RBAC Concepts and Applications

Questions and Answers

In the context of RBAC, what does the set 'U' represent?

• The set of roles.
• The set of user-role assignments.
• The set of permissions.
• The set of users. (correct)

What does the notation 'UR ⊆ U × R' signify in an RBAC model?

• The assignment of users to roles. (correct)
• The set of all users.
• The set of all roles.
• The assignment of permissions to roles.

What is the primary advantage of using roles over groups in managing permissions, as suggested in the text?

• Groups allow for easier enumeration of permissions.
• Roles simplify the understanding and management of permissions in a system. (correct)
• Roles directly map to specific users, unlike groups.
• Groups are more stable than roles.

Within the RBAC model, what does 'RP' represent?

Role-permission assignment (B)

Why are roles considered more stable than groups in an organization?

Roles represent abstract concepts related to functions, while groups are implementation-specific. (D)

In the given RBAC model, how is a permission 'p' defined?

As an abstract concept binding operations and objects. (B)

Why does the text state that groups are 'implementation-specific'?

Because their configuration depends on the particular system or OS being used. (B)

What does the abstract concept represented by a permission in RBAC typically bind together?

Operations and objects. (C)

Which access control model is characterized by its flexibility and policy independence?

Role-Based Access Control (RBAC) (C)

What is a key advantage of RBAC in terms of organizational management?

It simplifies security administration through roles and constraints. (A)

Which of the following is NOT mentioned as a technology that can be integrated with RBAC?

Mainframe operating systems (C)

In the context of access control models, which model is described as operating under 'owner's discretion'?

Discretionary Access Control (DAC) (A)

Why is RBAC considered cost-effective within an organization?

Because employees change more frequently than the duties within their positions. (C)

Which access control model is known for being a 'one-way IF' policy?

Mandatory Access Control (MAC) (A)

Which access control model can be configured to support both DAC and MAC policies?

Role-Based Access Control (RBAC) (B)

What is a typical application environment for RBAC?

In a wide array of applications and software systems. (D)

What is the primary goal of Operational Segregation of Duties (OSD)?

To prevent any single user from having the ability to perform all operations required for a critical function. (D)

Which of the following best characterizes the relationship between Static SoD and OSD?

Static SoD is a type of OSD with constraints on role-permission assignments. (D)

In the context of RBAC, what do the symbols 'UR' and 'RP' represent?

User Roles and Role Permissions (C)

What is 's1 ,..., sℓ' representing in the context of Operational SoD?

A set of separation of duty constraints applicable to role-permission assignments. (C)

What is the key concept behind a Consolidated RBAC model?

It combines hierarchical and constrained RBAC models. (B)

Which statement best describes how RBAC relates to DAC and MAC?

RBAC is distinct from both DAC and MAC, but it can be configured to achieve their functionality. (A)

In the context of RBAC, what do the symbols 'su' and 'sr' likely represent?

System user and system role (A)

What does the 'Basic RBAC' model provide in the context of Consolidated RBAC?

A conceptual base from which other RBAC models are developed. (D)

What does the role authorization rule ensure?

A subject can only have active roles authorized for its user. (D)

Which condition must be met for a subject 's' to perform an operation 'op' on an object 'o'?

There must exist a role 'r' in the subject's active role set, a permission 'p' assigned to 'r' authorizing 'op' on 'o'. (C)

At the conceptual level, what does the diagram show?

The relations among users, roles, and permissions. (B)

At the system level, how are subjects represented?

By their usernames appended with their assigned roles (e.g., Bob.Professor). (C)

Which of the following describes the relationship between 'professor' and 'Grade records' at the conceptual level?

Professor has permission to write and read 'Grade records'. (A)

According to the diagram, what specific system level access does 'Alice.Secretary' have?

Read access to 'Records history.dbf'. (B)

If a user is not authorized for an active role, what would be the consequence?

The user cannot have that active role. (A)

Which is a key difference between conceptual and system levels in the provided context?

Conceptual level shows high-level relationships among users, roles, and permissions, while the system level shows the specific database files and roles. (D)

Which publication provides a detailed discussion on adding attributes to Role-Based Access Control (RBAC)?

Kuhn, Coyne, and Weil (2010) (A)

Which of the following authors co-authored a work on Role-Based Access Control in 1992?

Kuhn (D)

Which of these books includes a chapter on access controls within the context of cyber security and IT infrastructure protection?

Cyber Security and IT Infrastructure Protection edited by Vacca (C)

Which publication primarily discusses RBAC administration in distributed systems?

Dekker, Crampton, and Etalle (2008) (A)

Which of these publications includes a discussion of policies, access control and formal methods in the context of securing cyber-physical critical infrastructure?

Bertino (2012) (D)

Which authors published a work focusing on secure role-based workflow models?

Kandala and Sandhu (A)

Which of the provided options wrote a book named 'The Basics of Information Security'?

Andress (D)

Which of these works does not primarily focus on Role-Based Access Control (RBAC)?

