PBDM: A Flexible Delegation Model in RBAC
This presentation is the property of its rightful owner.
Sponsored Links
1 / 17

PBDM: A Flexible Delegation Model in RBAC Xinwen Zhang, Sejong Oh George Mason University PowerPoint PPT Presentation


  • 61 Views
  • Uploaded on
  • Presentation posted in: General

PBDM: A Flexible Delegation Model in RBAC Xinwen Zhang, Sejong Oh George Mason University Ravi Sandhu George Mason University and NSD Security. Outline. Motivations Related Works PBDM0: user-to-user delegation PBDM1: user-to-user delegation PBDM2: role-to-role delegation

Download Presentation

PBDM: A Flexible Delegation Model in RBAC Xinwen Zhang, Sejong Oh George Mason University

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Pbdm a flexible delegation model in rbac xinwen zhang sejong oh george mason university

PBDM: A Flexible Delegation Model in RBAC

Xinwen Zhang, Sejong Oh

George Mason University

Ravi Sandhu

George Mason University and NSD Security


Outline

Outline

  • Motivations

  • Related Works

  • PBDM0: user-to-user delegation

  • PBDM1: user-to-user delegation

  • PBDM2: role-to-role delegation

  • Conclusions and future work


Motivations

Motivations

  • Permission level delegations are needed in many cases:


Motivations cont d

Motivations(cont’d)

  • User-to-user delegations

    • John delegates some of his permissions to Jenny when he is out of town

  • Role-to-role delegations

    • A professor can delegate “check-email” permission to a TA

  • Multi-step delegation and revocation

    • Jenny can delegate some permissions from John to Jim


Related works

Related Works

  • RBDM0:

    • E.Barka et al, NISSC 2000, ACSAC 2000

    • A delegation framework

    • User-to-user delegation

    • Role-level delegation

  • RDM2000

    • L.Zhang et al, SACMAT 2002

    • Role-level delegation

    • Multi-step delegation


Pbdm0

PBDM0

  • Permission-based Delegation Model

  • A user-to-user delegation model

    • John creates a temporary delegation role D1.

    • John assigns the permission “change_schedule" to D1 with permission-role assignment and role PE to D1 with role-role assignment.

    • John assigns Jenny to D1 with user-role assignment.


Pbdm01

PBDM0

  • RR: regular roles

  • DTR: delegation roles

    Controlled by security administrator:

  • UAR: user-regular role assignment

  • PAR: permission-regular role assignment

    Controlled by individual user:

  • UAD: user-delegation role assignment

  • PAD: permission-delegation role assignment


Pbdm02

PBDM0


Pbdm1

PBDM1

  • Problems in PBDM0:

    • A user can create delegation role by his discretion. Invalid permission flow can happen with malicious user. There reason is that there is no security administrator involvement in delegation.

    • Cannot support role-to-role delegation, since delegation role cannot be assigned to a regular role.

  • PBDM1:

    • Extension from PBDM0

    • Permissions of a role are separated into two parts: regular and delegatable.

    • Only delegatable permissions can be used to create delegation roles.

    • User-to-user delegation


Pbdm11

PBDM1

  • RR: regular roles

  • DBR: delegatable roles

  • DTR: delegation roles

  • One-to-one map between RR and DBR


Pbdm12

PBDM1


Pbdm13

PBDM1

  • UAR, UAB, PAR, and PAB are managed by security administrator.

  • UAD and PAD are managed by individual user.

  • Revocation options:

    • By a user:

      • Remove a user from delegatees, that is, revoke the user-delegation role assignment.

      • Remove one or more pieces of permissions from delegation role.

      • Revoke delegation role.

    • By a security administrator:

      • Remove one or more pieces of permission from a delegatable role to its regular role.

      • Revoke a user from regular role and delegatable role.


Pbdm2

PBDM2

  • Extension from PBDM1

  • A role-to-role delegation model

  • A role is separated into three layers:

    • Regular role(RR): permissions cannot be delegated.

    • Fixed delegatable role(FDBR): permission can be delegated.

    • Temporal delegatable role(TDBR): inherit permissions from delegation roles with role-role assignment(RAD).

  • Delegation roles (DTR) are assigned to temporal delegatable role

    • Since there is no role hierarchy with TDBR, illegal permission flow will not happen.


Pbdm21

PBDM2

  • A delegation role D3 owned by PL’ and delegated to QE”:

    • Create a temporary delegation role D3

    • assign the permission “change_schedule" to D3

    • assign role PE’ to D3

    • Assign D3 to QE”


Pbdm22

PBDM2

  • RR, FDBR, TDBR, DTR

  • RRH, FDBRH

  • UAR, UAFB, UATB

  • PAR, PAFB, PADB

  • RAD: delegation role-temporal delegatable role assignment


Pbdm23

PBDM2

  • Revocation options:

    • Remove one or more pieces of permissions from delegation role.

    • Revoke delegation role owned by a fixed delegatable role.

    • Remove one or more pieces of permission from a fixed delegatable role to its regular role.


Conclusions and future work

Conclusions and Future Work

  • Conclusions:

    • Present a permission-based delegation model family, PBDM0, PBDM1, and PBDM2.

    • Support user-to-user and role-to-role delegation

    • Support multi-step delegation

    • Support multi-option revocation

    • Flexible delegation administration

  • Future work:

    • Constraints in RBAC delegation, such as separation of duty

    • Delegation management in decentralized environment


  • Login