1 / 29

ARBAC99 (Model for Administration of Roles)

ARBAC99 (Model for Administration of Roles). Ravi Sandhu Qamar Munawer George Mason University Laboratory for Information Security Technology www.list.gmu.edu. RBAC96 (simplified). ROLE HIERARCHIES. USER-ROLE ASSIGNMENT. PERMISSIONS-ROLE ASSIGNMENT. USERS. ROLES. PERMISSIONS.

oliana
Download Presentation

ARBAC99 (Model for Administration of Roles)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ARBAC99 (Model for Administration of Roles) Ravi Sandhu Qamar Munawer George Mason University Laboratory for Information Security Technology www.list.gmu.edu

  2. RBAC96 (simplified) ROLE HIERARCHIES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERS ROLES PERMISSIONS

  3. ARBAC97 DECENTRALIZES • user-role assignment (URA97) • permission-role assignment (PRA97) • role-role hierarchy (RRA99)

  4. ARBAC99 EXTENDS ARBAC97 • URA99 • mobile and immobile membership • prerequisite-based revocation • PRA99 • dual of URA99 • RRA99 • no change

  5. EXAMPLE ROLE HIERARCHY Director (DIR) Project Lead 1 (PL1) Project Lead 2 (PL2) Production 1 (P1) Quality 1 (Q1) Production 2 (P2) Quality 2 (Q2) Engineer 1 (E1) Engineer 2 (E2) Engineering Department (ED) PROJECT 1 PROJECT 2 Employee (E)

  6. EXAMPLE ADMINISTRATIVE ROLE HIERARCHY Senior Security Officer (SSO) Department Security Officer (DSO) Project Security Officer 1 (PSO1) Project Security Officer 2 (PSO2)

  7. Motivation for ARBAC99 • URA97 consequences • Users can use permissions of the role and junior roles. • User become eligible for assignment to other roles.

  8. Motivation for ARBAC99 • Examples that require decomposition of these two aspects: • trainee • visitor • consultant

  9. New Concepts in URA99 • Mobile Users: • user ‘u’ can use permissions of role x and administrative role can use this membership to put user ‘u’ in another role. • Immobile Users: • user ‘u’ can use permissions of role x but administrative role cannot use this membership to put user ‘u’ in another role.

  10. URA99 Model • Builds upon the concept of mobile and immobile membership of users. • To formalize this we consider a role x as consisting of two sub-roles Mx and IMx. • The membership in Mx in mobile where as in IMx is immobile.

  11. Role in URA99 • Definition: For a given set of roles R1 we define a role in URA99 as • R = {Mx, IMx | x Î R1}

  12. User Memberships in URA99 • There are four kinds of user-role memberships in URA99. • Explicit Mobile Member EMx • u Î EMx @ (u, Mx) Î UA • Explicit Immobile Member EIMx • u Î EIMx @ (u, IMx) Î UA • Implicit Mobile Member ImMx • u Î ImMx @ ( $x’ > x) (u, Mx’) Î UA • Implicit Immobile Member ImIMx • u Î ImIMx @ ( $x’ > x) (u, IMx’) Î UA

  13. Precedence Rule in URA99 • URA99 allows a user to have all four kinds of memberships in a role at the same time. • only one will be effective by the following strict precedence rule • EMx > EIMx > ImMx > ImIMx

  14. Inheritance of Mobility and Immobility X2 X3 X1 X1 X3 X2 X1 X2 Divergent Multiple Single

  15. Prerequisite condition for URA99 Grant Model • URA97 prerequisite condition is quite straight forward. • In URA99 it is evaluated for a user u by interpreting x to be true if • u Î EMx Ú ( u Î ImMx Ù u Ï EIMx) and Øx to be true if • u ÏEMx Ù uÏEIMx Ù uÏImMx Ù uÏImIMx

  16. Can-assign relations for URA99 Grant Model • Assignment as Mobile membership is authorized by • can-assign-M Í AR ´ CR ´ 2R • Assignment as Immobile membership is authorized by • can-assign-IM Í AR ´ CR ´ 2R

  17. EXAMPLE ROLE HIERARCHY Director (DIR) Project Lead 1 (PL1) Project Lead 2 (PL2) Production 1 (P1) Quality 1 (Q1) Production 2 (P2) Quality 2 (Q2) Engineer 1 (E1) Engineer 2 (E2) Engineering Department (ED) PROJECT 1 PROJECT 2 Employee (E)

  18. EXAMPLE ADMINISTRATIVE ROLE HIERARCHY Senior Security Officer (SSO) Department Security Officer (DSO) Project Security Officer 1 (PSO1) Project Security Officer 2 (PSO2)

  19. Can-assign-M

  20. Can-assign-IM

  21. URA99 Grant Model authorizations • no implication in general that authority to grant mobile membership implies authority to grant immobile memberships.

  22. URA99 - Revoke Model • URA99 revoke model fixes a lack of symmetry between grant and revoke models. • It deals with revocation of mobile and immobile memberships. • URA99 introduces two relations to authorize revocation.

  23. Can-revoke relations for URA99 Revoke Model • Revocation as Mobile membership is authorized by • can-revoke-M Í AR ´ CR ´ 2R • Revocation as Immobile membership is authorized by • can-revoke-IM Í AR ´ CR ´ 2R

  24. Can-revoke-M

  25. Can-revoke-IM

  26. Prerequisite condition for URA99 - Revoke Model • For revoke model we do not distinguish the mobile and immobile memberships • We interpret x to be true iff • u Î EMx Ú u Î ImMx Ú u Î IMx Ú u Î ImIMx and Øx to be true iff • u Ï Emx Ù u Ï EIMx Ù u Ï ImMx Ù u Ï ImIMx

  27. Relation between URA97 and URA99 • If all users are restricted to be mobile then URA99 is identical with URA97. • This can be achieved by setting can-assign-IM and can-revoke-IM to be empty.

  28. PRA99 - Model • Like user, permissions can also be assigned to roles as mobile and immobile. • PRA99 is exact dual of URA99. • In PRA99 the implicit permission is inherited upwards in the hierarchy.

  29. Conclusion • ARBAC99 is first model that incorporates mobile and immobile users and permissions • Basic intuition of ARBAC97 is not altered • It is a useful extension to ARBAC97

More Related