RBAC Attack Exposure Auditor. Tracking User Risk Exposure per Role-Based Access Control Permissions

Damrau, Adelaide

01 May 2023

Access control models and implementation guidelines for determining, provisioning, and de-provisioning user permissions are challenging due to the differing approaches, unique for each organization, the lack of information provided by case studies concerning the organization’s security policies, and no standard means of implementation procedures or best practices. Although there are multiple access control models, one stands out, role-based access control (RBAC). RBAC simplifies maintenance by enabling administrators to group users with similar permissions. This approach to managing user permissions supports the principle of least privilege and separation of duties, which are needed to ensure an organization maintains acceptable user access security requirements. However, if not properly maintained, RBAC produces the problem of role explosion. What happens when security administrations cannot maintain the increasing number of roles and their assigned permissions provisioned to the organization users? This paper attempts to solve this problem by implementing a scalable RBAC system and assigning each permission a risk value score determined by the severity of risk it would expose the organization to if someone had unauthorized access to that permission. Using RBAC’s role and permission design, each user will be assigned a risk value score determined by the summation of their roles’ risk based on permission values. This method allows security administrators to view the users and roles with the highest level of risk, therefore prioritizing the highest risk users and roles when maintaining user roles and permissions.

Role-Based Access Control

Principle of Least Privilege

Separation of Duties

Permission

Risk

Role Explosion

Databases and Information Systems

Information Security

Other Computer Sciences

Data Protection in Transit and at Rest with Leakage Detection

Denis A Ulybyshev (6620474)

15 May 2019

<p>In service-oriented architecture, services can communicate and share data among themselves. This thesis presents a solution that allows detecting several types of data leakages made by authorized insiders to unauthorized services. My solution provides role-based and attribute-based access control for data so that each service can access only those data subsets for which the service is authorized, considering a context and service’s attributes such as security level of the web browser and trust level of service. My approach provides data protection in transit and at rest for both centralized and peer-to-peer service architectures. The methodology ensures confidentiality and integrity of data, including data stored in untrusted cloud. In addition to protecting data against malicious or curious cloud or database administrators, the capability of running a search through encrypted data, using SQL queries, and building analytics over encrypted data is supported. My solution is implemented in the “WAXEDPRUNE” (Web-based Access to Encrypted Data Processing in Untrusted Environments) project, funded by Northrop Grumman Cybersecurity Research Consortium. WAXEDPRUNE methodology is illustrated in this thesis for two use cases, including a Hospital Information System with secure storage and exchange of Electronic Health Records and a Vehicle-to-Everything communication system with secure exchange of vehicle’s and drivers’ data, as well as data on road events and road hazards. </p><p>To help with investigating data leakage incidents in service-oriented architecture, integrity of provenance data needs to be guaranteed. For that purpose, I integrate WAXEDPRUNE with IBM Hyperledger Fabric blockchain network, so that every data access, transfer or update is recorded in a public blockchain ledger, is non-repudiatable and can be verified at any time in the future. The work on this project, called “Blockhub,” is in progress.</p>

Computer System Security

Database Management

Data Privacy

data protection mechanism

role-based access control

attribute-based encryption scheme

Leakage Detection

encrypted search queries

identity management

authentication scheme

blockchain technology application

Um modelo de autorização contextual para o controle de acesso ao prontuário eletrônico do paciente em ambientes abertos e distribuídos. / A contextual authorization model for access control of electronic patient record in open distributed environments.

