modeling role based access control in uml
DESCRIPTION
Modeling Role Based Access Control in UML. Based on Towards A UML based approach to Role Engineering, by P. Epstein and R. Sandhu UML-Based representation of RBAC, by Eonsuk Shin and Gail-Joon Ahn RBAC Constraints Specification using OCL by Gail-Joon Ahn and Eonsuk Shin. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Modeling Role Based Access Control in UML](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815f97550346895dce9ae0/html5/thumbnails/1.jpg)
Precise Modeling UML Security 3 1
Modeling Role Based Access Control in UMLBased on
1. Towards A UML based approach to Role Engineering, by P. Epstein and R. Sandhu
2. UML-Based representation of RBAC, by Eonsuk Shin and Gail-Joon Ahn
3. RBAC Constraints Specification using OCL by Gail-Joon Ahn and Eonsuk Shin
![Page 2: Modeling Role Based Access Control in UML](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815f97550346895dce9ae0/html5/thumbnails/2.jpg)
Precise Modeling UML Security 3 2
A Brief Introduction to RBAC• Permissions assigned to roles• Users play roles, and then they are bestowed
with all permissions assigned to roles• Conflict exists between
– Roles– Users– Permissions
• Objective is to be able to play roles without conflicts
![Page 3: Modeling Role Based Access Control in UML](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815f97550346895dce9ae0/html5/thumbnails/3.jpg)
Precise Modeling UML Security 3 3
The RBAC Model
![Page 4: Modeling Role Based Access Control in UML](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815f97550346895dce9ae0/html5/thumbnails/4.jpg)
Precise Modeling UML Security 3 4
RBAC Continued• Users belong to groups• Groups, roles and objects may belong to
hierarchies• Generally (but not always) senior roles have all
permissions assigned to junior roles• Permissions can be + or -• RCL2000 is a language designed for RBAC
specifications
![Page 5: Modeling Role Based Access Control in UML](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815f97550346895dce9ae0/html5/thumbnails/5.jpg)
Precise Modeling UML Security 3 5
Towards A UML based approach to Role Engineering
P. Epstein and R. Sandhu
![Page 6: Modeling Role Based Access Control in UML](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815f97550346895dce9ae0/html5/thumbnails/6.jpg)
Precise Modeling UML Security 3 6
RBAC for Network Enterprises• Two groups
– Application developers– Local system administrator
• Application developer responsible for1. Objects 2. Object Handles 2. Application Constraints 4. Application keys
• Local System Administrator responsible for5. Enterprise keys 6. Key chains7. Enterprise constraints
![Page 7: Modeling Role Based Access Control in UML](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815f97550346895dce9ae0/html5/thumbnails/7.jpg)
Precise Modeling UML Security 3 7
Layers for Application Developer1. Objects: Attributes+ methods2. Object handles: Set of objects3. Application constraints: pre-requisite for
granting access permissions4. Application keys: Associates a role with
objects5. Application keys can be a leaf node of the
hierarchy or a non-leaf (considered abstract)
![Page 8: Modeling Role Based Access Control in UML](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815f97550346895dce9ae0/html5/thumbnails/8.jpg)
Precise Modeling UML Security 3 8
Layers for System Administrator
5. Enterprise Keys: Each application key is mapped to an enterprise
key or a key chain.6. Key Chains: Sets of enterprise keys7. Enterprise Constraints: Enterprise key permits user to access methods of
the object, if application constraints are satisfied
![Page 9: Modeling Role Based Access Control in UML](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815f97550346895dce9ae0/html5/thumbnails/9.jpg)
Precise Modeling UML Security 3 9
Layers Continued
• A user can be assigned enterprise keys that are part of different application key hierarchies
• If a key inherits methods more than key, then in worse case the key contains the same method with different constraint
• FNE Policy: constraints are logically “ored”
![Page 10: Modeling Role Based Access Control in UML](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815f97550346895dce9ae0/html5/thumbnails/10.jpg)
Precise Modeling UML Security 3 10
![Page 11: Modeling Role Based Access Control in UML](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815f97550346895dce9ae0/html5/thumbnails/11.jpg)
Precise Modeling UML Security 3 11
