role-based access control (rbac) › cs6393_s16 › l3.pdf · rbac: role-based access control −...
TRANSCRIPT
![Page 1: Role-Based Access Control (RBAC) › cs6393_s16 › L3.pdf · RBAC: Role-Based Access Control − Access is determined by roles − A user’s roles are assigned by security administrators](https://reader034.vdocuments.net/reader034/viewer/2022052613/5f243e5ca46bf617950bb0dd/html5/thumbnails/1.jpg)
1
Role-Based Access Control(RBAC)
Prof. Ravi SandhuExecutive Director and Endowed Chair
January 29, 2016
© Ravi Sandhu World-Leading Research with Real-World Impact!
CS 6393 Lecture 3
![Page 2: Role-Based Access Control (RBAC) › cs6393_s16 › L3.pdf · RBAC: Role-Based Access Control − Access is determined by roles − A user’s roles are assigned by security administrators](https://reader034.vdocuments.net/reader034/viewer/2022052613/5f243e5ca46bf617950bb0dd/html5/thumbnails/2.jpg)
© Ravi Sandhu 2World-Leading Research with Real-World Impact!
Access Control
Discretionary Access Control (DAC), 1970
Mandatory Access Control (MAC), 1970
Role Based Access Control (RBAC), 1995
Attribute Based Access Control (ABAC), ????
Fixedpolicy
Flexiblepolicy
![Page 3: Role-Based Access Control (RBAC) › cs6393_s16 › L3.pdf · RBAC: Role-Based Access Control − Access is determined by roles − A user’s roles are assigned by security administrators](https://reader034.vdocuments.net/reader034/viewer/2022052613/5f243e5ca46bf617950bb0dd/html5/thumbnails/3.jpg)
The RBAC Story
© Ravi Sandhu 3
2nd expansion phase1st expansion phase
1995 2000 2005 2008
Amount ofPublications
Year of Publication
28 30 30 35 40 48 53 88 85 88 112 103 111 866∑
1992
3 2 7 3
80
60
40
20
0
Pre-RBAC Early RBAC
100
RBAC96paper
ProposedStandard
StandardAdopted
World-Leading Research with Real-World Impact!
![Page 4: Role-Based Access Control (RBAC) › cs6393_s16 › L3.pdf · RBAC: Role-Based Access Control − Access is determined by roles − A user’s roles are assigned by security administrators](https://reader034.vdocuments.net/reader034/viewer/2022052613/5f243e5ca46bf617950bb0dd/html5/thumbnails/4.jpg)
© Ravi Sandhu 4World-Leading Research with Real-World Impact!
RBAC: Role-Based Access Control
− Access is determined by roles− A user’s roles are assigned by security
administrators− A role’s permissions are assigned by security
administrators
First emerged: mid 1970sFirst models: mid 1990s
Is RBAC MAC or DAC or neither?
− RBAC can be configured to do MAC− RBAC can be configured to do DAC− RBAC is policy neutral
RBAC is neither MAC nor DAC!
![Page 5: Role-Based Access Control (RBAC) › cs6393_s16 › L3.pdf · RBAC: Role-Based Access Control − Access is determined by roles − A user’s roles are assigned by security administrators](https://reader034.vdocuments.net/reader034/viewer/2022052613/5f243e5ca46bf617950bb0dd/html5/thumbnails/5.jpg)
RBAC96 Model Family
ROLES
USER-ROLEASSIGNMENT
PERMISSIONS-ROLEASSIGNMENT
USERS PERMISSIONS
... SESSIONS
ROLE HIERARCHIES
CONSTRAINTS
© Ravi Sandhu 5
P model
World-Leading Research with Real-World Impact!
![Page 6: Role-Based Access Control (RBAC) › cs6393_s16 › L3.pdf · RBAC: Role-Based Access Control − Access is determined by roles − A user’s roles are assigned by security administrators](https://reader034.vdocuments.net/reader034/viewer/2022052613/5f243e5ca46bf617950bb0dd/html5/thumbnails/6.jpg)
RBAC96 Model Family
© Ravi Sandhu 6World-Leading Research with Real-World Impact!
