CS426Fall 2010/Lecture 191 Computer Security CS 426 Lecture 19 Discretionary Access Control.

Slides:



Advertisements
Similar presentations
LECTURE 1 ACCESS CONTROL Ravi Sandhu.
Advertisements

Operating System Security
1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
Protection and Security Protection is any mechanism for controlling the access of processes to the resources of a computer system. This mechanism must.
Access Control Chapter 3 Part 3 Pages 209 to 227.
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Lakshmi Narayana Gupta Kollepara 10/26/2009 CSC-8320.
1 Access Control Models Prof. Ravi Sandhu Executive Director and Endowed Chair January 25, 2013 & February 1, 2013
CSC 405 Introduction to Computer Security
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
Access Control Patterns Fatemeh Imani Mehr Amirkabir university of technology, Department of Computer Engineering & Information Technology.
Database Security - Farkas 1 Database Security and Privacy.
Access Control Intro, DAC and MAC System Security.
1 UCR Access Control/Capabilities Some slides/ideas adapted from Ninghui Li.
CS 483 – SD SECTION (8) AUTHORIZATION. INTRODUCTION The authorization (or access control) process is used to decide if person, program or device X is.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 10 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
Access Control Dr.Talal Alkharobi.
User Domain Policies.
2  A system can protect itself in two ways: It can limit who can access the system. This requires the system to implement a two-step process of identification.
Lecture 7 Access Control
CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz.
Authentication and authorization Access control consists of two steps, authentication and authorization. Subject Do operation Reference monitor Object.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
Li Xiong CS573 Data Privacy and Security Access Control.
© G. Dhillon, IS Department Virginia Commonwealth University Principles of IS Security Formal Models.
OS Security Access Control & Authentication. OS System vulnerabilities Operational fault Environmental fault Coding fault.
CSCE 201 Introduction to Information Security Fall 2010 Access Control.
1 Grand Challenges in Authorization Systems Prof. Ravi Sandhu Executive Director and Endowed Chair November 14, 2011
IS 302: Information Security and Trust Week 10: Access Control 2012.
CS426Fall 2010/Lecture 91 Computer Security CS 426 Lecture 9 Unix Access Control.
D ISCRETIONARY A CCESS C ONTROLS Truong Quynh Chi Faculty of Computer Science & Engineering HCMC University of Technology
G53SEC 1 Access Control principals, objects and their operations.
Li Xiong CS573 Data Privacy and Security Access Control.
Access Control. What is Access Control? The ability to allow only authorized users, programs or processes system or resource access The ability to disallow.
CE Operating Systems Lecture 21 Operating Systems Protection with examples from Linux & Windows.
Secure Operating Systems Lesson 4: Access Control.
Information Security CS 526 Topic 17
COEN 350: Network Security Authorization. Fundamental Mechanisms: Access Matrix Subjects Objects (Subjects can be objects, too.) Access Rights Example:
Access Control Lesson Introduction ●Understand the importance of access control ●Explore ways in which access control can be implemented ●Understand how.
Access Control: Policies and Mechanisms Vinod Ganapathy.
Discretionary Access Control Models Adith Srinivasan.
Privilege Management Chapter 22.
What is Access Control? Discretionary Access Control (DAC)
Computer Security: Principles and Practice
CS426Fall 2010/Lecture 211 Computer Security CS 426 Lecture 21 The Bell LaPadula Model.
Database Security. Introduction to Database Security Issues (1) Threats to databases Loss of integrity Loss of availability Loss of confidentiality To.
Access Controls Mandatory Access Control by Sean Dalton December 5 th 2008.
PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.
22 feb What is Access Control? Access control is the heart of security Definitions: * The ability to allow only authorized users, programs or.
Chapter 5 : DataBase Security Lecture #1-Week 8 Dr.Khalid Dr. Mohannad Information Security CIT460 Information Security Dr.Khalid Dr. Mohannad 1.
CS580 Internet Security Protocols
Protection and Security
Access Control Model SAM-5.
Access Control CSE 465 – Information Assurance Fall 2017 Adam Doupé
Protection and Security
Computer Data Security & Privacy
Discretionary Access Control (DAC)
Protection and Security
Executive Director and Endowed Chair
CE Operating Systems Lecture 21
Discretionary Access Control (DAC)
Information Security CS 526 Topic 16
OS Access Control Mauricio Sifontes.
Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)
Information Security CS 526 Topic 16
Access Control.
Computer Security Access Control
Chapter 4: Security Policies
Presentation transcript:

CS426Fall 2010/Lecture 191 Computer Security CS 426 Lecture 19 Discretionary Access Control

CS426Fall 2010/Lecture 192 Access control Reference monitor mediate all access to resources –complete mediation: control all accesses to resources Resource User process Reference monitor access request policy ?

