Embed Size (px)
Citation preview
1"
Lecture 7: Part 2:
Role-based Access Control
RBAC: Role-based Access Control
• """Ferraiolo"D.F.,"Sandhu,"R.,"Gavrila,"S.,"Kuhn,"D.R.,"Chandramouli,"R."(2001)"Proposed"NIST"Standard"for"RoleDbased"Access"Control."ACM"TransacIons"on"InformaIon"and"System"Security"(TISSEC),"4(3),"224DD274"• """Sandhu"R."S.,"Coyne"E."J."(1996)"RoleDbased"Access"Control"Models,"Computer,"38D47
Access – a specific type of interaction between a subject and an object that result in the flow of information from one to the other Access control – the process of limiting access to the resources of a system only to authorised programs, processes or other systems
Security Risk Management Domain Model
"3""
• RBAC principles • Modelling languages for RBAC
– SecureUML – UMLsec
• Different security design perspectives – Transformation from SecureUML to UMLsec
• Model-driven security
4"
Lecture outline
• RBAC principles • Modelling languages for RBAC
– SecureUML – UMLsec
• Different security design perspectives – Transformation from SecureUML to UMLsec
• Model-driven security
5"
Lecture outline
6"
Role-based Access Control
RBAC0
"7""Sandhu and Coyne, 1996; Ferraiolo et al., 2001
RBAC0
"8""Sandhu and Coyne, 1996; Ferraiolo et al., 2001
User - any person who interacts directly with a computer system
RBAC0
"9""Sandhu and Coyne, 1996; Ferraiolo et al., 2001
User - any person who interacts directly with a computer system
Role – a job function within the organisation that describes the authority and responsibility conferred on a user assigned to the role
RBAC0
"10""Sandhu and Coyne, 1996; Ferraiolo et al., 2001
Session – a mapping between a user and an activated subset of roles the user is assigned to
RBAC0
"11""Sandhu and Coyne, 1996; Ferraiolo et al., 2001
Subject - an active entity that causes information to flow among objects or changes the system state
RBAC0
"12""Sandhu and Coyne, 1996; Ferraiolo et al., 2001
Subject - an active entity that causes information to flow among objects or changes the system state
Object – a passive entity that contains or receives information
RBAC0
"13""Sandhu and Coyne, 1996; Ferraiolo et al., 2001
Object – a passive entity that contains or receives information
Subject - an active entity that causes information to flow among objects or changes the system state
User - any person who interacts directly with a computer system
Role – a job function within the organisation that describes the authority and responsibility conferred on a user assigned to the role
Session – a mapping between a user and an activated subset of roles the user is assigned to
RBAC family
• RBAC0 – Everything except role hierarchies
and constraints • RBAC1
– RBAC0 plus role hierarchies
• RBAC2 – RBAC0 plus role constraints
• RBAC3 – RBAC1 plus RBAC2
14"
RBAC0
RBAC1 RBAC2
RBAC3
Sandhu and Coyne, 1996; Ferraiolo et al., 2001
Constraint – a relationship among roles
Role hierarchy – a partial order relationship established among roles
Functionality of RBAC Implementation
15"
• Operations and Objects are considered predefined by the underlying system
• Administrator – manage Users, Roles – create assignment
relationships – establish relationships
between Roles and secured Operations and Objects.
