NIST Standard for Role-Based Access Control Present by Wenyi Ni
The root of RBAC The use of groups in UNIX and other operating systems Privilege grouping in DBMS Separation of duty concepts RBAC embodies these notions in a single access control model.
RBAC includes: Roles and role hierarchies Role activation Constraints on user/role membership and role set activation
RBAC is organized into two part RBAC reference model RBAC Functional Specification
RBAC reference model Define a common vocabulary of terms for in consistently specifying requirements and to set the scope of the RBAC features included in the standard
RBAC Functional Specification Define requirements over administrative operations for the creation and maintenance of RBAC element sets and relations
NIST RBAC model is defined in terms of four model components Core RBAC Hierarchical RBAC Static separation of duty relations Dynamic Separation of duty relations
Core RBAC Define a minimum collection of RBAC elements, element sets, relations in order to completely achieved a role-based access control system It includes: 1.user-role assignment 2.permission-role assignment
Definitions in core RBAC User: defined as a human being. It can be extended to include machine, network,intelligent autonomous agent Role: a job function within the context of an organization with some associated semantics regarding the authority and responsibility
Definition (continued) Permission: an approval to perform an operation on one or more RBAC protected objects Operation: an executable image of a program Session: a mapping between a user and an activated subset of roles that are assigned to the user
Core RBAC model element sets and relations
Hierarchal RBAC It adds relations for supporting role hierarchies Senior roles acquire the permissions of their juniors A role’s set of authorized users and authorized permission Role hierarchy can be 1)tree 2)inverted tree 3)lattice
Role hierarchy Tree
Role hierarchy inverted tree
Role hierarchy lattice
Example: accounting roles
Separation of duty relations It is used to enforce conflict of interest policies that organizations may employ to prevent users from exceeding a reasonable level of authority for their position
Static Separation of Duty Relations Enforce constraints on the assignment of users to roles Place restrictions on sets of roles. If a user is assigned to one role, the user is prohibited from being a member of a second role.
Because of the conflict of role ‘billing’ and ‘Cashier’ , Frank is prohibited to be assigned both of them
Dynamic Separation of Duty Relations Place constraints on the roles that can be activated within or across a users sessions. It supports each user has different levels of permission at different time. It is often referred as timely revocation of trust
Categories of functions in RBAC Used to meet the requirements for each of the components 1.Administrative Functions 2.Supporting System Functions 3.Review Functions
Administrative Functions in core RBAC Create and maintain element sets(users,roles,OPS,OBS) 1.AddUser, DeleteUser 2.AddRole, DeleteRole 3.AssignUser, DeassignUser 4.GrantPermission, revokePermission
Supporting System Function in Core RBAC Session management and make access control decisions 1.CreateSession 2.AddActiveRole, DropActiveRole 3.CheckAccess
Review Function in Core RBAC View the contents of user-to-role and permission-to-role assignment. 1.AssignedRoles 2.RolePermissions 3.UserPermissions 4.SessionPermisssions 5.RoleOperationsOnObjects 6.UserOperationsOnObjects
Administrative Function in Hierarchical RBAC Create and maintain the partial order relation among roles 1.AddInheritance, DeleteInheritance 2.AddAscendant, AddDescendant
Supporting System Functions in Hierarchical RBAC Same function as for Core RBAC, some function need to be redefined because of the role hierarchy. Such as: createSession, addActiveRole.
Review Functions in Hierarchical RBAC All review functions specified for Core RBAC is valid here Add the review functions to inherited roles. 1.AuthorizedUsers 2.AuthorizedRoles
Functions in SSD Administrative: 1CreatSSDSet,DeleteSSDSet 2AddSSDRoleMember, DeleteSSDRolemember 3.SetSSDRoleMember 4.SetSSDCardinality Supporting System: same as those for core RBAC Review: 1.SSDRoleSets 2.SSDRoleSetRoles 3.SSDRoleSetCardinality
Functions in DSD Administrative 1.CreateDSDSet, DeleteDSDSet 2.AddDSDRoleMember,DeleteDSDRoleMember 3.SetDSDCardinality Suport System: 1.CreateSession 2.AddActiveRole 3.DropActiveRole Review: 1.DSDRoleSets 2.DSDRoleSetRoles 3.DSDRoleSetCardinality
Conclusion RBAC is used to simplify security policy administration RBAC is an open-ended technology,which ranges from very simple to fairly sophisticated. RBAC continues to be an evolving technology.
End Reference: http://csrc.nist.gov/rbac/rbacSTD-ACM.pdf