Role-Based Access Control Prof. Ravi Sandhu George Mason University and NSD Security SACMAT 2003.

Slides:



Advertisements
Similar presentations
1 A B C
Advertisements

Variations of the Turing Machine
AP STUDY SESSION 2.
1
Cyber-Identity, Authority and Trust in an Uncertain World
Role Based Access Control
Cyber-Identity, Authority and Trust in an Uncertain World
© 2004 Ravi Sandhu Role-Based Access Control Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.
INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.
1 SACMAT 2002 © Oh and Sandhu 2002 A Model for Role Administration Using Organization Structure Sejong Oh Ravi Sandhu * George Mason University.
ARBAC99 (Model for Administration of Roles)
Ravi Sandhu Venkata Bhamidipati
ARBAC 97 (ADMINISTRATIVE RBAC)
Role Activation Hierarchies Ravi Sandhu George Mason University.
Logical Model and Specification of Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University.
ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University.
ROLE HIERARCHIES AND CONSTRAINTS FOR LATTICE-BASED ACCESS CONTROLS
SECURING CYBERSPACE: THE OM-AM, RBAC AND PKI ROADMAP Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University
Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.
Future Directions in Role-Based Access Control Models Ravi Sandhu Co-Founder and Chief Scientist SingleSignOn.Net & Professor of Information Technology.
ENGINEERING AUTHORITY AND TRUST IN CYBERSPACE: A ROLE-BASED APPROACH Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.
ISA 662 RBAC-MAC-DAC Prof. Ravi Sandhu. 2 © Ravi Sandhu RBAC96 ROLES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS ROLE.
An ORACLE Implementation of the PRA97 Model for Permission-Role Assignment Ravi Sandhu Venkata Bhamidipati George Mason University.
ROLE-BASED ACCESS CONTROL: A MULTI-DIMENSIONAL VIEW Ravi Sandhu, Edward Coyne, Hal Feinstein and Charles Youman Seta Corporation McLean, VA Ravi Sandhu.
A THREE TIER ARCHITECTURE FOR ROLE-BASED ACCESS CONTROL Ravi Sandhu and Hal Feinstein Seta Corporation McLean, VA Ongoing NIST-funded project Other Project.
INFS 767 Fall 2003 Administrative RBAC
OM-AM and RBAC Ravi Sandhu * Laboratory for Information Security Technology (LIST) George Mason University.
Engineering Authority and Trust in Cyberspace: The OM-AM and RBAC Way Prof. Ravi Sandhu George Mason University
© 2005 Ravi Sandhu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology.
Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
STATISTICS INTERVAL ESTIMATION Professor Ke-Sheng Cheng Department of Bioenvironmental Systems Engineering National Taiwan University.
David Burdett May 11, 2004 Package Binding for WS CDL.
Create an Application Title 1Y - Youth Chapter 5.
CALENDAR.
The 5S numbers game..
Media-Monitoring Final Report April - May 2010 News.
Break Time Remaining 10:00.
Factoring Quadratics — ax² + bx + c Topic
PP Test Review Sections 6-1 to 6-6
1 2 Teeth and Function 3 Tooth structure 4 Dental Problems.
Copyright © 2012, Elsevier Inc. All rights Reserved. 1 Chapter 7 Modeling Structure with Blocks.
Biology 2 Plant Kingdom Identification Test Review.
Chapter 1: Expressions, Equations, & Inequalities
Adding Up In Chunks.
FAFSA on the Web Preview Presentation December 2013.
MaK_Full ahead loaded 1 Alarm Page Directory (F11)
Artificial Intelligence
Before Between After.
Subtraction: Adding UP
: 3 00.
5 minutes.
1 hi at no doifpi me be go we of at be do go hi if me no of pi we Inorder Traversal Inorder traversal. n Visit the left subtree. n Visit the node. n Visit.
Static Equilibrium; Elasticity and Fracture
Converting a Fraction to %
Clock will move after 1 minute
famous photographer Ara Guler famous photographer ARA GULER.
Physics for Scientists & Engineers, 3rd Edition
Select a time to count down from the clock above
Copyright Tim Morris/St Stephen's School
1.step PMIT start + initial project data input Concept Concept.
1 Dr. Scott Schaefer Least Squares Curves, Rational Representations, Splines and Continuity.
1 Non Deterministic Automata. 2 Alphabet = Nondeterministic Finite Accepter (NFA)
The RBAC96 Model Prof. Ravi Sandhu. 2 © Ravi Sandhu WHAT IS RBAC?  multidimensional  open ended  ranges from simple to sophisticated.
1 Role-Based Access Control (RBAC) Prof. Ravi Sandhu Executive Director and Endowed Chair January 29, © Ravi.
Role-Based Access Control (RBAC)
Role-Based Access Control (RBAC)
Role-Based Access Control George Mason University and
Presentation transcript:

