3. ROLE-BASED ACCESS CONTROL OVERVIEW

Download Report

Transcript 3. ROLE-BASED ACCESS CONTROL OVERVIEW 

Role-Based Administration of
User-Role Assignment:
The URA97 Model and its Oracle
Implementation
Ravi Sandhu
Venkata Bhamidipati
Laboratory for Information Security
Technology (LIST)
George Mason University
OUTLINE
 RBAC96
review
 URA97 model
 URA97 Oracle implementation
 Closing remarks
© Ravi Sandhu 1997
2
RBAC96
ROLES
USERS
...
PERMISSIONS
CONSTRAINTS
SESSIONS
ADMIN
ROLES
© Ravi Sandhu 1997
ADMIN
PERMISSIONS
3
RBAC96: RBAC0
ROLES
USERS
PERMISSIONS
...
SESSIONS
© Ravi Sandhu 1997
4
RBAC96: RBAC1
ROLES
USERS
PERMISSIONS
...
SESSIONS
© Ravi Sandhu 1997
5
RBAC96 : RBAC2
ROLES
USERS
...
PERMISSIONS
CONSTRAINTS
SESSIONS
© Ravi Sandhu 1997
6
RBAC96 : RBAC3
ROLES
USERS
...
PERMISSIONS
CONSTRAINTS
SESSIONS
© Ravi Sandhu 1997
7
RBAC96
ROLES
USERS
...
PERMISSIONS
CONSTRAINTS
SESSIONS
ADMIN
ROLES
© Ravi Sandhu 1997
ADMIN
PERMISSIONS
8
RBAC96
RBAC3
RBAC1
RBAC2
RBAC0
© Ravi Sandhu 1997
ARBAC3
ARBAC1
ARBAC2
ARBAC0
9
SCALE AND RATE OF
CHANGE
 roles:
100s or 1000s
 users: 1000s or 10,000s or more
 Frequent changes to
user-role assignment
 permission-role assignment

 Less

frequent changes for
role hierarchy
© Ravi Sandhu 1997
10
ADMINISTRATIVE RBAC
user-role assignment
 permission-role assignment
 role-role hierarchy

© Ravi Sandhu 1997
11
EXAMPLE ROLE HIERARCHY
Director (DIR)
Project Lead 1
(PL1)
Production 1
(P1)
Project Lead 2
(PL2)
Quality 1
(Q1)
Production 2
(P2)
Engineer 1
(E1)
PROJECT 1
© Ravi Sandhu 1997
Quality 2
(Q2)
Engineer 2
(E2)
Engineering Department (ED)
Employee (E)
PROJECT 2
12
EXAMPLE ADMINISTRATIVE
ROLE HIERARCHY
Senior Security Officer (SSO)
Department Security Officer (DSO)
Project Security
Officer 1 (PSO1)
© Ravi Sandhu 1997
Project Security
Officer 2 (PSO2)
13
URA97 GRANT MODEL:
can-assign
ARole
PSO1
PSO2
DSO
SSO
SSO
© Ravi Sandhu 1997
Prereq Role
ED
ED
ED
E
ED
Role Range
[E1,PL1)
[E2,PL2)
(ED,DIR)
[ED,ED]
(ED,DIR]
14
URA97 GRANT MODEL :
can-assign
ARole
PSO1
PSO1
PSO1
PSO2
PSO2
PSO2
© Ravi Sandhu 1997
Prereq Cond
ED
ED & ¬ P1
ED & ¬ Q1
ED
ED & ¬ P2
ED & ¬ Q2
Role Range
[E1,E1]
[Q1,Q1]
[P1,P1]
[E2,E2]
[Q2,Q2]
[P2,P2]
15
URA97 GRANT MODEL
 “redundant”
assignments to senior
and junior roles
are allowed
 are useful

© Ravi Sandhu 1997
16
URA97 REVOKE MODEL
 WEAK
REVOCATION
revokes explicit membership in a role
 independent of who did the assignment

© Ravi Sandhu 1997
17
URA97 REVOKE MODEL
 STRONG
REVOCATION
revokes explicit membership in a role and its
seniors
 authorized only if corresponding weak
revokes are authorized
 alternatives

 all-or-nothing
 revoke
© Ravi Sandhu 1997
within range
18
URA97 REVOKE MODEL :
can-revoke
ARole
PSO1
PSO2
DSO
SSO
© Ravi Sandhu 1997
Role Range
[E1,PL1)
[E2,PL2)
(ED,DIR)
[ED,DIR]
19
ORACLE ROLES
 support
RBAC1
 administrative model has strong
discretionary flavor

administrative authority on role implies
 can
grant role to any user or role
 can grant role to any role

anyone with grant option on a
permission can grant it to any role
© Ravi Sandhu 1997
20
URA97 IN ORACLE
 administrative
option for all roles is
retained solely with DBA

never given to any user
 use
generic stored procedures with
URA97 can-assign and can-revoke
implemented as relations
© Ravi Sandhu 1997
21
URA97 IN ORACLE
 Oracle
primitives for traversing role
hierarchy need to be extended
© Ravi Sandhu 1997
22
can-assign in dnf
ER DIAGRAM
CAN_ASSIGN
Admin Role
PreCondition
Min_Int
Min Role
Max Role
Max_Int
CAN_ASSIGN3
AND set name
AND roles
© Ravi Sandhu 1997
CAN_ASSIGN2
PreCondition
AND set name
NOT set name
CAN_ASSIGN4
NOT set name
NOT roles
23
can-revoke
RELATION
CAN_REVOKE
Admin Role
Min_Int
Min Role
Max Role
Max_Int
© Ravi Sandhu 1997
24
ORACLE STORED
PROCEDURES
 can
extend Oracle access control
model
 limitation
stored procedure can determine who
the user is BUT
 cannot determine active roles of the
user

© Ravi Sandhu 1997
25
URA97 STORED
PROCEDURES
 ASSIGN(user,
trole, arole)
 WEAK_REVOKE(user, trole, arole)
 STRONG_REVOKE(user, trole, arole)
user: user being added to trole
 trole: target role
 arole: administrative role used for this
operation

 due
© Ravi Sandhu 1997
to Oracle limitations
26
CLOSING REMARKS:
PREVIEW OF WORK IN PROGRESS
 user-role
assignment
URA97 and Oracle, this paper
 other platforms

 permission-role
assignment
PRA97, dual of URA97
 Oracle implementation

© Ravi Sandhu 1997
27
CLOSING REMARKS:
PREVIEW OF WORK IN PROGRESS
 role-role
hierarchy
user-only roles (groups): like URA97
 permission-only roles: like PRA97
 user and permission roles: RRA97

© Ravi Sandhu 1997
28