Presentation is loading. Please wait.

Presentation is loading. Please wait.

Access Control CSE 465 – Information Assurance Fall 2017 Adam Doupé

Published byMerry Lindsey Modified over 6 years ago

Similar presentations

Presentation on theme: "Access Control CSE 465 – Information Assurance Fall 2017 Adam Doupé"— Presentation transcript:

1 Access Control CSE 465 – Information Assurance Fall 2017 Adam Doupé
Arizona State University

2 Example A university’s academic integrity policy disallows cheating
Includes copying homework, with or without permission CSE class has students do homework on a shared server (similar to general.asu.edu) Student A forgets to read-protect homework file Student B copies the file Who did something wrong?

3 Authorization What can you do on the system?
Vs. Authentication (we will cover later) Who are you?

4 Authorization, Trust, and Risk
Need to manage Authorization Trust To manage risk Can you eliminate risk?

5 Authorization vs. Access Control
Authorization is the policy Access Control is the mechanism

6 Modeling Access Control
Subjects S Things in the system that can act Objects O Assets or objects in the system (acted upon) Rights R What can the subject do to the object?

7 Access Matrix Model F G U V r1, r2 r2 r4 r2, r3 r5, r6

8 Simplified UNIX Model Subjects are processes Files are objects
p, q Files are objects f, g Rights (read, write, execute, append, own) r, w, x, a, o

9 Access Control Matrix Model
f g p q rwo r rwxo w a ro

10 Access Control Matrix Benefits Drawbacks

11 Implementation How to implement Access Control Matrix?

12 Access Control Lists (ACLs)
Each column of the access matrix is stored with the object f p: rwo q: a g p: r q: ro

13 Capability Lists Each row of the access matrix is stored with the subject p f: rwo g: r q f: a g: ro

14 Relation Subject Access Object p r f w o g q a

15 ACL vs. Capability ACL requires authentication of subjects
CAP does not require authentication of subjects Capabilities must be unforgeable and propagation must be controlled

16 ACL vs. Capability Per-Object basis File a File b Per-Subject basis
User: rights . User: rights . /project File c File b File a Per-Subject basis user Rights: File a, Rights: Fila b

17 ACL vs. Capability Least Privilege
CAP provides for finer grained least privilege control with respect to subjects, especially dynamic short-lived subjects created for specific tasks

18 ACL vs. Capability Access review Revocation
ACL better for access review of objects CAP better for access review of subjects Revocation ACL better for revocation on object basis CAP better for revocation on subject basis

19 Capability Lists: Granting Access
p wants to grant q read access to file f How to do this? p f: rwo g: r q f: a g: ro q f: ar g: ro q f: a g: ro f: r

20 UNIX ACL 12 permission bits for each file, logically grouped into 4 sets of three bits each _ _ _ _ _ _ _ _ _ _ _ _ first 3 bits: SUID SGID Sticky-bit next 3 bit sets apply to file’s owner, users in file’s group and all users respectively read write execute sticky bit set on a directory means that people can create files in the directory but cannot write or rename other directories. Not relevant to files (come from old UNIX where it would keep the program in memory. ls -la does execute as x for execute, s for means that x is set and setuid is set, S means that x is not set and setuid is set, t (only on other bit) implies sticky bit and executable, T sticky bit is set but other is not executable

21 Other Access Control Ideas
Content dependent controls You can only see salaries less than 50K You can only see salaries of employees who report to you Context dependent controls Cannot access sensitive information from a remote login Salary information can be updated only at year end Company’s earnings report is confidential until announced at the stockholder’s meeting

22 Types of Access Control
Discretionary Access Control Owner of the object controls who can access the object Mandatory Access Control System controls access to an object Originator Controlled Access Control Originator of the object controls who can access the object

23 Mandatory Access Control
Security Levels Security Category Security Labels

24 Security Levels Many organizations have hierarchical relationship between security sensitivity of assets One file might have the highest security sensitivity Office environments: memos, reports, customer lists, backup data Defined sensitivity and importance

25 Security Levels Need some way to tag data on a computer system
Associate a security level with each entity What type of relationship? 1-1? 1-*?

