The RBAC 96 Model Prof Ravi Sandhu WHAT
The RBAC 96 Model Prof. Ravi Sandhu
WHAT IS RBAC? v multidimensional v open ended v ranges from simple to sophisticated © Ravi Sandhu 2
WHAT IS THE POLICY IN RBAC? LBAC is policy driven: one-directional information flow in a lattice of security labels v DAC is policy driven: owner-based discretion v RBAC is a framework to help in articulating policy v The main point of RBAC is to facilitate security management v © Ravi Sandhu 3
RBAC 96 v Policy neutral v can be configured to do LBAC Ø roles v can be configured to do DAC Ø roles © Ravi Sandhu simulate clearances (ESORICS 96) simulate identity (RBAC 98) 4
RBAC SECURITY PRINCIPLES v least privilege v separation of duties v separation of administration and access v abstract operations © Ravi Sandhu 5
RBAC CONUNDRUM v turn on all roles all the time v turn on one role only at a time v turn on a user-specified subset of roles © Ravi Sandhu 6
RBAC 96 FAMILY OF MODELS RBAC 3 ROLE HIERARCHIES + CONSTRAINTS RBAC 1 ROLE HIERARCHIES RBAC 2 CONSTRAINTS RBAC 0 BASIC RBAC © Ravi Sandhu 7
RBAC 0 USER-ROLE ASSIGNMENT USERS ROLES . . . © Ravi Sandhu PERMISSION-ROLE ASSIGNMENT PERMISSIONS SESSIONS 8
PERMISSIONS v Primitive Ø read, write, append, execute v Abstract Ø credit, © Ravi Sandhu permissions debit, inquiry 9
PERMISSIONS v System permissions Ø Auditor v Object permissions Ø read, write, append, execute, credit, debit, inquiry © Ravi Sandhu 10
PERMISSIONS v Permissions are positive v No negative permissions or denials Ø negative permissions and denials can be handled by constraints v No Ø © Ravi Sandhu duties or obligations outside scope of access control 11
ROLES AS POLICY v. A role brings together Øa collection of users and Ø a collection of permissions v These collections will vary over time ØA role has significance and meaning beyond the particular users and permissions brought together at any moment © Ravi Sandhu 12
ROLES VERSUS GROUPS v Groups Øa v. A are often defined as collection of users role is Øa collection of users and Ø a collection of permissions v Some Øa © Ravi Sandhu authors define role as collection of permissions 13
USERS v Users are Ø human beings or Ø other active agents v Each individual should be known as exactly one user © Ravi Sandhu 14
USER-ROLE ASSIGNMENT v. A user can be a member of many roles v Each role can have many users as members © Ravi Sandhu 15
SESSIONS v. A user can invoke multiple sessions v In each session a user can invoke any subset of roles that the user is a member of © Ravi Sandhu 16
PERMISSION-ROLE ASSIGNMENT v. A permission can be assigned to many roles v Each role can have many permissions © Ravi Sandhu 17
MANAGEMENT OF RBAC v Option 1: USER-ROLE-ASSIGNMENT and PERMISSION-ROLE ASSIGNMENT can be changed only by the chief security officer v Option 2: Use RBAC to manage RBAC © Ravi Sandhu 18
RBAC 1 ROLE HIERARCHIES USER-ROLE ASSIGNMENT USERS ROLES . . . © Ravi Sandhu PERMISSION-ROLE ASSIGNMENT PERMISSIONS SESSIONS 19
HIERARCHICAL ROLES Primary-Care Physician Specialist Physician Health-Care Provider © Ravi Sandhu 20
HIERARCHICAL ROLES Supervising Engineer Hardware Engineer Software Engineer © Ravi Sandhu 21
PRIVATE ROLES Hardware Engineer’ Supervising Engineer Hardware Engineer Software Engineer’ Software Engineer © Ravi Sandhu 22
EXAMPLE ROLE HIERARCHY Director (DIR) Project Lead 1 (PL 1) Production 1 (P 1) Project Lead 2 (PL 2) Quality 1 (Q 1) Production 2 (P 2) Engineer 1 (E 1) PROJECT 1 © Ravi Sandhu Quality 2 (Q 2) Engineer 2 (E 2) Engineering Department (ED) Employee (E) PROJECT 2 23
EXAMPLE ROLE HIERARCHY Project Lead 1 (PL 1) Production 1 (P 1) Project Lead 2 (PL 2) Quality 1 (Q 1) Production 2 (P 2) Engineer 1 (E 1) PROJECT 1 © Ravi Sandhu Quality 2 (Q 2) Engineer 2 (E 2) Engineering Department (ED) Employee (E) PROJECT 2 24
EXAMPLE ROLE HIERARCHY Director (DIR) Project Lead 1 (PL 1) Production 1 (P 1) Quality 1 (Q 1) Engineer 1 (E 1) PROJECT 1 © Ravi Sandhu Project Lead 2 (PL 2) Production 2 (P 2) Quality 2 (Q 2) Engineer 2 (E 2) PROJECT 2 25
EXAMPLE ROLE HIERARCHY Project Lead 1 (PL 1) Production 1 (P 1) Quality 1 (Q 1) Engineer 1 (E 1) PROJECT 1 © Ravi Sandhu Project Lead 2 (PL 2) Production 2 (P 2) Quality 2 (Q 2) Engineer 2 (E 2) PROJECT 2 26
RBAC 3 ROLE HIERARCHIES USER-ROLE ASSIGNMENT USERS ROLES . . . © Ravi Sandhu PERMISSIONS-ROLE ASSIGNMENT SESSIONS PERMISSIONS CONSTRAINTS 27
CONSTRAINTS v Mutually Exclusive Roles Ø Static Exclusion: The same individual can never hold both roles Ø Dynamic Exclusion: The same individual can never hold both roles in the same context © Ravi Sandhu 28
CONSTRAINTS v Mutually Exclusive Permissions Ø Static Exclusion: The same role should never be assigned both permissions Ø Dynamic Exclusion: The same role can never hold both permissions in the same context © Ravi Sandhu 29
CONSTRAINTS v Cardinality Constraints on User-Role Assignment Ø At most k users can belong to the role Ø At least k users must belong to the role Ø Exactly k users must belong to the role © Ravi Sandhu 30
CONSTRAINTS v Cardinality Constraints on Permissions-Role Assignment Ø At most k roles can get the permission Ø At least k roles must get the permission Ø Exactly k roles must get the permission © Ravi Sandhu 31
- Slides: 31