Risk-Aware Role-Based Access Control



Similar documents
Risk-Aware Role-Based Access Control

Completeness, Versatility, and Practicality in Role Based Administration

Role Based Access Control

Policy Analysis for Administrative Role Based Access Control

A Critique of the ANSI Standard on Role Based Access Control

Proposed NIST Standard for Role-Based Access Control

CryptographicallyEnforced

Computer security Lecture 3. Access control

Lightweight Data Integration using the WebComposition Data Grid Service

Relational model. Relational model - practice. Relational Database Definitions 9/27/11. Relational model. Relational Database: Terminology

A logical approach to role-based access control in a distributed environment

Section 13.5 Equations of Lines and Planes

Controlling Database Access by Providing Access Permissions on Database Objects

Expressing User Access Authorization Exceptions in Conventional Role-based Access Control

CSE 326, Data Structures. Sample Final Exam. Problem Max Points Score 1 14 (2x7) 2 18 (3x6) Total 92.

Role-based Authorization Constraints Specification Using Object Constraint Language

Information Theory and Coding Prof. S. N. Merchant Department of Electrical Engineering Indian Institute of Technology, Bombay

SECURITY RISK MANAGEMENT

Addressing threats to real-world identity management systems

Security Analysis in Role-Based Access Control

Security Analysis in Role-Based Access Control

Estimating the Average Value of a Function

A Model for Context-dependent Access Control for Web-based Services with Role-based Approach

A Brief Introduction to Property Testing

The Goldberg Rao Algorithm for the Maximum Flow Problem

Parametric Attack Graph Construction and Analysis

Collaborative Software Design & Development. *Collaboration*

A COMBINED FINE-GRAINED AND ROLE-BASED ACCESS CONTROL MECHANISM HONGI CHANDRA TJAN. Bachelor of Science. Oklahoma State University

Business Process Management In An Application Development Environment

Criticality of Schedule Constraints Classification and Identification Qui T. Nguyen 1 and David K. H. Chua 2

Role-based access control. RBAC: Motivations

Overview Motivating Examples Interleaving Model Semantics of Correctness Testing, Debugging, and Verification

Delta Analysis of Role-Based Access Control Models

BIG. Big Data Analysis John Domingue (STI International and The Open University) Big Data Public Private Forum

Foundations Applications Technologies

II. BASICS OF PACKET FILTERING

INFORMING A INFORMATION DISCOVERY TOOL FOR USING GESTURE

Firewall Verification and Redundancy Checking are Equivalent

Jonathan D. Moffett Department of Computer Science University of York York, United Kingdom

Report. Technical. Technologie-Zentrum Informatik. A Classification Framework Designed for Advanced Role-based Access Control Models and Mechanisms

A Method of Caption Detection in News Video

A logical approach to dynamic role-based access control

Role-Based Access Control Requirements Model with Purpose Extension

Role Based Access Control (RBAC) Nicola Zannone

1. Then f has a relative maximum at x = c if f(c) f(x) for all values of x in some

Linear functions Increasing Linear Functions. Decreasing Linear Functions

Secure Document Circulation Using Web Services Technologies

KEYWORD SEARCH IN RELATIONAL DATABASES

Chapter 23. Database Security. Security Issues. Database Security

Data Integration Alternatives Managing Value and Quality

Representation of functions as power series

Slope and Rate of Change

Context-Dependent Access Control for Web-Based Collaboration Environments with Role-Based Approach

Best Practices, Procedures and Methods for Access Control Management. Michael Haythorn

CHAPTER 22 Database Security Integration Using Role-Based Access Control

A Framework for the Semantics of Behavioral Contracts

Scalable Automated Symbolic Analysis of Administrative Role-Based Access Control Policies by SMT solving

The Application of Bayesian Optimization and Classifier Systems in Nurse Scheduling

Enforcing Security Policies. Rahul Gera

Role Based Access Control Framework for Network Enterprises

CSI 333 Lecture 1 Number Systems

International Journal of Software Engineering and Knowledge Engineering c World Scientific Publishing Company

Introduction to Web Services

The Structure and Coding of Logical Link Control (LLC) Addresses: A Tutorial Guide

Arithmetic Coding: Introduction

White Paper: Security and Agility in the API Economy. Optimizing and securing your APIs with ViewDS Identity Solutions and Layer 7

Strategic Role Engineering Approach to Visual Role Based Access Control (V-RBAC)

Software Architecture

Draft Martin Doerr ICS-FORTH, Heraklion, Crete Oct 4, 2001

Transcription:

Risk-Aware Role-Based Access Control Liang Chen Jason Crampton Information Security Group, Royal Holloway, University of London 7th International Workshop on Security and Trust Management

Risk-Aware RBAC Introduction Introduction Risk-aware access control was proposed to enable the secure sharing of information within or across multiple organizations An access request is evaluated based on the estimate of the expected costs and benefits of allowing access Risk-aware access control is more permissive than traditional policy-based access control Role-based access control (RBAC) has become today s dominant access control paradigm ANSI RBAC standard released in 2004 Major IT vendors offer products that support RBAC How can we extend role-based access control to become risk-aware?