26 Examples Military Security Levels Commercial Security Levels
Top Secret Secret Confidential Unclassified Commercial Security Levels Restricted Proprietary Sensitive Public

27 Policy What policy do we want our MAC to enforce?
Let’s use the military example Top Secret Secret Confidential Unclassified

28 Notation L(S) = ls is the security clearance of subject S
L(O) = lO is the security classification of object O For all security classifications li,i=0, …, k-1, li < li+1

29 Security Conditions Simple-Security Condition (preliminary version)
S can read O iff lO ≤ lS *-Property (preliminary version) S can write O iff lS ≤ lO

30 Examples Military Security Levels Commercial Security Levels
Write Military Security Levels Top Secret Secret Confidential Unclassified Commercial Security Levels Restricted Proprietary Sensitive Public Read

31 Security Categories Security levels are too fine-grained Categories
NUC NATO ACE Need-to-know basis for assigning categories to subjects How to define the security policy now?

32 Notation A subject’s security level and object’s security level is now (L, C), where L is the level and C is the set of categories How to compare subject S1 with object O1 for access?

33 Lattice {NUC, NATO, ACE} {NUC, NATO} {NUC, ACE} {NATO, ACE} {NUC}
{}

34 Bell-LaPadula Model The security level (L, C) dominates the security level (L’, C’) iff L’ ≤ L and C’ ⊆C Simple-Security Condition S can read O iff S dom O *-Property S can write to O iff O dom S

35 Examples A has TS, {ACE} B has S, {NATO, ACE} Can A Can B Read TS, {}
Write S, {ACE} Read TS, {NATO, ACE} Write TS, {ACE, NATO} Can B Write S, {NATO} Read S, {ACE, NUC} Write U, {}

36 Other Types of Access Control
Role Based Access Control (RBAC) User’s permissions are determined by the user’s role Rather than identity (DAC) or clearance (MAC) More natural expression of business logic Attribute Based Access Control (ABAC) Users have attributes (age, ID number, group membership, etc.) Policy is a complex Boolean expression on the attributes

37 Research in Access Control
Usability Flexibility Expressiveness Federation

Download ppt "Access Control CSE 465 – Information Assurance Fall 2017 Adam Doupé"

Similar presentations

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
Jan. 2014Dr. Yangjun Chen ACS-49021 Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )

Jan. 2014Dr. Yangjun Chen ACS Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
Lakshmi Narayana Gupta Kollepara 10/26/2009 CSC-8320.

Lakshmi Narayana Gupta Kollepara 10/26/2009 CSC-8320.
1 Access Control Models Prof. Ravi Sandhu Executive Director and Endowed Chair January 25, 2013 & February 1, 2013

1 Access Control Models Prof. Ravi Sandhu Executive Director and Endowed Chair January 25, 2013 & February 1, 2013
Access Control Methodologies

Access Control Methodologies
Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality model Bell-LaPadula Model –General idea –Informal description of rules.

Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality model Bell-LaPadula Model –General idea –Informal description of rules.
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
1 Confidentiality Policies CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 18, 2004.

1 Confidentiality Policies CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 18, 2004.
Confidentiality Policies  Overview  What is a confidentiality model  Bell-LaPadula Model  General idea  Informal description of rules  Formal description.

Confidentiality Policies  Overview  What is a confidentiality model  Bell-LaPadula Model  General idea  Informal description of rules  Formal description.
Security Fall 2009McFadyen ACS-49021 How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.

Security Fall 2009McFadyen ACS How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.
Security Fall 2006McFadyen ACS-49021 How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.

Security Fall 2006McFadyen ACS How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality.
CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
Sicurezza Informatica Prof. Stefano Bistarelli

Sicurezza Informatica Prof. Stefano Bistarelli
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 4: Access Control.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 4: Access Control.
User Domain Policies.

User Domain Policies.
Lecture 7 Access Control

Lecture 7 Access Control
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Similar presentations

Ads by Google