authorization
play

Authorization the permission or power given to sb to do sth: enter - PDF document

Authorization the permission or power given to sb to do sth: enter a security area without authorization Authorization in Oxford Advanced Learner's Dictionary Object-oriented Databases authorization is the concept of allowing


  1. Authorization • ”the permission or power given to sb to do sth: enter a security area without authorization” Authorization in Oxford Advanced Learner's Dictionary Object-oriented Databases • authorization is the concept of allowing access to Anna Vapen resources only to those permitted to use them. David Hall “Authorization.” Wikipedia, The Free Encyc December 2008 Real world example Real world example Manager Roles: Manager, researcher, PR person, employee Documents Manager Researcher Strategic documents Secret Research S1 Researcher R1 Can read/write any document Can read public PR-material and S2 R2 read/write research material PR PR Employee PR material Public PR material Future ads Employee F1 P1 F2 P2 Can read/write public PR material and Can only read public PR material non-public PR material (work in progress) Authorization model in relational DBs Object orientation • Coarse-grained • Classes (composite*) • Units of authorization: • Objects – Relation (record) • Inheritance – Attribute (field) • Versions * leads to class-composition hierarchy

  2. Objects Class-composition • Unique id. • State (values of attributes) • Behavior (methods) Rim Car Wheel • Instance of a class (may be a primitive) Tire Composite class Component classes Inheritance Methods • Class hierarchy (single inheritance) • Authorize users to call methods within a class. • Class lattice (multiple inheritance) • Also must check any operations performed by the method (e.g. reading/writing attribute values) Car Boat Car Station Amphibious Sedan Sedan wagon vehicle Instances • Want to read all instances of a class except one or a few? Employee • Employees shouldn’t be able to see future ads. Database granularity hierarchy Rabitti, F., Bertino, E., Kim, W., Woelk, D. 1991

  3. Basic authorization concepts • (s,o,a) s ∈ S o ∈ O a ∈ A F: S×O×A → (True, false) • Subject (an user or group of users) • Authorization object (single object, group of objects, entire database) Role lattice • Authorization type (read, update, create, …) Rabitti, F., Bertino, E., Kim, W., Woelk, D. 1991 grants Object lattice Type lattice Rabitti, F., Bertino, E., Kim, W., Woelk, D. 1991 Rabitti, F., Bertino, E., Kim, W., Woelk, D. 1991 Implicit authorization • Rabitti, Woelk, Kim 1988 • Rabitti, Bertino, Woelk, Kim 1991 • Explicit setting <s,o,a> triplets • The rest of <s,o,a> combinations are implicitly defined Implicit authorization Rabitti, F., Bertino, E., Kim, W., Woelk, D. 1991

  4. Weak authorization Strong authorization Rabitti, F., Bertino, E., Kim, W., Woelk, D. 1991 Rabitti, F., Bertino, E., Kim, W., Woelk, D. 1991 Implicit authorization • Pros: – No need to store all combinations – No need to set all combinations • Cons: – Sometimes hard to grasp why a specific authorization is determined as it is – Conflicts Positive/negative authorization – Computational overhead Rabitti, F., Bertino, E., Kim, W., Woelk, D. 1991 Applied real world example Applied real world example Researcher: Can read public PR-material and read/write research material Manager: Can read/write any document Documents Documents Strategic Strategic PR material PR material Secret Research Secret Research Public PR material Future ads Public PR material Future ads Explicit, strong, negative auth Implicit, strong, negative auth Explicit, strong, positive auth Implicit, strong, positive auth Implicit, weak, positive auth Explicit, weak, positive auth

  5. Applied real world example Applied real world example PR person: Can read/write public PR material and non-public PR material Employee: Can only read public PR material Documents Documents Strategic Strategic PR material PR material Secret Research Secret Research Public PR material Future ads Public PR material Future ads Explicit, strong, negative auth Implicit, weak, positive auth Explicit, strong, negative auth Implicit, strong, negative auth Explicit, weak, negative auth Implicit, weak, negative auth Explicit, weak, positive auth Implicit, weak, positive auth Explicit, weak, positive auth Alternatives • Access policies implemented by methods – Guard functions and proxy functions – Method implementor and method principal • Media access control (MAC) – Single-level models – Multilevel models Versions Object lattice for versions of objects Rabitti, F., Bertino, E., Kim, W., Woelk, D. 1991 Discuss Discuss • Papers: • Questions: 1. Franzoni, S; Mazzoleni, P; Valtolina, S; Bertino, – What problem are they trying to solve? E., Towards a Fine-Grained Access Control Model – What solution do they suggest? and Mechanisms for Semantic Databases – What are the limitations of this solution? 2. Jajodia, R.; Samarati, P.; Subrahmanian, V. S.; Bertino, E., A Unified Framework for Enforcing Multiple Access Control Policies 3. Bertino, E.; Bettini, C.; Ferrari, E.; Samarati, P., A Temporal Access Control Mechanism for Database Systems

  6. Exercise scenario Exercise scenario In this scenario there is a bank where there are Every sub-type of account has an interest that employees and a manager . The bank has can only be changed by the manager. several customers that have one or several Customers can withdraw money from their accounts each. There are two types of salary account and see their account balance accounts: savings accounts and fund on any of their accounts. accounts . A savings account can be either a salary account or a long-time savings account , while a fund account can be equity fund account or a fixed-income fund account . Exercise scenario Exercise tasks The employees at the bank can see the account 1. Draw a graph that shows the different balance of the customers and they can also account types, their variables and methods. open and close accounts, but opening and Show the access rights for a manager, an closing of accounts (together with viewing of employee and a customer by marking explicit the balance done by the employees on other / implicit, weak / strong and positive / accounts than their own) can only be done negative authorization in the graph. between 9 and 15 Monday to Friday. 2. Draw a role lattice showing shared and non- shared rights of managers, employees and customers.

Recommend


More recommend