A THREE TIER ARCHITECTURE FORROLE-BASED ACCESS CONTROL

Ravi Sandhu and Hal Feinstein

Seta CorporationMcLean, VA

Ongoing NIST-funded projectOther Project Members at Seta:

Ed Coyne, Charles Youman

2

RBAC

• An alternative to classical MAC and DAC

• Substantial history and tradition

• Often used to separate administrative functions

• Operator

• Auditor

• Security Officer

• User

• Extend this concept into application domain

3

INTERACTION OF RBAC, MAC AND DAC

RBAC

MAC DAC

permitted accesses

4

POLICY VERSUS MECHANISM

• Roles are a policy concept

• Several mechanisms can be used to implement roles

• Roles

• Groups

• Compartments

• Some mechanisms are better suited than others

5

RBAC

ROLE

USER-ROLEASSIGNMENT

PRIVILEGE-ROLEASSIGNMENT

USERS PRIVILEGES

6

USERS

• Users are human beings

• Each individual should be known as exactly one user

7

PRIVILEGES

• Primitive privileges

• read, write, append, execute

• Abstract privileges

• credit, debit, inquiry

• Generic privileges

• auditor

8

RBAC

ROLE

USER-ROLEASSIGNMENT

PRIVILEGE-ROLEASSIGNMENT

USERS PRIVILEGES

ROLEHIERARCHIES

9

HIERARCHICAL ROLES

Health-Care Provider

Physician

Primary-CarePhysician

SpecialistPhysician

10

HIERARCHICAL ROLES

Engineer

HardwareEngineer

SoftwareEngineer

SupervisingEngineer

11

RBAC

ROLEUSERS PRIVILEGES

ROLEHIERARCHIES

CONSTRAINTS

USER-ROLEASSIGNMENT

PRIVILEGE-ROLEASSIGNMENT

12

CONSTRAINTS

• Mutually Exclusive Roles

• Static Exclusion: The same individual can never hold both roles

• Dynamic Exclusion: The same individual can never hold both roles in the same context

• Prerequisite Roles

• A user must belong to one or more prerequisite roles in order to qualify for possible membership in some other role

13

SCALE

• Hundreds of roles

• User-role assignment will change frequently

• Privilege-role assignment will change frequently

• Role hierarchy will change occasionally

14

RBAC SUMMARY

• RBAC is a sophisticated and multi-dimensional concept

• Different products will support variations of RBAC (even if standards emerge)

15

ANSI/SPARC DATABASE ARCHITECTURE

CommunityView

ImplementationView

ExternalView

ExternalView

ExternalView

16

RBAC ARCHITECTURE

CommunityView

ImplementationView

ExternalView

ExternalView

ExternalView

ImplementationView

ImplementationView

17

TOP TWO TIERS

CommunityView

ExternalView

ExternalView

ELIMINATION

REFINEMENT

18

EXAMPLE

REFINEMENT

ELIMINATION

ROLE HIERARCHY

19

REFINEMENT

ImplementationView

ImplementationView

BOTTOM TWO TIERS

CommunityView

ELIMINATION

20

IMPLICITMECHANISM

ImplementationView

ImplementationView

BOTTOM TWO TIERS

CommunityView

EXPLICITMECHANISM

21

IMPLICIT USER ASSIGNMENT

USER ROLEHIERARCHY

implicit assignments

explicit assignment

22

EXPLICIT USER ASSIGNMENT

USER NO ROLEHIERARCHY

explicit assignments

explicit assignment

23

CONCLUSION

• Further work is ongoing on

• RBAC model

• RBAC architecture

• Preliminary results are promising