Role-Based Access Control Prof. Ravi Sandhu George Mason University and NSD Security SACMAT 2003

2 © Ravi Sandhu 2003 ACCESS CONTROL MODELS DAC: Discretionary Access Control, 1971 Source: Academia and research laboratories Predominant in commercial systems in pre-RBAC era, in many flavors Continues to influence modern RBAC systems MAC: Mandatory Access Control, 1971 Source: Military and national security Not widely used even by military DTE: Domain and Type Enforcement, 1985 Source: By product of MAC Still around in niche situations, mostly US military funded CPM: Controlled Propagation Models, 1976 Source: Academic theoreticians (including myself) No real implementations CW: Clark-Wilson, 1987 Source: Commercial sector No real implementations RBAC: Role-based Access Control, 1992 Source: Commercial sector Becoming dominant Needs additional work to keep it viable

3 © Ravi Sandhu 2003 ACCESS CONTROL MODELS RBAC Role-based Policy neutral DAC Identity based owner controlled MAC Lattice based label controlled

4 © Ravi Sandhu 2003 THE OM-AM WAY Objectives Model Architecture Mechanism What? How? AssuranceAssurance

5 © Ravi Sandhu 2003 OM-AM AND ROLE-BASED ACCESS CONTROL (RBAC) What? How? Policy neutral RBAC96 user-pull, server-pull, etc. certificates, tickets, PACs, etc. AssuranceAssurance

The RBAC96 Model

7 © Ravi Sandhu 2003 ROLE-BASED ACCESS CONTROL (RBAC) A users permissions are determined by the users roles rather than identity or clearance roles can encode arbitrary attributes multi-faceted ranges from very simple to very sophisticated

8 © Ravi Sandhu 2003 WHAT IS THE POLICY IN RBAC? RBAC is a framework to help in articulating policy The main point of RBAC is to facilitate security management

9 © Ravi Sandhu 2003 RBAC SECURITY PRINCIPLES least privilege separation of duties separation of administration and access abstract operations

10 © Ravi Sandhu 2003 RBAC96 IEEE Computer Feb Policy neutral can be configured to do MAC roles simulate clearances (ESORICS 96) can be configured to do DAC roles simulate identity (RBAC98)

11 © Ravi Sandhu 2003 WHAT IS RBAC? multidimensional open ended ranges from simple to sophisticated

12 © Ravi Sandhu 2003 RBAC CONUNDRUM turn on all roles all the time turn on one role only at a time turn on a user-specified subset of roles

13 © Ravi Sandhu 2003 RBAC96 FAMILY OF MODELS RBAC0 BASIC RBAC RBAC3 ROLE HIERARCHIES + CONSTRAINTS RBAC1 ROLE HIERARCHIES RBAC2 CONSTRAINTS

14 © Ravi Sandhu 2003 RBAC0 ROLES USER-ROLE ASSIGNMENT PERMISSION-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS

15 © Ravi Sandhu 2003 PERMISSIONS Primitive permissions read, write, append, execute Abstract permissions credit, debit, inquiry

16 © Ravi Sandhu 2003 PERMISSIONS System permissions Auditor Object permissions read, write, append, execute, credit, debit, inquiry

17 © Ravi Sandhu 2003 PERMISSIONS Permissions are positive No negative permissions or denials negative permissions and denials can be handled by constraints No duties or obligations outside scope of access control

18 © Ravi Sandhu 2003 ROLES AS POLICY A role brings together a collection of users and a collection of permissions These collections will vary over time A role has significance and meaning beyond the particular users and permissions brought together at any moment

19 © Ravi Sandhu 2003 ROLES VERSUS GROUPS Groups are often defined as a collection of users A role is a collection of users and a collection of permissions Some authors define role as a collection of permissions

20 © Ravi Sandhu 2003 USERS Users are human beings or other active agents Each individual should be known as exactly one user

21 © Ravi Sandhu 2003 USER-ROLE ASSIGNMENT A user can be a member of many roles Each role can have many users as members

22 © Ravi Sandhu 2003 SESSIONS A user can invoke multiple sessions In each session a user can invoke any subset of roles that the user is a member of

23 © Ravi Sandhu 2003 PERMISSION-ROLE ASSIGNMENT A permission can be assigned to many roles Each role can have many permissions