RBAC0BASIC RBAC
RBAC3ROLE HIERARCHIES +
CONSTRAINTS
RBAC1ROLE
HIERARCHIESRBAC2
CONSTRAINTS
![Page 7: Role-Based Access Control (RBAC) › cs6393_s16 › L3.pdf · RBAC: Role-Based Access Control − Access is determined by roles − A user’s roles are assigned by security administrators](https://reader034.vdocuments.net/reader034/viewer/2022052613/5f243e5ca46bf617950bb0dd/html5/thumbnails/7.jpg)
RBAC SECURITY PRINCIPLES
− Abstraction of Privileges Credit is different from Debit even though both require read and write
− Separation of Administrative Functions Separation of user-role assignment from role-permission assignment
− Least Privilege Right-size the roles Don’t activate all roles all the time
− Separation of Duty Static separation: purchasing manager versus accounts payable manager Dynamic separation: cash-register clerk versus cash-register manager
© Ravi Sandhu 7World-Leading Research with Real-World Impact!
![Page 8: Role-Based Access Control (RBAC) › cs6393_s16 › L3.pdf · RBAC: Role-Based Access Control − Access is determined by roles − A user’s roles are assigned by security administrators](https://reader034.vdocuments.net/reader034/viewer/2022052613/5f243e5ca46bf617950bb0dd/html5/thumbnails/8.jpg)
ROLES AS POLICY
A role brings together− a collection of users and− a collection of permissions
These collections will vary over time− A role has significance and meaning beyond the particular
users and permissions brought together at any moment
© Ravi Sandhu 8World-Leading Research with Real-World Impact!
![Page 9: Role-Based Access Control (RBAC) › cs6393_s16 › L3.pdf · RBAC: Role-Based Access Control − Access is determined by roles − A user’s roles are assigned by security administrators](https://reader034.vdocuments.net/reader034/viewer/2022052613/5f243e5ca46bf617950bb0dd/html5/thumbnails/9.jpg)
ROLES VERSUS GROUPS
Groups are often defined as− a collection of users
A role is− a collection of users and− a collection of permissions
Some authors define role as − a collection of permissions
Most Operating Systems support groups− BUT do not support selective activation of groups
Selective activation conflicts with negative groups (or roles)
© Ravi Sandhu 9World-Leading Research with Real-World Impact!
![Page 10: Role-Based Access Control (RBAC) › cs6393_s16 › L3.pdf · RBAC: Role-Based Access Control − Access is determined by roles − A user’s roles are assigned by security administrators](https://reader034.vdocuments.net/reader034/viewer/2022052613/5f243e5ca46bf617950bb0dd/html5/thumbnails/10.jpg)
© Ravi Sandhu 10World-Leading Research with Real-World Impact!
HIERARCHICAL ROLES
Health-Care Provider
Physician
Primary-CarePhysician
SpecialistPhysician
![Page 11: Role-Based Access Control (RBAC) › cs6393_s16 › L3.pdf · RBAC: Role-Based Access Control − Access is determined by roles − A user’s roles are assigned by security administrators](https://reader034.vdocuments.net/reader034/viewer/2022052613/5f243e5ca46bf617950bb0dd/html5/thumbnails/11.jpg)
© Ravi Sandhu 11World-Leading Research with Real-World Impact!
HIERARCHICAL ROLES
Engineer
HardwareEngineer
SoftwareEngineer
SupervisingEngineer
![Page 12: Role-Based Access Control (RBAC) › cs6393_s16 › L3.pdf · RBAC: Role-Based Access Control − Access is determined by roles − A user’s roles are assigned by security administrators](https://reader034.vdocuments.net/reader034/viewer/2022052613/5f243e5ca46bf617950bb0dd/html5/thumbnails/12.jpg)
© Ravi Sandhu 12World-Leading Research with Real-World Impact!
PRIVATE ROLES
Engineer
HardwareEngineer
SoftwareEngineer
SupervisingEngineer
HardwareEngineer’
SoftwareEngineer’
![Page 13: Role-Based Access Control (RBAC) › cs6393_s16 › L3.pdf · RBAC: Role-Based Access Control − Access is determined by roles − A user’s roles are assigned by security administrators](https://reader034.vdocuments.net/reader034/viewer/2022052613/5f243e5ca46bf617950bb0dd/html5/thumbnails/13.jpg)
© Ravi Sandhu 13World-Leading Research with Real-World Impact!
EXAMPLE ROLE HIERARCHY
Employee (E)
Engineering Department (ED)
Project Lead 1(PL1)
Engineer 1(E1)
Production 1(P1)
Quality 1(Q1)
Director (DIR)
Project Lead 2(PL2)
Engineer 2(E2)
Production 2(P2)
Quality 2(Q2)
PROJECT 2PROJECT 1
![Page 14: Role-Based Access Control (RBAC) › cs6393_s16 › L3.pdf · RBAC: Role-Based Access Control − Access is determined by roles − A user’s roles are assigned by security administrators](https://reader034.vdocuments.net/reader034/viewer/2022052613/5f243e5ca46bf617950bb0dd/html5/thumbnails/14.jpg)
© Ravi Sandhu 14World-Leading Research with Real-World Impact!
