arbac 97 (administrative rbac) ravi sandhu venkata bhamidipati ed coyne srinivas ganta qamar munawer...
Post on 26-Mar-2015
218 Views
Preview:
TRANSCRIPT
ARBAC 97 (ADMINISTRATIVE RBAC)
Ravi Sandhu
Venkata Bhamidipati
Ed Coyne
Srinivas Ganta
Qamar Munawer
Charles Youman
2© Ravi Sandhu 1997
ARBAC97 DECENTRALIZES
user-role assignment (URA97) permission-role assignment (PRA97) role-role hierarchy
groups or user-only roles (extend URA97) abilities or permission-only roles (extend PRA97) UP-roles or user-and-permission roles (RRA97)
3© Ravi Sandhu 1997
ADMINISTRATIVE RBAC
ROLES
USERS
PERMISSIONS
...
ADMINROLES
ADMINPERMISSIONS
CAN-MANAGE
4© Ravi Sandhu 1997
ADMINISTRATIVE RBAC
RBAC2RBAC1
RBAC0
RBAC3
ARBAC2ARBAC1
ARBAC0
ARBAC3
5© Ravi Sandhu 1997
EXAMPLE ROLE HIERARCHY
Employee (E)
Engineering Department (ED)
Project Lead 1(PL1)
Engineer 1(E1)
Production 1(P1)
Quality 1(Q1)
Director (DIR)
Project Lead 2(PL2)
Engineer 2(E2)
Production 2(P2)
Quality 2(Q2)
PROJECT 2PROJECT 1
6© Ravi Sandhu 1997
EXAMPLE ADMINISTRATIVE ROLE HIERARCHY
Senior Security Officer (SSO)
Department Security Officer (DSO)
Project SecurityOfficer 1 (PSO1)
Project SecurityOfficer 2 (PSO2)
7© Ravi Sandhu 1997
USER-ROLE ASSIGNMENTCAN-ASSIGN-USER
ARole Prereq Role Role Range
PSO1 ED [E1,PL1)
PSO2 ED [E2,PL2)
DSO ED (ED,DIR)
SSO E [ED,ED]
SSO ED (ED,DIR]
8© Ravi Sandhu 1997
USER-ROLE ASSIGNMENT CAN-ASSIGN-USER
ARole Prereq Cond Role Range
PSO1 ED [E1,E1]
PSO1 ED & ¬ P1 [Q1,Q1]
PSO1 ED & ¬ Q1 [P1,P1]
PSO2 ED [E2,E2]
PSO2 ED & ¬ P2 [Q2,Q2]
PSO2 ED & ¬ Q2 [P2,P2]
9© Ravi Sandhu 1997
USER-ROLE ASSIGNMENT CAN-REVOKE-USER
ARole Role Range
PSO1 [E1,PL1)
PSO2 [E2,PL2)
DSO (ED,DIR)
SSO [ED,DIR]
10© Ravi Sandhu 1997
USER-ROLE ASSIGNMENT REVOCATION
WEAK REVOCATION revokes explicit membership only
STRONG REVOCATION revokes explicit and implicit membership revocation propagates upwards to senior
roles defined in terms of weak revoke
11© Ravi Sandhu 1997
PERMISSION-ROLE ASSIGNMENT
dual of user-role assignment can-assign-permission
can-revoke-permission weak revoke
strong revoke (propagates down)
12© Ravi Sandhu 1997
PERMISSION-ROLE ASSIGNMENT CAN-ASSIGN-PERMISSION
ARole Prereq Cond Role Range
PSO1 PL1 [E1,PL1)
PSO2 PL2 [E2,PL2)
DSO E1 E2 [ED,ED]
SSO PL1 PL2 [ED,ED]
SSO ED [E,E]
13© Ravi Sandhu 1997
PERMISSION-ROLE ASSIGNMENT CAN-REVOKE-PERMISSION
ARole Role Range
PSO1 [E1,PL1]
PSO2 [E2,PL2]
DSO (ED,DIR)
SSO [ED,DIR]
14© Ravi Sandhu 1997
RRA97
Group rolesUsers only
UP-rolesUsers and Permissions
Ability rolesPermissions only
Extended URA97 RRA97 Extended PRA97
15© Ravi Sandhu 1997
RRA97
OBJECTIVE Decentralization of role-role
relationships Administrative role autonomy within a
range. Encapsulation of authority Ranges.