Risk-Aware RBAC Introduction Motivations Existing risk-aware RBAC models have limitations Existing models have a limited way of access the risk of allowing access requests (only in terms of users trustworthiness) Existing models only support the type of binary decisions, where the accesses with acceptable risk are allowed and denied otherwise No existing model considers the incorporation of risk mitigation strategies to support richer types of access control decisions

Risk-Aware RBAC Introduction Outline of talk Define new way of looking at RBAC96 authorization semantics Risk threshold and risk mitigation Risk-aware RBAC models and their ways of computing risk Conclusion and future work

Risk-Aware RBAC RBAC96 RBAC96 RBAC96 defines a number of basic components: users U, roles R, permissions P, a partially ordered set of roles RH R R, a user-role assignment relation UA U R, and a permission-role assignment relation PA P R A graph-based formalism of RBAC96 provides a simple way of evaluating access requests We represent an RBAC96 state as an acyclic directed graph G = (V,E), where V = U R P, and E = UA PA RH An authorization path (au-path) between v 1 and v n is a sequence of vertices v 1,...,v n such that (v i,v i+1 ) E, i = 1,...,n 1 A user u V is authorized for p V if and only if there exists an au-path u = v 1,...,v n = p

Risk-Aware RBAC Risk mitigation strategy Risk threshold and risk mitigation We assume the existence of a risk domain D = [0,1] We write [t,t ) to denote the risk interval {x D : t x < t } Given a request (u,p), we write risk(u,p) to denote the risk of allowing u to perform some permission p We associate each permission with a risk mitigation strategy [(0, ),(t 1,b 1 ),...,(t n 1,b n 1 ),(t n, )], where 0 < t 1 < < t n 1, b i B is some system obligation, and denotes null obligation The request (u,p) is permitted if risk(u,p) < t 1 The request (u,p) is permitted with the enforcement of b i if risk(u,p) [t i,t i+1 ) The request (u,p) is denied if risk(u,p) t n

Risk-Aware RBAC Risk representation Defining the risk of allowing access Generally, given a request (u,p), risk(u,p) can be determined by the cost and likelihood of p being misused Our approach to the definition of risk mitigation strategies on a per-permission basis suggests that we can ignore the cost of p s misuse when considering the risk of granting p There are at least three possible ways of qualifying the likelihood of p being misused The degree of trustworthiness of users who request to invoke p The degree of competence of a user-role assignment The degree of appropriateness of a permission-role assignment We develop three simple models for risk-aware RBAC which embody the three distinct ways of computing risk(u, p)

Risk-Aware RBAC RBAC T RBAC T RBAC T augments RBAC96 with risk mitigation strategies on permissions and a function α : U (0,1] which is used to specify users s trustworthiness Given a request (u,p), we write Π(u,p) to denote the set of au-paths between u and p We define a risk function risk T : U P [0,1], where 1 α(u) if Π(u,p) risk T (u,p) = 1 otherwise

Risk-Aware RBAC RBAC C RBAC C Unlike RBAC T, RBAC C defines a function β : U R (0,1] which specifies users s degree of competence to perform roles Informally, given a request (u,p), risk(u,p) is determined by finding a role r for which u is most competent and that lies on an au-path from u to p We define a risk function risk C : U P [0,1], where 1 if u p = risk C (u,p) = 1 max{β(u,r) : r u p} otherwise u is a set of roles for which u is explicitly assigned p is a set of entities that are authorized for p

Risk-Aware RBAC RBAC C A simple example u 1 = {r 1,r 2 } with β(u 1,r 1 ) = 1 2 and β(u 1,r 2 ) = 1 3 u 1 is able to perform p 1 through the role r 1 for which u 1 is most competent, and hence risk C (u 1,p 1 ) = 1 2 risk C (u 1,p 3 ) = 1 as there is no aupath from u 1 to p 3 r 1 u 1 1 2 1 3 p 1 r2 p 2 1 3 u 2 r3 p 3 1 2

Risk-Aware RBAC RBAC A RBAC A RBAC A introduces a function on permission-role assignments, γ : P R (0,1] which specifies the degree of appropriateness with which permissions are assigned to roles Given a request (u,p), risk(u,p) is determined by a role that u can activate and that is the most appropriate role to which p is assigned We define a risk function risk A : U P [0,1], where 1 if p u = risk A (u,p) = 1 max{γ(p,r) : r p u} otherwise p is a set of roles to which p is explicitly assigned u is a set of entities for which u is authorized

Risk-Aware RBAC A complete model A complete model for risk-aware RBAC We introduce a risk-aware RBAC model that combines the features of the RBAC T, RBAC C and RBAC A models Given a request (u,p), risk(u,p) can be computed by finding an au-path between u and p with a minimum risk, but how can we compute the risk associated with each au-path from u to p? There are at least two approaches to computing the risk associated with an au-path u,r,...,r,p based on α, β and γ 1 min{α(u),β(u,r),γ(r,p)} min{1,(1 α(u))+(1 β(u,r))+(1 γ(r,p))}

Risk-Aware RBAC A complete model Other stuff in the proceedings Examine the advantages of flat risk-aware RBAC Consider sessions in risk-aware RBAC

Risk-Aware RBAC Concluding remarks Contributions We examine three possible ways of defining risk in different components of RBAC96 We provide a sophisticated treatment of risk mitigation strategies at permission level We develop a family of risk-aware RBAC models which differ in the way of measuring and computing risk Unlike existing work, our models: have clear authorization semantics support richer types of access control decisions

Risk-Aware RBAC Concluding remarks Current and Future work Extend our risk-aware models to include user obligations, and use the idea of charging for risk to enforce those obligations Construct RBAC C and RBAC A states from a given RBAC96 state Investigate a way of defining β values on those user-role assignments which are not encoded in a given RBAC96 state Propose an approach to defining γ values on permission-role assignments based on a given RBAC96 state Develop a risk-aware auto-delegation mechanism for RBAC Develop an auto-delegation RBAC model using our risk-aware approach Examine a way of combining risk mitigation with auto-delegation RBAC policies

Risk-Aware RBAC Questions Questions?

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information