Motta, Gustavo Henrique Matos Bezerra

05 February 2004

Os recentes avanços nas tecnologias de comunicação e computação viabilizaram o pronto acesso às informações do prontuário eletrônico do paciente (PEP). O potencial de difusão de informações clínicas resultante suscita preocupações acerca da priva-cidade do paciente e da confidencialidade de seus dados. As normas presentes na legislação dispõem que o conteúdo do prontuário deve ser sigiloso, não cabendo o acesso a ele sem a prévia autorização do paciente, salvo quando necessário para be-neficiá-lo. Este trabalho propõe o MACA, um modelo de autorização contextual para o controle de acesso baseado em papéis (CABP) que contempla requisitos de limita-ção de acesso ao PEP em ambientes abertos e distribuídos. O CABP regula o acesso dos usuários ao PEP com base nas funções (papéis) que eles exercem numa organi-zação. Uma autorização contextual usa informações ambientais disponíveis durante o acesso para decidir se um usuário tem o direito e a necessidade de acessar um re-curso do PEP. Isso confere ao MACA flexibilidade e poder expressivo para estabele-cer políticas de acesso ao PEP e políticas administrativas para o CABP que se adap-tam à diversidade ambiental e cultural das organizações de saúde. O MACA ainda permite que os componentes do PEP utilizem o CABP de forma transparente para o usuário final, tornando-o mais fácil de usar quando comparado a outros modelos de CABP. A arquitetura onde a implementação do MACA foi integrada adota o serviço de diretórios LDAP (Lightweight Directory Access Protocol), a linguagem de pro-gramação Java e os padrões CORBA Security Service e Resource Access Decision Fa-cility. Com esses padrões abertos e distribuídos, os componentes heterogêneos do PEP podem solicitar serviços de autenticação de usuário e de autorização de acesso de modo unificado e coerente a partir de múltiplas plataformas. A implementação do MACA ainda tem a vantagem de ser um software livre, de basear-se em componen-tes de software sem custos de licenciamento e de apresentar bom desempenho para as demandas de acesso estimadas. Por fim, a utilização rotineira do MACA no con-trole de acesso ao PEP do InCor-HC.FMUSP, por cerca de 2000 usuários, evidenciam a exeqüibilidade do modelo, da sua implementação e da sua aplicação prática em casos reais. / The recent advances in computing and communication technologies allowed ready access to the electronic patient record (EPR) information. High availability of clinical information raises concerns about patients privacy and data confidentiality of their data. The legal regulation mandates the confidentiality of EPR contents. Everyone has to be authorized by the patients to access their EPR, except when this access is necessary to provide care on their behalf. This work proposes MACA, a contextual authorization model for the role-based access control (RBAC) that considers the ac-cess restrictions requirements for the EPR in open and distributed environments. RBAC regulates user’s access to EPR based on organizational functions (roles). Con-textual authorizations use environmental information available at access time, like user/patient relationship, in order to decide whether a user is allowed to access an EPR resource. This gives flexibility and expressive power to MACA, allowing one to establish access policies for the EPR and administrative policies for the RBAC that considers the environmental and cultural diversity of healthcare organizations. MACA also allows EPR components to use RBAC transparently, making it more user friendly when compared with other RBAC models. The implementation of MACA architecture uses the LDAP (Lightweight Directory Access Protocol) directory server, the Java programming language and the standards CORBA Security Service and Re-source Access Decision Facility. Thus, heterogeneous EPR components can request user authentication and access authorization services in a unified and coherent way across multiple platforms. MACA implementation complies with free software pol-icy. It is based on software components without licensing costs and it offers good performance for the estimated access demand. Finally, the daily use of MACA to control the access of about 2000 users to the EPR at InCor-HC.FMUSP shows the feasibility of the model, of its implementation and the effectiveness of its practical application on real cases.

arquiteturas abertas e distribuídas

autorização contextual

contexto

contexts

contextual authorization

electronic patient record (EPR)

open and distributed architectures

role-based access control (RBAC)

security

segurança

Um modelo de autorização contextual para o controle de acesso ao prontuário eletrônico do paciente em ambientes abertos e distribuídos. / A contextual authorization model for access control of electronic patient record in open distributed environments.

