Permission-Based Separation of Duty in Dynamic Role-Based Access Control Model
Abstract
:1. Introduction
2. Related Work
2.1. RBAC and ABAC Merger
2.2. SOD Implementation in Access Control Models
2.3. Hybrid Access Control
3. Access Control Flaws
3.1. The Decrease in RBAC User’s Authority Domain
3.2. RBAC End-Users Violation in SOD
3.3. Security Administrators Violation in SOD
3.4. Problems in RBAC and ABAC models
4. Proposed Model
4.1. Overview
4.2. Dynamic RBAC Model
4.3. Permission-based SOD
Example Scenario
4.4. Permission-based SOD in Dynamic RBAC Model
4.5. Formal Specification and Algorithm of Proposed Model
- USERS, UATT, ROLES, RATT, OPS, OBS, and OATT (users, user’s attributes, roles, role’s attributes, operations, objects and object’s attributes, respectively).
- CatCon: is used for the categorize-containers that contain attributed objects.
- GActS: is used for the generic action set that contains action with conflict of interest (COI).
- ops(g_act : GActS) , the mapping of actions with COI onto generic action set. In this way, the operations (actions with COI) linked with generic action set g_act.
- obj(cat_con: CatCon), the mapping of attributed objects onto categorize-containers. In this way, the attributed objects linked with categorize-container cat_con.
- , set of conflicted and non-conflicted permissions with attributes.
- , a many to many mapping of attributed permissions to attributed role assignment relation.
- Permission_auto_assigned (r : ROLES), the automatic mapping of attributed role r onto a set of conflicted and non-conflicted permissions by using the attributes.
- Permission_auto_assigned(r) =
- , a many to many attributed users to attributed role assignment relation
- Users_auto_assigned: (r : ROLES), the automatic mapping of attributed role r onto a set of attributed users by using attributes.
- Users_auto_assigned(r) =
- Activate: this is a function that grants access to a user on particular permission so that user can activate the permission for performing the tasks.
- ¬Activate: this function is used to restrict a user to access a particular permission.
- Activated: this is a function that is used to return an indication. Moreover, it also informs that the user already activated specific permission from the return value.
- ¬Activated: this function is used to indicate that the user has not activated particular permission.
- ConfP: a function that nominates two permissions as the conflicting permissions. Moreover, a single user cannot activate these two permissions.
- ConfOP: a function that declares two actions as confliction actions. This is so that a user cannot access two permissions that have the same objects but two COI actions at the same time.
- User_request_activate: A query that is used to activate a particular permission from a specified role; this query originates from the user.
- Apply Actions on objects to create permissions one by one (Traditional RBAC)
- Apply Actions on categorize-containers to create multiple permissions with same actions and different objects (New feature)
- Apply generic-action-set on objects to create multiple permissions with same objects and different actions (new feature)
- Apply generic-action-set on categorize-containers to create multiple permissions with different objects and different actions (new feature)
Algorithm 1: Permissions creation through four methods | |
1: | if users choose multiple-to-multiple relationship method then |
