slide1
Download
Skip this Video
Download Presentation
PBDM: A Flexible Delegation Model in RBAC Xinwen Zhang, Sejong Oh George Mason University

Loading in 2 Seconds...

play fullscreen
1 / 17

PBDM: A Flexible Delegation Model in RBAC Xinwen Zhang, Sejong Oh George Mason University - PowerPoint PPT Presentation


  • 94 Views
  • Uploaded on

PBDM: A Flexible Delegation Model in RBAC Xinwen Zhang, Sejong Oh George Mason University Ravi Sandhu George Mason University and NSD Security. Outline. Motivations Related Works PBDM0: user-to-user delegation PBDM1: user-to-user delegation PBDM2: role-to-role delegation

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'PBDM: A Flexible Delegation Model in RBAC Xinwen Zhang, Sejong Oh George Mason University' - plato


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1
PBDM: A Flexible Delegation Model in RBAC

Xinwen Zhang, Sejong Oh

George Mason University

Ravi Sandhu

George Mason University and NSD Security

outline
Outline
  • Motivations
  • Related Works
  • PBDM0: user-to-user delegation
  • PBDM1: user-to-user delegation
  • PBDM2: role-to-role delegation
  • Conclusions and future work
motivations
Motivations
  • Permission level delegations are needed in many cases:
motivations cont d
Motivations(cont’d)
  • User-to-user delegations
    • John delegates some of his permissions to Jenny when he is out of town
  • Role-to-role delegations
    • A professor can delegate “check-email” permission to a TA
  • Multi-step delegation and revocation
    • Jenny can delegate some permissions from John to Jim
related works
Related Works
  • RBDM0:
    • E.Barka et al, NISSC 2000, ACSAC 2000
    • A delegation framework
    • User-to-user delegation
    • Role-level delegation
  • RDM2000
    • L.Zhang et al, SACMAT 2002
    • Role-level delegation
    • Multi-step delegation
pbdm0
PBDM0
  • Permission-based Delegation Model
  • A user-to-user delegation model
    • John creates a temporary delegation role D1.
    • John assigns the permission “change_schedule" to D1 with permission-role assignment and role PE to D1 with role-role assignment.
    • John assigns Jenny to D1 with user-role assignment.
pbdm01
PBDM0
  • RR: regular roles
  • DTR: delegation roles

Controlled by security administrator:

  • UAR: user-regular role assignment
  • PAR: permission-regular role assignment

Controlled by individual user:

  • UAD: user-delegation role assignment
  • PAD: permission-delegation role assignment
pbdm1
PBDM1
  • Problems in PBDM0:
    • A user can create delegation role by his discretion. Invalid permission flow can happen with malicious user. There reason is that there is no security administrator involvement in delegation.
    • Cannot support role-to-role delegation, since delegation role cannot be assigned to a regular role.
  • PBDM1:
    • Extension from PBDM0
    • Permissions of a role are separated into two parts: regular and delegatable.
    • Only delegatable permissions can be used to create delegation roles.
    • User-to-user delegation
pbdm11
PBDM1
  • RR: regular roles
  • DBR: delegatable roles
  • DTR: delegation roles
  • One-to-one map between RR and DBR
pbdm13
PBDM1
  • UAR, UAB, PAR, and PAB are managed by security administrator.
  • UAD and PAD are managed by individual user.
  • Revocation options:
    • By a user:
      • Remove a user from delegatees, that is, revoke the user-delegation role assignment.
      • Remove one or more pieces of permissions from delegation role.
      • Revoke delegation role.
    • By a security administrator:
      • Remove one or more pieces of permission from a delegatable role to its regular role.
      • Revoke a user from regular role and delegatable role.
pbdm2
PBDM2
  • Extension from PBDM1
  • A role-to-role delegation model
  • A role is separated into three layers:
    • Regular role(RR): permissions cannot be delegated.
    • Fixed delegatable role(FDBR): permission can be delegated.
    • Temporal delegatable role(TDBR): inherit permissions from delegation roles with role-role assignment(RAD).
  • Delegation roles (DTR) are assigned to temporal delegatable role
    • Since there is no role hierarchy with TDBR, illegal permission flow will not happen.
pbdm21
PBDM2
  • A delegation role D3 owned by PL’ and delegated to QE”:
    • Create a temporary delegation role D3
    • assign the permission “change_schedule" to D3
    • assign role PE’ to D3
    • Assign D3 to QE”
pbdm22
PBDM2
  • RR, FDBR, TDBR, DTR
  • RRH, FDBRH
  • UAR, UAFB, UATB
  • PAR, PAFB, PADB
  • RAD: delegation role-temporal delegatable role assignment
pbdm23
PBDM2
  • Revocation options:
    • Remove one or more pieces of permissions from delegation role.
    • Revoke delegation role owned by a fixed delegatable role.
    • Remove one or more pieces of permission from a fixed delegatable role to its regular role.
conclusions and future work
Conclusions and Future Work
  • Conclusions:
    • Present a permission-based delegation model family, PBDM0, PBDM1, and PBDM2.
    • Support user-to-user and role-to-role delegation
    • Support multi-step delegation
    • Support multi-option revocation
    • Flexible delegation administration
  • Future work:
    • Constraints in RBAC delegation, such as separation of duty
    • Delegation management in decentralized environment
ad