Presentation is loading. Please wait.

Presentation is loading. Please wait.

NIST Standard for Role-Based Access Control

Published byἙλένη Λύτρας Modified over 5 years ago

Similar presentations

Presentation on theme: "NIST Standard for Role-Based Access Control"— Presentation transcript:

1 NIST Standard for Role-Based Access Control
Present by Wenyi Ni

2 The root of RBAC The use of groups in UNIX and other operating systems
Privilege grouping in DBMS Separation of duty concepts RBAC embodies these notions in a single access control model.

3 RBAC includes: Roles and role hierarchies Role activation
Constraints on user/role membership and role set activation

4 RBAC is organized into two part
RBAC reference model RBAC Functional Specification

5 RBAC reference model Define a common vocabulary of terms for in consistently specifying requirements and to set the scope of the RBAC features included in the standard

6 RBAC Functional Specification
Define requirements over administrative operations for the creation and maintenance of RBAC element sets and relations

7 NIST RBAC model is defined in terms of four model components
Core RBAC Hierarchical RBAC Static separation of duty relations Dynamic Separation of duty relations

8 Core RBAC Define a minimum collection of RBAC elements, element sets, relations in order to completely achieved a role-based access control system It includes: 1.user-role assignment 2.permission-role assignment

9 Definitions in core RBAC
User: defined as a human being. It can be extended to include machine, network,intelligent autonomous agent Role: a job function within the context of an organization with some associated semantics regarding the authority and responsibility

10 Definition (continued)
Permission: an approval to perform an operation on one or more RBAC protected objects Operation: an executable image of a program Session: a mapping between a user and an activated subset of roles that are assigned to the user

11 Core RBAC model element sets and relations

12 Hierarchal RBAC It adds relations for supporting role hierarchies
Senior roles acquire the permissions of their juniors A role’s set of authorized users and authorized permission Role hierarchy can be 1)tree 2)inverted tree 3)lattice

13 Role hierarchy Tree

14 Role hierarchy inverted tree

15 Role hierarchy lattice

16 Example: accounting roles

17 Separation of duty relations
It is used to enforce conflict of interest policies that organizations may employ to prevent users from exceeding a reasonable level of authority for their position

18 Static Separation of Duty Relations
Enforce constraints on the assignment of users to roles Place restrictions on sets of roles. If a user is assigned to one role, the user is prohibited from being a member of a second role.

19 Because of the conflict of role ‘billing’ and ‘Cashier’ , Frank is prohibited to be assigned both of them

20 Dynamic Separation of Duty Relations
Place constraints on the roles that can be activated within or across a users sessions. It supports each user has different levels of permission at different time. It is often referred as timely revocation of trust

21 Categories of functions in RBAC
Used to meet the requirements for each of the components 1.Administrative Functions 2.Supporting System Functions 3.Review Functions

22 Administrative Functions in core RBAC
Create and maintain element sets(users,roles,OPS,OBS) 1.AddUser, DeleteUser 2.AddRole, DeleteRole 3.AssignUser, DeassignUser 4.GrantPermission, revokePermission

23 Supporting System Function in Core RBAC
Session management and make access control decisions 1.CreateSession 2.AddActiveRole, DropActiveRole 3.CheckAccess

24 Review Function in Core RBAC
View the contents of user-to-role and permission-to-role assignment. 1.AssignedRoles 2.RolePermissions 3.UserPermissions 4.SessionPermisssions 5.RoleOperationsOnObjects 6.UserOperationsOnObjects

25 Administrative Function in Hierarchical RBAC
Create and maintain the partial order relation among roles 1.AddInheritance, DeleteInheritance 2.AddAscendant, AddDescendant

26 Supporting System Functions in Hierarchical RBAC
Same function as for Core RBAC, some function need to be redefined because of the role hierarchy. Such as: createSession, addActiveRole.

