Introduction Fundamental concepts Discretionary and mandatory controls Concluding remarks Questions Discretionary and Mandatory Controls for Role-Based Administration Jason Crampton Royal Holloway, University of London 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security Discretionary and Mandatory Controls for Role-Based Administration Jason Crampton
Introduction Fundamental concepts Discretionary and mandatory controls Concluding remarks Questions Outline Introduction 1 Fundamental concepts 2 Discretionary and mandatory controls 3 Concluding remarks 4 Questions 5 Discretionary and Mandatory Controls for Role-Based Administration Jason Crampton
Introduction Fundamental concepts Discretionary and mandatory controls Concluding remarks Questions Administration in the context of access control Administration The management of the data structures that an define access control policy Administrative model A set of rules that control changes to those data structures Changes to the data structures are effected by executing administrative commands Rules determine which commands succeed Examples Harrison-Ruzzo-Ullman model for the protection matrix Take-grant model Discretionary and Mandatory Controls for Role-Based Administration Jason Crampton
Introduction Fundamental concepts Discretionary and mandatory controls Concluding remarks Questions Role-based administration ANSI RBAC standard defines set of administrative functions that must be supported by compliant systems No administrative model No suggested implementation Less well understood than role-based access control More challenging problem No consensus on the best approach Two main approaches in literature Permission-based Structural Discretionary and Mandatory Controls for Role-Based Administration Jason Crampton
Introduction Fundamental concepts Discretionary and mandatory controls Concluding remarks Questions Permission-based approaches Basic idea Administrative roles are given administrative (control) permissions Mimics HRU approach to protection matrix Examples RBAC96 (Sandhu et al ) X-GTRBAC Admin (Bhatti et al ) Disadvantages Little control over propagation of permissions Discretionary and Mandatory Controls for Role-Based Administration Jason Crampton
Introduction Fundamental concepts Discretionary and mandatory controls Concluding remarks Questions Structural approaches Basic idea Administrative roles are given control over sub-hierarchies Role parameters of administrative command must belong to a sub-hierarchy controlled by the requester Examples ARBAC97 defines sub-hierarchies using relations (Sandhu et al ) RHA family of models defines sub-hierarchies using administrative scope (Crampton) Disadvantages Sensitive to changes in the role hierarchy Discretionary and Mandatory Controls for Role-Based Administration Jason Crampton
Introduction Fundamental concepts Discretionary and mandatory controls Concluding remarks Questions This work Motivation To provide a comprehensive, expressive, flexible and simple model for role-based administration Goals To address the limitations of existing approaches The model should limit the propagation of permissions The model should be resilient to changes to the role hierarchy Approach Use domains to limit permission propagation Use administrative permissions to support fine-grained administrative control and separation of administrative duties Discretionary and Mandatory Controls for Role-Based Administration Jason Crampton
Introduction Fundamental concepts Discretionary and mandatory controls Concluding remarks Questions RBAC model Role hierarchy A partially ordered set of roles ( R , � ) User-role assignment relation UA ⊆ U × R Permission-role assignment relation PA ⊆ P × R Discretionary and Mandatory Controls for Role-Based Administration Jason Crampton
Introduction Fundamental concepts Discretionary and mandatory controls Concluding remarks Questions Administrative concepts Administrative permissions Assigned to roles and authorize a role to either add or delete an element from one of U , P , R , � , UA or PA Objects are RBAC sets and relations Operations are add and delete Discretionary and Mandatory Controls for Role-Based Administration Jason Crampton
Introduction Fundamental concepts Discretionary and mandatory controls Concluding remarks Questions Administrative concepts Administrative permissions Assigned to roles and authorize a role to either add or delete an element from one of U , P , R , � , UA or PA Objects are RBAC sets and relations Operations are add and delete Administrative commands A request to invoke an administrative permission addUA ( a , u , r ) command takes three parameters: administrative role a , user u and role r Discretionary and Mandatory Controls for Role-Based Administration Jason Crampton
