Enhanced granular RBAC
Publication Date: 2010-Jun-30
The IP.com Prior Art Database
An idea is disclosed that aims at achieving Enhanced Granular RBAC. The core idea is to provide RBAC the ability to segment duties based on the resources. Current RBAC provides authorizations to the regular users who can gain access to administrative commands and can execute these commands on any resource which comes under the purview of assigned commands. The idea provides intelligence to the existing RBAC to restrict authorized users’ access to critical resources.
Enhanced granular RBAC
Enhanced granular RBACEnhanced granular RBAC
Role Based Access Control (RBAC)
RBAC provides division of system duties. The system administrator gets the ability to designate tasks to general users that traditionally would be performed by the root user, or via the setuid/setgid.
Enhanced RBAC command execution process on AIX
Figure 1. Current Enhanced RBAC Flowchart
When a user executes a command , the command is first checked whether it needs RBAC or not by checking against Command Database, which has command and access entries in stanza format.
If the command exists in the database, a check will be performed against the authorizations associated with the user's session
If the session has one of the authorizations listed, then the user will be allowed to execute the command regardless of whether the user passes the DAC execution checks for the command.
If a command does not have an entry in the database then it is not a RBAC "privileged command" and access to it is enforced by DAC and the command itself. If a command is listed in
the privileged command database but the invokers session does not have an authorization that allows execution of the command, the DAC and UID/GUID checking will still be used to allow execution if those checks succeed.
Problems & Need for additional Solution for RBAC implementation on AIX
The problem with current RBAC implementation on AIX is that the granularity is provided at command level. Consider aix.fs authorization (i.e.privilege for executing file system commands on any file system) assigned to role R1.
Assume, role R1 is assigned to user U1 then U1 can perform all file system operations on any file system. There is no way to limit the resource on which U1 can perform operations
perform undesired operations like rmfs, chfs, etc. on business critical file systems thereby creating a critical impact on customer's business.
Consider a scenario shown in figure below:
Figure 2. Network authorization problem
Assume aix.network authorization is assigned to user U2 through a role.
to operate on both LAN1 and LAN2. U2 can view network packets, monitor, modify network characteristics and as well delete the network on both LAN1 and LAN2.
But if the requirement is to have U2 to monitor, modify and delete n/w characteristics of LAN1, and to only monitor and trace LAN2, then the current Enhanced RBAC fails to provide the solution to this level of granularity.
Need for a Enhanced granular RBAC
Now, U2 gets the power
Current RBAC only aims at division of system functionality at command level. But it fails to provide any prevention mechanism for restricting unauthorized operations on system resources by the authorized user. Therefore, there is a need for an Enhanced granular RBAC on both command and resource-level to provide a more robust securit...