2: | Get all Categorize Containers from Database |
3: | Get all Generic Action Sets from Database |
4: | sContainer = the selected Categorize Container |
5: | sSet = the selected Generic Action Set |
6: | for obj sContainer do |
7: | for act sSet do |
8: | T = new Permission(obj, act) |
9: | Update the new permission T to the database |
10: | end for |
11: | end for |
12: | end if |
13: | if users choose multiple-to-single relationship method then |
14: | Get all Categorize Containers from Database |
15: | Get all Actions from Database |
16: | sContainer = the selected Categorize Container |
17: | sAction = the selected Action |
18: | for obj sContainer do |
19: | T = new Permission(obj, sAction) |
20: | Update the new permission T to the database |
21: | end for |
22: | end if |
23: | if users choose single-to-multiple relationship method then |
24: | Get all Objects from Database |
25: | Get all Generic Action Sets from Database |
26: | sObject = the selected Object |
27: | sSet = the selected Generic Action Set |
28: | for act sSet do |
29: | T = new Permission(sObject, act) |
30: | Update the new permission T to the database |
31: | end for |
32: | end if |
33: | if users choose single-to-single relationship method then |
34: | Get all Objects from Database |
35: | Get all Actions from Database |
36: | sObject = the selected Object |
37: | sAction = the selected Action |
38: | T = new Permission(sObject, sAction) |
39: | Update the new permission T to the database |
40: | end if |
Algorithm 2 User’s access to Roles and Permissions | |
1: | Roles = List of all roles in database |
2: | Permissions = List of all permissions in database |
3: | privilegedRoles = [] |
4: | privilegedPermissions = [] |
5: | forpermissPermissionsdo |
6: | if isRightTime(permiss.Object.Time) = = 1 then |
7: | privilegedPermissions.Append(permiss) |
8: | end if |
9: | end for |
10: | forroleRolesdo |
11: | if isRightTime(role.Time) = = 1 then |
12: | privilegedRoles.Append(role) |
13: | end if |
14: | end for |
15: | historyPermissions = [] |
16: | ifdoExecute() = = 1 then |
17: | sPermission = the selected Permission |
18: | sAction = sPermission.Action |
19: | sObject = sPermission.Object |
20: | isConflicted = 0 |
21: | for permission historyPermissions do |
22: | if sObject = = permission.Object and |
sAction = = permission.Action.ConflictedAction then | |
23: | isConflicted = 1 |
24: | end if |
25: | end for |
26: | ifisConflicted = = 1 then |
27: | Warning “being conflicted actions on the same object” to the user |
28: | else |
29: | historyPermissions.Append(sPermission) |
30: | Notice the permission accessed successfully |
31: | end if |
4.6. Benefits of the Proposed Model
4.6.1. Decrease Load of Administrator
4.6.2. No Decrement in User’s Authority
4.6.3. No SOD Violation by the Users
4.7. Limitations
5. Implementation and Comparative Analysis
5.1. Implementation
• Microsoft SQL Server Management Studio | 14.0.17224.0 |
• Microsoft Analysis Services Client Tools | 14.0.1016.244 |
• Microsoft Data Access Components (MDAC) | 10.0.17763.1 |
• Microsoft MSXML | 3.0 6.0 |
• Microsoft Internet Explorer | 9.11.17763.0 |
• Microsoft .NET Framework | 4.0.30319.42000 |
• Operating System | 6.3.17763 |
5.2. Comparative Analysis
6. Conclusions and Future Directions
Supplementary Materials
Author Contributions
Funding
Acknowledgments
Conflicts of Interest
References