Gustavo Henrique Matos Bezerra Motta

05 February 2004

Os recentes avanços nas tecnologias de comunicação e computação viabilizaram o pronto acesso às informações do prontuário eletrônico do paciente (PEP). O potencial de difusão de informações clínicas resultante suscita preocupações acerca da priva-cidade do paciente e da confidencialidade de seus dados. As normas presentes na legislação dispõem que o conteúdo do prontuário deve ser sigiloso, não cabendo o acesso a ele sem a prévia autorização do paciente, salvo quando necessário para be-neficiá-lo. Este trabalho propõe o MACA, um modelo de autorização contextual para o controle de acesso baseado em papéis (CABP) que contempla requisitos de limita-ção de acesso ao PEP em ambientes abertos e distribuídos. O CABP regula o acesso dos usuários ao PEP com base nas funções (papéis) que eles exercem numa organi-zação. Uma autorização contextual usa informações ambientais disponíveis durante o acesso para decidir se um usuário tem o direito e a necessidade de acessar um re-curso do PEP. Isso confere ao MACA flexibilidade e poder expressivo para estabele-cer políticas de acesso ao PEP e políticas administrativas para o CABP que se adap-tam à diversidade ambiental e cultural das organizações de saúde. O MACA ainda permite que os componentes do PEP utilizem o CABP de forma transparente para o usuário final, tornando-o mais fácil de usar quando comparado a outros modelos de CABP. A arquitetura onde a implementação do MACA foi integrada adota o serviço de diretórios LDAP (Lightweight Directory Access Protocol), a linguagem de pro-gramação Java e os padrões CORBA Security Service e Resource Access Decision Fa-cility. Com esses padrões abertos e distribuídos, os componentes heterogêneos do PEP podem solicitar serviços de autenticação de usuário e de autorização de acesso de modo unificado e coerente a partir de múltiplas plataformas. A implementação do MACA ainda tem a vantagem de ser um software livre, de basear-se em componen-tes de software sem custos de licenciamento e de apresentar bom desempenho para as demandas de acesso estimadas. Por fim, a utilização rotineira do MACA no con-trole de acesso ao PEP do InCor-HC.FMUSP, por cerca de 2000 usuários, evidenciam a exeqüibilidade do modelo, da sua implementação e da sua aplicação prática em casos reais. / The recent advances in computing and communication technologies allowed ready access to the electronic patient record (EPR) information. High availability of clinical information raises concerns about patients privacy and data confidentiality of their data. The legal regulation mandates the confidentiality of EPR contents. Everyone has to be authorized by the patients to access their EPR, except when this access is necessary to provide care on their behalf. This work proposes MACA, a contextual authorization model for the role-based access control (RBAC) that considers the ac-cess restrictions requirements for the EPR in open and distributed environments. RBAC regulates user’s access to EPR based on organizational functions (roles). Con-textual authorizations use environmental information available at access time, like user/patient relationship, in order to decide whether a user is allowed to access an EPR resource. This gives flexibility and expressive power to MACA, allowing one to establish access policies for the EPR and administrative policies for the RBAC that considers the environmental and cultural diversity of healthcare organizations. MACA also allows EPR components to use RBAC transparently, making it more user friendly when compared with other RBAC models. The implementation of MACA architecture uses the LDAP (Lightweight Directory Access Protocol) directory server, the Java programming language and the standards CORBA Security Service and Re-source Access Decision Facility. Thus, heterogeneous EPR components can request user authentication and access authorization services in a unified and coherent way across multiple platforms. MACA implementation complies with free software pol-icy. It is based on software components without licensing costs and it offers good performance for the estimated access demand. Finally, the daily use of MACA to control the access of about 2000 users to the EPR at InCor-HC.FMUSP shows the feasibility of the model, of its implementation and the effectiveness of its practical application on real cases.

arquiteturas abertas e distribuídas

autorização contextual

contexto

segurança

contexts

contextual authorization

electronic patient record (EPR)

open and distributed architectures

role-based access control (RBAC)