Andress (2014) (B)

What primarily defines a role in the context of access control?

The permissions granted to users who have the role (C)

How does a lattice-based model differ from a role-based access control (RBAC) model regarding information flow?

Lattice-based models allow one-way information flow based on a policy, while roles are not associated with a policy. (C)

What constitutes a 'session' within the context of computer system interaction?

An active dialogue instance between a user and a system. (B)

What is a 'subject' in a computer system’s access control?

A running computer program or process acting for a user. (A)

How are subjects and sessions typically related in a standard computer system?

Subjects facilitate the actions, while sessions are instances of user interactions. (B)

In the given RBAC model diagram, what does 'su' represent?

A mapping from subjects to users. (B)

What does 'sr' map in the provided RBAC model?

Maps subjects to the set of roles. (B)

According to the diagram's constraints, if 's' represents a subject and 'u' represents a user, what can be said about the relationship between 'sr(s)' and 'UR(su(s))'?

sr(s) must be a subset of or equal to UR(su(s)). (A)

Flashcards

RBAC Static Components

The set of users, roles, and permissions in an RBAC model.

Groups

A set of users that have access to specific resources.

Roles

A set of permissions attached to a specific user.

User-Role Assignment

A mapping between users and roles.

Role-Permission Assignment

A mapping between roles and permissions.

Operations

Activities that can be performed on resources.

Objects

The objects in the system that can be accessed and modified.

Permissions

A set of operations and objects that a user or role has permission to access.

Role Authorization Rule

A rule that ensures a subject can only have active roles that are explicitly authorized for their corresponding user.

Object Access Authorization Rule

A requirement for subjects to perform an action on an object. It demands the subject has a role with the necessary permissions to perform the operation on the specific object.

Conceptual Level (RBAC)

The abstract view of users, roles, and permissions in an RBAC system. It focuses on how these concepts are assigned and used.

System Level (RBAC)

The concrete implementation of RBAC in a system. It describes the specific subjects, sessions, and objects used to enforce access control.

Session

An instance of a user interacting with a system. Think of it as a session you have when you log into a website or application.

Subject

A program running on behalf of a user, performing actions within a system. For example, a web browser is a subject when you use it to browse the internet.

Lattice-based Access Control

Role assignment based on policies, with information flow following specific rules. Think of a hierarchy where information only goes one way.

User-Role Assignment (UR)

The mapping between a user and the roles they are assigned, defining their access privileges.

Role-Permission Assignment (RP)

The mapping between a role and the permissions it grants, outlining what actions a role can perform.

Subject-to-User Mapping (su)

The mapping between subjects (running programs) and the users they represent. This links the program's actions to a specific user.

Subject-to-Role Mapping (sr)

The mapping between subjects and the roles they are assigned. This determines the privileges associated with the program's actions.

Subject's Roles

The set of roles assigned to a subject. This helps determine the permissions a subject inherits.

Operational Separation of Duty (OSD)

A security principle that restricts users from having the ability to perform all operations needed for a critical task. This prevents a single person from having complete control over a sensitive activity, reducing the risk of unauthorized actions.

Static OSD

A type of OSD where users are assigned roles with predefined sets of permissions. These roles are static, meaning permissions cannot be changed dynamically.

Dynamic OSD

A variation of Static OSD where additional constraints are applied on role-permission assignments. This adds another layer of security to the system.

Consolidated RBAC

This combines the features of hierarchical RBAC (roles are organized in a hierarchy) and constrained RBAC (restrictions apply to user-role and role-permission assignments). It creates a more robust and customizable access control model.

RBAC (Role-Based Access Control)

A core access control model that uses roles to define permissions. It allows for efficient management of access rights within a system.

DAC (Discretionary Access Control)

A model where access is determined directly by the relationship between users and objects. Users have explicit permissions to access specific data, regardless of their roles.

MAC (Mandatory Access Control)

A more strict model that uses security labels assigned to both users and objects. Users can only access objects with matching or lower security labels.

RBAC vs. DAC vs. MAC

RBAC is a separate access control model from DAC and MAC. However, RBAC can be configured to implement both DAC and MAC functionality, providing a versatile approach to access control.

Role-Based Access Control (RBAC)

A model for managing access rights based on assigned roles, where users are assigned roles and roles have assigned permissions.

RBAC Integration with Technologies

RBAC can be integrated with various technologies, including modern systems, platforms, and operating systems, making its implementation flexible and widely applicable.

RBAC in Windows 365

Windows 365 offers built-in support for RBAC, providing users with fine-grained control over access to cloud-based desktops and applications.

RBAC in UNIX-like OSs

RBAC is also implemented in UNIX-like operating systems, allowing admins to manage user permissions by assigning roles and privileges.

Concluding Remarks: RBAC Advantages

RBAC simplifies security administration by centralizing permissions management, reducing costs by focusing on roles rather than individual users. It's versatile and adaptable to various scenarios.

