Role-Based Delegation Model - Prof. Ravi Sandhu

beansproutscompleteΛογισμικό & κατασκευή λογ/κού

13 Δεκ 2013 (πριν από 3 χρόνια και 10 μήνες)

78 εμφανίσεις

FRAMEWORK FOR

AGENT
-
BASED ROLE
DELEGATION

Presentation by:

Ezedin S. Barka

UAE University


2

Agenda


Role
-
Based Delegation


Review of RBDM Framework


RBDM0


RBDM1


Agent
-
Based Role Delegation (ARBDM)


Flat Roles


Hierarchical Roles


Conclusion

3

Delegation


Some active entity in a system delegates
authority to another active entity to carry
out some function on behalf of the former


Delegation can take many forms:


Human to machine,


Machine to machine, and perhaps even
machine to human


Human to human (My Focus)

4

Role
-
Based Delegation


What is delegated is a
role


Authorization for
delegation is also
role
-
based


Can
-
delegate

Professor

Assistant (TA)

5

Related Work


The RBAC Models (well known and widely
accepted)


Gasser and McDermott
-

Human to machine
delegation.


Gladny
-
Machine to machine


Varadharajan
-

process to process delegation
.





6

The RBAC
96
Model (Simplified)


Simplified Version of RBAC
96
Model


U


Users


R


Roles


P


Permissions


RH


Role Hierarchy


UA


User Assignment


PA

Permission Assignment

U

Users


R

Roles


PA



Permission Assignment


P


Permissions

Simplified Version of RBAC
96
Model


In Hierarchical roles


UA



User Assignment

7

RBDM Framework


Delegation Characteristics:


Permanence,


Monotonicity,


Totality,


Administration,


Levels of delegation,


Agreements


Cascading revocation


Grant
-
dependency revocation


8

RBDM Framework ..
Cont
.


Addressing every characteristic as
mutually exclusive is a formidable task,
and can get very complicated


Used a systematic approach to reduce the
large number of possible cases


Reduced cases were used to build the
delegation models

9



Delegation








Permanent





Temporary








Non
-
monotonic


Monotonic



Single step

Multi
-
step





(Not useful)





Self
-
acted


Total




Monotonic



Non
-

Monotonic



(eliminated
)


Multi
-
step






















Self






Agent

(Not useful
)







Total/Partia
l



Partial




G.
Ind
. revocation
G.Ind. revocation







Cascading R.




Cascading R.








Multi
-
delegation
.
















*
G.D revocation means grant
-
dependent revocation


* G.Ind revocation means grant
-
independent revocation

* Cascading R means cascading revocation





Tree structure showing the areas with comp
leted models




Done

Under development

Not done

10

RBDM Models


Temporary delegation


RBDM
0
(or TRBDM
0
)


RBDM
1
(or TRBDM
1
)


Permanent delegation


PRBDM
0


PRBDM
1


Agent
-
based
(ARBDM)


11

Delegation in RBDM
0


Delegation is authorized by means of can
-
delegate relation: can delegate


R

R.
For example,


TA

Role

Professor

Role

Alice

User_O(Prof.)

Bob

User_O(TA)


Alice delegates to Bob


(Bob,Prof.)

UAD

12

Delegation in ARBDM
-
Flat Roles


Delegation is temporary



Delegation is

Monotonic (delegator does not
loose his membership in the delegated role)


Delegation can be total or partial


Conducted in two ways:


By Role
-
Participant Agent


By Non
-
Role Participant Agent “
Only the original
member can delegate”.


Delegation in ARBDM
-
Flat
Roles…cont.


Delegation by Role
-
Participant Agent


Occurrences of Role
-
Participant Agent Delegation


Statically
:

the delegating role member delegates his role membership to a user who
is a member of a predefined role (agent role) for the purpose of further delegating that
role to another specified user.



Dynamically:

the delegating role member can, dynamically, delegate his role to
another user who meets a certain criteria “set by the security officer,” with the authority to
further delegate that

role
.


Delegation by Non
-
Role Participant Agent

Only the original member can delegate


Taxonomy for ARBDM

14

Role Participant
Agent

Non
-
Role Participant
Agent

Dynamic

Delegation

ABRD
-
DRPA

ABRD
-
DNRPA

Static
Delegation

ABRD
-
SRPA

ABRD
-
SNRPA

ARBDM
-
Dynamic Role Participant
Agent



Agent who is a third party is assigned to
administer the delegation between two different
users that belong to two different roles, and that
agent has membership in the delegating role.