security

Enhancing security in distributed systems with trusted computing hardware

Reid, Jason Frederick

January 2007

The need to increase the hostile attack resilience of distributed and internet-worked computer systems is critical and pressing. This thesis contributes to concrete improvements in distributed systems trustworthiness through an enhanced understanding of a technical approach known as trusted computing hardware. Because of its physical and logical protection features, trusted computing hardware can reliably enforce a security policy in a threat model where the authorised user is untrusted or when the device is placed in a hostile environment. We present a critical analysis of vulnerabilities in current systems, and argue that current industry-driven trusted computing initiatives will fail in efforts to retrofit security into inherently flawed operating system designs, since there is no substitute for a sound protection architecture grounded in hardware-enforced domain isolation. In doing so we identify the limitations of hardware-based approaches. We argue that the current emphasis of these programs does not give sufficient weight to the role that operating system security plays in overall system security. New processor features that provide hardware support for virtualisation will contribute more to practical security improvement because they will allow multiple operating systems to concurrently share the same processor. New operating systems that implement a sound protection architecture will thus be able to be introduced to support applications with stringent security requirements. These can coexist alongside inherently less secure mainstream operating systems, allowing a gradual migration to less vulnerable alternatives. We examine the effectiveness of the ITSEC and Common Criteria evaluation and certification schemes as a basis for establishing assurance in trusted computing hardware. Based on a survey of smart card certifications, we contend that the practice of artificially limiting the scope of an evaluation in order to gain a higher assurance rating is quite common. Due to a general lack of understanding in the marketplace as to how the schemes work, high evaluation assurance levels are confused with a general notion of 'high security strength'. Vendors invest little effort in correcting the misconception since they benefit from it and this has arguably undermined the value of the whole certification process. We contribute practical techniques for securing personal trusted hardware devices against a type of attack known as a relay attack. Our method is based on a novel application of a phenomenon known as side channel leakage, heretofore considered exclusively as a security vulnerability. We exploit the low latency of side channel information transfer to deliver a communication channel with timing resolution that is fine enough to detect sophisticated relay attacks. We avoid the cost and complexity associated with alternative communication techniques suggested in previous proposals. We also propose the first terrorist attack resistant distance bounding protocol that is efficient enough to be implemented on resource constrained devices. We propose a design for a privacy sensitive electronic cash scheme that leverages the confidentiality and integrity protection features of trusted computing hardware. We specify the command set and message structures and implement these in a prototype that uses Dallas Semiconductor iButtons. We consider the access control requirements for a national scale electronic health records system of the type that Australia is currently developing. We argue that an access control model capable of supporting explicit denial of privileges is required to ensure that consumers maintain their right to grant or withhold consent to disclosure of their sensitive health information in an electronic system. Finding this feature absent in standard role-based access control models, we propose a modification to role-based access control that supports policy constructs of this type. Explicit denial is difficult to enforce in a large scale system without an active central authority but centralisation impacts negatively on system scalability. We show how the unique properties of trusted computing hardware can address this problem. We outline a conceptual architecture for an electronic health records access control system that leverages hardware level CPU virtualisation, trusted platform modules, personal cryptographic tokens and secure coprocessors to implement role based cryptographic access control. We argue that the design delivers important scalability benefits because it enables access control decisions to be made and enforced locally on a user's computing platform in a reliable way.

trusted computing

trusted computing hardware

trusted systems

operating system security

distributed systems security

smart card

security evaluation

tamper resistance

distance bounding protocol

side channel leakage

electronic cash

electronic health records

role-based access control

Systém správy identit pro malé a střední firmy / Identity Management Solution for Small and Medium Businesses

MAXA, Karel

January 2014

The topic of this master's thesis is development of identity management solution for small and medium business. The thesis is divided into four major parts. The first part contains theoretical background as description of RBAC model or model with relationships between practically used objects (user identity, role, position, permission, account...). Analysis of functioning and needs of targeted organizations was carried out in the second part. The third part describes the design of the developed application. The fourth part discusses actual implementation of the application. The main outcome of the thesis is implemented application that can be deployed at thesis defined organizations. The application includes all the functionality required in the first phase of the project.

MAC řízení přístupu / Mandatory access control

Grepl, Miroslav

January 2008

This master's thesis describes the problems of SELinux, and the methods of creation of a proper security policy with a focus on the SELinux reference policy and its mechanisms. It designs the methodics of formulation of specific security rules, supplemented with the practical example of its application. Furthermore, it describes the available security rules commonly used for http, ftp and ssh services securing, their modification and practical utilization. According to the proposed methodology, these services are protected with their own security rules and both security methods are mutually compared and evaluated.