Concluding Remarks: RBAC Efficiency

RBAC is recognized as a highly effective access control model due to its flexibility, adaptability, and ability to manage complexities in resource access control.

Study Notes

Access Control

• Role-based Access Control (RBAC) regulates object access based on user roles within an organization.
• Formal access control approaches emerged in the early 1970s, including Discretionary Access Control (DAC) and Mandatory Access Control (MAC).
• MAC, driven by military needs, may be unsuitable for civilian use due to difficulties with least privilege, conflict-of-interest, and proper enforcement of access control.
• DAC focuses on civilian applications but assumes resource ownership by subjects whereas, in real-world organizations, resources are not owned.
• Ferraiolo and Kuhn (1992) proposed RBAC as a non-discretionary access control model to address these limitations.
• Sandhu et al. (1996) developed RBAC96, a framework defining modular RBAC models.
• NIST promoted RBAC standards, culminating in the INCITS 359-2004 standard (based on the NIST model for RBAC).
• A NIST revision from 2010 added attributes to RBAC, leading to the INCITS 359-2012 standard.

RBAC Components

• RBAC models comprise two classes of components:
  • Static Components: users, roles, permissions, and inter-relationships
  • Dynamic Components: subjects (programs), role authorization, and object access authorization.

Users, Roles, and Permissions

• User: an individual interacting directly with a computer system.
• Role: a set of actions and responsibilities associated with a specific job function.
• Permission: a description of authorized access to resources or tasks for a user or role. Permissions are generally positive, defining what a user or role is allowed to do. Constraints are negative, defining restrictions or limitations.

Static Components of RBAC Models

• U: set of users
• R: set of roles
• P: set of permissions
• UR ⊆ U × R (user-role assignment)
• RP ⊆ R × P (role-permission assignment)

Roles vs. Groups and Compartments

• Organizations typically use roles to define permissions instead of groups of users.
• Roles provide abstraction, making permission management easier, and are more stable than implementation-specific groups, which might change.
• Roles are independent of implementation but group allocation might be.

Subjects and Sessions

• Session: an instance of a user's interaction with a system.
• Subject: a running computer program (process) acting on behalf of a user.

Dynamic Components of RBAC Models

• Subjects (S): running computer programs.
• Su: subject-to-user mapping (S → U)
• Sr: subject-to-role mapping (S → P(R)) - a subject can have multiple active roles
• UR(su(s)): set of roles for a particular subject based on its user.

Role and Object Authorization

• A subject can only have active roles authorized by its user.
• Object access authorization: a subject can perform an operation (op) on an object (o) if the subject has an active role (r) that has access permission (p) for that operation on that object.

Conceptual Level vs. System Level

• RBAC models abstract system-level components (users, roles, and permissions) at a conceptual level. This helps in managing access rights and permissions independent of the system's particular mechanisms.

Hierarchical RBAC

• Roles often overlap in organizations.
• Role heirarchy: roles can inherit permissions from parent roles
• Hierarchy allows less powerful roles to inherit permissions from more powerful roles.

Inheritance Schemes

• Permission-based inheritance: a role inherits the permissions of all parent roles.
• User and permission-based inheritance: a role inherits permissions and the users assigned to those permissions.
• User-based inheritance: a role inherits users associated with parent roles.

Role Authorized Users and Permissions

• User authorization: Users in RBAC are granted certain roles and, in inheritance models, those users are authorized for roles that inherit their parent roles.
• Permission authorization: Permissions granted to a role are granted to all inheriting roles.
• Powerful roles can utilize permissions of less powerful ones based on inheritance hierarchies.

Constrained RBAC

• Constraints improve system design, control role assignments and permissions, handle mutual exclusions (only one role can be used by a user at a time), prerequisite roles, and other aspects.
• Includes static constraints enforced on basic objects such as users, roles, permissions, and the relationships between them.
• Dynamic constraints, enforce rules throughout the use of the system.

Separation of Duty (SoD)

• SoD divides responsibility for sensitive tasks to prevent any single individual from compromising system security.
• Static SoD (SSD): constraints imposed on assigned roles at the point when users are authorized for them
• Dynamic SoD (DSD): constraints invoked during system execution while users are actively using the system, enforcing further restrictions and constraints.

Operational SoD

• Overall, SoD prevents a user from having total control or performing all operations within a critical function or system.

Consolidated RBAC

• Consolidated RBAC combines hierarchical and constrained RBAC aspects.

RBAC, DAC, and MAC

• RBAC isn't a direct substitute for DAC or MAC as it's typically too costly.
• Combining RBAC with DAC or MAC is more common than direct implementation of one type through another.

RBAC Implementations

• RBAC implementation typically integrates with enterprise IT infrastructures (e.g., workflow management systems, web applications, operating systems, distributed file systems).
• Specific examples of integrations exist for Java, Oracle, and Microsoft Azure.

Concluding Remarks

• RBAC simplifies security administration, reduces costs due to frequent employee roles changes, supports diverse policies like DAC and MAC, and is adaptable for a broad range of applications and environments.