- Samarati, P.; de Vimercati, S.C. Access control: Policies, models, and mechanisms. In Proceedings of the International School on Foundations of Security Analysis and Design, Bertinoro, Italy, 18–30 September 2000; pp. 137–196. [Google Scholar]
- Cheminod, M.; Durante, L.; Seno, L.; Valenza, F.; Valenzano, A. A comprehensive approach to the automatic refinement and verification of access control policies. Comput. Secur. 2018. [Google Scholar] [CrossRef]
- Verma, D.C. Simplifying network administration using policy-based management. IEEE Netw. 2002, 16, 20–26. [Google Scholar] [CrossRef]
- Sandhu, R.; Munawer, Q. How to do discretionary access control using roles. In Proceedings of the Third ACM Workshop on Role-Based Access Control, Fairfax, VA, USA, 22–23 October 1998; pp. 47–54. [Google Scholar]
- Li, N. Discretionary access control. In Encyclopedia of Cryptography and Security; Springer: Berlin, Germany, 2011; pp. 353–356. [Google Scholar]
- Jueneman, R.R. Integrity controls for military and commercial applications. In Proceedings of the Fourth Aerospace Computer Security Applications, Orlando, FL, USA, 12–16 September 1988; pp. 298–322. [Google Scholar]
- Barkley, J. Comparing simple role based access control models and access control lists. In Proceedings of the second ACM workshop on Role-Based Access Control, Fairfax, VA, USA, 6–7 November 1997; pp. 127–132. [Google Scholar]
- Sandhu, R.S.; Coyne, E.J.; Feinstein, H.L.; Youman, C.E. Role-based access control models. Computer 1996, 29, 38–47. [Google Scholar] [CrossRef] [Green Version]
- Incits, A. Incits 359-2004. role-based access control. Am. Natl. Stand. Inf. Technol 2004, 359, 2–10. [Google Scholar]
- Zhu, Y.; Huang, D.; Hu, C.-J.; Wang, X. From RBAC to ABAC: Constructing flexible data access control for cloud storage services. IEEE Trans. Serv. Comput. 2015, 8, 601–616. [Google Scholar] [CrossRef]
- Batra, G.; Atluri, V.; Vaidya, J.; Sural, S. Enabling the Deployment of ABAC Policies in RBAC Systems. In Proceedings of the 32nd IFIP Annual Conference on Data and Applications Security and Privacy, Bergamo, Italy, 16–18 July 2018; pp. 51–68. [Google Scholar]
- Alam, M.; Emmanuel, N.; Khan, T.; Xiang, Y.; Hassan, H. Garbled role-based access control in the cloud. J. Ambient Intell. Humaniz. Comput. 2018, 9, 1153–1166. [Google Scholar] [CrossRef]
- Nazerian, F.; Motameni, H.; Nematzadeh, H. Emergency role-based access control (E-RBAC) and analysis of model specifications with alloy. J. Inf. Secur. Appl. 2019, 45, 131–142. [Google Scholar] [CrossRef]
- Cruz, J.P.; Kaji, Y.; Yanai, N. RBAC-SC: Role-Based Access Control Using Smart Contract. IEEE Access 2018, 6, 12240–12251. [Google Scholar] [CrossRef]
- Jha, S.; Sural, S.; Atluri, V.; Vaidya, J. Specification and Verification of Separation of Duty Constraints in Attribute-Based Access Control. IEEE Trans. Inf. Forensics Secur. 2018, 13, 897–911. [Google Scholar] [CrossRef]
- Kuhn, D.R.; Coyne, E.J.; Weil, T.R. Adding attributes to role-based access control. Computer 2010, 43, 79–81. [Google Scholar] [CrossRef]
- Zheng, R.; Jiang, J.; Hao, X.; Ren, W.; Xiong, F.; Zhu, T. CaACBIM: A Context-aware Access Control Model for BIM. Information 2019, 10, 47. [Google Scholar] [CrossRef]
- Jin, X.; Krishnan, R.; Sandhu, R. A unified attribute-based access control model covering DAC, MAC and RBAC. In Proceedings of the 26th IFIP Annual Conference on Data and Applications Security and Privacy, Paris, France, 11–13 July 2012; pp. 41–55. [Google Scholar]