This means that the middleman “agent” has full power
in the delegating role


This can be considered as a restricted two
-
step
delegation.


A user who wishes to have a third party administers his role
delegation can accomplish his wish by delegating his role to an
agent with the authority to further delegate that role to another user
that meets a criteria, qualifying him to a delegate user


ARBDM
-
Dynamic Non
-
Role
Participant Agent


The ARBDM
-
DNRP model has the following
components:


AR is an agent role, which is a regular role with added delegation
administration responsibility.


UAA



U



R is many to many agent member to role assignment
relation


UA = UAO



UAD


UAA


UAA


UAD =



Agent and delegate members in the same role are
disjoint.


Users_O (r) = {U


(U, r)


UAA}


Where: UA is the user assignment; UAO is the user assignment of the
original members; UAD is the user assignment of the delegate
members; and UAA is the assignment of the agent members.

16

Delegation/Revocation in
ARBDM
-
DNRP


Delegation in ARBDM
-
DNRP:


Controls role
-
role delegation
by means of the relation
can
-
delegate


R


AR


R


Revocation in ARBDM
-
DNRP:


Two ways


by using timeouts



by allowing any original
member of the delegating
role to revoke the
membership of any
delegate member in that
role (grant
-
independent
revocation ).

17


(Charlie, a)


UAD

Delegating

Role (a)



Agent
Role (b)

Delegate


Role (c)

Bob delegates to
Charlie

Alice


User_O (a)


(Bob, a)


UAA


Charlie


User_O (c)

Example of Agent Based Delegation
-
Dynamic
-
Non
-
Role Participant Agent

ARBDM In Hierarchical Roles
(ARBDMH)


Goal is to impose restrictions on which users
can be delegated to and by which agent.


The notion of a prerequisite condition (CR) is a key
part of ARBDMH.

ARBDMH Basic Elements


Delegation can only be either downwards or cross.



Upwards is useless because senior roles inherit all the permission of their junior
roles.


Due to the inheritance nature of role hierarchies, the agent is limited to a
certain range of delegation.


A member of a role that is senior to the agent role is also an agent.


The addition of role hierarchy introduces a new notion for a user
membership in a role:


The explicit role membership grants a user the authority to use the permissions
of that role because of his/her direct membership to that role.


The implicit role membership, on the other hand, grants a user the authority to
use the permissions of that role because of that user’s membership of a role that
is senior to the given role.


original memberships and delegate memberships produces
4
different
combinations of user memberships in each role at any given moment:
original/explicit, original /implicit, delegate/explicit, and delegate/implicit


Only members of original/explicit and original/implicit roles can serve as
agents
.

Delegation in ARBDMH


The role
-
role delegation is authorized in
ARBDMH by the following relation:

Can
-
delegate


AR


CR


2
R



Example of Delegation in ARBDMH



Director








Project lead
1
Project lead
2






Production

Quality

Production

Quality



Engineer
1
Engineer
1
Engineer
2
Engineer
2



(PE
1
) (QE
1
)

(PE
2
) (QE
2
)






Engineer
1
Engineer
2








Engineering Department (ED)









E


Senior Delegating Agent (SDA
)







Department Delegating Agent (DDA)







Project delegating Project delegating


agent
1
agent
2













An Example Agent Role Hierarchy


Example Role Hierarchy


Example of Can
-
Delegate


Delegation Range

Prerequisite Condition


Agent Role

[E1, PL1)

ED

PDA1

[E2, PL2)

ED

PDA2

[PL2, PL2]

ED





PL1

DDA

[PL1, PL1]

ED





PL2

DDA

Revocation in ARBDMH


Two Approaches:


Revocation Using Timeout


A duration constraint is attached to each
delegation relation so that when the assigned time
expired, the delegation is also expired


Human Revocation


By either the security officer or by the original
users in the delegating role

Conclusion


Addressed the agent
-
based role delegation, which is one of
delegation characteristics described in the literature by Barka and
Sandhu [BS
2000
].


Described a systematic approach in which an agent
-
based
delegation can be implemented.


Identified two manifestations, role
-
participant agent and non
-
role
participant agent, to delegation using agent
-
based role delegation.


Identified two additional modes in which these delegation can occur:
static and dynamic.


Used the dynamic non
-
role participant agent, manifestation to develop a
model for agent
-
based role delegation.


Models to describe the other manifestations can be similarly developed, thus
were briefly mentioned.

25


Questions ???