arbac99 (model for administration of roles) ravi sandhu qamar munawer george mason university...
TRANSCRIPT
![Page 1: ARBAC99 (Model for Administration of Roles) Ravi Sandhu Qamar Munawer George Mason University Laboratory for Information Security Technology](https://reader036.vdocument.in/reader036/viewer/2022081414/551463a2550346494e8b5a4d/html5/thumbnails/1.jpg)
ARBAC99 (Model for Administration of Roles)
Ravi Sandhu
Qamar Munawer
George Mason University
Laboratory for Information Security Technology
www.list.gmu.edu
![Page 2: ARBAC99 (Model for Administration of Roles) Ravi Sandhu Qamar Munawer George Mason University Laboratory for Information Security Technology](https://reader036.vdocument.in/reader036/viewer/2022081414/551463a2550346494e8b5a4d/html5/thumbnails/2.jpg)
2© Ravi Sandhu 1999
RBAC96 (simplified)
ROLES
USER-ROLEASSIGNMENT
PERMISSIONS-ROLEASSIGNMENT
USERS PERMISSIONS
ROLE HIERARCHIES
![Page 3: ARBAC99 (Model for Administration of Roles) Ravi Sandhu Qamar Munawer George Mason University Laboratory for Information Security Technology](https://reader036.vdocument.in/reader036/viewer/2022081414/551463a2550346494e8b5a4d/html5/thumbnails/3.jpg)
3© Ravi Sandhu 1999
ARBAC97 DECENTRALIZES
user-role assignment (URA97) permission-role assignment (PRA97) role-role hierarchy (RRA99)
![Page 4: ARBAC99 (Model for Administration of Roles) Ravi Sandhu Qamar Munawer George Mason University Laboratory for Information Security Technology](https://reader036.vdocument.in/reader036/viewer/2022081414/551463a2550346494e8b5a4d/html5/thumbnails/4.jpg)
4© Ravi Sandhu 1999
ARBAC99 EXTENDS ARBAC97
URA99 mobile and immobile membership prerequisite-based revocation
PRA99 dual of URA99
RRA99 no change
![Page 5: ARBAC99 (Model for Administration of Roles) Ravi Sandhu Qamar Munawer George Mason University Laboratory for Information Security Technology](https://reader036.vdocument.in/reader036/viewer/2022081414/551463a2550346494e8b5a4d/html5/thumbnails/5.jpg)
5© Ravi Sandhu 1999
EXAMPLE ROLE HIERARCHY
Employee (E)
Engineering Department (ED)
Project Lead 1(PL1)
Engineer 1(E1)
Production 1(P1)
Quality 1(Q1)
Director (DIR)
Project Lead 2(PL2)
Engineer 2(E2)
Production 2(P2)
Quality 2(Q2)
PROJECT 2PROJECT 1
![Page 6: ARBAC99 (Model for Administration of Roles) Ravi Sandhu Qamar Munawer George Mason University Laboratory for Information Security Technology](https://reader036.vdocument.in/reader036/viewer/2022081414/551463a2550346494e8b5a4d/html5/thumbnails/6.jpg)
6© Ravi Sandhu 1999
EXAMPLE ADMINISTRATIVE ROLE HIERARCHY
Senior Security Officer (SSO)
Department Security Officer (DSO)
Project SecurityOfficer 1 (PSO1)
Project SecurityOfficer 2 (PSO2)
![Page 7: ARBAC99 (Model for Administration of Roles) Ravi Sandhu Qamar Munawer George Mason University Laboratory for Information Security Technology](https://reader036.vdocument.in/reader036/viewer/2022081414/551463a2550346494e8b5a4d/html5/thumbnails/7.jpg)
7© Ravi Sandhu 1999
Motivation for ARBAC99
URA97 consequences Users can use permissions of the role
and junior roles. User become eligible for assignment to
other roles.
