3. ROLE-BASED ACCESS CONTROL OVERVIEW
Download
Report
Transcript 3. ROLE-BASED ACCESS CONTROL OVERVIEW
Role-Based Administration of
User-Role Assignment:
The URA97 Model and its Oracle
Implementation
Ravi Sandhu
Venkata Bhamidipati
Laboratory for Information Security
Technology (LIST)
George Mason University
OUTLINE
RBAC96
review
URA97 model
URA97 Oracle implementation
Closing remarks
© Ravi Sandhu 1997
2
RBAC96
ROLES
USERS
...
PERMISSIONS
CONSTRAINTS
SESSIONS
ADMIN
ROLES
© Ravi Sandhu 1997
ADMIN
PERMISSIONS
3
RBAC96: RBAC0
ROLES
USERS
PERMISSIONS
...
SESSIONS
© Ravi Sandhu 1997
4
RBAC96: RBAC1
ROLES
USERS
PERMISSIONS
...
SESSIONS
© Ravi Sandhu 1997
5
RBAC96 : RBAC2
ROLES
USERS
...
PERMISSIONS
CONSTRAINTS
SESSIONS
© Ravi Sandhu 1997
6
RBAC96 : RBAC3
ROLES
USERS
...
PERMISSIONS
CONSTRAINTS
SESSIONS
© Ravi Sandhu 1997
7
RBAC96
ROLES
USERS
...
PERMISSIONS
CONSTRAINTS
SESSIONS
ADMIN
ROLES
© Ravi Sandhu 1997
ADMIN
PERMISSIONS
8
RBAC96
RBAC3
RBAC1
RBAC2
RBAC0
© Ravi Sandhu 1997
ARBAC3
ARBAC1
ARBAC2
ARBAC0
9
SCALE AND RATE OF
CHANGE
roles:
100s or 1000s
users: 1000s or 10,000s or more
Frequent changes to
user-role assignment
permission-role assignment
Less
frequent changes for
role hierarchy
© Ravi Sandhu 1997
10
ADMINISTRATIVE RBAC
user-role assignment
permission-role assignment
role-role hierarchy
© Ravi Sandhu 1997
11
EXAMPLE ROLE HIERARCHY
Director (DIR)
Project Lead 1
(PL1)
Production 1
(P1)
Project Lead 2
(PL2)
Quality 1
(Q1)
Production 2
(P2)
Engineer 1
(E1)
PROJECT 1
© Ravi Sandhu 1997
Quality 2
(Q2)
Engineer 2
(E2)
Engineering Department (ED)
Employee (E)
PROJECT 2
12
EXAMPLE ADMINISTRATIVE
ROLE HIERARCHY
Senior Security Officer (SSO)
Department Security Officer (DSO)
Project Security
Officer 1 (PSO1)
© Ravi Sandhu 1997
Project Security
Officer 2 (PSO2)
13
URA97 GRANT MODEL:
can-assign
ARole
PSO1
PSO2
DSO
SSO
SSO
© Ravi Sandhu 1997
Prereq Role
ED
ED
ED
E
ED
Role Range
[E1,PL1)
[E2,PL2)
(ED,DIR)
[ED,ED]
(ED,DIR]
14
URA97 GRANT MODEL :
can-assign
ARole
PSO1
PSO1
PSO1
PSO2
PSO2
PSO2
© Ravi Sandhu 1997
Prereq Cond
ED
ED & ¬ P1
ED & ¬ Q1
ED
ED & ¬ P2
ED & ¬ Q2
Role Range
[E1,E1]
[Q1,Q1]
[P1,P1]
[E2,E2]
[Q2,Q2]
[P2,P2]
15
URA97 GRANT MODEL
“redundant”
assignments to senior
and junior roles
are allowed
are useful
© Ravi Sandhu 1997
16
URA97 REVOKE MODEL
WEAK
REVOCATION
revokes explicit membership in a role
independent of who did the assignment
© Ravi Sandhu 1997
17
URA97 REVOKE MODEL
STRONG
REVOCATION
revokes explicit membership in a role and its
seniors
authorized only if corresponding weak
revokes are authorized
alternatives
all-or-nothing
revoke
© Ravi Sandhu 1997
within range
18
URA97 REVOKE MODEL :
can-revoke
ARole
PSO1
PSO2
DSO
SSO
© Ravi Sandhu 1997
Role Range
[E1,PL1)
[E2,PL2)
(ED,DIR)
[ED,DIR]
19
ORACLE ROLES
support
RBAC1
administrative model has strong
discretionary flavor
administrative authority on role implies
can
grant role to any user or role
can grant role to any role
anyone with grant option on a
permission can grant it to any role
© Ravi Sandhu 1997
20
URA97 IN ORACLE
administrative
option for all roles is
retained solely with DBA
never given to any user
use
generic stored procedures with
URA97 can-assign and can-revoke
implemented as relations
© Ravi Sandhu 1997
21
URA97 IN ORACLE
Oracle
primitives for traversing role
hierarchy need to be extended
© Ravi Sandhu 1997
22
can-assign in dnf
ER DIAGRAM
CAN_ASSIGN
Admin Role
PreCondition
Min_Int
Min Role
Max Role
Max_Int
CAN_ASSIGN3
AND set name
AND roles
© Ravi Sandhu 1997
CAN_ASSIGN2
PreCondition
AND set name
NOT set name
CAN_ASSIGN4
NOT set name
NOT roles
23
can-revoke
RELATION
CAN_REVOKE
Admin Role
Min_Int
Min Role
Max Role
Max_Int
© Ravi Sandhu 1997
24
ORACLE STORED
PROCEDURES
can
extend Oracle access control
model
limitation
stored procedure can determine who
the user is BUT
cannot determine active roles of the
user
© Ravi Sandhu 1997
25
URA97 STORED
PROCEDURES
ASSIGN(user,
trole, arole)
WEAK_REVOKE(user, trole, arole)
STRONG_REVOKE(user, trole, arole)
user: user being added to trole
trole: target role
arole: administrative role used for this
operation
due
© Ravi Sandhu 1997
to Oracle limitations
26
CLOSING REMARKS:
PREVIEW OF WORK IN PROGRESS
user-role
assignment
URA97 and Oracle, this paper
other platforms
permission-role
assignment
PRA97, dual of URA97
Oracle implementation
© Ravi Sandhu 1997
27
CLOSING REMARKS:
PREVIEW OF WORK IN PROGRESS
role-role
hierarchy
user-only roles (groups): like URA97
permission-only roles: like PRA97
user and permission roles: RRA97
© Ravi Sandhu 1997
28