1 Role-Based Access Control Standard ANSI INCITS 359-2004 James Joshi, Associate Professor...
-
Upload
arabella-snow -
Category
Documents
-
view
218 -
download
2
Transcript of 1 Role-Based Access Control Standard ANSI INCITS 359-2004 James Joshi, Associate Professor...
![Page 1: 1 Role-Based Access Control Standard ANSI INCITS 359-2004 James Joshi, Associate Professor University of Pittsburgh.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d8b5503460f94a72faf/html5/thumbnails/1.jpg)
1
Role-Based Access ControlStandard
ANSI INCITS 359-2004
James Joshi, Associate Professor
University of Pittsburgh
![Page 2: 1 Role-Based Access Control Standard ANSI INCITS 359-2004 James Joshi, Associate Professor University of Pittsburgh.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d8b5503460f94a72faf/html5/thumbnails/2.jpg)
Access Control Access Control refers to
Ensuring principals are allowed or denied privileges to access resources
Basic Access Control Matrix model
Subjects: Active entities (rows) E.g., user processes
Objects: Passive entities (columns) E.g., files
Rights: refers to access mode entries in each matrix cell representing what
action a subject can perform on the corresponding object
2
Confidentiality
Authorized to read
IntegrityAuthorized to modify
![Page 3: 1 Role-Based Access Control Standard ANSI INCITS 359-2004 James Joshi, Associate Professor University of Pittsburgh.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d8b5503460f94a72faf/html5/thumbnails/3.jpg)
Access Control Matrix
3
s3 r
s1
f1 f2 f3 f4 f5 f6
s2
s3
o, r, w
o, r, w
o, r, w o, r, w
o, r, w
o, r, w
r
r
r r
w
f1
f2
f3
f4
f6
s2
s1 o, r, w s2 r
s1 o, r, w s3 r
s3 o, r, w
f5 s2 o, r, w s3 r s1 w
s3 o, r, w
f5 w s1 f2 o, r, w f3 o, r, w
f2 r s2 f1 o, r, w f5 o, r, w
f3 r s3 f4 o, r, wf2 r
f5 r f6 o, r, w
o: ownr: readw:write
Access Matrix
Access Control ListCapabilities
o, r, w
![Page 4: 1 Role-Based Access Control Standard ANSI INCITS 359-2004 James Joshi, Associate Professor University of Pittsburgh.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d8b5503460f94a72faf/html5/thumbnails/4.jpg)
Access Control Models Several models exist
Discretionary Access Control (DAC) Model Users can give rights to other users
Mandatory Access Control (MAC) model System enforces mandatory rules
Some modelsBell LaPadula model Biba model of integrityClark-wilson model Chinese wall model
DAC is too flexible and MAC is often too restrictive
Researchers have looked for more flexible and more expressive models
RBAC has been considered a better 4
![Page 5: 1 Role-Based Access Control Standard ANSI INCITS 359-2004 James Joshi, Associate Professor University of Pittsburgh.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d8b5503460f94a72faf/html5/thumbnails/5.jpg)
5
Access control in organizations is based on “roles that individual users take on as part of the organization”
Access depends on function, not identity
Example: Allison is bookkeeper for Math Dept. She has access to financial records. She leaves and Betty is hired as bookkeeper The role of “bookkeeper” dictates access, not the identity of the individual.
