Chapter 9.3 Security Access Control Saeid Motevali Alamoti Georgia State University Computer Science Department Fall 2017

Agenda: Introduction General Issues in Access Control Firewalls Access Control Matrix Protection Domains Firewalls Secure Mobile Code Protecting an Agent Protecting the Target Denial of Service Protection Against DDoS Conclusion

Introduction What is Access Control? Verifying access rights. What is Authentication? Granting Access rights Access control and Authentication- strongly related to each other

General Issues in Access Control: Subject- Issues a request to access an object Reference monitor- Records which subject may do what, and decides whether a subject is allowed to have a specific operation carried out Object- Encapsulates its own state and implementing the operations on that state

Access Control Matrix: Column- Object Row- Subject ⋯ ⋮ ⋱ ⋮ ⋯

Access Control List (ACL) Figure 9-26. Comparison between ACLs and capabilities for protecting objects. (a) Using an ACL.

Access Control Capability: Figure 9-26. Comparison between ACLs and capabilities for protecting objects. (b) Using capabilities.

Protection Domains Figure 9-27. The hierarchical organization of protection domains as groups of users.

Figure 9-28. A common implementation of a firewall. Firewalls Figure 9-28. A common implementation of a firewall.

Secure Mobile Code Protecting an Agent Protecting the Target

Protecting an Agent Ajanta* provides three mechanisms that allow an agent's owner to detect that the agent has been tampered with Read-only state Append-only logs Selective revealing of state to certain servers (array of data item) *KARNIK, N. and TRIPATHI, A.: "Security in the Ajanta Mobile Agent System." Software - Practice & Experience, (31)4:301-329, Apr. 2001.

Figure 9-29. The organization of a Java sandbox. Protecting the Target Figure 9-29. The organization of a Java sandbox.

Protecting the Target Cont. Figure 9-30. (a) A sandbox. (b) A playground.

Protecting the Target Cont (Java-Capabilities) Figure 9-31. The principle of using Java object references as capabilities.

Protecting the Target Cont (Java-Extended) Figure 9-32. The principle of stack introspection.

Denial of Service DoS- Attempts to prevent from accessing the resources DDoS- A huge collection of processes jointly attempt to bring down a networked service Bandwidth depletion Resource depletion Bandwidth depletion can be accomplished by simply sending many messages to a single machine. The effect is that normal messages will hardly be able to reach the receiver. Resource depletion attacks concentrate on letting the receiver use up resources on otherwise useless messages. A well-known resource-depletionattack is TCP SYN-flooding.

Protection Against DDoS No single method Attackers make use of innocent victims by secretly installing software on their machines have machines continuously monitor their state by checking files for pollution!! Continuously monitor network traffic Concentrate on ingress routers too late as the network will probably already be unreachable for regular traffic

Conclusion Access control for distributed systems still have loopholes that needed to be addressed New attacks continue to emerge on Distributed systems Cloud Environment has a great demand for secure access control system* *Li, Hongjiao, et al. "A Survey of Extended Role-Based Access Control in Cloud Computing." Proceedings of the 4th International Conference on Computer Engineering and Networks. Springer International Publishing, 2015.

Referances Andrew, Tanenbaum S., and Maarten van Steen. "Distributed systems-principles and paradigms. Tanenbaum, Andrew S., et al. "Experiences with the Amoeba distributed operating system." Communications of the ACM 33.12 (1990): 46-63. Saltzer, Jerome H., and Michael D. Schroeder. "The protection of information in computer systems." Proceedings of the IEEE 63.9 (1975): 1278-1308. Sandhu, Ravi S., et al. "Role-based access control models." Computer 2 (1996): 38-47. Gamma, Erich, et al. Design patterns: elements of reusable object-oriented software. Pearson Education, 1994. KARNIK, N. and TRIPATHI, A.: "Security in the Ajanta Mobile Agent System." Software - Practice & Experience, (31)4:301-329, Apr. 2001. Cheswick, William R., Steven M. Bellovin, and Aviel D. Rubin. Firewalls and Internet security: repelling the wily hacker. Addison- Wesley Longman Publishing Co., Inc., 2003. Zwicky, Elizabeth D., Simon Cooper, and D. Brent Chapman. Building internet firewalls. " O'Reilly Media, Inc.", 2000. Farmer, William M., Joshua D. Guttman, and Vipin Swarup. "Security for mobile agents: Issues and requirements." Proceedings of the 19th national information systems security conference. Vol. 2. 1996. Wahbe, Robert, et al. "Efficient software-based fault isolation." ACM SIGOPS Operating Systems Review. Vol. 27. No. 5. ACM, 1994. Macgragor, Robert, et al. Java network security. Prentice-Hall, Inc., 1998. Malkhi, Dahlia, and Michael K. Reiter. "Secure execution of Java applets using a remote playground." Software Engineering, IEEE Transactions on 26.12 (2000): 1197-1209