340 likes | 518 Views
ARBAC 97 (ADMINISTRATIVE RBAC). Ravi Sandhu Venkata Bhamidipati Ed Coyne Srinivas Ganta Qamar Munawer Charles Youman. ARBAC97 DECENTRALIZES. user-role assignment (URA97) permission-role assignment (PRA97) role-role hierarchy groups or user-only roles (extend URA97)
E N D
ARBAC 97 (ADMINISTRATIVE RBAC) Ravi Sandhu Venkata Bhamidipati Ed Coyne Srinivas Ganta Qamar Munawer Charles Youman
ARBAC97 DECENTRALIZES • user-role assignment (URA97) • permission-role assignment (PRA97) • role-role hierarchy • groups or user-only roles (extend URA97) • abilities or permission-only roles (extend PRA97) • UP-roles or user-and-permission roles (RRA97)
... ADMINISTRATIVE RBAC ROLES PERMISSIONS USERS CAN- MANAGE ADMIN ROLES ADMIN PERMISSIONS
RBAC3 ARBAC3 RBAC1 RBAC2 ARBAC1 ARBAC2 RBAC0 ARBAC0 ADMINISTRATIVE RBAC
EXAMPLE ROLE HIERARCHY Director (DIR) Project Lead 1 (PL1) Project Lead 2 (PL2) Production 1 (P1) Quality 1 (Q1) Production 2 (P2) Quality 2 (Q2) Engineer 1 (E1) Engineer 2 (E2) Engineering Department (ED) PROJECT 1 PROJECT 2 Employee (E)
EXAMPLE ADMINISTRATIVE ROLE HIERARCHY Senior Security Officer (SSO) Department Security Officer (DSO) Project Security Officer 1 (PSO1) Project Security Officer 2 (PSO2)
USER-ROLE ASSIGNMENTCAN-ASSIGN-USER ARole Prereq Role Role Range PSO1 ED [E1,PL1) PSO2 ED [E2,PL2) DSO ED (ED,DIR) SSO E [ED,ED] SSO ED (ED,DIR]
USER-ROLE ASSIGNMENT CAN-ASSIGN-USER ARole Prereq Cond Role Range PSO1 ED [E1,E1] PSO1 ED & ¬ P1 [Q1,Q1] PSO1 ED & ¬ Q1 [P1,P1] PSO2 ED [E2,E2] PSO2 ED & ¬ P2 [Q2,Q2] PSO2 ED & ¬ Q2 [P2,P2]
USER-ROLE ASSIGNMENT CAN-REVOKE-USER ARole Role Range PSO1 [E1,PL1) PSO2 [E2,PL2) DSO (ED,DIR) SSO [ED,DIR]
USER-ROLE ASSIGNMENT REVOCATION • WEAK REVOCATION • revokes explicit membership only • STRONG REVOCATION • revokes explicit and implicit membership • revocation propagates upwards to senior roles • defined in terms of weak revoke
PERMISSION-ROLE ASSIGNMENT • dual of user-role assignment • can-assign-permission can-revoke-permission • weak revoke strong revoke (propagates down)
PERMISSION-ROLE ASSIGNMENT CAN-ASSIGN-PERMISSION ARole Prereq Cond Role Range PSO1 PL1 [E1,PL1) PSO2 PL2 [E2,PL2) DSO E1 E2 [ED,ED] SSO PL1 PL2 [ED,ED] SSO ED [E,E]
PERMISSION-ROLE ASSIGNMENT CAN-REVOKE-PERMISSION ARole Role Range PSO1 [E1,PL1] PSO2 [E2,PL2] DSO (ED,DIR) SSO [ED,DIR]
RRA97 UP-roles Users and Permissions Group roles Users only Ability roles Permissions only Extended URA97 RRA97 Extended PRA97
RRA97 • OBJECTIVE • Decentralization of role-role relationships • Administrative role autonomy within a range. • Encapsulation of authority Ranges.
