Presentation is loading. Please wait.

Presentation is loading. Please wait.

ROLE BASED ACCESS CONTROL

Published byDelaney Stealey Modified over 10 years ago

Similar presentations

Presentation on theme: "ROLE BASED ACCESS CONTROL"— Presentation transcript:

1 ROLE BASED ACCESS CONTROL
(RBAC) John Barkley RBAC Project Leader Software Diagnostics and Conformance Testing National Institute of Standards and Technology (301)

2 ACTIVE PARTICIPANTS SDCT: Rick Kuhn, Bill Majurski, Tony Cincotta, Alan Goldfine CSD: Dave Ferraiolo, Doctor Ramaswamy Chandramouli GMU: Professor Ravi Sandhu, Jean Park UM: Doctor Virgil Gligor SETA: Ed Coyne, Ravi Sundaram (CRADA) VDG: Serban Gavrila (contractor)

3 ROLE BASED ACCESS CONTROL (RBAC)
RBAC is an access control mechanism which: Describes complex access control policies. Reduces errors in administration. Reduces cost of administration.

4 NIST RBAC Activities NIST RBAC Model (Ferraiolo, Cugini, Kuhn)
NIST RBAC Model Implementation for the WWW (RBAC/Web) Administrative tools: RBAC/Web Admin Tool & RGP-Admin Formal description of NIST RBAC Model in PVS (software specification in mathematical language) Test assertions and test software Cost model and role engineering tools Two patent applications and a provisional patent application

5 INDUSTRY RECOGNITION IBM’s patent application for IBM RBAC model cited NIST work as “closest prior art” (now implemented by Tivoli) Sybase and Secure Computing implemented NIST RBAC Model Siemens Nixdorf implemented parts of NIST RBAC Model in Trusted Web and references our work on their Web site NIST RBAC Model included in Educom IMS Specification Received 1998 Excellence in Technology Transfer Award from Federal Laboratory Consortium

6 “I would like to take this opportunity to underscore
Page 15 of ITL Brochure “I would like to take this opportunity to underscore the importance and relevance of research conducted by your laboratory into Role-Based Access Control (RBAC). In the area of security one of the features most requested by Sybase customers has been RBAC. They view this feature as indispensable for the effective management of large and dynamic user populations.” Thomas J. Parenty Director, Data and Communications Security Sybase, Inc. Emeryville, Ca.

7 RBAC MECHANISM Users are associated with roles. Roles are associated with permissions. A user has a permission only if the user has an authorized role which is associated with that permission.

8 Example: The Three Musketeers (User/Permission Association)
Athos Aramis palace uniform Porthos D'Artagnan weapons

9 Example: The Three Musketeers
(RBAC) Athos palace Porthos Musketeer Aramis uniform D'Artagnan weapons Athos Aramis palace uniform Porthos D'Artagnan weapons

10 Example: The Three Musketeers
(RBAC) Athos palace Porthos Musketeer Aramis uniform D'Artagnan weapons Athos Aramis palace uniform Porthos D'Artagnan weapons

11 Example: The Three Musketeers
(RBAC) Athos palace Porthos Musketeer Aramis uniform D'Artagnan weapons Athos Aramis palace uniform Porthos D'Artagnan weapons

12 Quantifying RBAC Advantage
For each job position, let: For all job positions, Number of individuals in job position Number of permissions required for job position RBAC advantage RBAC advantage

13 Example: (D’Artagnon becomes a Musketeer)
palace D'Artagnan Musketeer uniform weapons palace D'Artagnan uniform weapons

14 NIST RBAC Model Role Hierarchies, e.g, teller inherits employee Conflict of Interest Constraints: Static Separation of Duty: user cannot be authorized for both roles, e.g., teller and auditor Dynamic Separation of Duty: user cannot act simultaneously in both roles, e.g., teller and account holder Role Cardinality: maximum number of users authorized for role, e.g., branch manager

15 Example: Role Hierarchy for Bank

16 Example: Bank Role/Role Associations

17 RBAC Administrative Tools
RBAC Admin Tool: user/role and role/role associations (RBAC/Web, NT, RDBMS) RGP-Admin: role/permission associations (NT) AccessMgr: Manipulation of all features of Windows NT ACLs Tool building with visual components Role Engineering and Diagnostic Tool

18 RBAC/Web Admin Tool: Main Display

19 RBAC/Web Admin Tool: Graphical Display

20 RBAC/Web login screen for ko

21 RBAC/Web login screen for ko

22 RGP-Admin: Object Access Type Window

23 RGP-Admin: Object Access Type Edit Window

24 RGP-Admin: Role/Group Permission Window

25 Role Engineering and Diagnostic Tool: input
Number of user/permission associations: 28

26 Role Engineering Tool: role/permission output
Number of role/permission associations: 8 Number of associations for role hierarchy: 5

