Inheritance Properties of Role HierarchiesAbout MeOutlineRole Based Access ControlStatic vs. DynamicModel ElementsRelationsPermissionsSlide 9Mapping & RelationsStatic PropertiesCardinalityStatic Separation of DutyStatic Operational Separation of DutyDynamic PropertiesSlide 16Role ActivationDynamic CardinalityDynamic Separation of DutyDynamic Operational Separation of DutyRole HierarchySlide 22Effective RolesRole Hierarchy ImplicationsMore ImplicationsSeparation of Duty Hierarchical ConsistencySeparation of Duty InheritanceSummaryPaperQuestions?Presented by Dustin BurkeSenior in Computer Science (4th Year)Specializing in Graphics and VisualizationGraduating in May, 2008Lived in Atlanta area my entire lifeTravel for roller coastersWhat are roles and why are they important?Model ElementsMappings & RelationsStatic and Dynamic PropertiesRole HierarchiesImplicationsRole - is an organizational identity that defines a set of allowable actions for an authorized userRBAC mechanisms rely on role constructs to mediate a user’s access to computational resourcesRole hierarchy – overall set of capability relationships which can be represented as a directed acyclic graphProperties of this model fall into either a static or a dynamic category◦Static – deals mainly with constraints on role membership◦Dynamic – deals with constraints on role activationUser – people who use the systemSubject – active entities of the system operating within roles on behalf of usersRole –named duties within an organizationOperation – set of access modes permittedObject – passive entities protected from unauthorized usePermission – set of ordered operation/object pairsTernary relationship between Role, Operation, and Object is broken downConforms with privileges found in present day information systemsCan represent a broad range of access controls◦Basic read/write/execute rights on a file◦Administrative rights for OS commandsDepends on contextMore specific mappings refine the general relationships in the previous diagrams◦authorized-roles[u]Roles authorized for user u◦authorized-permissions[i]Permissions authorized for role i◦active-user[x]User u associated with subject x◦active-roles[x]Roles in which a subject x is activeProperties of the model that do not involve either the Subject component or mappings from Subject to other basic componentsApply early, at role authorization, and through role activationVery strongInclude cardinality, separation of duty, and operational separation of dutymembership-limit[i]◦Maximum number of users that can be authorized to a roleauthorized-members[i]◦Number of users authorized a given roleResponsibilities split to prevent collusionGroup of roles are mutually exclusive of one another with regard to authorizationUser may only be authorized to oneA BC DNot in SSD Member of SSDBusiness tasks are composed of multiple operationsNo single user can be authorized one or more roles having permissions involved in an SOSDUser 01010ABCD<A,B> not in SOSD<B,D> not in SOSD<A,C> in SOSDComplement static propertiesWeaker than static◦Applied at role activation and not checked at authentication◦Also offers degrees of flexibilityOften used in conjunction with static propertiesInclude role activation, cardinality, separation of duty, and operational separation of dutyexec: Subject × Operation × Object◦True iff subject can perform operation on objectactive-membership-limit[i]active-members[i]Permitted action – subject can perform an operation on an object iff the subject is acting within an active role authorized that permissionA subject cannot be active in a role it does not have authorization forActive roles must be a subset of authorized rolesRoles: A, B, C, D, EFor Subject z to have A or B in its active roles, they must first be included in its authorized rolesNumber of users active in a role can never exceed the dynamic capacityMore desirable than static because it is maintained at activation as opposed to authorizationFor example: a role with capacity of one would ensure consecutive use of capabilitiesVery similar to Static Separation of DutyMemory-less property◦Has no history of activation kept for user◦Prevents simultaneous activations by a user but does not safeguard against consecutive activation◦Not appropriate in some environmentsUser u requests to be active in A and B while <A,B> is in DSD; rejectedUser u requests to be active in A; allowedUser u requests to be active in B; allowedGroup of permissions may be designated as mutually exclusive with regard to roles activated by a subjectAs with DSD, memory-lessA role may be defined in terms of one or more other roles◦And can include additional characteristics◦Automatically takes on or inherits the collective characteristics of roles◦Containment is recursiveSubstitution of role instancesInclude given role plus set of roles contained by that roleCan also be related to role authorization◦A user is authorized to perform tasks based on its roles as well as its roles’ roles and its roles’ roles’ roles and its roles’ roles’ roles’ roles and…Containment is not reflexive but is transitive◦Role i is not in the subset of i◦If j is a subset of i and k is a subset of j, then j is a subset of iContaining roles accumulate not only the capabilities of contained roles, but constraints and separations of duty relationshipsPermitted Actions are expanded to include those privileges associated with effective rolesCardinality Inheritance: a containing role must be assigned a membership limit less than or equal to that of any contained roleRole AMax: ?B: 15C: 7D: 25Role A would be given a capacity of the minimum of its contained roles. 7 from C.Separation of duty relationship cannot exist between roles that have a containment relation between them or are contained by another role in common (common heir) A B<A,B> is a member of SSDCBut since C inherits both A and B, <A,B> is no longer a member of SSDIf one role contains another role that has an SD relationship with a third role, then the containing role also has an SD relationship with the third roleABCIf <B,C> is a member of SSD, and A inherits B, then <A,C> is also a member of SSDProperty Static DynamicRole Activation Permitted
View Full Document