No Slide Title
Download
Report
Transcript No Slide Title
ENGINEERING AUTHORITY AND
TRUST IN CYBERSPACE:
A ROLE-BASED APPROACH
Prof. Ravi Sandhu
Laboratory for Information Security Technology
George Mason University
[email protected]
www.list.gmu.edu
AUTHORIZATION, TRUST AND RISK
Information
security management is
fundamentally about managing
authorization and
trust
so as to manage risk
ENGINEERING AUTHORITY & TRUST
4 LAYERS
What?
Policy
Model
Architecture
Mechanism
How?
ENGINEERING AUTHORITY & TRUST
4 LAYERS
What?
Multilevel Security
No information leakage
Lattices (Bell-LaPadula)
Security kernel
Security labels
How?
ENGINEERING AUTHORITY & TRUST
4 LAYERS
What?
Role-Based Access Control (RBAC)
Policy neutral
RBAC96
user-pull, server-pull, etc.
certificates, tickets, PACs, etc.
How?
ROLE-BASED ACCESS
CONTROL (RBAC)
A
user’s permissions are determined
by the user’s roles
rather than identity or clearance
roles can encode arbitrary attributes
multi-faceted
ranges
from very simple to very
sophisticated
RBAC SECURITY
PRINCIPLES
least
privilege
separation of duties
separation of administration and
access
abstract operations
RBAC96
IEEE Computer Feb. 1996
Policy
neutral
can be configured to do MAC
roles simulate clearances (ESORICS 96)
can
be configured to do DAC
roles simulate identity (RBAC98)
RBAC96 FAMILY OF
MODELS
RBAC3
ROLE HIERARCHIES +
CONSTRAINTS
RBAC1
ROLE
HIERARCHIES
RBAC2
CONSTRAINTS
RBAC0
BASIC RBAC
RBAC0
USER-ROLE
ASSIGNMENT
USERS
PERMISSION-ROLE
ASSIGNMENT
ROLES
...
SESSIONS
PERMISSIONS
RBAC1
ROLE HIERARCHIES
USER-ROLE
ASSIGNMENT
USERS
PERMISSION-ROLE
ASSIGNMENT
ROLES
...
SESSIONS
PERMISSIONS
HIERARCHICAL ROLES
Primary-Care
Physician
Specialist
Physician
Physician
Health-Care Provider
EXAMPLE ROLE HIERARCHY
Director (DIR)
Project Lead 1
(PL1)
Production 1
(P1)
Project Lead 2
(PL2)
Quality 1
(Q1)
Production 2
(P2)
Engineer 1
(E1)
PROJECT 1
Quality 2
(Q2)
Engineer 2
(E2)
Engineering Department (ED)
Employee (E)
PROJECT 2
RBAC3
ROLE HIERARCHIES
USER-ROLE
ASSIGNMENT
USERS
PERMISSIONS-ROLE
ASSIGNMENT
ROLES
...
SESSIONS
PERMISSIONS
CONSTRAINTS
ADMINISTRATIVE RBAC
ROLES
USERS
...
PERMISSIONS
CONSTRAINTS
ADMIN
ROLES
ADMIN
PERMISSIONS
EXAMPLE ROLE HIERARCHY
Director (DIR)
Project Lead 1
(PL1)
Production 1
(P1)
Project Lead 2
(PL2)
Quality 1
(Q1)
Production 2
(P2)
Engineer 1
(E1)
PROJECT 1
Quality 2
(Q2)
Engineer 2
(E2)
Engineering Department (ED)
Employee (E)
PROJECT 2
EXAMPLE ADMINISTRATIVE
ROLE HIERARCHY
Senior Security Officer (SSO)
Department Security Officer (DSO)
Project Security
Officer 1 (PSO1)
Project Security
Officer 2 (PSO2)
RBAC PARAMETERS
RBAC
has many facets, including
number of roles: large or small
flat roles versus hierarchical roles
permission-role review capability
static separation of duties
dynamic separation of duties
role-activation capability
at
least 64 variations
NIST RBAC MODEL
in progress
Level
user-role review
Level
3: constrained RBAC
plus separation constraints
Level
2: hierarchical RBAC
plus role hierarchies
Level
1: flat RBAC
4: true RBAC
plus permission-role review
CLASS I SYSTEMS
ENFORCEMENT ARCHITECTURE
Client
Server
CLASS I SYSTEMS
ADMINISTRATION ARCHITECTURE
Server1
Administrative
Client
Authorization
Center
Server2
ServerN
CLASS II SYSTEMS
SERVER-PULL
Client
Authorization
Server
Server
Authentication
Server
CLASS II SYSTEMS
USER-PULL
Client
Authorization
Server
Server
Authentication
Server
R&D IN INTERNET TIME
new
technology needs to be
developed and deployed
continuously in the very short term
need focused applied research
need synergy between Universities
and Industry