Chapter 4: Access Control - Missouri S&T 4: Access Control ... Auditing Figure 4.1 Relationship...
Transcript of Chapter 4: Access Control - Missouri S&T 4: Access Control ... Auditing Figure 4.1 Relationship...
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Chapter 4: Access Control
Comp Sci 3600 Security
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Talk tomorrow
• Title: Would you like to be a NSA agent?
• Abstract: Inside our walls, you will find the most extraordinary peopledoing most extraordinary things for an extraordinary cause: the safety andsecurity of the United States of America. NSA are looking to hire over2000 people during the next fiscal year from Oct. 17 to Sep. 18. Themajority will be from Computer Science. It is also the right time of year toapply for Co-op and Internships positions at NSA.
• When: Tuesday Sept 12, 5:30pm-6:30pm
• Where: CS207
• Bio: Jonathan Rolf (Cybersecurity and Analytics, Industry and AcademicEngagement, National Security Agency). Mr. Rolf supports industryoutreach and development of secure technologies through partnership withindustry. Mr. Rolf previously managed the Trusted Computing Portfolio inthe Commercial Solutions Center at NSA. He was responsible forestablishing the High Assurance Platform program and managing thecommercial deployment of the NetTop virtualized desktop solution.Previous to that Mr. Rolf had managed multiple STU-III based secure voiceprograms to include Iridium and the first handheld cellular STU-III. Mr. Rolfholds a MBA and Master of Science Degree in Electrical Engineering fromthe University of Maryland-College Park and Bachelor of Science Degrees inElectrical and Computer Engineering from the University of Missouri.
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Outline
1 IntroductionPoliciesRequirementsElements
2 Discretionary Access Control (DAC)The Basics
3 UNIXFile accessUser IDsACL
4 Role-based Access Control (RBAC)The BasicsVariationsRole Hierarchy & ConstraintsCase Study: Bank
5 Attribute-based Access Control (ABAC)The BasicsArchitectureComparisonsPolicies
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Access control
• The prevention of unauthorized use of a resource,including the prevention of use of a resource in anunauthorized manner
• Central element of computer security
• Assume we have users and groups authenticate to asystem and assign them access rights to certain resourceson system
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Access control principles
Authenticationfunction
Authentication
Auditing
Figure 4.1 Relationship Among Access Control and Other Security Functions
System resources
Authorizationdatabase
Security administrator
User
Access control
Accesscontrol
function
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Outline
1 IntroductionPoliciesRequirementsElements
2 Discretionary Access Control (DAC)The Basics
3 UNIXFile accessUser IDsACL
4 Role-based Access Control (RBAC)The BasicsVariationsRole Hierarchy & ConstraintsCase Study: Bank
5 Attribute-based Access Control (ABAC)The BasicsArchitectureComparisonsPolicies
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Access control policies
• Discretionary access control (DAC): based on theidentity of the requestor and access rules
• Mandatory access control (MAC): based on comparingsecurity labels with security clearances (mandatory: onewith access to a resource cannot pass to others)
• Role-based access control (RBAC): based on user roles
• Attribute-based access control: based on the attributesof the user, the resources and the current environment
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Outline
1 IntroductionPoliciesRequirementsElements
2 Discretionary Access Control (DAC)The Basics
3 UNIXFile accessUser IDsACL
4 Role-based Access Control (RBAC)The BasicsVariationsRole Hierarchy & ConstraintsCase Study: Bank
5 Attribute-based Access Control (ABAC)The BasicsArchitectureComparisonsPolicies
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Access Control Requirements
• Reliable input: a mechanism to authenticate
• Fine and coarse specifications: regulate access atvarying levels (e.g., an attribute or entire DB)
• Least privilege: min authorization to do its work
• Separation of duty: divide steps among differentindividuals
• Open and closed policies: accesses specificallyauthorized or all accesses except those prohibited
• Administrative policies: who can add, delete, modifyrules
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Outline
1 IntroductionPoliciesRequirementsElements
2 Discretionary Access Control (DAC)The Basics
3 UNIXFile accessUser IDsACL
4 Role-based Access Control (RBAC)The BasicsVariationsRole Hierarchy & ConstraintsCase Study: Bank
5 Attribute-based Access Control (ABAC)The BasicsArchitectureComparisonsPolicies
