Role Based Access Control Models

Presented By

Ankit Shah

2nd Year Master’s Student

Problems

Mandatory Access Control (MAC) Central authority determines access control

Discretionary Access Control (DAC) Decentralized Access control decisions lie with the owner of an object

Access control on a per user basis

Access control needs are unique

Existing products lack flexibility

Solution

Role Based Access Control Permission associated with roles and users assigned to

appropriate roles

Motivation Organization style

Competency Authority and responsibility Duty assignments

- Security administration and review

- Simple role-permission relationship

- Ability to meet the changing needs of an organization

Role related concepts

What is the difference between roles and groups? User – permission distinction Eg. Unix operating system

RBAC is policy neutral but supports Least privilege Separation of duties Data Abstraction

Four Reference Models

Base Model (RBAC0)

User Typically a human being

Role Job title

Permission Approval of a mode of access to some object Variety of permissions from coarse grain to fine grain Depends on implementation details of the system

Session Mapping of one user to many roles Multiple sessions Each session may map single or multiple roles of the users subset

RBAC Models

Role Hierarchies (RBAC1)

Reflects an organization’s role structure

Supports inheritance of permissions

Hierarchies are a partial order

Useful to limit scope of inheritance Private roles

Role Hierarchy Examples

Role Hierarchy Examples Continued

Constraints (RBAC2)

Argued to be the principal motivation

Is a convenience when RBAC is centralized

When decentralized becomes a mechanism for restriction

Types of Constraints Mutually exclusive roles/ permissions Cardinality constraints Prerequisite roles

Effective only if suitable discipline is observed Mapping one user to more than one u-id Mapping one permission to more than one p-id

Role Hierarchies can be considered a constraint

Consolidated Model (RBAC3)

Combines Constraints and Role Hierarchies

Issues raised Constraints can apply to the role hierarchy itself Violation of mutual exclusion constraint may be

acceptable Specify mutual exclusion of private roles without

any conflict

Management Model

Till now, we assumed the presence of a single security officer

Normally have a small administrative team to mange RBAC

Propagation of rights

Management Model

Management Model Proposed Administrative roles and permissions are disjoint from regular

roles and permissions

Administrative authority can be viewed as the ability to modify user assignments, permissions, assignment and role hierarchy relations.

Mirror copy of the top half with ARBAC0-3 for different levels of sophistication

Issues How to scope administrative authority in administrative roles Scope permissions and users of an administrative role

Management Model Continued

Critique

Was published in 1996 and a lot of improvements have been proposed to these models

Issues are raised in the consolidated and management models but no solution is proposed

Lacked a related work section giving us an overview of similar work done and how the proposed model is superior

Questions