24 © Ravi Sandhu 2003 MANAGEMENT OF RBAC Option 1: USER-ROLE-ASSIGNMENT and PERMISSION-ROLE ASSIGNMENT can be changed only by the chief security officer Option 2: Use RBAC to manage RBAC

25 © Ravi Sandhu 2003 RBAC1 ROLES USER-ROLE ASSIGNMENT PERMISSION-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS ROLE HIERARCHIES

26 © Ravi Sandhu 2003 HIERARCHICAL ROLES Health-Care Provider Physician Primary-Care Physician Specialist Physician

27 © Ravi Sandhu 2003 HIERARCHICAL ROLES Engineer Hardware Engineer Software Engineer Supervising Engineer

28 © Ravi Sandhu 2003 PRIVATE ROLES Engineer Hardware Engineer Software Engineer Supervising Engineer Hardware Engineer Software Engineer

29 © Ravi Sandhu 2003 EXAMPLE ROLE HIERARCHY Employee (E) Engineering Department (ED) Project Lead 1 (PL1) Engineer 1 (E1) Production 1 (P1) Quality 1 (Q1) Director (DIR) Project Lead 2 (PL2) Engineer 2 (E2) Production 2 (P2) Quality 2 (Q2) PROJECT 2PROJECT 1

30 © Ravi Sandhu 2003 EXAMPLE ROLE HIERARCHY Employee (E) Engineering Department (ED) Project Lead 1 (PL1) Engineer 1 (E1) Production 1 (P1) Quality 1 (Q1) Project Lead 2 (PL2) Engineer 2 (E2) Production 2 (P2) Quality 2 (Q2) PROJECT 2PROJECT 1

31 © Ravi Sandhu 2003 EXAMPLE ROLE HIERARCHY Project Lead 1 (PL1) Engineer 1 (E1) Production 1 (P1) Quality 1 (Q1) Director (DIR) Project Lead 2 (PL2) Engineer 2 (E2) Production 2 (P2) Quality 2 (Q2) PROJECT 2PROJECT 1

32 © Ravi Sandhu 2003 EXAMPLE ROLE HIERARCHY Project Lead 1 (PL1) Engineer 1 (E1) Production 1 (P1) Quality 1 (Q1) Project Lead 2 (PL2) Engineer 2 (E2) Production 2 (P2) Quality 2 (Q2) PROJECT 2PROJECT 1

33 © Ravi Sandhu 2003 RBAC3 ROLES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS ROLE HIERARCHIES CONSTRAINTS

34 © Ravi Sandhu 2003 CONSTRAINTS Mutually Exclusive Roles Static Exclusion: The same individual can never hold both roles Dynamic Exclusion: The same individual can never hold both roles in the same context

35 © Ravi Sandhu 2003 CONSTRAINTS Mutually Exclusive Permissions Static Exclusion: The same role should never be assigned both permissions Dynamic Exclusion: The same role can never hold both permissions in the same context

36 © Ravi Sandhu 2003 CONSTRAINTS Cardinality Constraints on User-Role Assignment At most k users can belong to the role At least k users must belong to the role Exactly k users must belong to the role

37 © Ravi Sandhu 2003 CONSTRAINTS Cardinality Constraints on Permissions-Role Assignment At most k roles can get the permission At least k roles must get the permission Exactly k roles must get the permission

RBAC-MAC-DAC

39 © Ravi Sandhu 2003 RBAC96 ROLES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS ROLE HIERARCHIES CONSTRAINTS

40 © Ravi Sandhu 2003 LBAC: LIBERAL *-PROPERTY H L M1M2 ReadWrite -+ +-

41 © Ravi Sandhu 2003 RBAC96: LIBERAL *-PROPERTY HR LR M1RM2R LW HW M1WM2W Read Write - +

42 © Ravi Sandhu 2003 RBAC96: LIBERAL *-PROPERTY user xR, user has clearance x user LW, independent of clearance Need constraints session xR iff session xW read can be assigned only to xR roles write can be assigned only to xW roles (O,read) assigned to xR iff (O,write) assigned to xW

43 © Ravi Sandhu 2003 DAC IN RBAC Each user can create discretionary roles for assigning grantable permissions For true DAC need grantable permissions for each object owned by the user

Administrative RBAC ARBAC97

45 © Ravi Sandhu 2003 SCALE AND RATE OF CHANGE roles: 100s or 1000s users: 1000s or 10,000s or more Frequent changes to user-role assignment permission-role assignment Less frequent changes for role hierarchy

