Burke (1)
Transcript of Burke (1)
-
8/13/2019 Burke (1)
1/30
Presented by Dustin Burke
-
8/13/2019 Burke (1)
2/30
Senior in Computer Science (4thYear) Specializing in Graphics and Visualization
Graduating in May, 2008
Lived in Atlanta area my entire life Travel for roller coasters
-
8/13/2019 Burke (1)
3/30
What are roles and why are they important? Model Elements
Mappings & Relations
Static and Dynamic Properties Role Hierarchies
Implications
-
8/13/2019 Burke (1)
4/30
Role - is an organizational identity thatdefines a set of allowable actions for anauthorized user
RBAC mechanisms rely on role constructs tomediate a users access to computationalresources
Role hierarchy overall set of capability
relationships which can be represented as adirected acyclic graph
-
8/13/2019 Burke (1)
5/30
Properties of this model fall into either astatic or a dynamic category Static deals mainly with constraints on role
membership
Dynamic deals with constraints on role activation
-
8/13/2019 Burke (1)
6/30
Userpeople who use the systemSubjectactive entities of the system
operating within roles on behalf of users
Rolenamed duties within an organizationOperationset of access modes permittedObjectpassive entities protected from
unauthorized use
Permissionset of ordered operation/objectpairs
-
8/13/2019 Burke (1)
7/30
-
8/13/2019 Burke (1)
8/30
Ternary relationshipbetween Role,Operation, andObject is broken
down
Conforms withprivileges found inpresent dayinformation systems
-
8/13/2019 Burke (1)
9/30
Can represent a broad range of accesscontrols Basic read/write/execute rights on a file
Administrative rights for OS commands
Depends on context
-
8/13/2019 Burke (1)
10/30
More specific mappings refine the generalrelationships in the previous diagrams authorized-roles[u]
Roles authorized for user u
authorized-permissions[i] Permissions authorized for role i
active-user[x]
User u associated with subject x
active-roles[x] Roles in which a subject x is active
-
8/13/2019 Burke (1)
11/30
Properties of the model that do not involveeither the Subject component or mappingsfrom Subject to other basic components
Apply early, at role authorization, andthrough role activation
Very strong
Include cardinality, separation of duty, and
operational separation of duty
-
8/13/2019 Burke (1)
12/30
membership-limit[i] Maximum number of users that can be authorized
to a role
authorized-members[i] Number of users authorized a given role
-
8/13/2019 Burke (1)
13/30
Responsibilities split to prevent collusion Group of roles are mutually exclusive of one
another with regard to authorization
User may only be authorized to one
A B C D
Not in SSD Member of SSD
-
8/13/2019 Burke (1)
14/30
Business tasks are composed of multipleoperations
No single user can be authorized one or moreroles having permissions involved in an SOSD
User 01010
A B C
D not in SOSD not in SOSD
in SOSD
-
8/13/2019 Burke (1)
15/30
Complement static properties Weaker than static
Applied at role activation and not checked atauthentication
Also offers degrees of flexibility
Often used in conjunction with staticproperties
Include role activation, cardinality, separationof duty, and operational separation of duty
-
8/13/2019 Burke (1)
16/30
exec: Subject Operation Object True iff subject can perform operation on object
active-membership-limit[i]
active-members[i]
Permitted action subject can perform anoperation on an object iff the subject isacting within an active role authorized that
permission
-
8/13/2019 Burke (1)
17/30
A subject cannot be active in a role it doesnot have authorization for
Active roles must be a subset of authorizedroles
Roles: A, B, C, D, EFor Subject z to have A or B in its active roles, they must firstbe included in its authorized roles
-
8/13/2019 Burke (1)
18/30
Number of users active in a role can neverexceed the dynamic capacity
More desirable than static because it ismaintained at activation as opposed toauthorization
For example: a role with capacity of onewould ensure consecutive use of capabilities
-
8/13/2019 Burke (1)
19/30
Very similar to Static Separation of Duty Memory-less property
Has no history of activation kept for user
Prevents simultaneous activations by a user but
does not safeguard against consecutive activation Not appropriate in some environments
User u requests to be active in A and B while is in DSD; rejectedUser u requests to be active in A; allowedUser u requests to be active in B; allowed
-
8/13/2019 Burke (1)
20/30
Group of permissions may be designated asmutually exclusive with regard to rolesactivated by a subject
As with DSD, memory-less
-
8/13/2019 Burke (1)
21/30
A role may be defined in terms of one ormore other roles And can include additional characteristics
Automatically takes on or inherits the collective
characteristics of roles Containment is recursive
-
8/13/2019 Burke (1)
22/30
Substitution of role instances
-
8/13/2019 Burke (1)
23/30
Include given role plus set of roles containedby that role
Can also be related to role authorization A user is authorized to perform tasks based on its
roles as well as its roles roles andits roles roles roles anditsroles roles roles roles and
Containment is not reflexive but is transitive Role i is not in the subset of i
If j is a subset of i and k is a subset of j, then j is asubset of i
-
8/13/2019 Burke (1)
24/30
Containing roles accumulate not only thecapabilities of contained roles, butconstraints and separations of dutyrelationships
Permitted Actions are expanded to includethose privileges associated with effectiveroles
-
8/13/2019 Burke (1)
25/30
Cardinality Inheritance: a containing rolemust be assigned a membership limit lessthan or equal to that of anycontained role
Role AMax: ?
B: 15
C: 7
D: 25
Role A would be given acapacity of the minimum of itscontained roles. 7 from C.
-
8/13/2019 Burke (1)
26/30
Separation of duty relationship cannot existbetween roles that have a containmentrelation between them or are contained byanother role in common (common heir)
A B
is a member of SSDC
But since C inherits both Aand B, is no longer amember of SSD
-
8/13/2019 Burke (1)
27/30
If one role contains another role that has anSD relationship with a third role, then thecontaining role also has an SD relationshipwith the third role
A
B C
If is a member of SSD,and A inherits B, then is also a member of SSD
-
8/13/2019 Burke (1)
28/30
Property Static ynamicRole Activation
Permitted Action
Cardinality
Separation of Duty
Operational Separation of Duty
Role Hierarchy
Permitted Action on Modified Hierarchies
Cardinality Inheritance
Separation of Duty Hierarchy
Separation of Duty Inheritance
-
8/13/2019 Burke (1)
29/30
Inheritance Properties of Role Hierarchies W. A. Jansen
National Institute of Standards and Technology
-
8/13/2019 Burke (1)
30/30