![Page 8: ARBAC99 (Model for Administration of Roles) Ravi Sandhu Qamar Munawer George Mason University Laboratory for Information Security Technology](https://reader036.vdocument.in/reader036/viewer/2022081414/551463a2550346494e8b5a4d/html5/thumbnails/8.jpg)
8© Ravi Sandhu 1999
Motivation for ARBAC99
Examples that require decomposition of these two aspects: trainee visitor consultant
![Page 9: ARBAC99 (Model for Administration of Roles) Ravi Sandhu Qamar Munawer George Mason University Laboratory for Information Security Technology](https://reader036.vdocument.in/reader036/viewer/2022081414/551463a2550346494e8b5a4d/html5/thumbnails/9.jpg)
9© Ravi Sandhu 1999
New Concepts in URA99
Mobile Users: user ‘u’ can use permissions of role x and
administrative role can use this membership to put user ‘u’ in another role.
Immobile Users: user ‘u’ can use permissions of role x but
administrative role cannot use this membership to put user ‘u’ in another role.
![Page 10: ARBAC99 (Model for Administration of Roles) Ravi Sandhu Qamar Munawer George Mason University Laboratory for Information Security Technology](https://reader036.vdocument.in/reader036/viewer/2022081414/551463a2550346494e8b5a4d/html5/thumbnails/10.jpg)
10© Ravi Sandhu 1999
URA99 Model
Builds upon the concept of mobile and immobile membership of users.
To formalize this we consider a role x as consisting of two sub-roles Mx and IMx.
The membership in Mx in mobile where as in IMx is immobile.
![Page 11: ARBAC99 (Model for Administration of Roles) Ravi Sandhu Qamar Munawer George Mason University Laboratory for Information Security Technology](https://reader036.vdocument.in/reader036/viewer/2022081414/551463a2550346494e8b5a4d/html5/thumbnails/11.jpg)
11© Ravi Sandhu 1999
Role in URA99
Definition: For a given set of roles R1 we define a role in URA99 as R = {Mx, IMx | x R1}
![Page 12: ARBAC99 (Model for Administration of Roles) Ravi Sandhu Qamar Munawer George Mason University Laboratory for Information Security Technology](https://reader036.vdocument.in/reader036/viewer/2022081414/551463a2550346494e8b5a4d/html5/thumbnails/12.jpg)
12© Ravi Sandhu 1999
User Memberships in URA99
There are four kinds of user-role memberships in URA99. Explicit Mobile Member EMx
u EMx (u, Mx) UA
Explicit Immobile Member EIMx u EIMx (u, IMx) UA
Implicit Mobile Member ImMx u ImMx ( x’ > x) (u, Mx’) UA
Implicit Immobile Member ImIMx u ImIMx ( x’ > x) (u, IMx’) UA
![Page 13: ARBAC99 (Model for Administration of Roles) Ravi Sandhu Qamar Munawer George Mason University Laboratory for Information Security Technology](https://reader036.vdocument.in/reader036/viewer/2022081414/551463a2550346494e8b5a4d/html5/thumbnails/13.jpg)
13© Ravi Sandhu 1999
Precedence Rule in URA99
URA99 allows a user to have all four kinds of memberships in a role at the same time.
only one will be effective by the following strict precedence rule EMx > EIMx > ImMx > ImIMx
![Page 14: ARBAC99 (Model for Administration of Roles) Ravi Sandhu Qamar Munawer George Mason University Laboratory for Information Security Technology](https://reader036.vdocument.in/reader036/viewer/2022081414/551463a2550346494e8b5a4d/html5/thumbnails/14.jpg)
14© Ravi Sandhu 1999
Inheritance of Mobility and Immobility
X1
X2
X1
X3
X2 X3
X1 X2
Single Multiple Divergent
![Page 15: ARBAC99 (Model for Administration of Roles) Ravi Sandhu Qamar Munawer George Mason University Laboratory for Information Security Technology](https://reader036.vdocument.in/reader036/viewer/2022081414/551463a2550346494e8b5a4d/html5/thumbnails/15.jpg)
15© Ravi Sandhu 1999
Prerequisite condition for URA99 Grant Model
URA97 prerequisite condition is quite straight forward.
