2. CONTENTS
• Access control principles
• Mandatory Access Control (MAC)
• Discretionary Access Control (DAC)
• Role-based Access Control
• Role-based Access Control Types
3. Access Control Principles
• Computer-based access controls can prescribe not
only who or what process may have access to a
specific system resource, but also the type of access
that is permitted.
• Access control is not a stand alone component of a
security system
• Access control coexists with other security services
• Access control works closely with audit control
4. Mandatory AC
• MAC mechanisms assign a security level to all
information, assign a security clearance to
each user, and ensure that all users only have
access to that data for which they have a
clearance.
Principle: Read Down Access
equal or less Clearance
Write Up Access
equal or higher Clearance
Better security than DAC
5. Mandatory AC (cont)
Individuals Resources
Server 1
“Top Secret”
Server 2
“Secret”
Server 3
“Classified”
6. Discretionary AC
• Restricts access to objects based
solely on the identity of users
who are trying to access them.
Individuals Resources
Application
Server 1 Access List
Name Access
Server 2 Tom Yes
John No
Cindy Yes
Server 3
7. Role-Based AC
• A user has access to an object based on the assigned role.
• Roles are defined based on job functions.
• Permissions are defined based on job authority and
responsibilities within a job function.
• Operations on an object are invocated based on the
permissions.
• The object is concerned with the user’s role and not the user.
“Ideally, the [RBAC] system is clearly defined
and agile, making the addition of new
applications, roles, and employees as efficient
as possible”
8. Role-Based AC
Individuals Roles Resources
Role 1
Server 1
Role 2 Server 2
Server 3
Role 3
User’s change frequently, Roles don’t
9. Privilege
• Roles are engineered based on the principle of least privileged
• A role contains the minimum amount of permissions to
instantiate an object.
• A user is assigned to a role that allows him or her to perform
only what’s required for that role.
• No single role is given more permission than the same role
for another user.
10. RBAC Reference Model
• The NIST RBAC model is defined in terms of four
model components .
• Core RBAC
• Hierarchical RBAC
• Static Separation of Duty Relations
• Dynamic Separation of Duty Relations
12. Core RBAC
•
It embodies the essential aspects of RBAC.
•
The basic concept of RBAC is that users are assigned to roles, and users
acquire permissions by being members of roles.
•
Core RBAC includes requirements that user-role and permission-role
assignment can be many-to-many.
•
It includes requirements for user-role review whereby the roles assigned
to a specific user can be determined as well as users assigned to specific
role. A similar requirement for permission-role review is imposed as an
advanced review feature.
•
It allows includes the concept of user sessions, which allows selective
activation and deactivation of roles.
•
Finally it requires that users be able to simultaneously exercise permission
of multiple roles. This precludes products that restrict users of activation
of one role at a time.
13. (UA) (PA)
User Assign- Permission
ment Assignment
USERS ROLES OPS OBS
PRMS
user_sessions session_roles
SESSIONS
Core RBAC
14. Hierarchical RBAC
• It adds requirements for supporting role hierarchies. A hierarchy is
mathematically a partial order defining a seniority relation between
roles, whereby the seniors roles acquire the permission of their
juniors, and junior roles acquire the user membership of their seniors. This
standard recognizes two types of role hierarchies
– General Hierarchical RBAC: In this case, there is support for an arbitrary partial
order to serve as role hierarchy, to include the concept of multiple inheritance
of permissions and user membership among roles.
– Limited Hierarchical RBAC: Some systems may impose restrictions on the role
hierarchy. Most commonly, hierarchies are limited to simple structures such as
trees and inverted trees
15. RH (Role Hierarchies)
• Natural means of structuring roles to reflect
organizational lines of authority and
responsibilities
• General and Limited
• Define the inheritance relation among roles
i.e. r1 inherits r2
User Guest
r-w-e -r-
16. General RH
Support Multiple
Guest Role Set Inheritance
User Role Set
Power User Role Set
Admin Role Set
Only if all permissions of r1
are also permissions of r2
i.e. r1 inherits r2
Only if all users of r1 are
also users of r2 User Guest
r-w-h -r-
17. (RH)
Role Hierarchy
(UA) (PA)
User Assign- Permission
ment Assignment
USERS ROLES OPS OBS
PRMS
user_sessions session_roles
SESSIONS
Hierarchical RBAC
18. Constrained RBAC
SSD (RH)
Role Hierarchy
(UA) (PA)
User Assign- Permission
ment Assignment
USERS ROLES OPS OBS
PRMS
user_sessions session_roles
SESSIONS DSD
19. Separation of Duties
• Enforces conflict of interest policies employed to prevent
users from exceeding a reasonable level of authority for their
position.
• Ensures that failures of omission or commission within an
organization can be caused only as a result of collusion among
individuals.
• Two Types:
– Static Separation of Duties (SSD)
– Dynamic Separation of Duties (DSD)
20. Static Separation of Duty Relations
• Enforce constraints on the assignment of users
to roles
• Place restrictions on sets of roles. If a user is
assigned to one role, the user is prohibited
from being a member of a second role.
21. Because of the conflict of role ‘billing’ and ‘Cashier’ , Frank is
prohibited to be assigned both of them
22. DSD
Places constraints on the users that can be
assigned to a set of roles, thereby reducing the
number of potential prms that can be made
available to a user.
Constraints are across or within a user’s session.
No user may activate n or more roles from the
roles set in each user session.
Timely Revocation of Trust ensures that prms do
not persist beyond the time that they are required
for performance of duty.
23. DSD (cont)
Roles
inherits
Cashier Supervisor
Closes Cashier Role session
Close Cash Drawer
Opens Supv Role session Supervisor
Cashier Open Cash Drawer
Accounting Error Correct Error
24. Conclusion
• RBAC is used to simplify security policy
administration
• RBAC is an open-ended technology,which
ranges from very simple to fairly sophisticated.
• RBAC continues to be an evolving technology.