Sandhu and Coyne, 1996; Ferraiolo et al., 2001
System administrator – the individual who establishes the system security policies, performs the administrative roles and reviews the system audit trail
Functionality of RBAC Implementation
16"
• To activate RBAC – create session
• for creating a user session and assigning the user with a default set of roles
– add role • for creating new roles for the
current session
– drop role • for deleting a role from the role
set for the current session
– check access • for determining if the session
user has permission to perform the requested operation on an object
Sandhu and Coyne, 1996; Ferraiolo et al., 2001
Functionality of RBAC Implementation
– view assigned users • for displaying a set of users
assigned to a given role
– view assigned roles • for displaying a set of roles
assigned to a given user
– view role permissions • for displaying a set of
permissions granted to a given role
– view user permissions • for displaying a set of
permissions a given user gets through his or her assigned roles
17"
• "When"User"Assignment"and"Permission"Assignment"are"defined""
Sandhu and Coyne, 1996; Ferraiolo et al., 2001
Functionality of RBAC Implementation
– view session roles • for displaying a set of roles
associated with a session
– view session permissions • for displaying a set of
permissions available in the session
– view role operations on object
• for displaying a set of operations a given role may perform on a given object; and
– view user operations on object
• for displaying a set of operations a given user may perform on a given object
18"
• "When"User"Assignment"and"Permission"Assignment"are"defined""
Sandhu and Coyne, 1996; Ferraiolo et al., 2001
• RBAC principles • Modelling languages for RBAC
– SecureUML – UMLsec
• Different security design perspectives – Transformation from SecureUML to UMLsec
• Model-driven security
19"
Lecture outline
SecureUML
Security Modelling Languages
"20""
KAOS extension to security
Secure TROPOS
Misuse cases
Mal-activity diagrams
UMLsec
Early requirements
Late requirements
Architectural design
Detailed design
Implementation and testing
SecureUML
"21""
• Extension of the UML class diagrams: – Stereotypes; – Tagged values; – Authentication constraints
• Based on the RBAC model
"22""
SecureUML
"23""
SecureUML
"24""
SecureUML
"25""
SecureUML
Access Rules
"26""
• Security actions
Authorisation Constraints
"27""
Model definition
• What are objects? – … and their attributes – What are operations that changes
values of the attributes?
• What are roles? • What are security actions? • What are users?
"28""
"29""
• What are objects? – … and their attributes
• Cave and Food stored in it
– What are operations that changes values of the attributes?
• Store food, Remove food, Give foods image, Change food
• What are roles?
– Cavemen, Good friend
• What are security actions? – Add, Remove, View, Change
• Who are users?
Model definition: (toy)
Example
"30""
• What are objects? – … and their attributes
• Cave and Food stored in it
– What are operations that changes values of the attributes?
• Store food, Remove food, Give foods image, Change food
• What are roles?
– Cavemen, Good friend
• What are security actions? – Add, Remove, View, Change
• Who are users?
Model definition: (toy)
Example
"31""
• What are objects? – … and their attributes
• Cave and Food stored in it
– What are operations that changes values of the attributes?
• Store food, Remove food, Give foods image, Change food
• What are roles?
– Cavemen, Good friend
• What are security actions? – Add, Remove, View, Change
• Who are users?
Model definition: (toy)
Example
"32""
• What are objects? – … and their attributes
• Cave and Food stored in it
– What are operations that changes values of the attributes?
• Store food, Remove food, Give foods image, Change food
• What are roles?
– Cavemen, Good friend
• What are security actions? – Add, Remove, View, Change
• Who are users?
Model definition: (toy)
Example
Model definition: (toy)
Example
"33""
• What are objects? – … and their attributes
• Cave and Food stored in it
– What are operations that changes values of the attributes?
• Store food, Remove food, Give foods image, Change food
• What are roles?
– Cavemen, Good friend
• What are security actions? – Add, Remove, View, Change
• Who are users?
"34""
Model definition: (toy)
Example
35"
SecureUML
Security Modelling Languages
"36""
KAOS extension to security
Secure TROPOS
Misuse cases
Mal-activity diagrams
UMLsec
Early requirements
Late requirements
Architectural design
Detailed design
Implementation and testing
UMLsec
"37""
• Extension of the UML diagrams: – Stereotypes; – Tagged values; – Authentication constraints
Stereotype Base class Tags Constraints Description fair exchange subsystem start, stop,
adversary after start eventually reach stop
Enforce fair exchange
smart card node - - smart card node
data security subsystem adversary, integrity, authenticity
Provides secrecy, integrity, authenticity, freshness
Basic data security constraints
rbac subsystem protected, role, right
only permitted activities executed
enforces RBAC
UMLsec
"38""
"39""
• {protected = protected_action}
• {role = (actor, role)}
• {right = (role, protected_action)}
UMLsec
UMLsec
"40""
41"
Message to Take Home• RBAC principles • Modelling languages for RBAC
– SecureUML – UMLsec
42"