27 Review Functions in Hierarchical RBAC
All review functions specified for Core RBAC is valid here Add the review functions to inherited roles. 1.AuthorizedUsers 2.AuthorizedRoles

28 Functions in SSD Administrative: 1CreatSSDSet,DeleteSSDSet
2AddSSDRoleMember, DeleteSSDRolemember 3.SetSSDRoleMember 4.SetSSDCardinality Supporting System: same as those for core RBAC Review: 1.SSDRoleSets 2.SSDRoleSetRoles 3.SSDRoleSetCardinality

29 Functions in DSD Administrative 1.CreateDSDSet, DeleteDSDSet
2.AddDSDRoleMember,DeleteDSDRoleMember 3.SetDSDCardinality Suport System: 1.CreateSession 2.AddActiveRole 3.DropActiveRole Review: 1.DSDRoleSets 2.DSDRoleSetRoles 3.DSDRoleSetCardinality

30 Conclusion RBAC is used to simplify security policy administration
RBAC is an open-ended technology,which ranges from very simple to fairly sophisticated. RBAC continues to be an evolving technology.

31 End Reference:

Download ppt "NIST Standard for Role-Based Access Control"

Similar presentations

RBAC Role-Based Access Control

RBAC Role-Based Access Control
ROWLBAC – Representing Role Based Access Control in OWL

ROWLBAC – Representing Role Based Access Control in OWL
© 2004 Ravi Sandhu www.list.gmu.edu Role-Based Access Control Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.

© 2004 Ravi Sandhu Role-Based Access Control Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.
INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.

INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.
11 World-Leading Research with Real-World Impact! A Framework for Risk-Aware Role Based Access Control Khalid Zaman Bijon, Ram Krishnan and Ravi Sandhu.

11 World-Leading Research with Real-World Impact! A Framework for Risk-Aware Role Based Access Control Khalid Zaman Bijon, Ram Krishnan and Ravi Sandhu.
Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.

Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.
ENGINEERING AUTHORITY AND TRUST IN CYBERSPACE: A ROLE-BASED APPROACH Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.

ENGINEERING AUTHORITY AND TRUST IN CYBERSPACE: A ROLE-BASED APPROACH Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.
Role-Based Access Control

Role-Based Access Control
Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.

Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.
ROLE BASED ACCESS CONTROL MODELS

ROLE BASED ACCESS CONTROL MODELS
Role-Based Access Control CS461/ECE422 Fall 2011.

Role-Based Access Control CS461/ECE422 Fall 2011.
The RBAC96 Model Prof. Ravi Sandhu. 2 © Ravi Sandhu WHAT IS RBAC?  multidimensional  open ended  ranges from simple to sophisticated.

The RBAC96 Model Prof. Ravi Sandhu. 2 © Ravi Sandhu WHAT IS RBAC?  multidimensional  open ended  ranges from simple to sophisticated.
Access Control A Meta-Model 1Dennis Kafura – CS5204 – Operating Systems.

Access Control A Meta-Model 1Dennis Kafura – CS5204 – Operating Systems.
Access Control RBAC Database Activity Monitoring.

Access Control RBAC Database Activity Monitoring.
Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies (2000) Author: Sylvia Osborn, Ravi Sandhu,Qamar Munawer.

Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies (2000) Author: Sylvia Osborn, Ravi Sandhu,Qamar Munawer.
On Comparing the Expressing Power of Access Control Model Frameworks Workshop on Logical Foundations of an Adaptive Security Infrastructure (WOLFASI) A.

On Comparing the Expressing Power of Access Control Model Frameworks Workshop on Logical Foundations of an Adaptive Security Infrastructure (WOLFASI) A.
Security Leadership Essentials – Defense-in-Depth – © 2006 SANS Role-Based Access Control (RBAC) Approach for Defense-in-Depth Peter Leight and Richard.

Security Leadership Essentials – Defense-in-Depth – © 2006 SANS Role-Based Access Control (RBAC) Approach for Defense-in-Depth Peter Leight and Richard.
Role Based Access Control Venkata Marella. Access Control System Access control is the ability to permit or deny the use of a particular resource by a.

Role Based Access Control Venkata Marella. Access Control System Access control is the ability to permit or deny the use of a particular resource by a.
Administrative Scope and Role-Based Administration Jason Crampton Information Security Group Royal Holloway, University of London.

Administrative Scope and Role-Based Administration Jason Crampton Information Security Group Royal Holloway, University of London.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 4: Access Control.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 4: Access Control.

Similar presentations

Ads by Google