College of Engineering and Computing
Permanent URI for this collection
Browse
Browsing College of Engineering and Computing by Subject "Access control"
Now showing 1 - 4 of 4
Results Per Page
Sort Options
Item Architectures and Models for Administration of User-Role Assignment in Role Based Access Control(2008-12-18T20:32:35Z) Bhamidipati, Venkata Ramana Murthy; Bhamidipati, Venkata Ramana MurthyIn role based access control systems (RBAC) permissions are associated with roles, and users are made members of appropriate roles thereby acquiring the roles’ permissions. This greatly simplifies management of permissions. Roles are created for the various job functions in an organization and users are assigned roles based on their responsibilities and qualifications. Users can be easily reassigned from one role to another. Roles can be granted new permissions as new applications and systems are incorporated, and permissions can be revoked from roles as needed. Role-role relationships can be established to lay out broad policy objectives. The principal motivation of RBAC is to simplify administration. In large organizations the number of roles can be in the hundreds or thousands, and users can be in the tens or hundreds of thousands, maybe even millions. To be effective, management and administration of RBAC in such systems need some form of decentralization and automation without loosing central control over broad policy. An appealing possibility is to use RBAC to manage itself. Our work looks at proposing models that would allow for decentralization and automation of user-role assignment. In this dissertation we identify architectures and models for decentralized administration of user-role assignment. Our work is performed in context of the OM-AM layered models framework. OM-AM stands for objectives, models, architectures and mechanisms. OM layer addresses security requirements and trade offs, essentially it represents “what” needs to be achieved. AM layer articulates “how” to meet the specified requirements. In this dissertation we use the terms architecture and models as they relate to OM-AM framework. Initially we focus our work on user-role assignment in a centralized system. Then we concentrate our work on user-role relationship as it pertains to distributed systems. Finally we look at how self-service and automation can be achieved in user-role assignment. We propose a model called URA97 for user-role assignment. This model provides the semantics for granting and revoking roles from users in a centralized system. URA97 achieves assignment and revocation of users to and from roles by means of simple and intuitive relations named can-assign and can-revoke. In URA97 grant and revoke operations are performed by administrators assigned to administrative roles. We explore some of the possible architectures in a distributed environment. These depend on how the resources, data and users are distributed and how they interact in a distributed environment. We then develop a push-based model for user-role assignment, which deals with two operations assignment of users to roles and revocation of roles from users. URA97 was developed in context of the RBAC96 model. URA97 was developed during early stages of RBAC96 when it was still an academic discipline, since then RBAC96 has received strong support from the research and practitioner communities and today is widely practiced as preferred form of access control. It is becoming clear that relying on manual intervention in all aspects of RBAC administration is cumbersome. Concurrently access control has started adopting emerging concepts like usage control, rate limits and accountability etc. To this effect we propose five founding principles for next-generation RBAC, summarized as ASCAA for Abstraction, Separation, Containment, Automation and Accountability. Finally we develop a framework for self service based RBAC called SSRBAC08 based on ASCAA principles. The SSRBAC08 is a modified version of RBAC96 model. The primary goal of SSRBAC08 as it pertains to our dissertation work is to show how automation, containment and accountability aspects can be achieved in user-role assignment.Item External Labeling as a Framework for Access Control(2012-06-18) Rozenbroek, Thomas H.; Rozenbroek, Thomas H.; Sibley, Edgar H.With the ever increasing volume of data existing on and passing through on-line resources together with a growing number of legitimate users of that information and potential adversaries, the need for better security and safeguards is immediate and critical. Currently, most of the security and safeguards afforded on-line information are provided externally by the infrastructure and are based on security information that is also maintained by that infrastructure. As the infrastructure increases in size and interconnection, the more insecure the movement of information throughout the infrastructure becomes. The interconnection of different infrastructures means that there is a need for greater need for coordination between the infrastructures. Unfortunately, this is not always possible. An alternative to strict reliance on the infrastructure is to include security attributes along with the objects that need to be secured. It is possible to improve the security of this information by attaching the external security labels to these objects. These external labels, which contain the required security information, are transferred as an integral part of the object’s migration throughout the infrastructure. This dissertation presents a framework for using external labels that will provide better safeguards for securing information. This framework is object based and as such is applicable to anything, virtual or real-world, that can be represented or treated as ‘an object’. It discusses how each entity within the infrastructure must be labeled to support the increase in security as well as provide the framework for assessing the user and system labels against those of the information objects. This dissertation presents and details the key features of the labeling solutions and explains the reasons why each of the features is necessary for the labeling framework to secure objects. The framework is based on securely attaching labels to the objects, while still allowing for the separation of the labels from the object. This separation must take place without the lessening the security afforded the objects. The second feature of the framework is the treatment of the object labels, themselves. The framework applies labels to the objects being protected, the users requesting access to the objects, and the end user and intermediate systems handling the objects. This provides for better management of the environment and therefore greater security for the objects. The final key feature of the framework is abstract nature of the objects and their labels. This framework places no limitation on either the objects being secured or the content of the labels. Any information that can be treated as