Burke (1)

download Burke (1)

of 30

Transcript of Burke (1)

  • 8/13/2019 Burke (1)

    1/30

    Presented by Dustin Burke

  • 8/13/2019 Burke (1)

    2/30

    Senior in Computer Science (4thYear) Specializing in Graphics and Visualization

    Graduating in May, 2008

    Lived in Atlanta area my entire life Travel for roller coasters

  • 8/13/2019 Burke (1)

    3/30

    What are roles and why are they important? Model Elements

    Mappings & Relations

    Static and Dynamic Properties Role Hierarchies

    Implications

  • 8/13/2019 Burke (1)

    4/30

    Role - is an organizational identity thatdefines a set of allowable actions for anauthorized user

    RBAC mechanisms rely on role constructs tomediate a users access to computationalresources

    Role hierarchy overall set of capability

    relationships which can be represented as adirected acyclic graph

  • 8/13/2019 Burke (1)

    5/30

    Properties of this model fall into either astatic or a dynamic category Static deals mainly with constraints on role

    membership

    Dynamic deals with constraints on role activation

  • 8/13/2019 Burke (1)

    6/30

    Userpeople who use the systemSubjectactive entities of the system

    operating within roles on behalf of users

    Rolenamed duties within an organizationOperationset of access modes permittedObjectpassive entities protected from

    unauthorized use

    Permissionset of ordered operation/objectpairs

  • 8/13/2019 Burke (1)

    7/30

  • 8/13/2019 Burke (1)

    8/30

    Ternary relationshipbetween Role,Operation, andObject is broken

    down

    Conforms withprivileges found inpresent dayinformation systems

  • 8/13/2019 Burke (1)

    9/30

    Can represent a broad range of accesscontrols Basic read/write/execute rights on a file

    Administrative rights for OS commands

    Depends on context

  • 8/13/2019 Burke (1)

    10/30

    More specific mappings refine the generalrelationships in the previous diagrams authorized-roles[u]

    Roles authorized for user u

    authorized-permissions[i] Permissions authorized for role i

    active-user[x]

    User u associated with subject x

    active-roles[x] Roles in which a subject x is active

  • 8/13/2019 Burke (1)

    11/30

    Properties of the model that do not involveeither the Subject component or mappingsfrom Subject to other basic components

    Apply early, at role authorization, andthrough role activation

    Very strong

    Include cardinality, separation of duty, and

    operational separation of duty

  • 8/13/2019 Burke (1)

    12/30

    membership-limit[i] Maximum number of users that can be authorized

    to a role

    authorized-members[i] Number of users authorized a given role

  • 8/13/2019 Burke (1)

    13/30

    Responsibilities split to prevent collusion Group of roles are mutually exclusive of one

    another with regard to authorization

    User may only be authorized to one

    A B C D

    Not in SSD Member of SSD

  • 8/13/2019 Burke (1)

    14/30

    Business tasks are composed of multipleoperations

    No single user can be authorized one or moreroles having permissions involved in an SOSD

    User 01010

    A B C

    D not in SOSD not in SOSD

    in SOSD

  • 8/13/2019 Burke (1)

    15/30

    Complement static properties Weaker than static

    Applied at role activation and not checked atauthentication

    Also offers degrees of flexibility

    Often used in conjunction with staticproperties

    Include role activation, cardinality, separationof duty, and operational separation of duty

  • 8/13/2019 Burke (1)

    16/30

    exec: Subject Operation Object True iff subject can perform operation on object

    active-membership-limit[i]

    active-members[i]

    Permitted action subject can perform anoperation on an object iff the subject isacting within an active role authorized that

    permission

  • 8/13/2019 Burke (1)

    17/30

    A subject cannot be active in a role it doesnot have authorization for

    Active roles must be a subset of authorizedroles

    Roles: A, B, C, D, EFor Subject z to have A or B in its active roles, they must firstbe included in its authorized roles

  • 8/13/2019 Burke (1)

    18/30

    Number of users active in a role can neverexceed the dynamic capacity

    More desirable than static because it ismaintained at activation as opposed toauthorization

    For example: a role with capacity of onewould ensure consecutive use of capabilities

  • 8/13/2019 Burke (1)

    19/30

    Very similar to Static Separation of Duty Memory-less property

    Has no history of activation kept for user

    Prevents simultaneous activations by a user but

    does not safeguard against consecutive activation Not appropriate in some environments

    User u requests to be active in A and B while is in DSD; rejectedUser u requests to be active in A; allowedUser u requests to be active in B; allowed

  • 8/13/2019 Burke (1)

    20/30

    Group of permissions may be designated asmutually exclusive with regard to rolesactivated by a subject

    As with DSD, memory-less

  • 8/13/2019 Burke (1)

    21/30

    A role may be defined in terms of one ormore other roles And can include additional characteristics

    Automatically takes on or inherits the collective

    characteristics of roles Containment is recursive

  • 8/13/2019 Burke (1)

    22/30

    Substitution of role instances

  • 8/13/2019 Burke (1)

    23/30

    Include given role plus set of roles containedby that role

    Can also be related to role authorization A user is authorized to perform tasks based on its

    roles as well as its roles roles andits roles roles roles anditsroles roles roles roles and

    Containment is not reflexive but is transitive Role i is not in the subset of i

    If j is a subset of i and k is a subset of j, then j is asubset of i

  • 8/13/2019 Burke (1)

    24/30

    Containing roles accumulate not only thecapabilities of contained roles, butconstraints and separations of dutyrelationships

    Permitted Actions are expanded to includethose privileges associated with effectiveroles

  • 8/13/2019 Burke (1)

    25/30

    Cardinality Inheritance: a containing rolemust be assigned a membership limit lessthan or equal to that of anycontained role

    Role AMax: ?

    B: 15

    C: 7

    D: 25

    Role A would be given acapacity of the minimum of itscontained roles. 7 from C.

  • 8/13/2019 Burke (1)

    26/30

    Separation of duty relationship cannot existbetween roles that have a containmentrelation between them or are contained byanother role in common (common heir)

    A B

    is a member of SSDC

    But since C inherits both Aand B, is no longer amember of SSD

  • 8/13/2019 Burke (1)

    27/30

    If one role contains another role that has anSD relationship with a third role, then thecontaining role also has an SD relationshipwith the third role

    A

    B C

    If is a member of SSD,and A inherits B, then is also a member of SSD

  • 8/13/2019 Burke (1)

    28/30

    Property Static ynamicRole Activation

    Permitted Action

    Cardinality

    Separation of Duty

    Operational Separation of Duty

    Role Hierarchy

    Permitted Action on Modified Hierarchies

    Cardinality Inheritance

    Separation of Duty Hierarchy

    Separation of Duty Inheritance

  • 8/13/2019 Burke (1)

    29/30

    Inheritance Properties of Role Hierarchies W. A. Jansen

    National Institute of Standards and Technology

  • 8/13/2019 Burke (1)

    30/30