EXAMPLE ROLE HIERARCHY Director (DIR) Project Lead 1 (PL1) Project Lead 2 (PL2) Production 1 (P1) Quality 1 (Q1) Production 2 (P2) Quality 2 (Q2) Engineer 1 (E1) Engineer 2 (E2) Engineering Department (ED) PROJECT 1 PROJECT 2 Employee (E)
Range Hierarchy Range Create Range Encap. Range Authority Range
RRA97 - Definitions • Range: • (x, y) = {r : Roles | x < r < y} • Authority Range: • A range referenced in can-modify relation • Junior Authority range: • The range (x, y) is junior to range (x’, y’) if ( x x’ y’ y) ( x > x’ y’ > y) • The range (x’, y’) is a senior range
RRA97 - Definitions • Partial Overlap of Ranges: • The ranges Y and Y’ partially overlap if • Y Y’ and • Y Y’ Y’ Y
RRA97 - Definitions • Encapsulated Authority Range: • The authority range (x, y) is said to be encapsulated if • r1 (x, y) and r2 (x, y) • r2 > r1 r2 > y • r2 < r1 x < r2
Encapsulated Range (x, y) y y‘ r1 r2 r4 r3 x x’
Non-encapsulated Range (x, y) y y‘ r1 r2 r4 r3 x x’
RRA97 - Definitions • Set of Authority Ranges: • {x, y : roles | (x, y) is an authority range} • Immediate Authority Range of role r: • The authority range (x, y) is immediate authority range of role r (x, y) if • (x’, y’) set of AR | (x’, y’) (x, y) r (x’, y’)
RRA97 - Definitions • Create Range: • The range (x, y) is a create range if • (a) ARimmediate(x) = ARimmediate(y) • (b) x = End point of ARimmediate(y) • (c) y = End point of ARimmediate(x) • Immediate Senior roles: • r1 > immediate r2 if • r’ roles r’ > r2 ( r’ r1)
Create Range A y y‘ r1 r2 r4 r3 x x’ B
RRA97 - Definitions • Immediate Junior Roles: • r1 < immediate r2 • r’ roles r’ > r1 ( r’ < r2) • Inactive Roles: • A user associated to it cannot use it. • Inheritance of permissions is not affected. • Permissions and users can be revoked.
INSERT ROLE • Role is inserted one at a time. • Roles can be inserted only in create range. • Create-role(r, (x, y)) inserts a role r in create range (x, y) such that it is junior to y and senior to x.
Example: Create-role(r, (r1, r2)) y r1 r r2 x
DELETE ROLE • Roles referred in can-assign,can-revoke and can-modify cannot be deleted. • Roles can be deleted only if they are empty.
DELETE ROLE (Continued) • RELAXATIONS: • Roles referred in can-assign,can-revoke and can-modify can be made inactive. • Role is deleted only after its permissions are assigned to immediate senior and users to immediate junior roles.
INSERTION OF AN EDGE • Implied edges are not considered. • Inserted only between incomparable roles (No Cycles) • Inserted one at a time. • The edge AB is inserted if • (a) ARimmediate(A) = ARimmediate(B) and • (b) For a junior authority range (x, y): • (A = y B > x) or (B = x A < y) must ensure encapsulation of (x, y).
DELETION OF AN EDGE • Deleted one at a time. • Implied edges are no considered. • The edges in transitive reduction are candidates for deletion. • Edges connecting the end points of an authority range cannot be deleted. • When edges AB is deleted then necessary edges must be inserted to preserve implications.
System Calls • To create a role in create range Y create-role(r, Y) • To delete a role r delete-role(r) • To add edge AB add-edge(A, B) • To delete an edge AB delete-edge(A, B) • To inactivate a role r inactivate-role (r) • To activate a role r Activate-role (r)
Strong Deletions • Strong deletion of role. • Strong deletion of an edge.