1 / 17

PBDM: A Flexible Delegation Model in RBAC

This paper introduces PBDM, a permission-based delegation model family in RBAC that supports user-to-user and role-to-role delegation, multi-step delegation, and multi-option revocation. It also discusses the motivations, related works, and future work in RBAC delegation.

olguin
Download Presentation

PBDM: A Flexible Delegation Model in RBAC

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PBDM: A Flexible Delegation Model in RBAC Xinwen Zhang, Sejong Oh George Mason University Ravi Sandhu George Mason University and NSD Security

  2. Outline • Motivations • Related Works • PBDM0: user-to-user delegation • PBDM1: user-to-user delegation • PBDM2: role-to-role delegation • Conclusions and future work

  3. Motivations • Permission level delegations are needed in many cases:

  4. Motivations(cont’d) • User-to-user delegations • John delegates some of his permissions to Jenny when he is out of town • Role-to-role delegations • A professor can delegate “check-email” permission to a TA • Multi-step delegation and revocation • Jenny can delegate some permissions from John to Jim

  5. Related Works • RBDM0: • E.Barka et al, NISSC 2000, ACSAC 2000 • A delegation framework • User-to-user delegation • Role-level delegation • RDM2000 • L.Zhang et al, SACMAT 2002 • Role-level delegation • Multi-step delegation

  6. PBDM0 • Permission-based Delegation Model • A user-to-user delegation model • John creates a temporary delegation role D1. • John assigns the permission “change_schedule" to D1 with permission-role assignment and role PE to D1 with role-role assignment. • John assigns Jenny to D1 with user-role assignment.

  7. PBDM0 • RR: regular roles • DTR: delegation roles Controlled by security administrator: • UAR: user-regular role assignment • PAR: permission-regular role assignment Controlled by individual user: • UAD: user-delegation role assignment • PAD: permission-delegation role assignment

  8. PBDM0

  9. PBDM1 • Problems in PBDM0: • A user can create delegation role by his discretion. Invalid permission flow can happen with malicious user. There reason is that there is no security administrator involvement in delegation. • Cannot support role-to-role delegation, since delegation role cannot be assigned to a regular role. • PBDM1: • Extension from PBDM0 • Permissions of a role are separated into two parts: regular and delegatable. • Only delegatable permissions can be used to create delegation roles. • User-to-user delegation

  10. PBDM1 • RR: regular roles • DBR: delegatable roles • DTR: delegation roles • One-to-one map between RR and DBR

  11. PBDM1

  12. PBDM1 • UAR, UAB, PAR, and PAB are managed by security administrator. • UAD and PAD are managed by individual user. • Revocation options: • By a user: • Remove a user from delegatees, that is, revoke the user-delegation role assignment. • Remove one or more pieces of permissions from delegation role. • Revoke delegation role. • By a security administrator: • Remove one or more pieces of permission from a delegatable role to its regular role. • Revoke a user from regular role and delegatable role.

  13. PBDM2 • Extension from PBDM1 • A role-to-role delegation model • A role is separated into three layers: • Regular role(RR): permissions cannot be delegated. • Fixed delegatable role(FDBR): permission can be delegated. • Temporal delegatable role(TDBR): inherit permissions from delegation roles with role-role assignment(RAD). • Delegation roles (DTR) are assigned to temporal delegatable role • Since there is no role hierarchy with TDBR, illegal permission flow will not happen.

  14. PBDM2 • A delegation role D3 owned by PL’ and delegated to QE”: • Create a temporary delegation role D3 • assign the permission “change_schedule" to D3 • assign role PE’ to D3 • Assign D3 to QE”

  15. PBDM2 • RR, FDBR, TDBR, DTR • RRH, FDBRH • UAR, UAFB, UATB • PAR, PAFB, PADB • RAD: delegation role-temporal delegatable role assignment

  16. PBDM2 • Revocation options: • Remove one or more pieces of permissions from delegation role. • Revoke delegation role owned by a fixed delegatable role. • Remove one or more pieces of permission from a fixed delegatable role to its regular role.

  17. Conclusions and Future Work • Conclusions: • Present a permission-based delegation model family, PBDM0, PBDM1, and PBDM2. • Support user-to-user and role-to-role delegation • Support multi-step delegation • Support multi-option revocation • Flexible delegation administration • Future work: • Constraints in RBAC delegation, such as separation of duty • Delegation management in decentralized environment

More Related