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Access Control Elements
Subject: entity that can access objects
• a process representing user/application
• often have 3 classes: owner, group, world
Object: access controlled resource
• e.g. files, directories, records, programs etc
• number/type depend on environment
Access right: way in which subject accesses an object
• e.g. read, write, execute, delete, create, search
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Outline
1 IntroductionPoliciesRequirementsElements
2 Discretionary Access Control (DAC)The Basics
3 UNIXFile accessUser IDsACL
4 Role-based Access Control (RBAC)The BasicsVariationsRole Hierarchy & ConstraintsCase Study: Bank
5 Attribute-based Access Control (ABAC)The BasicsArchitectureComparisonsPolicies
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Outline
1 IntroductionPoliciesRequirementsElements
2 Discretionary Access Control (DAC)The Basics
3 UNIXFile accessUser IDsACL
4 Role-based Access Control (RBAC)The BasicsVariationsRole Hierarchy & ConstraintsCase Study: Bank
5 Attribute-based Access Control (ABAC)The BasicsArchitectureComparisonsPolicies
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Discretionary Access Control
• Often provided using an access matrix
• lists subjects in one dimension (rows)
• lists objects in the other dimension (columns)
• each entry specifies access rights of the specified subjectto that object
• Access matrix is often sparse
• Can decompose by either row or column
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Access Control Structures
• Access control matrix
• Access control lists (decomposed by column)
• Capability tickets (decomposed by row)
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Access matrix and data structure
OwnReadWrite
ReadWrite
OwnReadWrite
OwnRW
AFile 1
•
Read
Read
Write Read
OwnReadWrite
OwnReadWrite
User A
User BSUBJECTS
OBJECTS
User C
File 2File 1
(a) Access matrix
Figure 4.2 Example of Access Control Structures
(b) Access control lists for files of part (a)
(c) Capability lists for files of part (a)
File 3 File 4
R
B
•
RW
C
File 1User C
•
R
File 2
•
RW
File 4
File 1User B
•
R W
File 2
• •
File 3 File 4Own
RW
BFile 2
•
R
C
OwnRW
OwnRW
OwnRW
OwnRW
File 1User A
•
File 3
OwnRW
AFile 3
•
W
B
OwnRW
B
R
File 4
•
C
R
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Alternate authorization table
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Access control model
control wakeup seek
owner
ownerwakeupreadowner
ownercontrol
execute
write stop
owner
control
control
read *
write *
* - copy flag set
seek *
S1
S2SUBJECTS
OBJECTS
subjects files processes disk drives
S3
S2S1
Figure 4.3 Extended Access Control Matrix
S3 F1 F2 P1 P2 D1 D2
Extend the universe of objects to include processes, devices,memory locations, subjects
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Access Control Function
Filesystem
Memoryaddressinghardware
Processmanager
Terminal& devicemanager
Instructiondecodinghardware
Accessmatrix
monitor
Accessmatrixwrite read
Files
Segments& pages
Processes
Terminal& devices
Instructions
delete β from Sp, Y (Sm, delete, β, Sp, Y)
(Sk, grant, α, Sn, X)grant α to Sn, X
Sm
wakeup P (Sj, wakeup, P)Sj
read F
Subjects Access control mechanisms
Figure 4.4 An Organization of the Access Control Function
Objects
(Si, read, F)Si
Sk
System intervention
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Outline
1 IntroductionPoliciesRequirementsElements
2 Discretionary Access Control (DAC)The Basics
3 UNIXFile accessUser IDsACL
4 Role-based Access Control (RBAC)The BasicsVariationsRole Hierarchy & ConstraintsCase Study: Bank
5 Attribute-based Access Control (ABAC)The BasicsArchitectureComparisonsPolicies
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
UNIX File Concepts
• UNIX files administered using inodes (index nodes)
• An inode:• control structure with key info on file (attributes,
permissions, . . . )• on a disk: an inode table for all files• when a file is opened, its inode is brought to RAM
• Directories form a hierarchical tree• may contain files or other directories• are a file of names and inode numbers
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Outline
1 IntroductionPoliciesRequirementsElements
2 Discretionary Access Control (DAC)The Basics
3 UNIXFile accessUser IDsACL
4 Role-based Access Control (RBAC)The BasicsVariationsRole Hierarchy & ConstraintsCase Study: Bank
5 Attribute-based Access Control (ABAC)The BasicsArchitectureComparisonsPolicies
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
UNIX File Access Control (Important)
Figure 4.5 UNIX File Access Control
(a) Traditional UNIX approach (minimal access control list)
rw- r-- ---Owner
class
Group cl
ass
Other cla
ss
user: :rw-
group::r--
other::---
(b) Extended access control list
