ROLE-BASED ACCESS CONTROL:A MULTI-DIMENSIONAL VIEW

Ravi Sandhu, Edward Coyne,Hal Feinstein and Charles Youman

Seta CorporationMcLean, VA

Ravi Sandhu is also affiliated withGeorge Mason University, Fairfax, VA

2

RBAC

• An alternative to classical MAC and DAC

• Substantial history and tradition

• Often used to separate administrative functions

• Extend this concept into application domain

3

RBAC

ROLE

USER-ROLEASSIGNMENT

PRIVILEGE-ROLEASSIGNMENT

USERS PRIVILEGES

4

PRIVILEGES

• Primitive privileges

• read, write, append, execute

• Abstract privileges

• credit, debit, inquiry

• Generic privileges

• auditor

5

USERS

• Users are human beings

• Each individual should be known as exactly one user

6

POLICY VERSUS MECHANISM

• Roles are a policy concept

• Several mechanisms can be used to implement roles

• Roles

• Groups

• Compartments

• Some mechanisms are better suited than others

7

WHAT IS THE POLICY IN RBAC?

• There is no information flow policy

• RBAC is a framework to help in articulating policy

• The main point of RBAC is to facilitate security management

8

INTERACTION OF RBAC, MAC AND DAC

RBAC

MAC DAC

permitted accesses

9

RBAC

ROLE

USER-ROLEASSIGNMENT

PRIVILEGE-ROLEASSIGNMENT

USERS PRIVILEGES

10

RBAC

ROLE

USER-ROLEASSIGNMENT

PRIVILEGE-ROLEASSIGNMENT

USERS PRIVILEGES

ROLEHIERARCHIES

11

HIERARCHICAL ROLES

Health-Care Provider

Physician

Primary-CarePhysician

SpecialistPhysician

12

HIERARCHICAL ROLES

Engineer

HardwareEngineer

SoftwareEngineer

SupervisingEngineer

13

SCOPED INHERITANCE

Department Head

Project 1 Manager Project 2 Manager

Department Public

Project 1 Public Project 2 Public

Project 1Programmers

Project 1Testing

Project 2Programmers

Project 2Testing

14

RBAC

ROLEUSERS PRIVILEGES

ROLEHIERARCHIES

CONSTRAINTS

USER-ROLEASSIGNMENT

PRIVILEGE-ROLEASSIGNMENT

15

CONSTRAINTS

• Mutually Exclusive Roles

• Static Exclusion: The same individual can never hold both roles

• Dynamic Exclusion: The same individual can never hold both roles in the same context

16

CONSTRAINTS

• Mutually Exclusive Privileges

• Static Exclusion: The same role should never be assigned both privileges

• Dynamic Exclusion: The same role can never hold both privileges in the same context

17

CONSTRAINTS

• Cardinality Constraints on User-Role Assignment

• At most k users can belong to the role

• At least k users must belong to the role

• Exactly k users must belong to the role

• Cardinality Constraints on Privilege-Role Assignment

• At most k roles can get the privilege

• At least k roles must get the privilege

• Exactly k roles must get the privilege

18

RBAC

ROLE

USER-ROLEASSIGNMENT

PRIVILEGE-ROLEASSIGNMENT

USERS PRIVILEGES

ROLEHIERARCHIES

19

SCALE

• Hundreds of roles

• User-role assignment will change frequently

• Privilege-role assignment will change frequently

• Role hierarchy will change occasionally

20

RBAC SUMMARY

• RBAC is a sophisticated and multi-dimensional concept

• Different products will support variations of RBAC (even if standards emerge)

21

BELL-LAPADULA AND RBAC

• Can BLP be practically and conveniently done in RBAC?

YES

22

IS RBAC A PANACEA?

• NO