Access ControlRBAC
Database Activity Monitoring
CSCE 824 - Farkas 2
Reading assignments Required for access control classes:
Ravi Sandhu and P. Samarati, Access Control: Principles and Practice, IEEE Communications, Volume 32, Number 9, September 1994 http://www.list.gmu.edu/journals/commun/i94ac(org).pdf
Ravi Sandhu, Lattice-Based Access Control Models, IEEE Computer, Volume 26, Number 11 (Cover Article), November 1993 http://www.list.gmu.edu/journals/computer/i93lbacm(org).pdf
Ravi Sandhu, Edward Coyne, Hal Feinstein and Charles Youman, Role-Based Access Control Models, IEEE Computer, Volume 29, Number 2, February 1996
http://www.list.gmu.edu/journals/computer/i94rbac(org).pdf
3
RBAC Motivation
Multi-user systems Multi-application systems Permissions are associated with roles Role-permission assignments are persistent v.s.
user-permission assignments Intuitive: competency, authority and
responsibility
CSCE 824 - Farkas
4
Motivation
Express organizational policies Separation of duties Delegation of authority
Flexible: easy to modify to meet new security requirements
Supports Least-privilege Separation of duties Data abstraction
CSCE 824 - Farkas
5
RBAC
Allows to express security requirements but
CANNOT ENFORCE THESE PRINCIPLES
e.g., RBAC can be configured to enforce BLP rules but its correctness depend on the configuration done by the system security officer.
CSCE 824 - Farkas
6
Roles
User group: collection of user with possibly different permissions
Role: mediator between collection of users and collection of permissions
RBAC independent from DAC and MAC (they may coexist)
RBAC is policy neutral: configuration of RBAC determines the policy to be enforced
CSCE 824 - Farkas
7
RBAC
RBAC3 consolidated model
RBAC1
role hierarchy RBAC2
constraints
RBAC0 base model
CSCE 824 - Farkas
8
RBAC0
.
.
UUsers
RRoles
PPermissions
. SSessions
User assignment
Permissionassignment
CSCE 824 - Farkas
9
RBAC0
User: human beings Role: job function (title) Permission: approval of a mode of access
Always positiveAbstract representationCan apply to single object or to many
CSCE 824 - Farkas
10
RBAC0
UA: user assignments Many-to-many
PA: Permission assignment Many-to-many
Session: mapping of a user to possibly may roles Multiple roles can be activated simultaneously Permissions: union of permissions from all roles Each session is associated with a single user User may have multiple sessions at the same time
CSCE 824 - Farkas
11
RBAC0 Components
Users, Roles, Permissions, Sessions PA P x R (many-to-many) UA U x R (many-to-many) user: S U, mapping each session si to a single
user user(si)
roles: S 2R, mapping each session si to a set of roles roles(si) {r | (user(si),r) UA} and si has permissions rroles(si) {p | (p,r) PA}
CSCE 824 - Farkas
12
RBAC0
Permissions apply to data and resource objects only
Permissions do NOT apply to RBAC components
Administrative permissions: modify U,R,S,P Session: under the control of user to
Activate any subset of permitted roles Change roles within a session
CSCE 824 - Farkas
13
RBAC1
.
.
UUsers
RRoles
PPermissions
. SSessions
User assignment
Permissionassignment
Role Hierarchy
CSCE 824 - Farkas
14
RBAC1
Structuring roles Inheritance of permission from junior role
(bottom) to senior role (top) Partial order
ReflexiveTransitiveAnti-symmetric
CSCE 824 - Farkas
15
RBAC1 Components
Same as RBAC0: Users, Roles, Permissions, Sessions, PA P x R, UA U x R, user: S U, mapping each session si to a single user user(si)
RH R x R, partial order ( dominance)
roles: S 2R, mapping each session si to a set of roles roles(si) {r | (r’ r) [(user(si),r’)
UA]} and si has permissions rroles(si) {p | (r”
r) [(p,r”) PA]}
CSCE 824 - Farkas
16
RBAC1
Role Hierarchy
Primary-care Physician
Physician
Specialist Physician
Health-care provider
Inheritanceof
privileges
CSCE 824 - Farkas
17
RBAC1
Limit scope of inheritance
Project Supervisor
Test Engineer Programmer
Project
Member
Test Engineer’
Test Engineer
Programmer
Programmer’
Project
Member
Project Supervisor
Private Roles
CSCE 824 - Farkas
18
RBAC2 – Constraints
Enforces high-level organizational policies Management of decentralized security Constraints define “acceptable” and “not
acceptable” accesses
CSCE 824 - Farkas
19
RBAC2 – Components
Same as RBAC0 + Constraints
CSCE 824 - Farkas
20
RBAC2
.
.
UUsers
RRoles
PPermissions
. SSessions
User assignment
Permissionassignment
Constraints
CSCE 824 - Farkas
21
RBAC2
Mutually exclusive roles Dual constraint of permission assignments
(permission assigned to at most one mutually exclusive role)
Cardinality constraints (e.g., # of roles an individual can belong)
Prerequisite roles
CSCE 824 - Farkas
22
RBAC2
Constraints can apply to sessions, user and roles functions
CSCE 824 - Farkas
23
RBAC3
.
.
UUsers
RRoles
PPermissions
. SSessions
User assignment
Permissionassignment
Constraints
CSCE 824 - Farkas
Database Monitoring
DBMS supported, e.g., Oracle auditing, transaction logs, etc.
Non-DBMS monitoring, e.g., IBM InfoSphere GuardiumDatabase Activity Monitoring (DAM)Database Activity Monitoring and Prevention
(DAMP)
24CSCE 824 - Farkas
DAMP
Regulatory compliance support Protects data from external attacks Monitors privileged users and application
(beyond DBMS support)Oracle User Group Survey: most
organizations do not have mechanisms to control or monitor privileged user activities
25CSCE 824 - Farkas
Privileged user monitoring
System administrators, database administrators, developers, help desk personnel, etc.
Monitoring: auditing usage and transactions, identify anomalous activities, verify authorization of changes
Data privacy Data governance
26CSCE 824 - Farkas
Application Activity Monitoring
End user accountability and fraud detection
Means of misuse is via application (not direct database access)
Address multi-tier applications that hide the identity of the end user
27CSCE 824 - Farkas
Cyber Attack Protection
Vulnerable code Database related attacks, e.g., SQL
injection Monitor application characteristics, build
profile, warn about anomalous behavior
28CSCE 824 - Farkas
DAM Features Data collection and aggregation (heterogeneous data
sources!) Profiling and anomaly detection Advanced features:
Real-time monitoringAgnostic solutionsAutomated responseAutomatic data classification and security
adjustment
CSCE 824 - Farkas 29
30
Next Class: Midterm exam