Tải bản đầy đủ

Lecture Chapter 4: Access Control Role-based models RBAC

hapter 4
Access Control 
Role­based models
RBAC


Agenda
Role­based models
Administrative role­based access control model

https://books.google.com.vn/books?
id=_O7xBwAAQBAJ&pg=PA171&lpg=PA171
&dq=Open/close+policy+in+database+security
&source=bl&ots=4cH6efHzHp&sig=eO6djffm
piyvB0L6hmWAbPPeZow&hl=vi&sa=X&ei=­
F2PVb­
YOcaJuATyvIHQAw&redir_esc=y#v=onepage
&q&f=false


Role­based models

Many organizations base access control decisions on “the roles that 
individual users take on as part of the organization”.
They prefer to centrally control and maintain access rights that reflect 
the organization’s protection guidelines.
With RBAC, role­permission relationships can be predefined, which 
makes it simple to assign users to the predefined roles. 
The combination of users and permissions tend to change over time, 
the permissions associated with a role are more stable.
RBAC concept supports three well­known security principles:


Least privilege



Separation of duties



Data abstraction


Role Based Access Control 
(RBAC)
Access control in 
organizations is 
based on “roles 
that individual 
users take on as 
part of the 
organization”
A role is “is a 
collection of 
permissions”

Roles Hierarchies

Users

User Role


Assignment

Roles

Constraints

Role Permission
Assignment

Permissions


Role Based Access Control 
(RBAC)


RBAC
Access depends on role/function, not 
identity


Example: Allison is bookkeeper for Math 
Dept. She has access to financial records. If she 
leaves and Betty is hired as the new 
bookkeeper, Betty now has access to those 
records. The role of “bookkeeper” dictates 
access, not the identity of the individual.


RBAC
Users

Permission

Users

Permissions

u1

o1

u1

o1

o2

u2

o2

om

un

om

Manager

Senior
Administrator

Senior
Engineer

Administrator

Engineer

Employee

u2

Role
r

un

n + m
assignments

n m
assignments

(a)

(b)


RBAC (cont’d)
Is RBAC a discretionary or mandatory access control?
– RBAC is policy neutral; however individual RBAC configurations 
can support a mandatory policy, while others can support a 
discretionary policy.
Role Hierarcies
Role Administration

Project Supervisor

Test engineer

Programmer

Project Member


RBAC (NIST Standard)
PA

UA
Users

Roles

Operations

Objects

Permissions
user_sessions
(one-to-many)

role_sessions
(many-to-many)
Sessions

An important difference from classical models is that
Subject in other models corresponds to a Session in RBAC


Core RBAC (relations)
Permissions = 2Operations x Objects 
UA ⊆ Users x Roles
PA ⊆ Permissions x Roles
assigned_users: Roles   2Users 
assigned_permissions: Roles   2Permissions
Op(p): set of operations associated with permission p
Ob(p): set of objects associated with permission p
user_sessions: Users   2Sessions
session_user: Sessions   Users
session_roles: Sessions   2Roles
– session_roles(s) = {r | (session_user(s), r)   UA)}
avail_session_perms: Sessions   2Permissions


RBAC with General Role Hierarchy
RH
(role hierarchy)

PA

UA
Users

Roles

user_sessions
(one-to-many)
Sessions

Operations

Objects

Permissions
role_sessions
(many-to-many)


RBAC with General Role Hierarchy
authorized_users: Roles  2Users
authorized_users(r) = {u | r’ ≥ r &(r’, u)   UA)

authorized_permissions: Roles  2Permissions
authorized_users(r) = {p | r’ ≥ r &(p, r’)   PA) 

RH    Roles x Roles is a partial order



called the inheritance relation 
written as ≥. 

(r1 ≥ r2)   authorized_users(r1) ⊆ authorized_users(r2) &
authorized_permisssions(r2) ⊆ authorized_permisssions(r1)


Example

px,
e10
py
e8,
px, e9
py

Manager

px,
e5py
Senior
Administrator

pa, pb

Administrator

px, py

e3,
px, e4
py

e1,
px, e2
py

Employee

p1, p2

pp

Senior
Engineer

e6,
px, e7
py

po
Engineer

pm, pn
authorized_users(Employee)?
authorized_users(Administrator)?
authorized_permissions(Employee)?
authorized_permissions(Administrator)?


Constrained RBAC
RH
(role hierarchy)

Static
Separation
of Duty

PA

UA
Users

Roles

Operations

Objects

Permissions
user_sessions
(one-to-many)
Sessions

Dynamic
Separation
of Duty


Separation of Duties
§

 No user should be given enough privileges to misuse 
the system on their own.

§

 Statically: defining the conflicting roles

§

 Dynamically: Enforcing the control at access time


Role vs. Types Data Structures
RBAC




U: set of users
P: set of permissions
R: set of roles

Type Enforcement



E: set of subjects or objects
Permission Assignment

ST: set of subject types
OT: set of object types
O: set of operations


Role vs. Types Data Structures
Users: U
Permissions: P
Roles: R
Assignments: User­role, perm­role, role­
role
Sessions: S
Function: user(S), roles(S)
Constraints: C


RBAC Family of Models
RBAC0 contains all but hierarchies and 
constraints
RBAC1 contains RBAC0 and hierarchies
RBAC2 contains RBAC0 and constraints
RBAC3 contains all
The RBAC family idea has always been more a 
NIST initiative
The RBAC families are present in the NIST 
RBAC standard [NIST2001] with slight 
modifications:


RBAC0, RBAC1 (options), RBAC3 (SSD) , RBAC3 
(DSD)


Advantages of RBAC
Allows Efficient Security Management


Administrative roles, Role hierarchy

Principle of least privilege allows minimizing 
damage
Separation of Duties constraints to prevent fraud
Allows grouping of objects
Policy­neutral ­ Provides generality
Encompasses DAC and MAC policies


RBAC’s Benefits


Cost Benefits
Saves about 7.01 minutes per employee, per year in 
administrative functions



Average IT admin salary ­ $59.27 per hour
The annual cost saving is:  

$6,924/1000; $692,471/100,000

Reduced Employee downtime 




if new transitioning employees receive their system privileges 
faster, their productivity is increased
26.4 hours for non­RBAC; 14.7 hours for RBAC
For average employee wage of $39.29/hour, the annual 
productivity cost savings yielded by an RBAC system: 

$75000/1000; $7.4M/100,000


RBAC Products
SUN Solaris
Sybase SQL Server
BMC INCONTROL for Security Management
Systor Security Administration Manager
Tivoli TME Security Management
Computer Associates Protect IT
Siemens rbacDirX



Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Tải bản đầy đủ ngay

×