A role is “is a collection of permissions”
RBAC: Role Based Access Control
BK
A
Accessprivileges
B
![Page 6: 1 Role-Based Access Control Standard ANSI INCITS 359-2004 James Joshi, Associate Professor University of Pittsburgh.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d8b5503460f94a72faf/html5/thumbnails/6.jpg)
6
RBAC – two key advantages
u1
u2
un
o1
o2
om
u1
u2
un
o1
o2
om
Roler
n + massignments
n massignments
Users Permission Users Permissions
(a) (b)
Total number Of assignments
n + m
Total number Of assignments
n x m
Administrator
Employee
Engineer
SeniorEngineer
SeniorAdministrator
Manager
Role hierarchy
![Page 7: 1 Role-Based Access Control Standard ANSI INCITS 359-2004 James Joshi, Associate Professor University of Pittsburgh.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d8b5503460f94a72faf/html5/thumbnails/7.jpg)
7
RBAC standard Standards efforts
Annual ACM RBAC Workshop – in 1990s NIST Standard proposed in 2001 (TISSEC) XACML Profile for RBAC ANSI INCITS 359-2004 RBAC standard in
2004 The ANSI standard consists of two parts
Reference Model System and Administrative Functional
Specification
![Page 8: 1 Role-Based Access Control Standard ANSI INCITS 359-2004 James Joshi, Associate Professor University of Pittsburgh.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d8b5503460f94a72faf/html5/thumbnails/8.jpg)
8
ANSI RBAC standard – Reference Model
Reference Model Basic elements of the model
Users, Roles, Permissions, Relationships
Four model components Core RBAC Hierarchical RBAC Static Separation of Duty RBAC Dynamic Separation of Duty RBAC
![Page 9: 1 Role-Based Access Control Standard ANSI INCITS 359-2004 James Joshi, Associate Professor University of Pittsburgh.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d8b5503460f94a72faf/html5/thumbnails/9.jpg)
9
Permissions
Core RBAC
Users Roles Operations Objects
Sessions
UA
user_sessions(one-to-many)
role_sessions(many-to-many)
PA
![Page 10: 1 Role-Based Access Control Standard ANSI INCITS 359-2004 James Joshi, Associate Professor University of Pittsburgh.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d8b5503460f94a72faf/html5/thumbnails/10.jpg)
10
Core RBAC (relations) Permissions = 2Operations x
Objects
UA ⊆ Users x Roles
PA ⊆ Permissions x Roles
assigned_users: Roles 2Users
assigned_permissions: Roles 2Permissions
Op(p): set of operations associated with permission p
Ob(p): set of objects associated with permission p
user_sessions: Users 2Sessions
session_user: Sessions Users
session_roles: Sessions 2Roles
session_roles(s) = {r | (session_user(s), r) UA)}
avail_session_perms: Sessions 2Permissions
![Page 11: 1 Role-Based Access Control Standard ANSI INCITS 359-2004 James Joshi, Associate Professor University of Pittsburgh.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d8b5503460f94a72faf/html5/thumbnails/11.jpg)
11
Permissions
Hierarchical RBAC
Users Roles Operations Objects
Sessions
UA
user_sessions(one-to-many)
role_sessions(many-to-many)
PA
RH(role hierarchy)
![Page 12: 1 Role-Based Access Control Standard ANSI INCITS 359-2004 James Joshi, Associate Professor University of Pittsburgh.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d8b5503460f94a72faf/html5/thumbnails/12.jpg)
12
Role Hierarchy
General Role Hierarchy Inheritance from multiple roles
allowed Limited Role hierarchy
No multiple inheritances Single immediate descendant
![Page 13: 1 Role-Based Access Control Standard ANSI INCITS 359-2004 James Joshi, Associate Professor University of Pittsburgh.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d8b5503460f94a72faf/html5/thumbnails/13.jpg)
13
General Role Hierarchy A role can inherit from multiple roles
RH ⊆ Roles x Roles is a partial order called the inheritance relation written as ≥.
(r1 ≥ r2) authorized_users(r1) ⊆ authorized_users(r2) &
authorized_permisssions(r2) ⊆ authorized_permisssions(r1)
authorized_users: Roles 2Users
authorized_users(r) = {u | r’ ≥ r &(r’, u) UA}
authorized_permissions: Roles 2Permissions
authorized_permissions(r) = {p | r ≥ r’ &(p, r’) PA}
![Page 14: 1 Role-Based Access Control Standard ANSI INCITS 359-2004 James Joshi, Associate Professor University of Pittsburgh.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d8b5503460f94a72faf/html5/thumbnails/14.jpg)
14
Limited Role Hierarchy Imposes restriction on the immediate
descendents of the general role hierarchy
That is, Limited role hierarchy is a General role hierarchy with the following limitation
r, r1, r2 , r2 Roles, r ≥ r1 r ≥ r2 r1 r ≥ r2
In Limited Role hierarchy, a role can have only one descendent
![Page 15: 1 Role-Based Access Control Standard ANSI INCITS 359-2004 James Joshi, Associate Professor University of Pittsburgh.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d8b5503460f94a72faf/html5/thumbnails/15.jpg)
15
Example
Administrator
Employee
Engineer
SeniorEngineer
SeniorAdministrator
Manager
px, py
p1, p2
pa, pb
e1, e2
e3, e4
e5
e6, e7
e8, e9
e10
pm, pn
po
pp
authorized_users(Employee)?authorized_users(Administrator)?authorized_permissions(Employee)? authorized_permissions(Administrator)?
authorized_users(Employee)?authorized_users(Administrator)?authorized_permissions(Employee)? authorized_permissions(Administrator)?
