.....................................................................................................................................................2 Introduction.................................................................................................................................................2 Role Based Access Control Review ..................................................................................................................2 Concept of Role Based Access Control (RBAC) ..............................................................................................2 Why RBAC? ............................................................................................................................................... 3 RBAC Models and Frameworks................................................................................................................3 Security Advantages of RBAC...................................................................................................................4 Comparison between Groups/Roles and ACLs/RBAC...................................................................................4 RBAC in Windows NT ...............................................................................................................................5 Windows NT Review.......................................................................................................................................5 Windows NT Design...................................................................................................................................5 Windows NT Architecture..........................................................................................................................7 Windows NT Security.................................................................................................................................8 Security Model............................................................................................................................................8 Secure System Elements .............................................................................................................................9 The Windows NT Registry.......................................................................................................................13 Final word on Windows NT security........................................................................................................13 Minimal RBAC WinNT Design Specification .................................................................................................13 Design Scope.............................................................................................................................................14 Requirements for RBACM ........................................................................................................................14 RBACM Implementation Language..........................................................................................................14 Implementation Details.............................................................................................................................15 High Level Design.....................................................................................................................................15 Class Descriptions.....................................................................................................................................23 Conclusion................................................................................................................................................23 Bibliography............................................................................................................................................... 24 Abstract Although role based access control (RBAC) has been used in a variety of computer systems for more than 20 years, it is beginning to attract increasing attent ion as a promising alternative to traditional discretionary and mandatory access controls methods. RBAC is a security model devised to simplify security administration and reviews by simplifying and str eamlining the day-to-day tasks of security administrators. Research by Barkley (1997) has concluded that “an RBAC mecha nism consisting of the role hierarchy, static separation of duty, and cardinality fea tures of the model defined by Sandhu et al. (1996) can usually be implemented on a system that supports acce s control lists”. Therefore, as the Windows NT security mechanism supports a ccess control lists, an RBAC administration tool could be developed to provide the benefi ts discussed above. The RBAC administration tool would allow security administrator s to manage security at a high level from a single point of control. The administration tool would simply provide an administration layer through which the underlying security mechanisms are easily ma naged.Although role based access control (RBAC) has been used in a variety of computer systems for more than 20 years, it is beginning to attract increasing attent ion as a promising alternative to traditional discretionary and mandatory access controls methods. RBAC is a security model devised to simplify security administration and reviews by simplifying and str eamlining the day-to-day tasks of security administrators. Research by Barkley (1997) has concluded that “an RBAC mecha nism consisting of the role hierarchy, static separation of duty, and cardinality fea tures of the model defined by Sandhu et al. (1996) can usually be implemented on a system that supports acce s control lists”. Therefore, as the Windows NT security mechanism supports a ccess control lists, an RBAC administration tool could be developed to provide the benefi ts discussed above. The RBAC administration tool would allow security administrator s to manage security at a high level from a single point of control. The administration tool would simply provide an administration layer through which the underlying security mechanisms are easily ma naged. Introduction This is the first of two companion papers describing the desi gn and implementation of a minimal Role Based Access Control (RBAC) framework to work under t h Windows NT 4.0 Workstation Operating System. These two papers are intended to provide a solid foundation for future investigation into higher level RBAC models that are acti ve, rather than passive, in nature. This first paper documents the design phase of a project aimed at implementing a minimal RBAC scheme (RBACM) for Windows NT 4.0 Workstation. Ideally, this scheme would focus on integrating the RBAC framework at the operating system l evel. As recent interest in RBAC has focused on integrating RBAC at the application level (San dhu et al. 1996), the application would advance current practices by providing facilities that are s ufficiently flexible to support a wide range of applications with minimal customization. Described in this paper are the endeavors undertaken to determ ine how compatible and amenable it would be to implement an RBAC framework in Windows NT. T his required a detailed investigation of the Windows NT security mechanism to identify the possibi lities and best approach to incorporate an RBAC framework. The outcome of the project will b e a security administration tool prototype to demonstrate the feasibility and restrictions of incorpor ating an RBAC framework into a Windows NT environment. This is documented in the second paper. The paper is divided into three (3) main sections: • A review of Role Based Access Control; • A review of Windows NT Security; & • The design specifications of RBAC M for Windows NT 4.0 Workstation. Role Based Access Control Review Concept of Role Based Access Control (RBAC) Role Based Access Control (RBAC) is a security mechanism devised to assist and simplify security administration and review. The driving motivation of RBAC is to simplify security policy administration while facilitating the definition of flexible, customized policies. A Role Based Access Control Mechanism consists of thre e fundamental entities: • Roles are an encapsulation of rights, responsibilities and o bligations; • Users are considered to the entities that interact with the system i.e. people, autonomous agent such as robots, immobile computers, or even network of computers) that int erac with the system; • Operations (or permissions) represent a particular mode of access to a et of one or more objects that provide the ability to perform a certain task. In RBAC operations are associated with roles, and users ar m de members of roles. Each role defines a specific set of operations that the individual acting in that role may perfor m. The user acquires the permissions of the role in w h ch they are a member. Therefore, the operations that a user is permitted to perform are based on the user's role . The relationships between users, Roles and operations is depicted in the following diagram : The use of double arrows indicate a many-to-many relationship. That is, users may be assigned to many roles and many operations may be assigned to a role. The Use of RBAC in Enterprises RBAC is ideally suited for use in organizations. The use of roles to control access can be an effective means for developing and enforcing enterprise-specific security policies that map naturally to an organization's structure. It allows and promotes security to be managed at a level that corresponds closely to an organization's structure and simplifies security management. In such an environment, roles are created for the various job functions in an organization and users are assigned roles based on their responsibilities and qualifications. Users can be easily reassigned from one role to another. Roles can be granted new permissions as new applications and systems are incorporated, and permissions can be revoked from roles as n