A ROLE MANAGEMENT MODEL FOR USER AUTHORIZATION QUERIES IN ROLE BASED ACCESS CONTROL SYSTEMS A THESIS Submitted by CH.SASI DHAR RAO in partial fulfillment for the award of the degree of MASTER OF PHILOSOPHY DEPARTMENT OF COMPUTER APPLICATIONS SCHOOL OF COMPUTER AND INFORMATION SCIENCES B.S ABDUR RAHMAN UNIVERSITY B.S. ABDUR RAHMAN INSTITUTE OF SCIENCE & TECHNOLOGY (Estd u/s 3 of the UGC Act 1956) VANDALUR, CHENNAI 600 048 JUNE 2010 i
ii
iii
B.S. ABDUR RAHMAN UNIVERSITY, B.S. Abdur Rahman Institute of Science and Technology (Estd. u/s 3 of the UGC Act 1956) BONAFIDE CERTIFICATE Certified that this thesis titled, A ROLE MANAGEMENT MODEL FOR USER AUTHORIZATION QUERIES IN ROLE BASED ACCESS CONTROL is the bonafide work of Mr. CH.SASI DHAR RAO (RRN. 0945203) who carried out the research under my supervision. Certified further, that to the best of my knowledge the work reported herein does not form part of any other thesis or dissertation, on the basis of which a degree or award was conferred on an earlier occasion on this or any other scholar. Dr. P.Sheik Abdul Khader SUPERVISOR Professor & HOD Department of computer Applications iv
ACKNOWLEDGEMENT In the first place I thank the Almighty for showering his blessings upon me in completing the project. I submit this project with a deep sense of attitude and reverence for my beloved parents for their moral support and encouragement I express my deep sense of gratitude to Dr. V.M. Periasamy, Registrar, BS Abdur Rahman University who provided an excellent infrastructure and facilities to undergo my project work. I owe my most sincere gratitude to Dr.P.Sheik Abdul Khader, Professor and Head, Department of computer Applications for providing strong oversight of vision, strategic direction, encouragement and suggestion in completing my project work. I thank him for guiding me to the path of success as my project guide. I express my gratitude to project coordinator Mrs.A.Jaya, Assistant Professor (Senior Grade), for her support and encouragement to complete the project. I extend my sincere thanks to all my committee members for their valuable suggestions, timely advice and support to complete this project. SASI DHAR RAO C.H v
ABSTRACT In any distributed environment, large amount of systems and its resources are managed by the system administrator to provide the access control security to the users in an organization. The administrator should grant a set of permissions called as roles to avail Role Based Access Control security which restricts the access of systems based on the privileges given to the user by the organization. The system administrator finds it difficult to allocate roles when more than one user, requests to assign the roles simultaneously. So there is a need for role management application that helps the administrator to analyze the privileges and the existing roles allocated to the user. While allocating new roles to the users, the administrator should concentrate on assigning and activating the best role suitable for the particular user and it should not affect the existing permissions given to the user. In both cases, the administrator should quickly analyze the existing role, to check as quick as to suitable for the particular possible whether the newly requested permissions are already given to the user or not. Hence there is a need for an effective role management application which helps the administrator to analyze the existing roles which are already allocated to the user. vi
The proposed system helps the administrator to analyze the set of permissions defined in the existing roles and in the roles that is already allocated to the user. This Role Management Model uses Boyer-Moore-Horspool (BMH) algorithm to search the existing roles by matching each permission defined in the role. An automatic role creation model is implemented using Adaline neural network model to train the network creating a role based on the permissions requested by the user. The implementation of Boyer-Moore-Horspool (BMH) algorithm for role analyzation and Adaline neural network model for role creation is done using java as application language and sql server 2000 as the backend. vii
TABLE OF CONTENTS CHAPTER NO TITLE PAGE NO ABSTRACT LIST OF TABLES LIST OF FIGURES 1. INTRODUCTION 01 1.1 GENERAL 01 1.2 EXISTING SYSTEM 02 1.3 PROPOSED SYSTEM 03 1.3.1 Advantages of Proposed system 04 1.4 ORGANIZATION OF CHAPTERS 05 2 LITERATURE SURVEY 06 3 ROLE BASED ACCESS CONTROL 3.1 INTRODUCTION 3.1.1 User Authorization Query in RBAC 10 3.2 ROLE-BASED RELATIONSHIP 12 3.2.1 User Role Relations 13 3.3 ADAPTIVE LINEAR NEURON 15 3.3.1 Adaline Architecture 16 3.3.2 Learning Algorithm for Adaline 17 3.4 BOYER-MOORE-HORSPOOL (BMH) ALGORITHM 18 3.5 IMPLEMENTATION OF BMH ALGORITHM IN ROLE MANAGEMENT APPLICATION 20 iv viii ix viii
4 DEVELOPMENT PROCESS 4.1 INTRODUCTION 23 4.2 ARCHITECTURAL DESIGN 24 4.3 DETAILED DESIGN 26 4.4 DATABASE DESIGN 30 4.5 IMPLEMENTATION OF ROLE MANAGEMENT IN RBAC 31 5 SIMULATION RESULTS AND PERFORMANCE ANALYSIS 5.1 SIMULATION ENVIRONMENT 42 5.2 PERFORMANCE METRICS 48 5.3 PERFORMANCE RESULTS 49 6 CONCLUSION AND FUTURE ENHANCEMENT 54 REFERENCES ix
LIST OF TABLES TABLE NO TITLE PAGE NO 4.1 User details in role management Application 30 4.2 Role creation in role management Application 31 x
LIST OF FIGURES FIGURE NO TITLE PAGE NO 3.1 Assignment of Roles 11 3.2 Single role relationship diagram 12 3.3 Multiple role relationship diagram 14 3.4 User relationship diagram 15 3.5 Adaline architecture 17 4.1 Hierarchical diagram of the role management application in RBAC system 23 4.2 Architectural diagram of entire role management system 24 4.3 Dataflow diagram for identification of requested role from already allocated roles to the user. 27 4.4 Dataflow diagram for identification of requested role from already existing roles in RBAC system. 28 4.5 Dataflow diagram for creation of new role in RBAC system. 29 4.6 Working architecture of role creation using Adaline 38 5.1 Validating user for role assignment. 42 5.2 Viewing user information. 43 5.3 Viewing privileges defined to each role. 43 xi
FIGURE NO TITLE PAGE NO 5.4 Role identification of the requested permission. 44 5.5 Role management applications 45 5.6 Learning new privileges to requested role 46 5.7 Creating new role based on user request. 46 5.8 Analyzing existing role in RBAC system 47 5.9 Viewing active roles in RBAC system. 47 5.10 Viewing role weights to each role 48 5.11 Role identification from the roles already Allocated to the user 50 5.12 Role identification from the roles already present in the RBAC system. 51 5.13 Role creations using neural network. 53 xii