Security assurance for a resource-based RBAC/DAC/MAC security model

Date of Completion

January 2004


Computer Science




The day-to-day operations of corporations and government agencies rely on inter-operating software artifacts (e.g., legacy, commercial-off-the shelf (COTS), government-off-the-shelf (GOTS), databases, servers, etc.) and client applications, which are brought together into a distributed environment running middleware (e.g., CORBA, JINI, DCOM, etc.). In such a distributed environment, the interactions occur via the application programmer interfaces, APIs, of the software artifacts, which are available for use by any and all client applications, without restriction. However, security administrators are interested in controlling access by client applications to the methods of these artifact APIs as defined within a security policy. Specifically, they are interested in controlling for a given user/client: who can invoke methods based on role and security clearance; which methods can be invoked based on role or clearance level; when the methods can be invoked based on any time limitations; and under which values (parameters) the methods can be invoked. ^ This dissertation will present the findings of our research that proposes a unified role-based access control (RBAC), discretionary access control (DAC), and mandatory access control (MAC) security model and associated security enforcement framework that provides a level of security assurance. Specifically, we provide the means for security officers to concretely and precisely specify a security policy for a distributed application using a resource-based RBAC/DAC/MAC security model which will allow fine grained control to the API's of software artifacts. The RBAC/DAC/MAC security model capabilities and accompanying security assurance assertions can be utilized to control access to artifact APIs (methods) based on role, clearance and classification, time limits, and data value constraints. In this dissertation, we report on the research results of this work, focusing on: a detailed discussion of our current unified RBAC/DAC/MAC model—core definitions and role delegation; an in-depth examination and proof of security assurance guarantees, checked at design time and run time, which provides for both safety (nothing bad can happen) and liveness (all good things can happen); a review of our accompanying security enforcement framework that utilizes our custom security resource that supports the RBAC/DAC/MAC model; and a review of our prototyping efforts on the enforcement framework and associated security administration and management tools. In addition, we report on related research and highlight the contributions of the research. ^