duties Dynamic Separation of Duties Hierarchical RBAC Core RBAC Fall 2010/Lecture 30

Research Challenges in RBAC Role engineering Design roles for an access control scenario. Top down approach: start from analyzing business requirement. Bottom up approach: Role Mining: mine existing access control data for roles Effective administration of RBAC systems Especially help ensure updates still lead to useful states Effective usage of constraints Fall 2010/Lecture 30

Readings for This Lecture RBAC96 Family R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman. “Role-Based Access Control Models”. IEEE Computer, 29(2):38--47, February 1996. CS426 Fall 2010/Lecture 19

Coming Attractions … Public Key Cryptography CS426 Fall 2010/Lecture 19