Transcript slides
Access Control
RBAC
Database Activity Monitoring
Reading assignments
Required for access control classes:
Ravi Sandhu and P. Samarati, Access Control: Principles and
Practice, IEEE Communications, Volume 32, Number 9, September
1994 http://www.list.gmu.edu/journals/commun/i94ac(org).pdf
Ravi Sandhu, Lattice-Based Access Control Models, IEEE
Computer, Volume 26, Number 11 (Cover Article), November 1993
http://www.list.gmu.edu/journals/computer/i93lbacm(org).pdf
Ravi Sandhu, Edward Coyne, Hal Feinstein and Charles Youman,
Role-Based Access Control Models, IEEE Computer, Volume 29,
Number 2, February 1996
http://www.list.gmu.edu/journals/computer/i94rbac(org).pdf
CSCE 824 - Farkas
2
RBAC Motivation
Multi-user systems
Multi-application systems
Permissions are associated with roles
Role-permission assignments are persistent v.s.
user-permission assignments
Intuitive: competency, authority and
responsibility
CSCE 824 - Farkas
3
Motivation
Express organizational policies
Separation
of duties
Delegation of authority
Flexible: easy to modify to meet new security
requirements
Supports
Least-privilege
Separation
of duties
Data abstraction
CSCE 824 - Farkas
4
RBAC
Allows to express security requirements but
CANNOT ENFORCE THESE PRINCIPLES
e.g., RBAC can be configured to enforce BLP rules
but its correctness depend on the configuration
done by the system security officer.
CSCE 824 - Farkas
5
Roles
User group: collection of user with possibly
different permissions
Role: mediator between collection of users and
collection of permissions
RBAC independent from DAC and MAC (they
may coexist)
RBAC is policy neutral: configuration of RBAC
determines the policy to be enforced
CSCE 824 - Farkas
6
RBAC
RBAC3 consolidated model
RBAC1
role hierarchy
RBAC2
constraints
RBAC0 base model
CSCE 824 - Farkas
7
RBAC0
U
User
Users assignment
S
Sessions
R
Roles
Permission
P
assignment Permissions
.
.
.
CSCE 824 - Farkas
8
RBAC0
User: human beings
Role: job function (title)
Permission: approval of a mode of access
Always
positive
Abstract representation
Can apply to single object or to many
CSCE 824 - Farkas
9
RBAC0
UA: user assignments
Many-to-many
PA: Permission assignment
Many-to-many
Session: mapping of a user to possibly may
roles
Multiple
roles can be activated simultaneously
Permissions: union of permissions from all roles
Each session is associated with a single user
User may have multiple sessions at the same time
CSCE 824 - Farkas
10
RBAC0 Components
Users, Roles, Permissions, Sessions
PA P x R (many-to-many)
UA U x R (many-to-many)
user: S U, mapping each session si to a
single user user(si)
roles: S 2R, mapping each session si to a set
of roles roles(si) {r | (user(si),r) UA} and si
has permissions rroles(si) {p | (p,r) PA}
CSCE 824 - Farkas
11
RBAC0
Permissions apply to data and resource objects
only
Permissions do NOT apply to RBAC
components
Administrative permissions: modify U,R,S,P
Session: under the control of user to
Activate
any subset of permitted roles
Change roles within a session
CSCE 824 - Farkas
12
RBAC1
Role Hierarchy
U
User
Users assignment
S
Sessions
R
Roles
Permission
P
assignment Permissions
.
.
.
CSCE 824 - Farkas
13
RBAC1
Structuring roles
Inheritance of permission from junior role
(bottom) to senior role (top)
Partial order
Reflexive
Transitive
Anti-symmetric
CSCE 824 - Farkas
14
RBAC1 Components
Same as RBAC0: Users, Roles, Permissions,
Sessions, PA P x R, UA U x R, user: S U,
mapping each session si to a single user user(si)
RH R x R, partial order ( dominance)
roles: S 2R, mapping each session si to a set of
roles roles(si) {r | (r’ r) [(user(si),r’) UA]}
and si has permissions rroles(si) {p | (r” r)
[(p,r”) PA]}
CSCE 824 - Farkas
15
RBAC1
Role Hierarchy
Specialist
Physician
Primary-care
Physician
Physician
Inheritance
of
privileges
Health-care provider
CSCE 824 - Farkas
16
RBAC1
Private Roles
Limit scope of inheritance
Project
Supervisor
Test
Engineer
Test
Engineer’
Programmer
Project
Member
Project
Supervisor
Test
Engineer
Programmer’
Programmer
Project
Member
CSCE 824 - Farkas
17
RBAC2 – Constraints
Enforces high-level organizational policies
Management of decentralized security
Constraints define “acceptable” and “not
acceptable” accesses
CSCE 824 - Farkas
18
RBAC2 – Components
Same as RBAC0 + Constraints
CSCE 824 - Farkas
19
RBAC2
U
User
Users assignment
S
Sessions
R
Roles
Permission
P
assignment Permissions
.
.
.
Constraints
CSCE 824 - Farkas
20
RBAC2
Mutually exclusive roles
Dual constraint of permission assignments
(permission assigned to at most one
mutually exclusive role)
Cardinality constraints (e.g., # of roles an
individual can belong)
Prerequisite roles
CSCE 824 - Farkas
21
RBAC2
Constraints can apply to sessions, user
and roles functions
CSCE 824 - Farkas
22
RBAC3
U
User
Users assignment
S
Sessions
R
Roles
Permission
P
assignment Permissions
.
.
.
Constraints
CSCE 824 - Farkas
23
Database Monitoring
DBMS supported, e.g., Oracle auditing,
transaction logs, etc.
Non-DBMS monitoring, e.g., IBM
InfoSphere Guardium
Database
Activity Monitoring (DAM)
Database Activity Monitoring and Prevention
(DAMP)
CSCE 824 - Farkas
24
DAMP
Regulatory compliance support
Protects data from external attacks
Monitors privileged users and application
(beyond DBMS support)
Oracle
User Group Survey: most
organizations do not have mechanisms to
control or monitor privileged user activities
CSCE 824 - Farkas
25
Privileged user monitoring
System administrators, database administrators,
developers, help desk personnel, etc.
Monitoring: auditing usage and transactions,
identify anomalous activities, verify authorization
of changes
Data privacy
Data governance
CSCE 824 - Farkas
26
Application Activity Monitoring
End user accountability and fraud
detection
Means of misuse is via application (not
direct database access)
Address multi-tier applications that hide
the identity of the end user
CSCE 824 - Farkas
27
Cyber Attack Protection
Vulnerable code
Database related attacks, e.g., SQL
injection
Monitor application characteristics, build
profile, warn about anomalous behavior
CSCE 824 - Farkas
28
DAM Features
Data collection and aggregation (heterogeneous
data sources!)
Profiling and anomaly detection
Advanced features:
Real-time monitoring
Agnostic solutions
Automated response
Automatic data classification and security
adjustment
CSCE 824 - Farkas
29
Next Class: Midterm exam
30