Title: Ravi Sandhu
1Role-Based Administration of User-Role
AssignmentThe URA97 Model and its Oracle
Implementation
- Ravi Sandhu
- Venkata Bhamidipati
- Laboratory for Information Security Technology
(LIST) - George Mason University
2OUTLINE
- RBAC96 review
- URA97 model
- URA97 Oracle implementation
- Closing remarks
3RBAC96
ROLES
PERMISSIONS
USERS
CONSTRAINTS
SESSIONS
ADMIN ROLES
ADMIN PERMISSIONS
4RBAC96 RBAC0
ROLES
PERMISSIONS
USERS
SESSIONS
5RBAC96 RBAC1
ROLES
PERMISSIONS
USERS
SESSIONS
6RBAC96 RBAC2
ROLES
PERMISSIONS
USERS
CONSTRAINTS
SESSIONS
7RBAC96 RBAC3
ROLES
PERMISSIONS
USERS
CONSTRAINTS
SESSIONS
8RBAC96
ROLES
PERMISSIONS
USERS
CONSTRAINTS
SESSIONS
ADMIN ROLES
ADMIN PERMISSIONS
9RBAC96
10SCALE AND RATE OF CHANGE
- roles 100s or 1000s
- users 1000s or 10,000s or more
- Frequent changes to
- user-role assignment
- permission-role assignment
- Less frequent changes for
- role hierarchy
11ADMINISTRATIVE RBAC
- user-role assignment
- permission-role assignment
- role-role hierarchy
12EXAMPLE ROLE HIERARCHY
Director (DIR)
Project Lead 1 (PL1)
Project Lead 2 (PL2)
Production 1 (P1)
Quality 1 (Q1)
Production 2 (P2)
Quality 2 (Q2)
Engineer 1 (E1)
Engineer 2 (E2)
Engineering Department (ED)
PROJECT 2
PROJECT 1
Employee (E)
13EXAMPLE ADMINISTRATIVE ROLE HIERARCHY
Senior Security Officer (SSO)
Department Security Officer (DSO)
Project Security Officer 1 (PSO1)
Project Security Officer 2 (PSO2)
14URA97 GRANT MODELcan-assign
- ARole Prereq Role Role Range
- PSO1 ED E1,PL1)
- PSO2 ED E2,PL2)
- DSO ED (ED,DIR)
- SSO E ED,ED
- SSO ED (ED,DIR
15URA97 GRANT MODEL can-assign
- ARole Prereq Cond Role Range
- PSO1 ED E1,E1
- PSO1 ED P1 Q1,Q1
- PSO1 ED Q1 P1,P1
- PSO2 ED E2,E2
- PSO2 ED P2 Q2,Q2
- PSO2 ED Q2 P2,P2
16URA97 GRANT MODEL
- redundant assignments to senior and junior
roles - are allowed
- are useful
17URA97 REVOKE MODEL
- WEAK REVOCATION
- revokes explicit membership in a role
- independent of who did the assignment
18URA97 REVOKE MODEL
- STRONG REVOCATION
- revokes explicit membership in a role and its
seniors - authorized only if corresponding weak revokes are
authorized - alternatives
- all-or-nothing
- revoke within range
19URA97 REVOKE MODEL can-revoke
- ARole Role Range
- PSO1 E1,PL1)
- PSO2 E2,PL2)
- DSO (ED,DIR)
- SSO ED,DIR
20ORACLE ROLES
- support RBAC1
- administrative model has strong discretionary
flavor - administrative authority on role implies
- can grant role to any user or role
- can grant role to any role
- anyone with grant option on a permission can
grant it to any role
21URA97 IN ORACLE
- administrative option for all roles is retained
solely with DBA - never given to any user
- use generic stored procedures with URA97
can-assign and can-revoke implemented as relations
22URA97 IN ORACLE
- Oracle primitives for traversing role hierarchy
need to be extended
23can-assign in dnfER DIAGRAM
CAN_ASSIGN
CAN_ASSIGN2
Admin Role PreCondition Min_Int Min Role Max
Role Max_Int
PreCondition AND set name NOT set name
CAN_ASSIGN4
CAN_ASSIGN3
NOT set name NOT roles
AND set name AND roles
24can-revokeRELATION
CAN_REVOKE
Admin Role Min_Int Min Role Max Role Max_Int
25ORACLE STORED PROCEDURES
- can extend Oracle access control model
- limitation
- stored procedure can determine who the user is
BUT - cannot determine active roles of the user
26URA97 STORED PROCEDURES
- ASSIGN(user, trole, arole)
- WEAK_REVOKE(user, trole, arole)
- STRONG_REVOKE(user, trole, arole)
- user user being added to trole
- trole target role
- arole administrative role used for this
operation - due to Oracle limitations
27CLOSING REMARKSPREVIEW OF WORK IN PROGRESS
- user-role assignment
- URA97 and Oracle, this paper
- other platforms
- permission-role assignment
- PRA97, dual of URA97
- Oracle implementation
28CLOSING REMARKSPREVIEW OF WORK IN PROGRESS
- role-role hierarchy
- user-only roles (groups) like URA97
- permission-only roles like PRA97
- user and permission roles RRA97