role-based access control: a multi-dimensional view ravi sandhu, edward coyne, hal feinstein and...
TRANSCRIPT
ROLE-BASED ACCESS CONTROL:A MULTI-DIMENSIONAL VIEW
Ravi Sandhu, Edward Coyne,Hal Feinstein and Charles Youman
Seta CorporationMcLean, VA
Ravi Sandhu is also affiliated withGeorge Mason University, Fairfax, VA
2
RBAC
• An alternative to classical MAC and DAC
• Substantial history and tradition
• Often used to separate administrative functions
• Extend this concept into application domain
3
RBAC
ROLE
USER-ROLEASSIGNMENT
PRIVILEGE-ROLEASSIGNMENT
USERS PRIVILEGES
4
PRIVILEGES
• Primitive privileges
• read, write, append, execute
• Abstract privileges
• credit, debit, inquiry
• Generic privileges
• auditor
5
USERS
• Users are human beings
• Each individual should be known as exactly one user
6
POLICY VERSUS MECHANISM
• Roles are a policy concept
• Several mechanisms can be used to implement roles
• Roles
• Groups
• Compartments
• Some mechanisms are better suited than others
7
WHAT IS THE POLICY IN RBAC?
• There is no information flow policy
• RBAC is a framework to help in articulating policy
• The main point of RBAC is to facilitate security management
8
INTERACTION OF RBAC, MAC AND DAC
RBAC
MAC DAC
permitted accesses
9
RBAC
ROLE
USER-ROLEASSIGNMENT
PRIVILEGE-ROLEASSIGNMENT
USERS PRIVILEGES
10
RBAC
ROLE
USER-ROLEASSIGNMENT
PRIVILEGE-ROLEASSIGNMENT
USERS PRIVILEGES
ROLEHIERARCHIES
11
HIERARCHICAL ROLES
Health-Care Provider
Physician
Primary-CarePhysician
SpecialistPhysician
12
HIERARCHICAL ROLES
Engineer
HardwareEngineer
SoftwareEngineer
SupervisingEngineer
13
SCOPED INHERITANCE
Department Head
Project 1 Manager Project 2 Manager
Department Public
Project 1 Public Project 2 Public
Project 1Programmers
Project 1Testing
Project 2Programmers
Project 2Testing
14
RBAC
ROLEUSERS PRIVILEGES
ROLEHIERARCHIES
CONSTRAINTS
USER-ROLEASSIGNMENT
PRIVILEGE-ROLEASSIGNMENT
15
CONSTRAINTS
• Mutually Exclusive Roles
• Static Exclusion: The same individual can never hold both roles
• Dynamic Exclusion: The same individual can never hold both roles in the same context
16
CONSTRAINTS
• Mutually Exclusive Privileges
• Static Exclusion: The same role should never be assigned both privileges
• Dynamic Exclusion: The same role can never hold both privileges in the same context
17
CONSTRAINTS
• Cardinality Constraints on User-Role Assignment
• At most k users can belong to the role
• At least k users must belong to the role
• Exactly k users must belong to the role
• Cardinality Constraints on Privilege-Role Assignment
• At most k roles can get the privilege
• At least k roles must get the privilege
• Exactly k roles must get the privilege
18
RBAC
ROLE
USER-ROLEASSIGNMENT
PRIVILEGE-ROLEASSIGNMENT
USERS PRIVILEGES
ROLEHIERARCHIES
19
SCALE
• Hundreds of roles
• User-role assignment will change frequently
• Privilege-role assignment will change frequently
• Role hierarchy will change occasionally
20
RBAC SUMMARY
• RBAC is a sophisticated and multi-dimensional concept
• Different products will support variations of RBAC (even if standards emerge)
21
BELL-LAPADULA AND RBAC
• Can BLP be practically and conveniently done in RBAC?
YES
22
IS RBAC A PANACEA?
• NO