EXAMPLE ROLE HIERARCHY
Employee (E)
Engineering Department (ED)
Project Lead 1(PL1)
Engineer 1(E1)
Production 1(P1)
Quality 1(Q1)
Project Lead 2(PL2)
Engineer 2(E2)
Production 2(P2)
Quality 2(Q2)
PROJECT 2PROJECT 1
![Page 15: Role-Based Access Control (RBAC) › cs6393_s16 › L3.pdf · RBAC: Role-Based Access Control − Access is determined by roles − A user’s roles are assigned by security administrators](https://reader034.vdocuments.net/reader034/viewer/2022052613/5f243e5ca46bf617950bb0dd/html5/thumbnails/15.jpg)
© Ravi Sandhu 15World-Leading Research with Real-World Impact!
EXAMPLE ROLE HIERARCHY
Project Lead 1(PL1)
Engineer 1(E1)
Production 1(P1)
Quality 1(Q1)
Director (DIR)
Project Lead 2(PL2)
Engineer 2(E2)
Production 2(P2)
Quality 2(Q2)
PROJECT 2PROJECT 1
![Page 16: Role-Based Access Control (RBAC) › cs6393_s16 › L3.pdf · RBAC: Role-Based Access Control − Access is determined by roles − A user’s roles are assigned by security administrators](https://reader034.vdocuments.net/reader034/viewer/2022052613/5f243e5ca46bf617950bb0dd/html5/thumbnails/16.jpg)
© Ravi Sandhu 16World-Leading Research with Real-World Impact!
EXAMPLE ROLE HIERARCHY
Project Lead 1(PL1)
Engineer 1(E1)
Production 1(P1)
Quality 1(Q1)
Project Lead 2(PL2)
Engineer 2(E2)
Production 2(P2)
Quality 2(Q2)
PROJECT 2PROJECT 1
![Page 17: Role-Based Access Control (RBAC) › cs6393_s16 › L3.pdf · RBAC: Role-Based Access Control − Access is determined by roles − A user’s roles are assigned by security administrators](https://reader034.vdocuments.net/reader034/viewer/2022052613/5f243e5ca46bf617950bb0dd/html5/thumbnails/17.jpg)
CONSTRAINTS
Mutually Exclusive Roles− Static Exclusion: The same individual can never hold both roles− Dynamic Exclusion: The same individual can never hold both roles in the
same context Mutually Exclusive Permissions
− Static Exclusion: The same role should never be assigned both permissions
− Dynamic Exclusion: The same role can never hold both permissions in the same context
Cardinality Constraints on User-Role Assignment− At most k users can belong to the role− At least k users must belong to the role− Exactly k users must belong to the role
Cardinality Constraints on Permissions-Role Assignment− At most k roles can get the permission− At least k roles must get the permission− Exactly k roles must get the permission
© Ravi Sandhu 17World-Leading Research with Real-World Impact!
![Page 18: Role-Based Access Control (RBAC) › cs6393_s16 › L3.pdf · RBAC: Role-Based Access Control − Access is determined by roles − A user’s roles are assigned by security administrators](https://reader034.vdocuments.net/reader034/viewer/2022052613/5f243e5ca46bf617950bb0dd/html5/thumbnails/18.jpg)
© Ravi Sandhu 18World-Leading Research with Real-World Impact!
NIST MODEL: CORE RBAC
![Page 19: Role-Based Access Control (RBAC) › cs6393_s16 › L3.pdf · RBAC: Role-Based Access Control − Access is determined by roles − A user’s roles are assigned by security administrators](https://reader034.vdocuments.net/reader034/viewer/2022052613/5f243e5ca46bf617950bb0dd/html5/thumbnails/19.jpg)
© Ravi Sandhu 19World-Leading Research with Real-World Impact!
NIST MODEL: HIERARCHICAL RBAC
![Page 20: Role-Based Access Control (RBAC) › cs6393_s16 › L3.pdf · RBAC: Role-Based Access Control − Access is determined by roles − A user’s roles are assigned by security administrators](https://reader034.vdocuments.net/reader034/viewer/2022052613/5f243e5ca46bf617950bb0dd/html5/thumbnails/20.jpg)
© Ravi Sandhu 20World-Leading Research with Real-World Impact!
