The role model of security
The role–based security model is a significantly improved Harrison–Ruzzo-Ullman model, but it cannot be classified as either discretionary or mandatory, because access control in it is carried out both on the basis of a matrix of access rights for roles and using rules governing the assignment of roles to users and their activation during sessions. Therefore, the role model is a very special type of policy, which is based on a compromise between the flexibility of access control characteristic of discretionary models and the rigidity of access control rules inherent in mandatory models.
In the role model, the classical concept of "subject" is replaced by the concepts of "user" and "role". A user is a person who works with the system and performs certain official duties. A role is an abstract entity actively operating in the system, which is associated with a set of powers necessary to carry out certain activities. The most common example of a role is the administrative budget present in almost every system (for example, root for UNIX and Administrator for Windows NT), which has special permissions and can be used by multiple users.
Role-playing politics is very widespread because, unlike other more strict and formal policies, it is very close to real life. After all, in fact, users working in the system do not act on their own behalf, they always carry out certain official duties, i.e. they perform some roles that are in no way related to their personality.
Therefore, it is quite logical to control access and assign permissions not to real users, but to abstract (non-personalized) roles representing participants in a certain information processing process. This approach to security policy allows us to take into account the division of responsibilities and powers between participants in the applied information process, because from the point of view of role policy, it is not the identity of the user accessing the information that matters, but what powers he needs to perform his official duties.
In such a situation, the role policy allows you to distribute powers between these roles in accordance with their official duties: the administrator role is assigned special powers that allow him to control the operation of the system and manage its configuration, the database manager role allows you to manage the database server, and the rights of ordinary users are limited to the minimum necessary to run application programs. In addition, the number of roles in the system may not correspond to the number of real users: one user, if he has many responsibilities requiring different powers, can perform (simultaneously or sequentially) several roles, and several users can perform the same role if they perform the same work.
When using a role policy, access control is carried out in two stages: first, a set of permissions is specified for each role, representing a set of access rights to objects, and secondly, each user is assigned a list of roles available to him. Permissions are assigned to roles in accordance with the principle of least privilege, which implies that each user should have only the minimum set of permissions necessary to perform their work.
Unlike other policies, the role-based policy practically does not guarantee security through formal proof, but only determines the nature of restrictions, compliance with which serves as a criterion for system security.
This approach allows you to obtain simple and understandable access control rules that can easily be applied in practice, but deprives the system of a theoretical evidence base. In some situations, this circumstance makes it difficult to use a role policy, but in any case, it is much more convenient to operate with roles than with subjects, since this is more consistent with common information processing technologies that provide for the division of responsibilities and responsibilities between users. In addition, the role policy can be used simultaneously with other security policies when the powers of the roles assigned to users are controlled by a discretionary or mandatory policy, which allows you to build multi-level access control schemes.
The definition of a security policy and the models of this policy make it possible to theoretically justify the security of the system with the correct definition of the system model and restrictions in its use. Ensuring information security involves increasing the security of information by delimiting access. In the last decade, both in our country and abroad, research has been actively conducted on the development of access control models. Further areas of research in this area may be the search for solutions to access differentiation in hypertext information retrieval systems, the development of the concept of multiroles in role-based access systems, the development of models for a comprehensive assessment of system security.