![Page 16: 1 Role-Based Access Control Standard ANSI INCITS 359-2004 James Joshi, Associate Professor University of Pittsburgh.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d8b5503460f94a72faf/html5/thumbnails/16.jpg)
16
Constrained RBAC:SSD RBAC & DSD RBAC
Permissions
Users Roles Operations Objects
Sessions
UA
user_sessions(one-to-many)
PA
RH(role hierarchy)Static
Separation of Duty
DynamicSeparation
of Duty
![Page 17: 1 Role-Based Access Control Standard ANSI INCITS 359-2004 James Joshi, Associate Professor University of Pittsburgh.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d8b5503460f94a72faf/html5/thumbnails/17.jpg)
17
Separation of Duty
SoD Security principle Widely recognized Captures conflict of interest policies
to restrict authority of a single authority
Prevent Fraud
Example, A single person should not be allowed
to “approve a check” & “cash it”
![Page 18: 1 Role-Based Access Control Standard ANSI INCITS 359-2004 James Joshi, Associate Professor University of Pittsburgh.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d8b5503460f94a72faf/html5/thumbnails/18.jpg)
18
Static Separation of Duty
SSD ⊆2Roles x N In absence of hierarchy
Collection of pairs (RS, n) where RS is a role set, n ≥ 2for all (RS, n) SSD, for all t ⊆RS:
|t| ≥ n ∩rt assigned_users(r)=
Example Assume u1, u2, u3 are assigned to r1 Assume u2, u4 are assigned to r2 Is ({r1, r2}, 2) SSD valid?
Example: ({r1, r2}, 2) SSD
![Page 19: 1 Role-Based Access Control Standard ANSI INCITS 359-2004 James Joshi, Associate Professor University of Pittsburgh.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d8b5503460f94a72faf/html5/thumbnails/19.jpg)
19
Static Separation of Duty
SSD ⊆2Roles x N In presence of hierarchy
Collection of pairs (RS, n) where RS is a role set, n ≥ 2;
for all (RS, n) SSD, for all t ⊆RS: |t| ≥ n ∩rt authorized_uers(r)=
Example Assume u1, u2, u3 are assigned to r1 Assume u4 are assigned to r2 Is ({r1, r2}, 2) DSD valid? What if u2 is assigned to r3 and r3 ≥ r2
Example: ({r1, r2, r3}, 2) SSD
![Page 20: 1 Role-Based Access Control Standard ANSI INCITS 359-2004 James Joshi, Associate Professor University of Pittsburgh.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d8b5503460f94a72faf/html5/thumbnails/20.jpg)
20
Dynamic Separation of Duty DSD ⊆2Roles x N
Collection of pairs (RS, n) where RS is a role set, n ≥ 2;
A user cannot activate n or more roles from RS What is the difference between SSD or DSD
containing:(RS, n)?
Consider (RS, n) = ({r1, r2, r3}, 2)? If SSD – can r1, r2 and r3 be assigned to u? If DSD – can r1, r2 and r3 be assigned to u?