27 Role Engineering Tool: user/role output
Number of user/role associations: 8 Number of associations for role hierarchy: 5 Number of role/permission associations: 8 (previous slide) Total associations with RBAC: 21 vs. Total user/permission associations: 28 (from earlier slide)

Download ppt "ROLE BASED ACCESS CONTROL"

Similar presentations

ROWLBAC – Representing Role Based Access Control in OWL

ROWLBAC – Representing Role Based Access Control in OWL
Institute for Cyber Security ASCAA Principles for Next- Generation Role-Based Access Control Ravi Sandhu Executive Director & Endowed Professor Institute.

Institute for Cyber Security ASCAA Principles for Next- Generation Role-Based Access Control Ravi Sandhu Executive Director & Endowed Professor Institute.
INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.

INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.
Role Activation Hierarchies Ravi Sandhu George Mason University.

Role Activation Hierarchies Ravi Sandhu George Mason University.
Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.

Institute for Cyber Security ASCAA Principles for Next-Generation Role-Based Access Control Ravi Sandhu Executive Director and Endowed Chair Institute.
Institute for Cyber Security

Institute for Cyber Security
Future Directions in Role-Based Access Control Models Ravi Sandhu Co-Founder and Chief Scientist SingleSignOn.Net & Professor of Information Technology.

Future Directions in Role-Based Access Control Models Ravi Sandhu Co-Founder and Chief Scientist SingleSignOn.Net & Professor of Information Technology.
Gail-Joon Ahn and Ravi Sandhu George Mason University Myong Kang and Joon Park Naval Research Laboratory Injecting RBAC to Secure a Web-based Workflow.

Gail-Joon Ahn and Ravi Sandhu George Mason University Myong Kang and Joon Park Naval Research Laboratory Injecting RBAC to Secure a Web-based Workflow.
ENGINEERING AUTHORITY AND TRUST IN CYBERSPACE: A ROLE-BASED APPROACH Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.

ENGINEERING AUTHORITY AND TRUST IN CYBERSPACE: A ROLE-BASED APPROACH Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.
ROLE-BASED ACCESS CONTROL: A MULTI-DIMENSIONAL VIEW Ravi Sandhu, Edward Coyne, Hal Feinstein and Charles Youman Seta Corporation McLean, VA Ravi Sandhu.

ROLE-BASED ACCESS CONTROL: A MULTI-DIMENSIONAL VIEW Ravi Sandhu, Edward Coyne, Hal Feinstein and Charles Youman Seta Corporation McLean, VA Ravi Sandhu.
A THREE TIER ARCHITECTURE FOR ROLE-BASED ACCESS CONTROL Ravi Sandhu and Hal Feinstein Seta Corporation McLean, VA Ongoing NIST-funded project Other Project.

A THREE TIER ARCHITECTURE FOR ROLE-BASED ACCESS CONTROL Ravi Sandhu and Hal Feinstein Seta Corporation McLean, VA Ongoing NIST-funded project Other Project.
© 2005 Ravi Sandhu www.list.gmu.edu Permissions and Inheritance (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology.

© 2005 Ravi Sandhu Permissions and Inheritance (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology.
© 2005 Ravi Sandhu www.list.gmu.edu Role Usage and Activation Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security.

© 2005 Ravi Sandhu Role Usage and Activation Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security.
Engineering Authority and Trust in Cyberspace: The OM-AM and RBAC Way Prof. Ravi Sandhu George Mason University www.list.gmu.edu.

Engineering Authority and Trust in Cyberspace: The OM-AM and RBAC Way Prof. Ravi Sandhu George Mason University
Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.

Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.
Role-Based Access Control CS461/ECE422 Fall 2011.

Role-Based Access Control CS461/ECE422 Fall 2011.
Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.

Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.
CREATING WEB PAGES INTERNET IN THE CURRICULUM MODULE 8:

CREATING WEB PAGES INTERNET IN THE CURRICULUM MODULE 8:
5 th grade Computer Terminology. Minimize Minimize refers to reducing a window to an icon, or a label at the bottom of the screen in your task bar, while.

5 th grade Computer Terminology. Minimize Minimize refers to reducing a window to an icon, or a label at the bottom of the screen in your task bar, while.
Proposal for Fast-Tracking NIST Role-Based Access Control Standard David Ferraiolo Rick Kuhn National Institute of Standards and Technology Gathersburg,

Proposal for Fast-Tracking NIST Role-Based Access Control Standard David Ferraiolo Rick Kuhn National Institute of Standards and Technology Gathersburg,

Similar presentations

Ads by Google