Semantic and Role-Based Access Control for Data Grid Systems

Muppavarapu, Vineela

11 December 2009

No description available.

Computer Science

Data Grid

role-based access control

semantic-based access control

Storage Resource Broker

Shibboleth

ontology

應用剖面導向技術研製網路應用程式之可設定式細緻化存取控管

林經緯, Lin,Ching Wei

Unknown Date

存取控管(Access Control)是網路應用程式(Web Applications)安全防護中的核心課題。貫徹存取控管的程式碼往往必須嵌入到應用系統的各個模組中，具有橫跨(cross-cutting)的特性，卻也因此常常造成系統中反覆出現類似的程式碼以及不同需求的程式碼夾雜不清的現象。所以學界業界紛紛提出了許多可設定式(configurable)的存取控管機制來解決此一問題。但這些機制都著重在一般功能性(function-level)的存取控管，對於較細緻化(fine-grained)的資料存取(data-level)控管，並未提供設定式的控管方式，還是得透過程式化(programmatic)的方式處理，所以仍然有程式橫跨性的問題。 最近興起的剖面導向程式設計(Aspect-Oriented Programming)基於關注分離的原則(Separation of Concerns)，針對像安全橫跨性的需求，倡議在原有的物件或函式模組外，另以剖面作為這些橫跨性需求的模組單位，既可集中開發又可依規則將安全程式碼整合至系統的各個模組。因此本研究將以AOP技術來設計與製作一套可設定式的細緻化存取控管服務與工具。 / Security is attracting more and more concerns in the development of Web applications. However, it is not easy to derive a robust security implementation for Web applications. The principle difficulty in designing security such as access control into an application system is that it is a concern that permeates through all the different modules of a system. As a result, security concerns in an application are often implemented with scattered and tangled code, which is not only error-prone but also makes it difficult to verify its correctness and perform the needed maintenance. Aspect-Oriented Programming (AOP) is a relative new design method that allows a programmer to isolate some of the code that crosscuts his program modules into a separate module, and thus realizes the concept of Separation of Concerns. AOP offers significant advantages to programming over traditional OO techniques in implementing crosscutting concerns such as access control. In this thesis, we define an XML schema for specifying fine-grained access control rules for Web applications in a configuration file and devise an aspect-oriented implementation scheme. Specifically, we develop an aspect synthesis tool that generates concrete access control aspects automatically from access control rules. These aspects, after woven into the base application, will enforce proper access control in a highly modular manner. As a result, we get a configurable implementation of access control that is not only adaptive but also effective.

網路應用程式

宣告式存取控管機制

以角色為基礎之存取控管

資料層次存取控管

剖面導向程式設計

web applications

data-level access control

Role-based access control

MVC

Aspect-oriented programming

Role Based Access Control (RBAC) in the context of Smart Grids : Implementing and Evaluating a Role Based Access Control System for Configuration Loading in a Substation from a Desktop / Rollbaserad åtkomstkontroll (RBAC) för smarta nät : Implementering och utvärdering av ett rollbaserat åtkomstkontrollsystem för konfigurationsinläsning i en transformatorstation från en datorapplikation.

