Improvement on Role Based Access Control model - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

Improvement on Role Based Access Control model

Description:

It naturally supports delegation of access permissions. Definition & Classification ... PA: R P, UA: U R, user: S U, role: S 2R ... – PowerPoint PPT presentation

Number of Views:27
Avg rating:3.0/5.0
Slides: 13
Provided by: She4164
Category:

less

Transcript and Presenter's Notes

Title: Improvement on Role Based Access Control model


1
Improvement on Role Based Access Control model
  • Wei Guan

2
Introduction
  • RBAC model is capable of expressing policies
    especially suited for commercial applications.
  • It can easily mirror an organizations structure
    and encourage well-structured access control
    policies.
  • It provides a powerful mechanism for reducing the
    complexity, cost and potential errors of
    assigning users permissions within the
    organization
  • It naturally supports delegation of access
    permissions.

3
Definition Classification
  • Sets U, R, P, and S
  • PA R? P, UA U? R, user S? U, role S? 2R
  • Administration cost of RBAC is reduced from a
    factor of UP to a factor of UP !
  • RBAC0 the basic model described above.
  • RBAC1 RBAC0 with role hierarchies, including
    limited inheritance achieved by introducing
    private roles.
  • RBAC2 RBAC0 with constraints on user/role,
    role/role, and/or role, permission associations.
  • RBAC3 consolidation model combining RBAC1 and
    RBAC2, thus arising issue in applying constraints
    to role hierarchy

4
Definition2
5
Specification Language RBAC96
6
RSL99 separation of duty
7
RCL2000 constraints
  • Prohibition Constraints forbid the RBAC
    components from doing (or being) something not
    allowed based on organization policy.
  • Obligation Constraints force RBAC component to
    do (or be) something allowed or required based on
    organizational policy.
  • Cardinality Constraints limitation on the number
    of users, roles and sessions.

8
Temporal RBAC
  • Periodic events in form of (I, P, pE)
  • Role triggers in form of
  • E1, , En, C1, , Ck ? pE after ?t
  • Requirement can be expressed as follows
  • (4/19/2004, day-time, VH activate
    doctor-on-daytime-duty)
  • TRBAC model only considers time factors from
    roles perspective, so it cannot express timing
    constraints in terms of protected objects, or
    relationships between roles and protected sources.

9
Relationships between Entities
  • Enumeration involves a manual (and often static)
    specification of the subset of instances.
  • Object grouping involves creating groups of
    instances of the same class. A role-member
    acquires the associated permissions only for a
    specific set of such groups.
  • Constraints conditions that an object must
    satisfy in order to perform an operation, which
    involve security-relevant parameters of the
    operation, i.e. environment information, or state
    contained in the target object.

10
Proposal Model
  • Entity users, roles, objects (protected data,
    time duration, creator, owner) or their
    combinations.
  • Relationship such as role hierarchy, separation
    of duty, and cardinality constraints, etc.
  • Context a collection of state information in
    form of (location, time duration, relationship
    between entities).
  • Permissions approvals to perform an operation.
  • Assignment Functions AR U ? R and AP RCO ?
    P.
  • This model can easily represent the example such
    as affiliation of user, location and time,
    relationship among entities in healthcare field.

11
Future work
  • provide a specification language that isolate the
    security concerns from other function
    requirements, and allow it to be implementation
    and application independent.
  • extend it to deal with circumstances in
    healthcare domain which didnt support by current
    RBACs.
  • modify on current definition of the model after
    analysis on its administrator cost compared with
    its capability
  • give a formal semantics for detecting
    inconsistent and infeasible security policies
    before deploying them.

12
Reference
  • Shangping Ren. a Model and a Specification
    Language for Context Dependent information Access
    Control in Healthcare domain, proposal at IIT,
    Mar. 2004
  • R. S. Sandhu, E.J.Coyne, H.L.Feistein, and C.E.
    Youman. Role Based Access Control Models. IEEE,
    Feb. 1996
  • Gail-Joon Ahn, Ravi Sandhu. the RSL99 Language
    for Role-based Separation of Duty Constraints,
    ACM, 1999
  • Gail-Joon Ahn. Specification and Classification
    of Role-based Authorization Policies, IEEE
    international Workshops, 2003
  • Bertino E., Bonatti P., Ferrari E. TRBAC A
    Temporal Role-based Access Control Model. ACM,
    2001
  • J. Barkley, et al. Supporting Relationships in
    Access Control Using Role Based Access Control,
    ACM workshop, Oct. 1999
  • Arun Kumar, Neeran Karnik, Girish Chafle,
    Context Sensitivity in Role-based Access
    Control, IBM India Research Laboratory, 2002
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Improvement on Role Based Access Control model" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!