Permission Management Model Analysis

 

1.
Overview:

Permission control management is a very important security issue in the enterprise environment. Permission control in the enterprise means to control the user's read and write permissions on system resources and restrict access to key resources, prevents illegal user intrusion or does not
Damage caused by accidental operations by legal users. The permission management systems at home and abroad are as follows:

(1)
Discretionary Access
Control (DAC)Independent access control solution: In this solution, use
The user gives access to resources. The target resource determines whether the user has the permission to perform the requested operations based on the user's permission attributes. In this model, the same user has different permissions on different resource objects.
A resource object has different permissions. Users can grant their own permissions to other users.

Disadvantage: Because the DAC model can transmit permissions at will, the user can indirectly obtain the non-existing access permissions. Therefore, the DAC Model
Low Security and insufficient data protection for the system.

(2)Mandatory Access
Control (MAC)Mandatory Access Control Scheme: Widely used in military systems
Authorization scheme. In MAC scheme, each target is classified by a security label. The classification list specifies which type of classification target object is accessible. During access, the system first
Compare the user's access permission level with the resource object confidentiality level, and then determine whether the user can access the resource object. Users cannot change the security level of themselves and resource objects. Only the system administrator or management program can
Control the resource object and user level.

Advantage: the user permissions have a good hierarchy and strict access control.

Disadvantage: poor flexibility

(3)Role-Based Access
Control (RBAC)Role-Based Access Control Solution: A large number of roles are defined in a simple RBAC model. Usually
They represent a role in the Organization, and each role gives a group of permissions, that is, to execute certain operations on a certain target. When accessing a target, the user holds its role and the target read policy to determine this
Whether the role can perform operations.

From the perspective of enterprises, the research on implementing management of access control information includes establishing and updating RBAC information, setting roles, and constructing RH
(Role
Hierarchy), URA (user-role assignment), and
Assignment), by judging the user's access permissions to allow or block user access
The company's information and access permissions are related to the appropriate roles assigned to users. Shows the general RBAC model:

 

Advantages: easy to understand, easy to manage, scattered responsibilities, and permission inheritance

Disadvantages:

1) These access control models are designed to protect resources from the system perspective. Such a control principle does not take the operating environment into account and is a passive security model, the permission of the subject to the object cannot be recorded
.

2) In terms of role inheritance, it supports full inheritance of roles, which makes it difficult to correspond to the actual responsibilities of roles in complex systems with a small role granularity, complex role allocation, and a role.

3) In terms of model dynamics, it does not include the role time constraints, making it difficult for the model to adapt to the needs that change dynamically as needed.

4) In terms of permission control algorithms, there are many roles in large enterprises, and the assignment of user roles in the system is often undertaken by the Administrator. This will inevitably lead to complicated permission control implementation algorithms and a burden on administrators.
Changes to important and user roles are not flexible enough.

 

 

(4)Task
Based Access
Control(Tbac)Task-Based Access Control Solution:

The DAC, Mac, and RBAC models focus on the system's static permission control and protect resources from the system's Perspective (the control environment is static. Generally, its authorization uses three tuples.
(S, O, P), where S represents the subject, and O represents the customer
Body, P indicates permission. If there are tuples (S, O, P ),
It indicates that the P/license can be executed on the S re-o. Otherwise, S has no effect on o
Operation permission. The productkey, devicename, and devicesecret are pre-defined and stored in the system statically. They are always valid. They are passive security models. They do not allow you to record the use of object permissions by the subject, and there is no time limit for permissions. This type of model cannot be full
Dynamic permission requirements that change with actual changes in time applications may cause security risks.

The tbac model starts from the application and is based on workflow modeling. A workflow is a business flow composed of multiple people (activities) to accomplish a specific goal. When data is flowing at work, the user performing the operation changes
And the user's permissions are also changed.

Authorization of the tbac model is generally represented by a quintuple (S, O, P, L, and ).
Same as above. L indicates the lifecycle, and as indicates the authorization step. P is authorization
Step as is activated, and step l is the stored permission of step.
Life cycle. When the authorization step as is triggered, the delegated executor starts to have the permissions of the executor's permission set, and its l begins to fall
Timing. The quintuple is valid during the lifecycle. When the life cycle ends, the authorization step as is set to invalid, the quintuple is invalid, and the permissions of the delegated performer are revoked.

Advantage: permissions are dynamically managed based on the status of tasks and tasks. The access permissions of resource objects change with the context of tasks.

Disadvantage: the role in the management system is a very important concept. The tbac model does not support the role level.

 

(5)Task-Role Based Access Control
T-RBAC)Task-and Role-Based Access Control Solution:

As mentioned above, RBAC model does not remove tasks from the roles, and lacks dynamic features. It cannot control the pre-and post-job permissions and time of tasks. Tbac Mode
Ignored roles, which does not reflect the organizational structure and authority relationship.

In large enterprise systems, there are usually a large number of roles, users and information resources. It is very difficult for security administrators to manage these roles, users, information resources and their relationships. Current enterprise,
In particular, it enterprises usually allocate tasks around a project. Once the project ends, the task ends and the permissions are re-assigned to the new project.
For new tasks, make sure that the model has the dynamic authorization function.

T-RBAC is a new access control model, which is based on the task to achieve access control, from the task perspective to establish a security model and achieve security
Full mechanism to provide dynamic and real-time security management during task processing.

In this model, permissions are assigned to tasks and tasks are assigned to roles because tasks are the smallest unit of business activities.

The general T-RBAC model is shown in:

 

Main Idea: Abstract roles based on the hierarchy and authority of an enterprise, and associate users and roles with system administrators or management programs. This module centrally schedules roles and analyzes workflows in enterprise activities. For workflow-independent
Static permissions: use graphical tools to grant resource objects to roles. All and part of the roles can be inherited. For dynamic permissions, the workflow engine is used to push tasks to roles.

Advantages: (1) implementing dynamic access control

 
(2) simplified
Authorization management

 
(3) supported
Full inheritance and partial inheritance of permissions, and support for passive and active access control.

 
(4) Pass
Management Program, which realizes the allocation of a large number of users and Access Object roles.

 
(5) Complete
To assign static and dynamic permissions.

RBACWith T-RBACOf
Comparison:

(1)
Access Permissions in the T-RBAC are assigned to the task, while access permissions are assigned to the role in RBAC.

In the real enterprise environment, you need to have the permission to execute the task. Therefore, assigning access permissions to the task is feasible. Only the access permissions are bound and activated when the task is executed.

(2)

In the T-RBAC model, permissions are assigned to the relevant task, and the task is assigned to the relevant role, so the PTA and tra in the T-RBAC are equivalent to the T-RBAC In the PRA. Administrators in the T-RBAC model are more likely to know information objects relative to specific tasks.

 

References:

[1]
Research and Implementation of T-RBAC model in ERP system by Yang zongkai, Li Qin, Xiao Yu and Xu Wei 2007.1

[2] Jin Qiong, Yang Yutang, Jiang xinghao and Li Jianhua enterprise permission management method based on T-RBAC 2004.10