In URA99 it is evaluated for a user u by interpreting x to be true if u EMx ( u ImMx u EIMx)
and x to be true if u EMx uEIMx uImMx uImIMx
![Page 16: ARBAC99 (Model for Administration of Roles) Ravi Sandhu Qamar Munawer George Mason University Laboratory for Information Security Technology](https://reader036.vdocument.in/reader036/viewer/2022081414/551463a2550346494e8b5a4d/html5/thumbnails/16.jpg)
16© Ravi Sandhu 1999
Can-assign relations for URA99 Grant Model
Assignment as Mobile membership is authorized by can-assign-M AR CR 2R
Assignment as Immobile membership is authorized by can-assign-IM AR CR 2R
![Page 17: ARBAC99 (Model for Administration of Roles) Ravi Sandhu Qamar Munawer George Mason University Laboratory for Information Security Technology](https://reader036.vdocument.in/reader036/viewer/2022081414/551463a2550346494e8b5a4d/html5/thumbnails/17.jpg)
17© Ravi Sandhu 1999
EXAMPLE ROLE HIERARCHY
Employee (E)
Engineering Department (ED)
Project Lead 1(PL1)
Engineer 1(E1)
Production 1(P1)
Quality 1(Q1)
Director (DIR)
Project Lead 2(PL2)
Engineer 2(E2)
Production 2(P2)
Quality 2(Q2)
PROJECT 2PROJECT 1
![Page 18: ARBAC99 (Model for Administration of Roles) Ravi Sandhu Qamar Munawer George Mason University Laboratory for Information Security Technology](https://reader036.vdocument.in/reader036/viewer/2022081414/551463a2550346494e8b5a4d/html5/thumbnails/18.jpg)
18© Ravi Sandhu 1999
EXAMPLE ADMINISTRATIVE ROLE HIERARCHY
Senior Security Officer (SSO)
Department Security Officer (DSO)
Project SecurityOfficer 1 (PSO1)
Project SecurityOfficer 2 (PSO2)
![Page 19: ARBAC99 (Model for Administration of Roles) Ravi Sandhu Qamar Munawer George Mason University Laboratory for Information Security Technology](https://reader036.vdocument.in/reader036/viewer/2022081414/551463a2550346494e8b5a4d/html5/thumbnails/19.jpg)
19© Ravi Sandhu 1999
Can-assign-M
Admin. Role Pre. Cond. Role RangePSO1 ED [E,PL1)PSO2 ED [E2,PL2)DSO ED PL2 [PL1,PL1]DSO ED PL1 [PL2,PL2]SSO ED (D,DIR]SSO E [ED,ED]
![Page 20: ARBAC99 (Model for Administration of Roles) Ravi Sandhu Qamar Munawer George Mason University Laboratory for Information Security Technology](https://reader036.vdocument.in/reader036/viewer/2022081414/551463a2550346494e8b5a4d/html5/thumbnails/20.jpg)
20© Ravi Sandhu 1999
Can-assign-IM
Admin. Role Pre. Cond. Role RangePSO1 ED [E,PL1)PSO2 ED [E2,PL2)DSO ED PL2 [PL1,PL1]DSO ED PL1 [PL2,PL2]SSO ED (D,DIR]SSO E [ED,ED]DSO E [ED,ED]
![Page 21: ARBAC99 (Model for Administration of Roles) Ravi Sandhu Qamar Munawer George Mason University Laboratory for Information Security Technology](https://reader036.vdocument.in/reader036/viewer/2022081414/551463a2550346494e8b5a4d/html5/thumbnails/21.jpg)
21© Ravi Sandhu 1999
URA99 Grant Model authorizations
no implication in general that authority to grant mobile membership implies authority to grant immobile memberships.
![Page 22: ARBAC99 (Model for Administration of Roles) Ravi Sandhu Qamar Munawer George Mason University Laboratory for Information Security Technology](https://reader036.vdocument.in/reader036/viewer/2022081414/551463a2550346494e8b5a4d/html5/thumbnails/22.jpg)
22© Ravi Sandhu 1999
URA99 - Revoke Model
URA99 revoke model fixes a lack of symmetry between grant and revoke models.