Ducornaud, Gatien

January 2023

Access control is a crucial aspect of cybersecurity, and Role Based Access Control (RBAC) is a typical framework for controlling the access to specific resources. However, in the context of Smart Grids, the usual authentication solution of using a trusted identity provider might not be possible to provide authentication of a user, as systems cannot rely on external services. This, in addition to devices in a substation being usually strictly controlled, means that having an RBAC limited to a desktop application can be necessary. Moreover, the cost of adding additional layers of security needs to be considered too, as the cost of adding specific features can vary significantly. This thesis thus looks into the existing solutions for desktop applications in substations, explains their viability and implements an RBAC system using Group Nesting in Windows user management, in the context of a configuration loading application on a main computer in a substation. It is then used to evaluate the cost of this new solution, in terms of maintainability, usability and flexibility, compared to the gained security. This is done by using static analysis of both codebases, and evaluation of usability and security. It shows that security can be added for a reasonable cost using Group Nesting in Smart Grids if the focus is to delegate some tasks to the directory, improving on the security of the application and the system as a whole. / Åtkomstkontroll är en viktig aspekt av cybersäkerhet, och rollbaserad åtkomstkontroll (RBAC) är ett typiskt ramverk för att kontrollera åtkomsten till specifika resurser. I smarta nät kan det dock hända att den vanliga autentiseringslösningen med en betrodd identitetsleverantör inte är tillräcklig för att autentisera en användare, eftersom systemen inte kan förlita sig på externa tjänster. Detta, förutom att enheterna i en transformatorstation vanligtvis är strikt kontrollerade, innebär att det kan vara nödvändigt att ha en RBAC som är begränsad till en datorapplikation. Dessutom måste kostnaden för att lägga till ytterligare säkerhetslager också beaktas, eftersom kostnaden för att lägga till specifika funktioner kan variera avsevärt. Denna avhandling omfattar därför dels undersökning av de befintliga lösningarna för datorapplikation i transformatorstationer, dels redogörelse av genomförbarheten och dels implementeringen av ett RBAC-system. Implementationen använder funktionen Group Nesting i Windows-användarhantering och integrerades i en applikation för konfigurationsinläsning på en huvuddator i en transformatorstation. Därefter utvärderas kostnaden för denna nya lösning i fråga om underhållbarhet, användbarhet och flexibilitet i förhållande till den ökade säkerheten. Detta görs med hjälp av statisk analys av de båda mjukvarulösningarna och utvärdering av användbarhet och säkerhet. Det visar att säkerheten kan ökas till en rimlig kostnad med hjälp av Group Nesting i smarta nät, om fokus ligger på att delegera vissa uppgifter till en katalog, vilket förbättrar säkerheten i applikationen och systemet som helhet. / Le contrôle ’daccès est un aspect essentiel de la cybersécurité, et utiliser des rôles pour implémenter cela est souvent le modèle recommandé. Pour autant, dans le contexte des réseaux électriques intelligents, il ’nest pas toujours possible de posséder un parti tiers fiable qui puisse faire autorité car il ne faut pas dépendre de systèmes extérieurs. ’Cest particulièrement vrai dans une sous-station où les ordinateurs connectés ont un rôle strictement défini. Ainsi il peut être nécessaire ’davoir un système de contrôle ’daccès basé sur les rôles (RBAC, Role-Based Access Control) uniquement contenu sur un ordinateur. Il faut de plus pouvoir estimer le coût de cette sécurité supplémentaire. Ce rapport évalue les solutions existantes dans cette situation et leur viabilité, et implémente un RBAC grâce à ’limbrication de groupe ’dutilisateur Windows, pour une application desktop pour le chargement de configuration pour l´ordinateur central ’dune sous-station. Cette implémentation est ensuite utilisée pour estimer les coûts associés à ’lajout ’dun RBAC en termes de maintenabilité, ’dutilisabilité et de flexibilité par rapport aux gains de sécurité. Cela est fait à travers des outils ’danalyse statique sur le code avant et après implémentation et ’dautres techniques ’danalyse de la sécurité et de la maintenabilité. Cela permet de montrer que, avec ’limbrication de groupes, il est possible ’dobtenir un niveau de sécurité satisfaisant tout en limitant les coûts associés, grâce au fait de déléguer les fonctions de gestion ’dutilisateur à un système de directory (répertoire).

Role Based Access Control (RBAC)

Cybersecurity

Smart Grid

Substation

Desktop Applications

Cybersécurité

Réseau électrique intelligent

Sous-Station

Application Desktop

Rollbaserad åtkomstkontroll (RBAC)

Cybersäkerhet

Smarta nät

Transformatorstation

datorapplikation

Software Engineering

Programvaruteknik

Computer and Information Sciences

Data- och informationsvetenskap