Title: ROLE HIERARCHIES AND CONSTRAINTS FOR LATTICE-BASED ACCESS CONTROLS
1ROLE HIERARCHIES AND CONSTRAINTS FOR
LATTICE-BASED ACCESS CONTROLS
- Ravi Sandhu
- George Mason University
- and
- SETA Corporation
2OUTLINE
- RBAC96 model policy neutral
- LBAC models policy full and varied
- LBAC can be reduced to RBAC96
- LBAC lt RBAC96 ?
- why bother to do this?
3RBAC96
ROLE HIERARCHIES
USER-ROLE ASSIGNMENT
PERMISSION-ROLE ASSIGNMENT
ROLES
USERS
PERMISSIONS
SESSIONS
4HIERARCHICAL ROLES
5RBAC96
ROLE HIERARCHIES
USER-ROLE ASSIGNMENT
PERMISSIONS-ROLE ASSIGNMENT
ROLES
USERS
PERMISSIONS
SESSIONS
CONSTRAINTS
6WHAT IS THE POLICY IN RBAC?
- RBAC is policy neutral
- Role hierarchies facilitate security management
- Constraints facilitate non-discretionary policies
7LBAC LIBERAL -PROPERTY
Read
Write
8RBAC96 LIBERAL -PROPERTY
M1W
M2W
-
Read Write
9RBAC96 LIBERAL -PROPERTY
- user ? xR, user has clearance x
- user ? LW, independent of clearance
- Need constraints
- session ? xR iff session ? xW
- read can be assigned only to xR roles
- write can be assigned only to xW roles
- (O,read) assigned to xR iff
- (O,write) assigned to xW
10LBAC STRICT -PROPERTY
-
Read
Write
11RBAC96 STRICT -PROPERTY
LW
HW
M1W
M2W
12LBAC WRITE RANGE
- subjects have 2 labels
- read label
- write label
13RBAC96 WRITE RANGE LIBERAL -PROPERTY
M1W
M2W
read role write role
14RBAC96 WRITE RANGE STRICT -PROPERTY
LW
HW
M1W
M2W
read role write role
15LBAC CONFIDENTIALITY AND INTEGRITY
two independent lattices
one composite lattice
16RBAC96 CONFIDENTIALITY AND INTEGRITY READ ROLES
HSR-LIR
HSR-HIR
LSR-LIR
LSR-HIR
Same for all cases
17RBAC96 CONFIDENTIALITY AND INTEGRITY WRITE ROLES
LSW-HIW
HSW-HIW
LSW-LIW
HSW-LIW
Liberal confidentiality Liberal integrity
18RBAC96 CONFIDENTIALITY AND INTEGRITY WRITE ROLES
Strict confidentiality Liberal integrity
19RBAC96 CONFIDENTIALITY AND INTEGRITY WRITE ROLES
LSW-LIW
LSW-HIW
HSW-LIW
HSW-HIW
Strict confidentiality Strict integrity
20SUMMARY
- policy-neutral RBAC96 can accommodate policy-full
LBAC in all its variations - LBAC variations are modeled by
- adjusting role hierarchy
- adjusting constraints
21COVERT CHANNELS
- are a problem for LBAC
- remain a problem for RBAC but
- they dont get any worse
- same techniques can be adapted
- who cares about them anyway