1 / 18

Role Based Access Control Models

Role Based Access Control Models. Presented By Ankit Shah 2 nd Year Master’s Student. Problems. Mandatory Access Control (MAC) Central authority determines access control Discretionary Access Control (DAC) Decentralized Access control decisions lie with the owner of an object

zizi
Télécharger la présentation

Role Based Access Control Models

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Role Based Access Control Models Presented By Ankit Shah 2nd Year Master’s Student

  2. Problems • Mandatory Access Control (MAC) • Central authority determines access control • Discretionary Access Control (DAC) • Decentralized • Access control decisions lie with the owner of an object • Access control on a per user basis • Access control needs are unique • Existing products lack flexibility

  3. Solution • Role Based Access Control • Permission associated with roles and users assigned to appropriate roles • Motivation • Organization style • Competency • Authority and responsibility • Duty assignments - Security administration and review - Simple role-permission relationship - Ability to meet the changing needs of an organization

  4. Role related concepts • What is the difference between roles and groups? • User – permission distinction • Eg. Unix operating system • RBAC is policy neutral but supports • Least privilege • Separation of duties • Data Abstraction

  5. Four Reference Models

  6. Base Model (RBAC0) • User • Typically a human being • Role • Job title • Permission • Approval of a mode of access to some object • Variety of permissions from coarse grain to fine grain • Depends on implementation details of the system • Session • Mapping of one user to many roles • Multiple sessions • Each session may map single or multiple roles of the users subset

  7. RBAC Models

  8. Role Hierarchies (RBAC1) • Reflects an organization’s role structure • Supports inheritance of permissions • Hierarchies are a partial order • Useful to limit scope of inheritance • Private roles

  9. Role Hierarchy Examples

  10. Role Hierarchy Examples Continued

  11. Constraints (RBAC2) • Argued to be the principal motivation • Is a convenience when RBAC is centralized • When decentralized becomes a mechanism for restriction • Types of Constraints • Mutually exclusive roles/ permissions • Cardinality constraints • Prerequisite roles • Effective only if suitable discipline is observed • Mapping one user to more than one u-id • Mapping one permission to more than one p-id • Role Hierarchies can be considered a constraint

  12. Consolidated Model (RBAC3) • Combines Constraints and Role Hierarchies • Issues raised • Constraints can apply to the role hierarchy itself • Violation of mutual exclusion constraint may be acceptable • Specify mutual exclusion of private roles without any conflict

  13. Management Model • Till now, we assumed the presence of a single security officer • Normally have a small administrative team to mange RBAC • Propagation of rights

  14. Management Model

  15. Management Model Proposed • Administrative roles and permissions are disjoint from regular roles and permissions • Administrative authority can be viewed as the ability to modify user assignments, permissions, assignment and role hierarchy relations. • Mirror copy of the top half with ARBAC0-3 for different levels of sophistication • Issues • How to scope administrative authority in administrative roles • Scope permissions and users of an administrative role

  16. Management Model Continued

  17. Critique • Was published in 1996 and a lot of improvements have been proposed to these models • Issues are raised in the consolidated and management models but no solution is proposed • Lacked a related work section giving us an overview of similar work done and how the proposed model is superior

  18. Questions

More Related