S.P.Kodituwakku / International Journal of Engineering Science and Technology Vol. 2(11), 2010, 6617-6621
DESIGN AND IMPLEMENTATION OF
ROLE BASE ACCESS CONTROL
SYSTEM FOR NETWORK RESOURCES
S.R. KodituwakkuDepartment of Statistics & Computer Science University of Peradeniya, Sri Lanka
Abstract
Role Based Access Control is very useful for providing a high level description of access control for organizational applications. This paper proposes a role based framework that deals with security problems in an intranet environment. The proposed framework protects intranet resources from unauthorized users. The salient feature of the framework is that it allows intranet users to access only authorized resources. It consists of two kinds of role hierarchies: global role hierarchy and local role hierarchy, and two levels of permissions: server permission and object permission. They simplify the way of structuring authority and responsibility in the whole intranet and the allocation of privileges for different objects within a particular server. The proposed framework is implemented over Windows platform and tested for the validity. The test results indicated that it can successfully be used to control accessing network objects.
1. Introduction
Now a day’s most of the organizations use computer networks, in particular intranets, for sharing resources. In an organizational environment, users are not allowed to access each and every network object as they wish. For instance, access to file servers, web servers and printers may be allowed for some users only. Although networked operating systems provide access control mechanism, it is difficult to use such facilities to reflect organizational structure and its security policies. Role-based access control (RBAC) [1], [2], [3], [4], [5], [6], [7], [8], [9], [10] has recently received considerable attention as a promising solution to this problem. In RBAC, permissions are associated with roles, and users are made members of appropriate roles thereby acquiring the roles' permissions. This greatly simplifies management of permissions. Roles are created for the various job functions in an organization and users are assigned roles based on their responsibilities and qualifications. Users can be easily reassigned from one role to another. Roles can be granted new permissions as new applications and systems are incorporated, and permissions can be revoked from roles as needed. Role-role relationships such as role hierarchies can be established to lay out broad policy objectives.
This paper presents a theoretical framework, which is an extension of the framework proposed by Tari et. al. [11], to overcome main security issues in an enterprise intranet and its implementation. Two kinds of role hierarchies: global role hierarchy and local role hierarchy, and two levels of permissions: server permission and object permission are proposed. Two role hierarchies simplify the way of structuring authority and responsibility within a particular intranet environment. Global role hierarchy deals with roles that are common to the whole intranet while local role hierarchies deal with roles with a limited scope from server to server. Two levels of permissions simplify the allocation of privileges for different objects within a particular server. According to two levels of permissions, if a user needs to access an object in a particular server he is required to satisfy access privileges corresponding to both server and object role.
2. Related Work
server of the intranet. The ACL consisting of different network objects for different servers for a given role is inserted into the global role database. This framework addresses the most of security issues in accessing intranet security. However, there is no evidence to prove that it has been implemented and tested for the functionality. Therefore, an attempt is made to extend this theoretical frame work and to validate it.
3. Methods and Materials
In order to apply role based access control for accessing intranet resources the framework presented in [11] is extend by introducing two new permission levels namely server permission and object permission, and three new roles namely subject role, object role and environment role. To outline a RBAC framework for intranet environment, four terms, object, server, role and permission, are defined. This section describes these terms and how they are used to control access.
3.1Network object
A network object can be a hardware element or an entity that perform some specific service or allows storing data. Each network object has unique identity in whole intranet and permission, property and value associated with it.
3.2 Server
A server is a dedicated machine in the intranet to perform a specific task. All the network objects in the intranet are belongs to one or few servers. On the other hand a server may have one or more network objects attached to it.
3.3 Roles
Three types of roles are proposed: subject role (SR), object role (OR) andenvironmental role (ER) that are used through out this paper.
3.3.1 Subject Role (SR)
Subjects in the intranet are assigned to SR. They can be job titles such as Manager, clerk, cashier etc, or responsibilities that users play in the intranet. A SR can be related to a single user or group of users. Two kinds of SRs, global subject roles (GSR) and local subject roles (LSR) are proposed, in order to simplify the access mechanism. A GSR contains a list of permission for each server of an intranet.The permission assignment to a GSR describes privileges for accessing servers. A LSR has a set of privileges on objects roles with in a particular server.
3.3.2 Object Role (OR)
Object Roles can be used to capture various commonalities among the network objects in the intranet. An OR can be based on any classifiable property of an object including its date of creation, object type, sensitivity level or information about the contents of the object. After classifying the object, access control decisions can be made based on the created classification scheme.
3.3.3 Environment Role (ER)
There are many real world instances in which access control depends not only on the person making the access and the object being accessed, but also on the state of the environment during the accessed such as time and location. Environment roles are introduced to represent such situations.