- Hu, V.C.; Ferraiolo, D.; Kuhn, R.; Friedman, A.R.; Lang, A.J.; Cogdell, M.M.; Schnitzer, A.; Sandlin, K.; Miller, R.; Scarfone, K. Guide to attribute based access control (ABAC) definition and considerations (draft). NIST Spec. Publ. 2013, 800. [Google Scholar] [CrossRef]
- Xu, R.; Chen, Y.; Blasch, E.; Chen, G. Blendcac: A smart contract enabled decentralized capability-based access control mechanism for the IOT. Computers 2018, 7, 39. [Google Scholar] [CrossRef]
- Lan-sheng, H.; Fan, H.; Kojo, A.B. Least privileges and role’s inheritance of RBAC. Wuhan Univ. J. Nat. Sci. 2006, 11, 185–187. [Google Scholar] [CrossRef]
- Sandhu, R.S. Separation of Duties in Computerized Information Systems. In Proceedings of the IFIP WG11.3 Workshop on Database Security, Halifax, UK, 18–21 September 1990; pp. 179–190. [Google Scholar]
- Habib, M.A.; Mahmood, N.; Shahid, M.; Aftab, M.U.; Ahmad, U.; Faisal, C.M.N. Permission Based Implementation of Dynamic Separation of Duty (DSD) in Role Based Access Control (RBAC). In Proceedings of the 8th International Conference on Signal Processing and Communication Systems, Gold Coast, Australia, 15–17 December 2014; pp. 1–10. [Google Scholar]
- Aftab, M.U.; Habib, M.A.; Mehmood, N.; Aslam, M.; Irfan, M. Attributed role based access control model. In Proceedings of the Conference on Information Assurance and Cyber Security, Rawalpindi, Pakistan, 18 December 2015; pp. 83–89. [Google Scholar]
- Al-Kahtani, M.A.; Sandhu, R. A model for attribute-based user-role assignment. In Proceedings of the the 18th Annual Computer Security Applications Conference, Las Vegas, NV, USA, 9–13 December 2002; pp. 1–10. [Google Scholar]
- Rajpoot, Q.M.; Jensen, C.D.; Krishnan, R. Integrating attributes into role-based access control. In Proceedings of the 29th IFIP Annual Conference on Data and Applications Security and Privacy, Fairfax, VA, USA, 13–15 July 2015; pp. 242–249. [Google Scholar]
- Chen, B.-C.; Yang, C.-T.; Yeh, H.-T.; Lin, C.-C. Mutual Authentication Protocol for Role-Based Access Control Using Mobile RFID. Appl. Sci. 2016, 6, 215. [Google Scholar] [CrossRef]
- Habib, M.A.; Praher, C. Object based dynamic separation of duty in RBAC. In Proceedings of the 4th International Conference for Internet Technology and Secured Transactions, London, UK, 9–13 November 2009; pp. 1–5. [Google Scholar]
- Jha, S.; Sural, S.; Atluri, V.; Vaidya, J. Enforcing separation of duty in attribute based access control systems. In Proceedings of the International Conference on Information Systems Security, Kolkata, India, 16–20 December 2015; pp. 61–78. [Google Scholar]
- Joshi, J.B.; Bertino, E.; Latif, U.; Ghafoor, A. A generalized temporal role-based access control model. IEEE Trans. Knowl. Data Eng. 2005, 17, 4–23. [Google Scholar] [CrossRef]
- Veloudis, S.; Nissanke, N. A Novel Permission Hierarchy for RBAC for Dealing with SoD in MAC Models. Comput. J. 2016, 59, 462–492. [Google Scholar] [CrossRef]
- Ghosh, S.; Karar, V. Blowfish Hybridized Weighted Attribute-Based Encryption for Secure and Efficient Data Collaboration in Cloud Computing. Appl. Sci. 2018, 8, 1119. [Google Scholar] [CrossRef]
- Yin, H.; Xiong, Y.; Zhang, J.; Ou, L.; Liao, S.; Qin, Z. A Key-Policy Searchable Attribute-Based Encryption Scheme for Efficient Keyword Search and Fine-Grained Access Control over Encrypted Data. Electronics 2019, 8, 265. [Google Scholar] [CrossRef]
- Zhou, L.; Su, C.; Li, Z.; Liu, Z.; Hancke, G.P. Automatic fine-grained access control in SCADA by machine learning. Future Gener. Comput. Syst. 2019, 93, 548–559. [Google Scholar] [CrossRef]