Introduction Fundamental concepts Discretionary and mandatory controls Concluding remarks Questions Administrative concepts Administrative partitions A collection of subsets of R Each subset is called a domain Each pair of domains is either disjoint or nested Discretionary and Mandatory Controls for Role-Based Administration Jason Crampton
Introduction Fundamental concepts Discretionary and mandatory controls Concluding remarks Questions Administrative concepts Administrative partitions A collection of subsets of R Each subset is called a domain Each pair of domains is either disjoint or nested Domain-role assignment relation DA ⊆ D × R , where D is an administrative partition If ( D , r ) ∈ DA we say r has administrative control over D Discretionary and Mandatory Controls for Role-Based Administration Jason Crampton
Introduction Fundamental concepts Discretionary and mandatory controls Concluding remarks Questions Example DIR PL1 PL2 PE1 QE1 PE2 QE2 ENG1 ENG2 ED E Discretionary and Mandatory Controls for Role-Based Administration Jason Crampton
Introduction Fundamental concepts Discretionary and mandatory controls Concluding remarks Questions Example D 1 = [ ENG1 , PL1 ] DIR D 2 = [ ENG2 , PL2 ] D 3 = D 1 ∪ D 2 PL1 PL2 D 4 = [ E , DIR ] PE1 QE1 PE2 QE2 ENG1 ENG2 ED E Discretionary and Mandatory Controls for Role-Based Administration Jason Crampton
Introduction Fundamental concepts Discretionary and mandatory controls Concluding remarks Questions Example D 1 = [ ENG1 , PL1 ] DIR D 2 = [ ENG2 , PL2 ] D 3 = D 1 ∪ D 2 PL1 PL2 D 4 = [ E , DIR ] PE1 QE1 PE2 QE2 DA ENG1 ENG2 D 1 PSO1 ED D 2 PSO2 D 3 DSO D 4 SSO E Discretionary and Mandatory Controls for Role-Based Administration Jason Crampton
Introduction Fundamental concepts Discretionary and mandatory controls Concluding remarks Questions Basic security properties The discretionary administrative property A command can only succeed if the requested permission is assigned to a role activated by the requester Discretionary and Mandatory Controls for Role-Based Administration Jason Crampton
Introduction Fundamental concepts Discretionary and mandatory controls Concluding remarks Questions Basic security properties The discretionary administrative property A command can only succeed if the requested permission is assigned to a role activated by the requester The mandatory administrative property A command can only succeed if the role parameters belong to a domain over which the requester has control Discretionary and Mandatory Controls for Role-Based Administration Jason Crampton
Introduction Fundamental concepts Discretionary and mandatory controls Concluding remarks Questions The mandatory UA property Motivation The assignment of a user u to a role r results in u being implicitly assigned to all roles less than r Discretionary and Mandatory Controls for Role-Based Administration Jason Crampton
Introduction Fundamental concepts Discretionary and mandatory controls Concluding remarks Questions The mandatory UA property Motivation The assignment of a user u to a role r results in u being implicitly assigned to all roles less than r Formal statement The command addUA ( a , u , r ) satisfies the mandatory UA property if there exists a domain D over which a has control such that r ∈ D and u is already assigned to all roles { s ∈ R : s � r , s �∈ D } Discretionary and Mandatory Controls for Role-Based Administration Jason Crampton
Introduction Fundamental concepts Discretionary and mandatory controls Concluding remarks Questions The mandatory UA property Motivation The assignment of a user u to a role r results in u being implicitly assigned to all roles less than r Formal statement The command addUA ( a , u , r ) satisfies the mandatory UA property if there exists a domain D over which a has control such that r ∈ D and u is already assigned to all roles { s ∈ R : s � r , s �∈ D } Consequences It is impossible for an administrative role to assign users to roles over which it has no control Discretionary and Mandatory Controls for Role-Based Administration Jason Crampton
Introduction Fundamental concepts Discretionary and mandatory controls Concluding remarks Questions Example DIR PL1 PL2 PE1 QE1 PE2 QE2 ENG1 ENG2 ED E Discretionary and Mandatory Controls for Role-Based Administration Jason Crampton
Recommend
More recommend
