Security Analysis And Conflict Handling For RBAC Model Based On Petri Nets

The traditional RBAC(Role-based Access Control)model has the advantages of policy-neutral,self-management and facilitating the implementation of information systems security policy,etc.But there still remain some potential security drawbacks and conflicts in RBAC model.Information flow control mechanism is absent in RBAC model,which will cause a security risk of illegal information flow.And IRBAC(Interoperable Role-Based Access Control)in multi-domain environments does not consider SSoD(Static Separation of Duties),which will cause a problem of statically SMER(mutually exclusive roles)constraints conflict.Moreover,there still remain some security drawbacks about the formal definition of TRBAC(Temporal RBAC)and GTRBAC(Generalized TRBAC)model.With the rapid development of distributed system and network technology,especially the emergence of e-commerce,those problems in RBAC model urgently need to be addressed.Petri net is a kind of formal graphical language,and can be used for formal verification and security analysis to security model.This paper studies some problems that still exist in RBAC model and its extended model based on Petri nets.The main contents are as follows:Firstly,the research of detection and control of illegal information flow in RBAC based on Petri nets.RBAC model does not define the illegal information flow,and there is no information flow control mechanism.So it will incur a serious security risk of illegal information flow.This paper presents an approach based on classical Petri net to study the RBAC illegal information flow problem,which can be used to easily visualize and analyze illegal information flow problem by the reachable marking and reachability graphs of a classical Petri net with single token input and can effectively detect illegal information flow.While RBAC configuration is not information flow security,the system still requires to work regularly and remain security.Therefore,the information flow control mechanism in the RBAC system must be implemented.This paper presents a methodology of information flow based on colored Petri nets,which uses colored tokens representing different objects and information.It can effectively control the illegal information flow through guard functions to achieve the data flow as much as possible and ensure the flow of information security.Secondly,the research of detection of SMER constraints conflict in IRBAC model based on Petri Nets.Because SSoD is not considered in IRBAC model,the problem of inter-domain SMER constraints violation can arise while performing security interoperation between two domains.Based on the basic idea that the SMER constraints conflict in the local domain comes from one improper user/role assignment in the foreign domain,an approach based on Petri nets is proposed to model and analyze IRBAC model so as to detect SMER constraints conflict due to the conflict of user/role assignment.It can translate the SMER constraints conflict problem into analyzing the reachable marking or reachability graphs of a Petri net and can effectively detect the SMER constraints conflict.In order to determine whether there exists SMER constraints conflict,the necessary and sufficient condition for SMER constraints conflict of the IRBAC model based on Petri net model are proposed and proved.Moreover,some prerequisites used to avoid SMER constraints conflict and guarantee the model security are also discussed while adding new role association or user-role assignment.Thirdly,the research of Privacy-preserving detection approach of SMER constraints conflict in IRBAC model.Some previous works on the study of SMER constraints conflict detection did not consider how to preserve privacy of RBAC policies if the two interoperable domains do not want to disclose them each other.We introduce a question of detecting SMER constraints conflict with privacy-preserving solution.We carry on the study of detecting SMER constraints conflict without privacy-preserving mechanism using matrix product and then propose two secure three-party matrix product computation protocols based on 1-out-of-n Oblivious Transfer protocol and the Paillier cryptosystem.So a privacy-preserving solution is proposed based on the secure three-party matrix product computation protocol,and it can securely detect SMER constraints conflict without disclosing any RBAC policy.Lastly,TRBAC and GTRBAC model problems and their improvement.This paper studies and analyzes some problems in TRBAC and GTRBAC model.Role activation trigger events are extended into GTRBAC model.So it defines some new management events triggered by dependency,but it does not define how to deal with the role activation constraint conflicts.Because the safeness condition defined in GTRBAC model cannot guarantee its safety,we propose an approach to guarantee the safeness of GTRBAC model.Meanwhile,this paper presents the periodic time point based on the concept of periodic time,and proposes a new constraints expression based on periodic time point,thus some ambiguity on periodic time constraint defined in TRBAC and GTRBAC can been eliminated.Moreover,we put forward an improved temporal RBAC model,and describe its definition of the semantics and the state model of the model.And in order to ensure consistency of execution model,improved temporal RBAC model defines six policies to deal with its corresponding conflicts.Then we achieve a formal verification of the improved Temporal RBAC model based on colored Petri nets,which can guarantee the security of the improved temporal RBAC model.