3.4 Server Permission
Permission is a set of attributes that can be used to describe the actual kind of privileges a network object or a server can be occupied. Two kinds of permission sets are proposed:, server permissions and object permission. Following server permissions are to be allocated for a GSR to access a particular server. Figure 1 depicts the server permissions.
Read (R) – Allows the GSR to read the content of any object attached to a particular server.
Write (W) – Allows the GSR to write or modify the content of any object attached to a particular server.
Create (C) - Allows the GSR to create an object or rename any object attached to a particular server.
Execute (X) - Allows the GSR to execute services or operations of any object attached to a particular server.
3.5 Object Permissions
Following object permissions are proposed to be allocated, when a LSR with in a particular server is accessed an OR in that server. Object permissions are shown in Figure 2.
Delete (D) – Allows the LSR to delete any object attached to a particular OR.
Read (R) – Allows the LSR to read the content of any object attached to a particular OR.
Write (W) – Allows the LSR to write or modify the content of any object attached to a particular OR.
Create (C) - Allows the LSR to create an object or rename any object attached to a particular OR.
Execute (X) - Allows the LSR to execute services or operations of any object attached to a particular OR.
A prototype system is developed over Windows operating system to check the validity of the framework. Figure 3 shows the design diagram of the prototype.
Any request from the client is first validated by the ‘GRInterface’ class, which contains set of GSRs with appropriate server permissions. This level can reject the request, if it does not satisfy first level requirements or
Figure 1 - Server permission
server permissions. This may reduce the overhead of searching for available permissions since the request does not go through server by server.
At the second level the particular server becomes the client and it accesses the network object through ‘LRInterface’, which contains set of LSRs with appropriate object permissions and ‘ObjectInterface’, which contains all the network objects along with corresponding ORs. The second level requirements are checked at ‘LRInterface’.
The entire framework can be summarized as follows. A GSR ‘gsr’ can read contents of an object ‘o’ of an OR ‘or’ at environment ‘e’ if and only if ‘gsr’ has read access to the servers that ‘o’ belongs at environment ‘e’ and ‘gsr’ has read access to the OR ‘or’ as the LSR within the particular server.
4. Conclusion
Role based access control can successfully be used to control access to the Intranet resources. The use of roles and privileges can be used to specify both local and global resources, and access permissions to network objects. Two kinds of role hierarchies and two levels of permissions proposed simplify the network administration task while users are allowed to access resources according to their privileges.
The proposed two levels of permissions, server permission at first level and object permission at second level, can be used to limit the scope of the system administrator when granting permissions. Hence the complexities of permissions and errors that may occur when granting permissions are also reduced. This also simplifies the implementation of the research goal.
References
[1] Department of Defense (1985). Trusted Computer Security Evaluation Criteria, DoD 5200.28-STD, USA
[2] Feraiolo D. F, Barkley J. F. and Kuhn R(1999). A Role Based Access Control Model and Reference Implementation Within a Corporate Intranet, ACM Transactions on Information Systems Security (1), p: 34-64.
[3] Ferraiolo D. and Kuhn R. (1992). Role Based Access Controls, Proceedings of the 15th NIST-NSA National Computer Security Conference, Baltimore, Maryland p: 554-563.
[4] Ferraiolo D. F., Cugini J. A., and Richard K. D. (1995). Role-Based Access Control (RBAC): Features and Motivations, 11th Annual Computer Security Applications Proceedings.
[5] Sandhu. R. S., Edward J. C., Hal L. F. and Charles E. Y. (1996). “Role-Based Access Control Models”, IEEE Computer (29), p: 38-47.
[6] Ferraiolo D. F., Barkley J. F., and Richard D. K. (1999). A role based access control model and reference implementation within a corporate intranet. In ACM Transactions on Information Systems Security, volume 1.
[7] Gopal B. and Udi Manber (1999). Integrating contentbased access mechanisms with iierarchical file systems, In Operating Systems Design and Implementation (OSDI) Sympsoium.
[8] Sushil Jajodia, Pierangela Samarati, Subrahmanian V. S., and Elisa Bertino (1997). A unified framework for enforcing multiple access control policies. In Proc. of the 1997 ACM International SIGMOD Conference on Management of Data.
[9] Moore D., Essa I., and Hayes M. (1999). Exploiting human actions and object context for recognition tasks. In IEEE International Conference on Computer Vision.
[10] Moyer M. J. and Mustaque Ahamad (2001). generalized role based access control. 21st IEEE International Conference on Distributed Computing Systems (ICDCS'01), Mesa, AZ.