- Wang, X.; Wang, L.; Li, Y.; Gai, K. Privacy-aware efficient fine-grained data access control in Internet of medical things based fog computing. IEEE Access 2018, 6, 47657–47665. [Google Scholar] [CrossRef]
- Fatima, A.; Ghazi, Y.; Shibli, M.A.; Abassi, A.G. Towards Attribute-Centric Access Control: An ABAC versus RBAC argument. Secur. Commun. Netw. 2016, 9, 3152–3166. [Google Scholar] [CrossRef]
- Zao, J.; Wee, H.; Chu, J.; Jackson, D. RBAC schema verification using lightweight formal model and constraint analysis. In Proceedings of the 8th ACM Symposium on Access Control Models and Technologies (SACMAT), Villa Gallia, Como, Italy, 2–3 June 2003. [Google Scholar]
- Schaad, A.; Moffett, J.D. A lightweight approach to specification and analysis of role-based access control extensions. In Proceedings of the seventh ACM symposium on Access control models and technologies, Monterey, CA, USA, 3–4 June 2002; pp. 13–22. [Google Scholar]
- Umar Aftab, M.; Qin, Z.; Zakria; Ali, S.; Pirah; Khan, J. The Evaluation and Comparative Analysis of Role Based Access Control and Attribute Based Access Control Model. In Proceedings of the 15th International Computer Conference on Wavelet Active Media Technology and Information Processing (ICCWAMTIP), Chengdu, China, 14–16 December 2018; pp. 35–39. [Google Scholar]
Role Name | Total Permissions | Conflicted Permissions | Non-Conflicted Permissions | Assigned to Users |
---|---|---|---|---|
Role 1 | Five | None | P1, P3, P5, P7, P9 | User 1, User 2 |
Role 2 | Five | P2, P4, P6 | P11, P13 | User 1, User 3, User 4 |
Role 3 | Five | P8, P10, P12, P14 | P15 | User 2, User 5, User 6, User 7 |
Role 4 | Four | P16, P18, P20, P22 | None | User 4, User 6, User 7, User 8 |
Role Name | Permission Name | COI with Permission | COI Permission’s Role |
---|---|---|---|
Role 2 | P2 | P12, P22 | Role 3, Role 4 |
Role 2 | P4 | P14 | Role 3 |
Role 2 | P6 | P16 | Role 4 |
Role 3 | P8 | P18 | Role 4 |
Role 3 | P10 | P20 | Role 4 |
Role 3 | P12 | P2 | Role 2 |
Role 3 | P14 | P4 | Role 2 |
Role 4 | P16 | P6 | Role 2 |
Role 4 | P18 | P8 | Role 3 |
Role 4 | P20 | P10 | Role 3 |
Role 4 | P22 | P2 | Role 2 |
Features | RBAC [9] | ABAC [19] | Attributed RBAC [24] | PSD-RBAC [23] | RBAC-SC [14] | CaAC [17] | Proposed Model |
---|---|---|---|---|---|---|---|
Dynamicity | ✘ | ✔ | ✔ | ✘ | ✘ | ✔ | ✔ |
Least Privileges | ✔ | ✘ | ✔ | ✔ | ✔ | ✔ | ✔ |
Simplicity | ✔ | ✘ | ✔ | ✔ | ✔ | ✘ | ✔ |
Flexibility | ✘ | ✔ | ✘ | ✘ | ✘ | ✔ | ✔ |
Efficient SOD Implementation | ✘ | ✘ | ✘ | ✔ | ✘ | ✘ | ✔ |
Policies specification & Maintenance | ✔ | ✘ | ✔ | ✔ | ✔ | ✔ | ✔ |
Less Load of Administrator | ✘ | ✔ | ✔ | ✘ | ✘ | ✔ | ✔ |
© 2019 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
Share and Cite
Aftab, M.U.; Qin, Z.; Hundera, N.W.; Ariyo, O.; Zakria; Son, N.T.; Dinh, T.V. Permission-Based Separation of Duty in Dynamic Role-Based Access Control Model. Symmetry 2019, 11, 669. https://doi.org/10.3390/sym11050669
Aftab MU, Qin Z, Hundera NW, Ariyo O, Zakria, Son NT, Dinh TV. Permission-Based Separation of Duty in Dynamic Role-Based Access Control Model. Symmetry. 2019; 11(5):669. https://doi.org/10.3390/sym11050669
Chicago/Turabian StyleAftab, Muhammad Umar, Zhiguang Qin, Negalign Wake Hundera, Oluwasanmi Ariyo, Zakria, Ngo Tung Son, and Tran Van Dinh. 2019. "Permission-Based Separation of Duty in Dynamic Role-Based Access Control Model" Symmetry 11, no. 5: 669. https://doi.org/10.3390/sym11050669