maskedentries
rw- rw- ---Owner
class
Group cl
ass
Other cla
ss
user: :rw-
user:joe:rw-
group::r--mask::rw-
other::---
• Unique user identificationnumber (user ID)
• Member of a primary groupidentified by a group ID
• 12 protection bits• 9 specify read, write, and
execute permission for theowner of the file, members ofthe group and all other users
• 2 speficiy SetID, SetGID• 1 is the sticky bit (only owner
can remove, delete, . . . , adirectory)
• The owner ID, group ID, andprotection bits are part of thefile’s inode
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Outline
1 IntroductionPoliciesRequirementsElements
2 Discretionary Access Control (DAC)The Basics
3 UNIXFile accessUser IDsACL
4 Role-based Access Control (RBAC)The BasicsVariationsRole Hierarchy & ConstraintsCase Study: Bank
5 Attribute-based Access Control (ABAC)The BasicsArchitectureComparisonsPolicies
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
UNIX File Access Control
“set user ID”(SetUID) or “set group ID”(SetGID)
• system temporarily uses rights of the file owner/group inaddition to the real user’s rights when making accesscontrol decisions
• enables privileged programs to access files/resources notgenerally accessible
Sticky bit
• on directory limits rename/move/delete to owner
Superuser (su)
• is exempt from usual access control restrictions
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Outline
1 IntroductionPoliciesRequirementsElements
2 Discretionary Access Control (DAC)The Basics
3 UNIXFile accessUser IDsACL
4 Role-based Access Control (RBAC)The BasicsVariationsRole Hierarchy & ConstraintsCase Study: Bank
5 Attribute-based Access Control (ABAC)The BasicsArchitectureComparisonsPolicies
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
UNIX Access Control Lists
• Modern UNIX systems support ACLs: FreeBSD,OpenBSD, Linux, Solaris
• Can specify any number of additional users/groups andassociated rwx permissions
• When access is required• select most appropriate ACL
• owner, named users, owning/named groups, others
• Check if sufficient permissions for access
• When a process requests access to a file system object twosteps are performed:
• Step 1 selects the most appropriate ACL• Step 2 checks if the matching entry contains sufficient
permissions
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Outline
1 IntroductionPoliciesRequirementsElements
2 Discretionary Access Control (DAC)The Basics
3 UNIXFile accessUser IDsACL
4 Role-based Access Control (RBAC)The BasicsVariationsRole Hierarchy & ConstraintsCase Study: Bank
5 Attribute-based Access Control (ABAC)The BasicsArchitectureComparisonsPolicies
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Outline
1 IntroductionPoliciesRequirementsElements
2 Discretionary Access Control (DAC)The Basics
3 UNIXFile accessUser IDsACL
4 Role-based Access Control (RBAC)The BasicsVariationsRole Hierarchy & ConstraintsCase Study: Bank
5 Attribute-based Access Control (ABAC)The BasicsArchitectureComparisonsPolicies
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Role-Based Access Control
Role 1
Users Roles
Figure 4.6 Users, Roles, and Resources
Resources
Role 2
Role 3
• Access based onrole, not identity
• Many-to-manyrelationship betweenusers and roles
• Roles often static
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Role-Based Access Control
control wakeup seek
owner
ownerwakeupreadowner
ownercontrol
execute
write stop
owner
control
control
read *
write * seek *
R1
R2
RO
LES
OBJECTS
Rn
R2R1
Figure 4.7 Access Control Matrix Representation of RBAC
Rn
R2R1 Rn
F1 F1 P1 P2 D1 D2
U1
U2
U3
U4
U5
U6
Um
Role-users and roles-object access matrix
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Outline
1 IntroductionPoliciesRequirementsElements
2 Discretionary Access Control (DAC)The Basics
3 UNIXFile accessUser IDsACL
4 Role-based Access Control (RBAC)The BasicsVariationsRole Hierarchy & ConstraintsCase Study: Bank
5 Attribute-based Access Control (ABAC)The BasicsArchitectureComparisonsPolicies
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
General RBAC, Variations
A family of RBAC with four models
1 RBAC0: min functionality
2 RBAC1: RBAC0 plus role (permission) inheritance
3 RBAC2: RBAC0 plus constraints (restrictions)
4 RBAC3: RBAC0 plus all of the above
RBAC0 entities
• User: an individual (with UID) with access to system
• Role: a named job function (tells authority level)
• Permission: equivalent to access rights
• Session: a mapping between a user and set of roles towhich a user is assigned
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Role-Based Access Control
Permissions
(a) Relationship among RBAC models
(b) RBAC models
RBAC0Base model
RBAC3Consolidated model
RBAC1Role hierarchies
RBAC2Constraints
Figure 4.8 A Family of Role-Based Access Control Models.