CS426Fall 2010/Lecture 193 ACCESS MATRIX MODEL U r w own V F SubjectsSubjects Objects (and Subjects) r w own G r rights

CS426Fall 2010/Lecture 194 IMPLEMENTATION OF AN ACCESS MATRIX Access Control Lists Capabilities Access control triples

CS426Fall 2010/Lecture 195 ACCESS CONTROL LISTS (ACLs) F U:r U:w U:own G U:r V:r V:w V:own each column of the access matrix is stored with the object corresponding to that column

CS426Fall 2010/Lecture 196 CAPABILITY LISTS each row of the access matrix is stored with the subject corresponding to that row UF/r, F/w, F/own, G/r VG/r, G/w, G/own

CS426Fall 2010/Lecture 197 ACCESS CONTROL TRIPLES SubjectAccessObject UrF UwF UownF UrG VrG VwG VownG commonly used in relational DBMS

ACL vs. Capabilities The Confused Deputy Problem CS426Fall 2010/Lecture 198 SYSX/FORT $OUTPUT Compiler Program SYSX (Dir) FORT STAT BILL Write to the bill file System Admin $Output SYSX/BILL Write output file User

CS426Fall 2010/Lecture 199 Analysis of The Confused Deputy Problem The compiler runs with authority from two sources –the invoker –the system admin (who installed the compiler and controls billing and other info) It is the deputy of two masters There is no way to tell which master the deputy is serving when performing a write

CS426Fall 2010/Lecture 1910 How the Capability Approach Solves the Confused Deputy Problem SYSX/FORT $OUTPUT 123 SYSX/STATSYSX/BILL $OUTPUT Invoker must pass in a capability for $OUTPUT, which is stored in slot 3. Writing to output uses the capability in slot 3. Invoker cannot pass a capability it doesn’t have.

CS426Fall 2010/Lecture 1911 Capabilities vs. ACL: Ambient Authority Ambient authority means that a user’s authority is automatically exercised, without the need of being selected. –causes the confused deputy problem No Ambient Authority in capability systems

CS426Fall 2010/Lecture 1912 Capability vs. ACL: Naming ACL systems need a namespace for objects In capability systems, a capability can serve both to designate a resource and to provide authority. ACLs also need a namespace for subjects –as they need to refer to subjects Implications –the set of subjects cannot be too many or too dynamic –most ACL systems treat user accounts (principals) as subjects, and do not support fine-grained subjects

CS426Fall 2010/Lecture 1913 Capability vs. ACL: Authority Management Subject-Aggregated Authority Management In (almost) all ACL systems, the power to edit authorities is aggregated by resource –naturally compatible with Discretionary Access Control, where there is often the notion of an owner In capabilities systems, the power to edit authorities is aggregated by subject

CS426Fall 2010/Lecture 1914 ACL'S VS CAPABILITIES ACCESS REVIEW ACL's provide for superior access review on a per-object basis Capabilities provide for superior access review on a per-subject basis REVOCATION ACL's provide for superior revocation facilities on a per-object basis Capabilities provide for superior revocation facilities on a per-subject basis

CS426Fall 2010/Lecture 1915 ACL'S VS CAPABILITIES ACL's require authentication of subjects Capabilities do not require authentication of subjects, but do require unforgeability and control of propagation of capabilities

CS426Fall 2010/Lecture 1916 Conjectures on Why Most Real-world OS Use ACL, rather than Capabilities Capability is more suitable for process level sharing, but not user-level sharing –user-level sharing is what is really needed Processes are more tightly coupled in capability- based systems because the need to pass capabilities around –programming may be more difficult

CS426Fall 2010/Lecture 1917 Discretionary Access Control No precise definition. Basically, DAC allows access rights to be propagated at subject’s discretion –often has the notion of owner of an object –used in UNIX, Windows, etc. "A means of restricting access to objects based on the identity and need-to-know of users and/or groups to which they belong. Controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (directly or indirectly) to any other subject."

CS426Fall 2010/Lecture 1918 Mandatory Access Control Mandatory access controls (MAC) restrict the access of subjects to objects based on a system-wide policy –denying users full control over the access to resources that they create. The system security policy (as set by the administrator) entirely determines the access rights granted

CS426Fall 2010/Lecture 1919 Multi-level Security (MLS) The capability of a computer system to carry information with different sensitivities (i.e. classified information at different security levels), permit simultaneous access by users with different security clearances and needs-to-know, and prevent users from obtaining access to information for which they lack authorization. Typically use MAC Primary Security Goal: Confidentiality

CS426Fall 2010/Lecture 1920 INHERENT WEAKNESS OF DAC Unrestricted DAC allows information from an object which can be read to any other object which can be written by a subject –do not provide multi-level security Suppose our users are trusted not to do this deliberately. It is still possible for Trojan Horses to copy information from one object to another.

CS426Fall 2010/Lecture 1921 TROJAN HORSES A Trojan Horse is rogue software installed, perhaps unwittingly, by duly authorized users A Trojan Horse does what a user expects it to do, but in addition exploits the user's legitimate privileges to cause a security breach

CS426Fall 2010/Lecture 1922 TROJAN HORSE EXAMPLE File F A:r A:w File G B:r A:w Principal B cannot read file F ACL

CS426Fall 2010/Lecture 1923 TROJAN HORSE EXAMPLE File F A:r A:w File G B:r A:w Principal B can read contents of file F copied to file G ACL Principal A Program Goodies Trojan Horse executes read write

CS426Fall 2010/Lecture 1924 Buggy Software Can Become Trojan Horse When a buggy software is exploited, it execute the code/intention of the attacker, while using the privileges of the user who started it.

CS426Fall 2010/Lecture 1925 Readings for This Lecture Wikipedia Discretionary Access Control The Confused Deputy by Norm Hardy

CS426Fall 2010/Lecture 1926 Coming Attractions … The Bell LaPadula Model

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.