A THREE TIER ARCHITECTURE FORROLE-BASED ACCESS CONTROL
Ravi Sandhu and Hal Feinstein
Seta CorporationMcLean, VA
Ongoing NIST-funded projectOther Project Members at Seta:
Ed Coyne, Charles Youman
2
RBAC
• An alternative to classical MAC and DAC
• Substantial history and tradition
• Often used to separate administrative functions
• Operator
• Auditor
• Security Officer
• User
• Extend this concept into application domain
3
INTERACTION OF RBAC, MAC AND DAC
RBAC
MAC DAC
permitted accesses
4
POLICY VERSUS MECHANISM
• Roles are a policy concept
• Several mechanisms can be used to implement roles
• Roles
• Groups
• Compartments
• Some mechanisms are better suited than others
5
RBAC
ROLE
USER-ROLEASSIGNMENT
PRIVILEGE-ROLEASSIGNMENT
USERS PRIVILEGES
6
USERS
• Users are human beings
• Each individual should be known as exactly one user
7
PRIVILEGES
• Primitive privileges
• read, write, append, execute
• Abstract privileges
• credit, debit, inquiry
• Generic privileges
• auditor
8
RBAC
ROLE
USER-ROLEASSIGNMENT
PRIVILEGE-ROLEASSIGNMENT
USERS PRIVILEGES
ROLEHIERARCHIES
9
HIERARCHICAL ROLES
Health-Care Provider
Physician
Primary-CarePhysician
SpecialistPhysician
10
HIERARCHICAL ROLES
Engineer
HardwareEngineer
SoftwareEngineer
SupervisingEngineer
11
RBAC
ROLEUSERS PRIVILEGES
ROLEHIERARCHIES
CONSTRAINTS
USER-ROLEASSIGNMENT
PRIVILEGE-ROLEASSIGNMENT
12
CONSTRAINTS
• Mutually Exclusive Roles
• Static Exclusion: The same individual can never hold both roles
• Dynamic Exclusion: The same individual can never hold both roles in the same context
• Prerequisite Roles
• A user must belong to one or more prerequisite roles in order to qualify for possible membership in some other role
13
SCALE
• Hundreds of roles
• User-role assignment will change frequently
• Privilege-role assignment will change frequently
• Role hierarchy will change occasionally
14
RBAC SUMMARY
• RBAC is a sophisticated and multi-dimensional concept
• Different products will support variations of RBAC (even if standards emerge)
15
ANSI/SPARC DATABASE ARCHITECTURE
CommunityView
ImplementationView
ExternalView
ExternalView
ExternalView
16
RBAC ARCHITECTURE
CommunityView
ImplementationView
ExternalView
ExternalView
ExternalView
ImplementationView
ImplementationView
17
TOP TWO TIERS
CommunityView
ExternalView
ExternalView
ELIMINATION
REFINEMENT
18
EXAMPLE
REFINEMENT
ELIMINATION
ROLE HIERARCHY
19
REFINEMENT
ImplementationView
ImplementationView
BOTTOM TWO TIERS
CommunityView
ELIMINATION
20
IMPLICITMECHANISM
ImplementationView
ImplementationView
BOTTOM TWO TIERS
CommunityView
EXPLICITMECHANISM
21
IMPLICIT USER ASSIGNMENT
USER ROLEHIERARCHY
implicit assignments
explicit assignment
22
EXPLICIT USER ASSIGNMENT
USER NO ROLEHIERARCHY
explicit assignments
explicit assignment
23
CONCLUSION
• Further work is ongoing on
• RBAC model
• RBAC architecture
• Preliminary results are promising