Users
user_sessions session_roles
(UA) UserAssignment
(PA) PermissionAssignment
(RH) RoleHierarchy
Sessions
Objects
Oper-ations
Roles
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
RBAC
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Outline
1 IntroductionPoliciesRequirementsElements
2 Discretionary Access Control (DAC)The Basics
3 UNIXFile accessUser IDsACL
4 Role-based Access Control (RBAC)The BasicsVariationsRole Hierarchy & ConstraintsCase Study: Bank
5 Attribute-based Access Control (ABAC)The BasicsArchitectureComparisonsPolicies
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Example of role hierarchyDirector
Engineer 1 Engineer 2
Engineering Dept
Figure 4.9 Example of Role Hierarchy
Project Lead 1 Project Lead 2
ProductionEngineer 1
QualityEngineer 1
ProductionEngineer 2
QualityEngineer 2
• Director has most privileges
• Each role inherits all privileges from lower roles
• A role can inherit from multiple roles
• Additional privileges can be assigned to a role
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Constraints
A condition (restriction) on a role or between roles
• Mutually exclusive• role sets such that a user can be assigned to only one of
the role in the set• Any permission can be granted to only one role in the set
• Cardinality: set a maximum number (of users) wrt a role(e.g., a department chair role)
• Prerequisite role: a user can be assigned a role only if thatuser already has been assigned to some other role
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Outline
1 IntroductionPoliciesRequirementsElements
2 Discretionary Access Control (DAC)The Basics
3 UNIXFile accessUser IDsACL
4 Role-based Access Control (RBAC)The BasicsVariationsRole Hierarchy & ConstraintsCase Study: Bank
5 Attribute-based Access Control (ABAC)The BasicsArchitectureComparisonsPolicies
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Case study: RBAC system for a bank
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Case study: RBAC system for a bank
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Case study: RBAC system for a bank
Figure 4.14 Example of Access Control Administration
UserIDs
Human Resources Department Application Administration
Authorization Administration
Roles
Functions
Application
Role Application
AccessRight
PositionsAssigns
1 N M1-4
N M
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Outline
1 IntroductionPoliciesRequirementsElements
2 Discretionary Access Control (DAC)The Basics
3 UNIXFile accessUser IDsACL
4 Role-based Access Control (RBAC)The BasicsVariationsRole Hierarchy & ConstraintsCase Study: Bank
5 Attribute-based Access Control (ABAC)The BasicsArchitectureComparisonsPolicies
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Attribute-based access control
• Define authorizations that express conditions on propertiesof both the resource and the subject
• Each resource has an attribute (e.g., the subject thatcreated it)
• A single rule states ownership privileges for the creators
• Strength: its flexibility and expressive power
• Considerable interest in applying the model to cloudservices
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Outline
1 IntroductionPoliciesRequirementsElements
2 Discretionary Access Control (DAC)The Basics
3 UNIXFile accessUser IDsACL
4 Role-based Access Control (RBAC)The BasicsVariationsRole Hierarchy & ConstraintsCase Study: Bank
5 Attribute-based Access Control (ABAC)The BasicsArchitectureComparisonsPolicies
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Types of attributes
• Subject attributes
• Object attributes
• Environment attributes
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Subject attributes
• A subject is an active entity that causes information toflow among objects or changes the system state
• Attributes define the identity and characteristics of thesubject: Name, Organization, Job title
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Object attribute
• An object (or resource) is a passive informationsystem-related entity containing or receiving information
• Objects have attributes that can be leveraged to makeaccess control decisions: Title, Author, Date
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Environment attributes
• Describe the operational, technical, and even situationalenvironment or context in which the information accessoccurs
• Current date• Current virus/hacker activities• Network security level• Not associated with a resource or subject
• These attributes have so far been largely ignored in mostaccess control policies
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
ABAC
• Distinguishable because it controls access to objects byevaluating rules against the attributes of entities,operations, and the environment relevant to a request
• Systems are capable of enforcing DAC, RBAC, and MACconcepts
• Relies upon the evaluation of attributes of the subject,attributes of the object, and a formal relationship oraccess control rule defining the allowable operations forsubject-object attribute combinations in a givenenvironment
• Allows an unlimited number of attributes to be combinedto satisfy any access control rule
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Outline
1 IntroductionPoliciesRequirementsElements
2 Discretionary Access Control (DAC)The Basics
3 UNIXFile accessUser IDsACL
4 Role-based Access Control (RBAC)The BasicsVariationsRole Hierarchy & ConstraintsCase Study: Bank
5 Attribute-based Access Control (ABAC)The BasicsArchitectureComparisonsPolicies
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
ABAC Logical Architecture
Figure 4.10 Simple ABAC Scenario
1
2a
2b2c
2d
3
Access ControlPolicy
Subject Attributes ObjectAttributes
Access ControlMechanism
DecisionEnforce
EnvironmentalConditions
Affiliation
ClearanceName
Etc. Classification
OwnerType
Etc.