an object can be handled by this framework. Also, any rules that can be modeled can be supported by the framework. This framework as proposed by this dissertation includes several types of labels that can be used to secure objects. This types of labels presented can be easily extended to meet the unique needs of the infrastructure without lessening the framework, itself. Additionally, this dissertation extends the use of labels to address security problems beyond simple access control. It demonstrates how object labeling can be used to secure multiple objects in a confederated manner, rather than as individual objects. Information is no longer being processed in small collections, but rather as large collections of information gathered from numerous sources. This framework is able to be managed these large collections in an effective manner. Further extensions include using labels to handle data aggregation and the avoidance of sensitivity escalation. Having access to larger collections increases the risk that too much information can be collocated or accessed at the same time. This dissertation presents tools and techniques for using the framework to minimize and control how information is aggregated in order to reduce these risks. Also, the framework can be used to insure that information aggregates don’t result in the creation of information set which are “more” sensitive than the original information.Item Scalable Role & Organization Based Access Control and Its Administration(2008-06-27T16:51:44Z) Zhang, Zhixiong; Zhang, ZhixiongIn Role Based Access Control (RBAC), roles are typically created based on job functions inside an organization. Traditional RBAC does not scale up well for modeling security policies spanning multiple organizations. To solve this problem, a family of extended RBAC models called Role and Organization Based Access Control (ROBAC) models and its administrative models are proposed and formalized in this dissertation. Two examples are used to motivate and demonstrate the usefulness of ROBAC. Comparison between ROBAC and other RBAC extensions are given. I show that ROBAC can significantly reduce the administrative complexities of applications involving a large number of similar organizational units. The applicability and expressive power of ROBAC are discussed. By showing that any given ROBAC model can be modeled by a RBAC model and vice versa, I prove that the expressive power of ROBAC is equal to that of traditional RBAC. A comprehensive role and organization based administrative model called AROBAC07 is developed. It has five sub-models dealing with various administrative tasks in ROBAC. I show that the AROBAC07 model provides an intuitive and controlled way to decentralize administrative tasks in ROBAC based systems. A concept called application compartment (ACom) in ROBAC is introduced and its usage in ROBAC is discussed. AROBAC07 scales up very well for ROBAC based systems involving many organizational units. Two ROBAC variants, manifold ROBAC (ROBAC) and pseudo ROBAC (ROBAC), are presented and formalized. Their corresponding administrative models are also proposed. The usefulness of manifold ROBAC is demonstrated in secure collaboration via a ROBAC based secure collaboration schema which avoids many problems resulted from role-mapping, role-translation, or role exporting. The usefulness of pseudo ROBAC is demonstrated in a web based on-demand movie service case study.Item Session-aware RBAC administration, delegation, and enforcement with XACML(2010-05-26T13:10:02Z) Xu, Min; Xu, Min; Wijesekera, DumindaAn administrative role-based access control (ARBAC) model specifies administrative policies over a role-based access control (RBAC) system, where an administrative permission has the capability to modify an RBAC policy by updating permissions assigned to roles, or assigning/revoking users to/from roles. Enforcing ARBAC policies over an active access controller while some users are using protected resources may result in conflicts: a policy may be in effect in the RBAC system while being modified by an administrative operation. Towards solving this concurrency problem, this dissertation proposes a sessionaware administrative model for RBAC to manage the interactions and potential conflicts between access control evaluation and the administrative operations. Based on this model, this dissertation specifies the concurrency requirements of an ARBAC model: (1) revoke an activated role or delete an active session immediately, and (2) delay administrative operations. This dissertation introduces the concept of lock scope for a role. This captures the affected roles when the permissions granted to this role are modified due to administrative operations. Consider that eXtensible Access Control Markup Language (XACML) is the de facto language to specify access control policies for Web Services; this dissertation proposes the XACML profile for administrative RBAC (XACML-ARBAC) which is the extension of the XACML-RBAC profile with the proposed session-aware administrative model. One of the advantages of doing so is to use XACML policies to administrate XACML-RBAC policies. The XACML policy evaluation runtime is enhanced by introducing a locking manager and a special administrative policy enforcement point (A-PEP). The lock manager handles concurrency control issues that arise when enforcing the XACML-ARBAC profile. The A-PEP competes read-write locks for RBAC and ARBAC policies in conjunction with the evaluation engine of the access controller. Along with the administrative model, the fine-grained and flexible permission delegation capability of the RBAC system has obtained considerable adoption in the last decade. The OASIS technical committee published the XACML v3.0 administration and delegation profile (XACML-Admin) working draft on April 16, 2009 in order to provide policy administration and dynamic delegation services to the XACML runtime. To capture the concurrency control requirements for delegation, this dissertation further proposes that the XACML-ARBAC profile is augmented with role-based delegation, named rolebased administration and delegation XACML profile (XACML-ADRBAC). The XACMLADRBAC profile has two novel properties: scalability–it facilitates delegated permissions to a large number of users with the same permission assignment, and flexibility–it allows a delegator to delegate any subsets of permissions assigned to him/her and modify the delegated permission whenever required. Correspondingly, the proposed XACML-ARBAC enforcement mechanism is also enhanced to enforce the XACML-ADRBAC. To the author’s best knowledge, this proposal is the first method to enforce the XACML-Admin profile proposed by OASIS. To demonstrate the feasibility and performance of the framework, a prototype is implemented to enforce the XACML-ARBAC profile by augmenting Sun Microsystems’s XACML reference implementation. Experimental studies show that the system has reconcilable performance characteristics. xi