46 © Ravi Sandhu 2003 ADMINISTRATIVE RBAC ROLES USERS PERMISSIONS... ADMIN ROLES ADMIN PERMISSIONS CAN- MANAGE

47 © Ravi Sandhu 2003 ARBAC97 DECENTRALIZES user-role assignment (URA97) permission-role assignment (PRA97) role-role hierarchy groups or user-only roles (extend URA97) abilities or permission-only roles (extend PRA97) UP-roles or user-and-permission roles (RRA97)

48 © Ravi Sandhu 2003 ADMINISTRATIVE RBAC RBAC2RBAC1 RBAC0 RBAC3 ARBAC2ARBAC1 ARBAC0 ARBAC3

49 © Ravi Sandhu 2003 EXAMPLE ROLE HIERARCHY Employee (E) Engineering Department (ED) Project Lead 1 (PL1) Engineer 1 (E1) Production 1 (P1) Quality 1 (Q1) Director (DIR) Project Lead 2 (PL2) Engineer 2 (E2) Production 2 (P2) Quality 2 (Q2) PROJECT 2PROJECT 1

50 © Ravi Sandhu 2003 EXAMPLE ADMINISTRATIVE ROLE HIERARCHY Senior Security Officer (SSO) Department Security Officer (DSO) Project Security Officer 1 (PSO1) Project Security Officer 2 (PSO2)

51 © Ravi Sandhu 2003 URA97 GRANT MODEL: can-assign ARolePrereq RoleRole Range PSO1ED[E1,PL1) PSO2ED[E2,PL2) DSOED(ED,DIR) SSOE[ED,ED] SSOED(ED,DIR]

52 © Ravi Sandhu 2003 URA97 GRANT MODEL : can-assign ARolePrereq CondRole Range PSO1ED[E1,E1] PSO1ED & ¬ P1[Q1,Q1] PSO1ED & ¬ Q1[P1,P1] PSO2ED[E2,E2] PSO2ED & ¬ P2[Q2,Q2] PSO2ED & ¬ Q2[P2,P2]

53 © Ravi Sandhu 2003 URA97 GRANT MODEL redundant assignments to senior and junior roles are allowed are useful

54 © Ravi Sandhu 2003 URA97 REVOKE MODEL WEAK REVOCATION revokes explicit membership in a role independent of who did the assignment

55 © Ravi Sandhu 2003 URA97 REVOKE MODEL STRONG REVOCATION revokes explicit membership in a role and its seniors authorized only if corresponding weak revokes are authorized alternatives all-or-nothing revoke within range

56 © Ravi Sandhu 2003 URA97 REVOKE MODEL : can-revoke ARoleRole Range PSO1[E1,PL1) PSO2[E2,PL2) DSO(ED,DIR) SSO[ED,DIR]

57 © Ravi Sandhu 2003 PERMISSION-ROLE ASSIGNMENT dual of user-role assignment can-assign-permission can-revoke-permission weak revoke strong revoke (propagates down)

58 © Ravi Sandhu 2003 PERMISSION-ROLE ASSIGNMENT CAN-ASSIGN-PERMISSION ARolePrereq CondRole Range PSO1PL1[E1,PL1) PSO2PL2[E2,PL2) DSOE1 E2[ED,ED] SSOPL1 PL2 [ED,ED] SSOED[E,E]

59 © Ravi Sandhu 2003 PERMISSION-ROLE ASSIGNMENT CAN-REVOKE-PERMISSION ARoleRole Range PSO1[E1,PL1] PSO2[E2,PL2] DSO(ED,DIR) SSO[ED,DIR]

60 © Ravi Sandhu 2003 ARBAC97 DECENTRALIZES user-role assignment (URA97) permission-role assignment (PRA97) role-role hierarchy groups or user-only roles (extend URA97) abilities or permission-only roles (extend PRA97) UP-roles or user-and-permission roles (RRA97)

61 © Ravi Sandhu 2003 Range Definitions Rang e Create Range Encap. Range Authority Range

RBAC Architectures and Mechanisms

63 © Ravi Sandhu 2003 OM-AM AND ROLE-BASED ACCESS CONTROL (RBAC) What? How? Objective neutral RBAC96, ARBAC97, etc. user-pull, server-pull, etc. certificates, tickets, PACs, etc. AssuranceAssurance

64 © Ravi Sandhu 2003 SERVER MIRROR ClientServer User-role Authorization Server

65 © Ravi Sandhu 2003 SERVER-PULL ClientServer User-role Authorization Server

66 © Ravi Sandhu 2003 USER-PULL ClientServer User-role Authorization Server

67 © Ravi Sandhu 2003 PROXY-BASED ClientServer Proxy Server User-role Authorization Server

68 © Ravi Sandhu 2003 THE OM-AM WAY Objectives Model Architecture Mechanism What? How? AssuranceAssurance

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.