Applying UML
• Layer 1– objects
![Page 12: Modeling Role Based Access Control in UML](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815f97550346895dce9ae0/html5/thumbnails/12.jpg)
Precise Modeling UML Security 3 12
Layer 2: Object Handle
![Page 13: Modeling Role Based Access Control in UML](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815f97550346895dce9ae0/html5/thumbnails/13.jpg)
Precise Modeling UML Security 3 13
Layer 3: Constraints
![Page 14: Modeling Role Based Access Control in UML](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815f97550346895dce9ae0/html5/thumbnails/14.jpg)
Precise Modeling UML Security 3 14
Layer 4: Application Keys
![Page 15: Modeling Role Based Access Control in UML](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815f97550346895dce9ae0/html5/thumbnails/15.jpg)
Precise Modeling UML Security 3 15
Layer 5: Enterprise Key
![Page 16: Modeling Role Based Access Control in UML](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815f97550346895dce9ae0/html5/thumbnails/16.jpg)
Precise Modeling UML Security 3 16
Layer 6: Key Chains
![Page 17: Modeling Role Based Access Control in UML](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815f97550346895dce9ae0/html5/thumbnails/17.jpg)
Precise Modeling UML Security 3 17
Layer 7: Enterprise Constraints
![Page 18: Modeling Role Based Access Control in UML](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815f97550346895dce9ae0/html5/thumbnails/18.jpg)
Precise Modeling UML Security 3 18
Role Engineering of the 7 Layers
![Page 19: Modeling Role Based Access Control in UML](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815f97550346895dce9ae0/html5/thumbnails/19.jpg)
Precise Modeling UML Security 3 19
UML-Based Representation of RBAC
ByEonsuk Shin and Gail-Joon Ahn
![Page 20: Modeling Role Based Access Control in UML](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815f97550346895dce9ae0/html5/thumbnails/20.jpg)
Precise Modeling UML Security 3 20
RBAC Model Again
![Page 21: Modeling Role Based Access Control in UML](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815f97550346895dce9ae0/html5/thumbnails/21.jpg)
Precise Modeling UML Security 3 21
Details of the RBAC Model• U set of users, R set of disjoint roles, P set of
disjoint permissions, S set of sessions• UA user-to-role mapping• PA permission-to-role mapping• RH role hierarchy• User S -> U gives user of session• Role S -> 2**R gives roles of session• Constraints about conflicts
![Page 22: Modeling Role Based Access Control in UML](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815f97550346895dce9ae0/html5/thumbnails/22.jpg)
Precise Modeling UML Security 3 22
UML Static Model for RBAC
![Page 23: Modeling Role Based Access Control in UML](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815f97550346895dce9ae0/html5/thumbnails/23.jpg)
Precise Modeling UML Security 3 23
Attributes of Entity Classes
![Page 24: Modeling Role Based Access Control in UML](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815f97550346895dce9ae0/html5/thumbnails/24.jpg)
Precise Modeling UML Security 3 24
Use Cases in RBAC
![Page 25: Modeling Role Based Access Control in UML](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815f97550346895dce9ae0/html5/thumbnails/25.jpg)
Precise Modeling UML Security 3 25
RBAC Constraints Specification using OCL
ByGail-Joon Ahn and Eonsuk Shin
![Page 26: Modeling Role Based Access Control in UML](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815f97550346895dce9ae0/html5/thumbnails/26.jpg)
Precise Modeling UML Security 3 26
Example Application constraints in OCL
Context Company inv:Self.employee->size>200
Context Company inv:Self.employee->select(age>50)->notEmpty
![Page 27: Modeling Role Based Access Control in UML](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815f97550346895dce9ae0/html5/thumbnails/27.jpg)
Precise Modeling UML Security 3 27
RBAC Constraints 1
• Separation of duty constraintscontext User inv:let M : Set = {{accounts_mgr, purchase_mgr}, }in M->select{m|self.role->intersction(m)->size->1)->isEmpty
![Page 28: Modeling Role Based Access Control in UML](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815f97550346895dce9ae0/html5/thumbnails/28.jpg)
Precise Modeling UML Security 3 28
Prerequisite and Cardinality Constraints
• context User inv:self.role->includes(“tester”) impliesself.role->includes(“project_team”)
• context Role inv:self.user->select(u|self.name=“chairman”)->size =1