It deals with revocation of mobile and immobile memberships.
URA99 introduces two relations to authorize revocation.
![Page 23: ARBAC99 (Model for Administration of Roles) Ravi Sandhu Qamar Munawer George Mason University Laboratory for Information Security Technology](https://reader036.vdocument.in/reader036/viewer/2022081414/551463a2550346494e8b5a4d/html5/thumbnails/23.jpg)
23© Ravi Sandhu 1999
Can-revoke relations for URA99 Revoke Model
Revocation as Mobile membership is authorized by can-revoke-M AR CR 2R
Revocation as Immobile membership is authorized by can-revoke-IM AR CR 2R
![Page 24: ARBAC99 (Model for Administration of Roles) Ravi Sandhu Qamar Munawer George Mason University Laboratory for Information Security Technology](https://reader036.vdocument.in/reader036/viewer/2022081414/551463a2550346494e8b5a4d/html5/thumbnails/24.jpg)
24© Ravi Sandhu 1999
Can-revoke-M
Admin. Role Prereq. Role Role RangePSO1 E [E,PL1)PSO2 E [E2,PL2)DSO E [ED,DIR]SSO E [ED,DIR]
PSO1 E1 [E2,PL2)PSO2 E2 [E1,PL1)
![Page 25: ARBAC99 (Model for Administration of Roles) Ravi Sandhu Qamar Munawer George Mason University Laboratory for Information Security Technology](https://reader036.vdocument.in/reader036/viewer/2022081414/551463a2550346494e8b5a4d/html5/thumbnails/25.jpg)
25© Ravi Sandhu 1999
Can-revoke-IM
Admin. Role Prereq. Role Role RangePSO1 E [E,PL1)PSO2 E [E2,PL2)DSO E [ED,DIR]SSO E [ED,DIR]
PSO1 E1 [E2,PL2)PSO1 E2 [E1,PL1)DSO E [ED,ED]
![Page 26: ARBAC99 (Model for Administration of Roles) Ravi Sandhu Qamar Munawer George Mason University Laboratory for Information Security Technology](https://reader036.vdocument.in/reader036/viewer/2022081414/551463a2550346494e8b5a4d/html5/thumbnails/26.jpg)
26© Ravi Sandhu 1999
Prerequisite condition for URA99 - Revoke Model
For revoke model we do not distinguish the mobile and immobile memberships
We interpret x to be true iff u EMx u ImMx u IMx u ImIMx
and x to be true iff u Emx u EIMx u ImMx u ImIMx
![Page 27: ARBAC99 (Model for Administration of Roles) Ravi Sandhu Qamar Munawer George Mason University Laboratory for Information Security Technology](https://reader036.vdocument.in/reader036/viewer/2022081414/551463a2550346494e8b5a4d/html5/thumbnails/27.jpg)
27© Ravi Sandhu 1999
Relation between URA97 and URA99
If all users are restricted to be mobile then URA99 is identical with URA97.
This can be achieved by setting can-assign-IM and can-revoke-IM to be empty.
![Page 28: ARBAC99 (Model for Administration of Roles) Ravi Sandhu Qamar Munawer George Mason University Laboratory for Information Security Technology](https://reader036.vdocument.in/reader036/viewer/2022081414/551463a2550346494e8b5a4d/html5/thumbnails/28.jpg)
28© Ravi Sandhu 1999
PRA99 - Model
Like user, permissions can also be assigned to roles as mobile and immobile.
PRA99 is exact dual of URA99. In PRA99 the implicit permission is
inherited upwards in the hierarchy.
![Page 29: ARBAC99 (Model for Administration of Roles) Ravi Sandhu Qamar Munawer George Mason University Laboratory for Information Security Technology](https://reader036.vdocument.in/reader036/viewer/2022081414/551463a2550346494e8b5a4d/html5/thumbnails/29.jpg)
29© Ravi Sandhu 1999
Conclusion
ARBAC99 is first model that incorporates mobile and immobile users and permissions
Basic intuition of ARBAC97 is not altered
It is a useful extension to ARBAC97