16© Ravi Sandhu 1997
EXAMPLE ROLE HIERARCHY
Employee (E)
Engineering Department (ED)
Project Lead 1(PL1)
Engineer 1(E1)
Production 1(P1)
Quality 1(Q1)
Director (DIR)
Project Lead 2(PL2)
Engineer 2(E2)
Production 2(P2)
Quality 2(Q2)
PROJECT 2PROJECT 1
17© Ravi Sandhu 1997
Range Hierarchy
Range
Create Range
Encap. Range
AuthorityRange
18© Ravi Sandhu 1997
RRA97 - Definitions
Range: (x, y) = {r : Roles | x < r < y}
Authority Range: A range referenced in can-modify relation
Junior Authority range: The range (x, y) is junior to range (x’, y’) if
( x x’ y’ y) ( x > x’ y’ > y) The range (x’, y’) is a senior range
19© Ravi Sandhu 1997
RRA97 - Definitions
Partial Overlap of Ranges: The ranges Y and Y’ partially overlap if
Y Y’ and Y Y’ Y’ Y
20© Ravi Sandhu 1997
RRA97 - Definitions
Encapsulated Authority Range: The authority range (x, y) is said to be
encapsulated if r1 (x, y) and r2 (x, y)
– r2 > r1 r2 > y – r2 < r1 x < r2
21© Ravi Sandhu 1997
Encapsulated Range (x, y)
x
y
r1 r2r3
x’
y‘
r4
22© Ravi Sandhu 1997
Non-encapsulated Range (x, y)
x
y
r1 r2r3
x’
y‘
r4
23© Ravi Sandhu 1997
RRA97 - Definitions
Set of Authority Ranges: {x, y : roles | (x, y) is an authority range}
Immediate Authority Range of role r: The authority range (x, y) is immediate
authority range of role r (x, y) if (x’, y’) set of AR | (x’, y’) (x, y) r (x’, y’)
24© Ravi Sandhu 1997
RRA97 - Definitions
Create Range: The range (x, y) is a create range if
(a) ARimmediate(x) = ARimmediate(y) (b) x = End point of ARimmediate(y) (c) y = End point of ARimmediate(x)
Immediate Senior roles: r1 > immediate r2 if
r’ roles r’ > r2 ( r’ r1)
25© Ravi Sandhu 1997
Create Range
x
y
r1 r2r3
x’
y‘
r4
A
B
26© Ravi Sandhu 1997
RRA97 - Definitions
Immediate Junior Roles: r1 < immediate r2
r’ roles r’ > r1 ( r’ < r2)
Inactive Roles: A user associated to it cannot use it. Inheritance of permissions is not
affected. Permissions and users can be revoked.
27© Ravi Sandhu 1997
INSERT ROLE
Role is inserted one at a time. Roles can be inserted only in create
range. Create-role(r, (x, y)) inserts a role r in
create range (x, y) such that it is junior to y and senior to x.
28© Ravi Sandhu 1997
Example: Create-role(r, (r1, r2))
x
y
rr1 r2
29© Ravi Sandhu 1997
DELETE ROLE
Roles referred in can-assign,can-revoke and can-modify cannot be deleted.
Roles can be deleted only if they are empty.
30© Ravi Sandhu 1997
DELETE ROLE (Continued)
RELAXATIONS: Roles referred in can-assign,can-
revoke and can-modify can be made inactive.
Role is deleted only after its permissions are assigned to immediate senior and users to immediate junior roles.
31© Ravi Sandhu 1997
INSERTION OF AN EDGE
Implied edges are not considered. Inserted only between incomparable
roles (No Cycles) Inserted one at a time. The edge AB is inserted if
(a) ARimmediate(A) = ARimmediate(B) and (b) For a junior authority range (x, y):
(A = y B > x) or (B = x A < y) must ensure encapsulation of (x, y).
32© Ravi Sandhu 1997
DELETION OF AN EDGE Deleted one at a time. Implied edges are no considered. The edges in transitive reduction are
candidates for deletion. Edges connecting the end points of
an authority range cannot be deleted. When edges AB is deleted then
necessary edges must be inserted to preserve implications.
33© Ravi Sandhu 1997
System Calls
To create a role in create range Y create-role(r, Y) To delete a role r delete-role(r) To add edge AB add-edge(A, B) To delete an edge AB delete-edge(A,
B) To inactivate a role r inactivate-role
(r) To activate a role r Activate-role (r)
34© Ravi Sandhu 1997
Strong Deletions
Strong deletion of role. Strong deletion of an edge.
top related