- good for a computer security model, bad for an information-oriented model (higher level)
(first mention of task based authorization: R. Thomas, R. Sandhu. Towards a task-based paradigm for flexible and adaptable access control in distributed applications.)
| Abstraction stages | Security model stages | examples | |
|---|---|---|---|
| What needs to be done? (people oriented) | Trust objectives | Organizational requirements | little work has been made |
| External-interface requirement | Computer policy models | non-interference model, task-based authorization | |
| Internal requirements | Access control models | Bell-LaPadula model, HRU model, typed access matrix model | |
| Rules of operation | Implementation models | ||
| How to do it? (computer oriented) | Functional design | ??? |
Paper based model
Authorization of transactions
- each source document should be authorized
- authorization can come in the form of signatures or authorization codes
- verification of data
- constructing audit trails
- recovery in the event that processed data is lost
Transaction processing in computerized information systems often do not involve source documents in the loop. (is this still true now?)
Transient objects
- documents - vouchers, purchase orders, sales slips
- issue a finite set of operations then leave the system
- inventory databases
- bank accounts
Transaction to be executed on persistent objects only as a side effect of executing transactions on transient objects.
Transaction control expressions
Example:
- Clerk prepares a check
- 3 separate supervisors approve the check
- Check is issued by (a different) clerk
prepare * clerk;
3: approve * supervisor;
issue * clerk;
Each expression consists of a transaction and a role.
Separation of duty is achieved by requiring the users that execute different transactions in the expression to be distinct.
Provides support for linear sequences of authorizations.
Task-based authorizations
Authorization function
Each authorization function is a point in a network where responsibilities are accepted, and one from which associated obligations are discharged and new responsibilities created.
Issues
Abstraction and composition
- authorized-task-unit to model the authorizations associated with every authorization function
- an authorization unit may be composed of other smaller units called approval-steps
- must model dependencies between authorization-units as well as those internal to the authorization-unit
- temporal - relates to the order of execution of authorizations
- semantic - relates to the implied authorizations that may be needed as part of the authorization to be performed
- atomic - grant all or none
- what constructs and mechanisms are needed to incorporate controls
Authorization expiration
Authorization deadlines
- example, manager responsible for giving approvals may be available only for certain hours during the week
Deadlocked authorizations
Groundwork for building a model
Authorization-task-unit(task name)
- Originating function
- Attributes: atomic, expiration, deadline
- Dependency specifications: {}
- Approval-steps: {}
- a tuple of the form {step-name, role, expiration, deadline}
- {task-name, dependency type} OR
- {step-name, dependency type}
No comments:
Post a Comment