![Page 21: 1 Role-Based Access Control Standard ANSI INCITS 359-2004 James Joshi, Associate Professor University of Pittsburgh.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d8b5503460f94a72faf/html5/thumbnails/21.jpg)
21
ANSI RBAC standard – Functional specification
Administrative operations Creation and maintenance of sets and
relations Administrative review functions
To perform administrative queries System level functionality
Creating and managing RBAC attributes on user sessions and making access decisions
![Page 22: 1 Role-Based Access Control Standard ANSI INCITS 359-2004 James Joshi, Associate Professor University of Pittsburgh.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d8b5503460f94a72faf/html5/thumbnails/22.jpg)
22
Functional components for CORE RBAC Administrative commands
AddUser Delete User AddRole Delete Role GrantPermissions RevokePermissions AssignUser DeassignUser CreateSession DeleteSession AddActiveRole DropActiveRole
Supporting System functins CreateSession, DeleteSession, AddActiveRole,
DropActive Role, CheckAccess
![Page 23: 1 Role-Based Access Control Standard ANSI INCITS 359-2004 James Joshi, Associate Professor University of Pittsburgh.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d8b5503460f94a72faf/html5/thumbnails/23.jpg)
23
Functional components for CORE RBAC Review functions
AssignedUSers AssignedRoles RolePermissions UserPermissions SessionRoles SessionPermissions RoleOperationsOnObject UserOperationOnObject
For other RBAC Extended/redefined set with regards to
inheritance Extended/redefined with regards to
SSD/DSD
![Page 24: 1 Role-Based Access Control Standard ANSI INCITS 359-2004 James Joshi, Associate Professor University of Pittsburgh.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d8b5503460f94a72faf/html5/thumbnails/24.jpg)
24
Functional Specification Package
Methodology for Creating functional packages
CoreRBAC
Hierarchical RBAC
(a) General
(b) Limited
DSD Relations
SSD Relations(a) w/Hierachy(b)wo/Hierarchy
![Page 25: 1 Role-Based Access Control Standard ANSI INCITS 359-2004 James Joshi, Associate Professor University of Pittsburgh.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d8b5503460f94a72faf/html5/thumbnails/25.jpg)
25
Advantages of RBAC Allows Efficient Security Management
Administrative roles, Role hierarchy Principle of least privilege allows
minimizing damage Separation of Duty constraints to
prevent fraud Allows grouping of objects / users Policy-neutral - Provides generality Encompasses DAC and MAC policies
![Page 26: 1 Role-Based Access Control Standard ANSI INCITS 359-2004 James Joshi, Associate Professor University of Pittsburgh.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d8b5503460f94a72faf/html5/thumbnails/26.jpg)
26
RBAC’s Economic Benefits
![Page 27: 1 Role-Based Access Control Standard ANSI INCITS 359-2004 James Joshi, Associate Professor University of Pittsburgh.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d8b5503460f94a72faf/html5/thumbnails/27.jpg)
27
Cost Benefits
Saves about 7.01 minutes per employee, per year in administrative functions Assume Average IT admin salary -
$59.27 per hour The annual cost saving is:
$6,924/1000; $692,471/100,000
![Page 28: 1 Role-Based Access Control Standard ANSI INCITS 359-2004 James Joshi, Associate Professor University of Pittsburgh.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d8b5503460f94a72faf/html5/thumbnails/28.jpg)
28
Quantified Economic Benefits
NIST did an economic benefit survey analysis in 2009 More efficient provisioning by network
and systems administrators, Reduced employee downtime from
more efficient provisioning, and More efficient access control policy
maintenance and certification
![Page 29: 1 Role-Based Access Control Standard ANSI INCITS 359-2004 James Joshi, Associate Professor University of Pittsburgh.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d8b5503460f94a72faf/html5/thumbnails/29.jpg)
29
Quantified Economic Benefits Quantified economic benefits of RBAC for
adopting firms, per employee
From NIST Report: 2010 Economic Analysis of Role-Based Access Control
![Page 30: 1 Role-Based Access Control Standard ANSI INCITS 359-2004 James Joshi, Associate Professor University of Pittsburgh.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d8b5503460f94a72faf/html5/thumbnails/30.jpg)
30
RBAC Extensions Several Extensions have been made to
make RBAC applicable to different application scenarios TRBAC/GTRBAC (time based RBAC0 LoT/Geo RBAC (Location based) GeoSocial RBAC Privacy aware RBAC Etc.
![Page 31: 1 Role-Based Access Control Standard ANSI INCITS 359-2004 James Joshi, Associate Professor University of Pittsburgh.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d8b5503460f94a72faf/html5/thumbnails/31.jpg)
31
Summary
Overview of ANSI RBAC standard Four component models Functional Specification Advantages and Economic benefits