Rules
Subject
Object
• A subject requests accessto an object
• AC is governed by a set ofrules (2a): assesses theattr of subject (2b), object(2c) and env (2d)
• AC grants subject accessto object if authorized
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Outline
1 IntroductionPoliciesRequirementsElements
2 Discretionary Access Control (DAC)The Basics
3 UNIXFile accessUser IDsACL
4 Role-based Access Control (RBAC)The BasicsVariationsRole Hierarchy & ConstraintsCase Study: Bank
5 Attribute-based Access Control (ABAC)The BasicsArchitectureComparisonsPolicies
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
ACL vs ABAC trust relationships
ProperCredential Issuance
Credential Validation
NetworkAuthentication
Object Access Rule Enforcement
Access Provisioning
Group Management
NetworkCredential
Digital IdentityProvisioning
Strength ofCredential Protection
PhysicalAccess
Figure 4.11 ACL and ABAC Trust Relationships
(a) ACL Trust Chain
IdentityCredential
Subject ObjectAuthentication
Network Access Access Control List
Access ControlDecision
Access ControlEnforcement
ProperCredential Issuance
Credential Validation
NetworkAuthentication
AuthoritativeObject Attributes
Object Access Rule Enforcement
Access Provisioning
Group Management
NetworkCredential
Digital IdentityProvisioning
Strength ofCredential Protection
PhysicalAccess
(b) ABAC Trust Chain
Authoritative SubjectAttribute Stores
Attribute Provisioning
Attribute Integrity
Common SubjectAttribute Taxonomy
Common ObjectAttribute Taxonomy
Attribute Integrity
IdentityCredential
SubjectAttributes
ObjectAttributes
Subject ObjectAuthentication
Network Access Rules
Access ControlDecision
Access ControlEnforcement
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
ACL vs ABAC trust relationships
ProperCredential Issuance
Credential Validation
NetworkAuthentication
Object Access Rule Enforcement
Access Provisioning
Group Management
NetworkCredential
Digital IdentityProvisioning
Strength ofCredential Protection
PhysicalAccess
Figure 4.11 ACL and ABAC Trust Relationships
(a) ACL Trust Chain
IdentityCredential
Subject ObjectAuthentication
Network Access Access Control List
Access ControlDecision
Access ControlEnforcement
ProperCredential Issuance
Credential Validation
NetworkAuthentication
AuthoritativeObject Attributes
Object Access Rule Enforcement
Access Provisioning
Group Management
NetworkCredential
Digital IdentityProvisioning
Strength ofCredential Protection
PhysicalAccess
(b) ABAC Trust Chain
Authoritative SubjectAttribute Stores
Attribute Provisioning
Attribute Integrity
Common SubjectAttribute Taxonomy
Common ObjectAttribute Taxonomy
Attribute Integrity
IdentityCredential
SubjectAttributes
ObjectAttributes
Subject ObjectAuthentication
Network Access Rules
Access ControlDecision
Access ControlEnforcement
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
Outline
1 IntroductionPoliciesRequirementsElements
2 Discretionary Access Control (DAC)The Basics
3 UNIXFile accessUser IDsACL
4 Role-based Access Control (RBAC)The BasicsVariationsRole Hierarchy & ConstraintsCase Study: Bank
5 Attribute-based Access Control (ABAC)The BasicsArchitectureComparisonsPolicies
Introduction
Policies
Requirements
Elements
DiscretionaryAccessControl (DAC)
The Basics
UNIX
File access
User IDs
ACL
Role-basedAccess Control(RBAC)
The Basics
Variations
Role Hierarchy& Constraints
Case Study:Bank
Attribute-based AccessControl(ABAC)
The Basics
Architecture
Comparisons
Policies
ABAC Policies
• A policy is a set of rules and relationships that governallowable behavior within an organization, based on theprivileges of subjects and how resources or objects are tobe protected under which environment conditions
• Typically written from the perspective of the object thatneeds protecting and the privileges available to subjects
• Privileges represent the authorized behavior of a subjectand are defined by an authority and embodied in a policy
• Other terms commonly used instead of privileges are:rights, authorizations, and entitlements