1. ENGINEERING AUTHORITY AND TRUST IN CYBERSPACE: A ROLE-BASED APPROACH Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University sandhu@gmu.edu www.list.gmu.edu

2. AUTHORIZATION, TRUST AND RISK u Information security management is fundamentally about managing l authorization and l trust so as to manage risk

3. ENGINEERING AUTHORITY & TRUST 4 LAYERS Policy Model Architecture Mechanism What? How?

4. ENGINEERING AUTHORITY & TRUST 4 LAYERS What? How? No information leakage Lattices (Bell-LaPadula) Security kernel Security labels Multilevel Security

5. ENGINEERING AUTHORITY & TRUST 4 LAYERS What? How? Policy neutral RBAC96 user-pull, server-pull, etc. certificates, tickets, PACs, etc. Role-Based Access Control (RBAC)

6. ROLE-BASED ACCESS CONTROL (RBAC) u A users permissions are determined by the users roles l rather than identity or clearance l roles can encode arbitrary attributes u multi-faceted u ranges from very simple to very sophisticated

7. RBAC SECURITY PRINCIPLES u least privilege u separation of duties u separation of administration and access u abstract operations

8. RBAC96 IEEE Computer Feb. 1996 u Policy neutral u can be configured to do MAC l roles simulate clearances (ESORICS 96) u can be configured to do DAC l roles simulate identity (RBAC98)

9. RBAC96 FAMILY OF MODELS RBAC0 BASIC RBAC RBAC3 ROLE HIERARCHIES + CONSTRAINTS RBAC1 ROLE HIERARCHIES RBAC2 CONSTRAINTS

10. RBAC0 ROLES USER-ROLE ASSIGNMENT PERMISSION-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS

11. RBAC1 ROLES USER-ROLE ASSIGNMENT PERMISSION-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS ROLE HIERARCHIES

12. HIERARCHICAL ROLES Health-Care Provider Physician Primary-Care Physician Specialist Physician

13. EXAMPLE ROLE HIERARCHY Employee (E) Engineering Department (ED) Project Lead 1 (PL1) Engineer 1 (E1) Production 1 (P1) Quality 1 (Q1) Director (DIR) Project Lead 2 (PL2) Engineer 2 (E2) Production 2 (P2) Quality 2 (Q2) PROJECT 2PROJECT 1

14. RBAC3 ROLES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS ROLE HIERARCHIES CONSTRAINTS

15. ADMINISTRATIVE RBAC ROLES USERS PERMISSIONS... ADMIN ROLES ADMIN PERMISSIONS CONSTRAINTS

16. EXAMPLE ROLE HIERARCHY Employee (E) Engineering Department (ED) Project Lead 1 (PL1) Engineer 1 (E1) Production 1 (P1) Quality 1 (Q1) Director (DIR) Project Lead 2 (PL2) Engineer 2 (E2) Production 2 (P2) Quality 2 (Q2) PROJECT 2PROJECT 1

17. EXAMPLE ADMINISTRATIVE ROLE HIERARCHY Senior Security Officer (SSO) Department Security Officer (DSO) Project Security Officer 1 (PSO1) Project Security Officer 2 (PSO2)

18. RBAC PARAMETERS u RBAC has many facets, including l number of roles: large or small l flat roles versus hierarchical roles l permission-role review capability l static separation of duties l dynamic separation of duties l role-activation capability u at least 64 variations

19. NIST RBAC MODEL in progress u Level 1: flat RBAC l user-role review u Level 2: hierarchical RBAC l plus role hierarchies u Level 3: constrained RBAC l plus separation constraints u Level 4: true RBAC l plus permission-role review

20. CLASS I SYSTEMS ENFORCEMENT ARCHITECTURE ClientServer

21. CLASS I SYSTEMS ADMINISTRATION ARCHITECTURE Administrative Client Server2 Server1 ServerN Authorization Center

22. CLASS II SYSTEMS SERVER-PULL ClientServer Authorization Server Authentication Server

23. CLASS II SYSTEMS USER-PULL ClientServer Authorization Server Authentication Server

24. R&D IN INTERNET TIME u new technology needs to be developed and deployed continuously in the very short term u need focused applied research u need synergy between Universities and Industry