SSD IN HIERARCHICAL RBAC
![Page 21: Role-Based Access Control (RBAC) › cs6393_s16 › L3.pdf · RBAC: Role-Based Access Control − Access is determined by roles − A user’s roles are assigned by security administrators](https://reader034.vdocuments.net/reader034/viewer/2022052613/5f243e5ca46bf617950bb0dd/html5/thumbnails/21.jpg)
© Ravi Sandhu 21World-Leading Research with Real-World Impact!
DSD IN HIERARCHICAL RBAC
![Page 22: Role-Based Access Control (RBAC) › cs6393_s16 › L3.pdf · RBAC: Role-Based Access Control − Access is determined by roles − A user’s roles are assigned by security administrators](https://reader034.vdocuments.net/reader034/viewer/2022052613/5f243e5ca46bf617950bb0dd/html5/thumbnails/22.jpg)
© Ravi Sandhu 22World-Leading Research with Real-World Impact!
NIST MODEL FAMILY
![Page 23: Role-Based Access Control (RBAC) › cs6393_s16 › L3.pdf · RBAC: Role-Based Access Control − Access is determined by roles − A user’s roles are assigned by security administrators](https://reader034.vdocuments.net/reader034/viewer/2022052613/5f243e5ca46bf617950bb0dd/html5/thumbnails/23.jpg)
Compare RBAC96 Model Family
© Ravi Sandhu 23World-Leading Research with Real-World Impact!
RBAC0BASIC RBAC
RBAC3ROLE HIERARCHIES +
CONSTRAINTS
RBAC1ROLE
HIERARCHIESRBAC2
CONSTRAINTS
![Page 24: Role-Based Access Control (RBAC) › cs6393_s16 › L3.pdf · RBAC: Role-Based Access Control − Access is determined by roles − A user’s roles are assigned by security administrators](https://reader034.vdocuments.net/reader034/viewer/2022052613/5f243e5ca46bf617950bb0dd/html5/thumbnails/24.jpg)
© Ravi Sandhu 24World-Leading Research with Real-World Impact!
OM-AM
What?
How?
Assurance
Model
Architecture
Mechanism
Objectives
![Page 25: Role-Based Access Control (RBAC) › cs6393_s16 › L3.pdf · RBAC: Role-Based Access Control − Access is determined by roles − A user’s roles are assigned by security administrators](https://reader034.vdocuments.net/reader034/viewer/2022052613/5f243e5ca46bf617950bb0dd/html5/thumbnails/25.jpg)
© Ravi Sandhu 25World-Leading Research with Real-World Impact!
PEI Models
Idealized
Enforceable(Approximate)
Codeable
![Page 26: Role-Based Access Control (RBAC) › cs6393_s16 › L3.pdf · RBAC: Role-Based Access Control − Access is determined by roles − A user’s roles are assigned by security administrators](https://reader034.vdocuments.net/reader034/viewer/2022052613/5f243e5ca46bf617950bb0dd/html5/thumbnails/26.jpg)
RBAC: SERVER PULL
© Ravi Sandhu 26
E model
Client Server
User-roleAuthorization
Server
World-Leading Research with Real-World Impact!
![Page 27: Role-Based Access Control (RBAC) › cs6393_s16 › L3.pdf · RBAC: Role-Based Access Control − Access is determined by roles − A user’s roles are assigned by security administrators](https://reader034.vdocuments.net/reader034/viewer/2022052613/5f243e5ca46bf617950bb0dd/html5/thumbnails/27.jpg)
RBAC: CLIENT PULL
© Ravi Sandhu 27
E model
Client Server
User-roleAuthorization
Server
World-Leading Research with Real-World Impact!
![Page 28: Role-Based Access Control (RBAC) › cs6393_s16 › L3.pdf · RBAC: Role-Based Access Control − Access is determined by roles − A user’s roles are assigned by security administrators](https://reader034.vdocuments.net/reader034/viewer/2022052613/5f243e5ca46bf617950bb0dd/html5/thumbnails/28.jpg)
RBAC: PROXY-BASED
© Ravi Sandhu 28
E model
Client ServerProxyServer
User-roleAuthorization
Server
World-Leading Research with Real-World Impact!
![Page 29: Role-Based Access Control (RBAC) › cs6393_s16 › L3.pdf · RBAC: Role-Based Access Control − Access is determined by roles − A user’s roles are assigned by security administrators](https://reader034.vdocuments.net/reader034/viewer/2022052613/5f243e5ca46bf617950bb0dd/html5/thumbnails/29.jpg)
29
Discuss highlights of reference papers
© Ravi Sandhu World-Leading Research with Real-World Impact!