ENGINEERING AUTHORITY AND TRUST IN CYBERSPACE:

1
ENGINEERING AUTHORITY AND TRUST IN CYBERSPACE A
ROLE-BASED APPROACH
Prof. Ravi Sandhu Laboratory for Information
Security Technology George Mason
University sandhu_at_gmu.edu www.list.gmu.edu
2
AUTHORIZATION, TRUST AND RISK

• Information security management is fundamentally
  about managing
• authorization and
• trust
• so as to manage risk

3
ENGINEERING AUTHORITY TRUST4 LAYERS

• Policy
• Model
• Architecture
• Mechanism

4
ENGINEERING AUTHORITY TRUST4 LAYERS
Multilevel Security
No information leakage Lattices
(Bell-LaPadula) Security kernel Security labels
5
ENGINEERING AUTHORITY TRUST4 LAYERS
Role-Based Access Control (RBAC)
Policy neutral RBAC96 user-pull, server-pull,
etc. certificates, tickets, PACs, etc.
6
ROLE-BASED ACCESS CONTROL (RBAC)

• A users permissions are determined by the users
  roles
• rather than identity or clearance
• roles can encode arbitrary attributes
• multi-faceted
• ranges from very simple to very sophisticated

7
RBAC SECURITY PRINCIPLES

• least privilege
• separation of duties
• separation of administration and access
• abstract operations

8
RBAC96IEEE Computer Feb. 1996

• Policy neutral
• can be configured to do MAC
• roles simulate clearances (ESORICS 96)
• can be configured to do DAC
• roles simulate identity (RBAC98)

9
RBAC96 FAMILY OF MODELS
RBAC3 ROLE HIERARCHIES CONSTRAINTS
RBAC0 BASIC RBAC
10
RBAC0
11
RBAC1
ROLE HIERARCHIES
USER-ROLE ASSIGNMENT
PERMISSION-ROLE ASSIGNMENT
ROLES
USERS
PERMISSIONS
SESSIONS
12
HIERARCHICAL ROLES
Primary-Care Physician
Specialist Physician
Physician
Health-Care Provider
13
EXAMPLE ROLE HIERARCHY
Director (DIR)
Project Lead 1 (PL1)
Project Lead 2 (PL2)
Production 1 (P1)
Quality 1 (Q1)
Production 2 (P2)
Quality 2 (Q2)
Engineer 1 (E1)
Engineer 2 (E2)
Engineering Department (ED)
PROJECT 2
PROJECT 1
Employee (E)
14
RBAC3
ROLE HIERARCHIES
USER-ROLE ASSIGNMENT
PERMISSIONS-ROLE ASSIGNMENT
ROLES
USERS
PERMISSIONS
SESSIONS
CONSTRAINTS
15
ADMINISTRATIVE RBAC
ROLES
PERMISSIONS
USERS
CONSTRAINTS
ADMIN ROLES
ADMIN PERMISSIONS
16
EXAMPLE ROLE HIERARCHY
Director (DIR)
Project Lead 1 (PL1)
Project Lead 2 (PL2)
Production 1 (P1)
Quality 1 (Q1)
Production 2 (P2)
Quality 2 (Q2)
Engineer 1 (E1)
Engineer 2 (E2)
Engineering Department (ED)
PROJECT 2
PROJECT 1
Employee (E)
17
EXAMPLE ADMINISTRATIVE ROLE HIERARCHY
Senior Security Officer (SSO)
Department Security Officer (DSO)
Project Security Officer 1 (PSO1)
Project Security Officer 2 (PSO2)
18
RBAC PARAMETERS

• RBAC has many facets, including
• number of roles large or small
• flat roles versus hierarchical roles
• permission-role review capability
• static separation of duties
• dynamic separation of duties
• role-activation capability
• at least 64 variations

19
NIST RBAC MODELin progress

• Level 1 flat RBAC
• user-role review
• Level 2 hierarchical RBAC
• plus role hierarchies
• Level 3 constrained RBAC
• plus separation constraints
• Level 4 true RBAC
• plus permission-role review

20
CLASS I SYSTEMSENFORCEMENT ARCHITECTURE
Client
Server
21
CLASS I SYSTEMSADMINISTRATION ARCHITECTURE
Server1
Administrative Client
Server2
Authorization Center
ServerN
22
CLASS II SYSTEMSSERVER-PULL
Client
Server
Authorization Server
Authentication Server
23
CLASS II SYSTEMSUSER-PULL
Client
Server
Authorization Server
Authentication Server
24
RD IN INTERNET TIME

• new technology needs to be developed and deployed
  continuously in the very short term
• need focused applied research
• need synergy between Universities and Industry