Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Security Access Control

Published byありさ ちゅうか Modified over 5 years ago

Similar presentations

Presentation on theme: "Computer Security Access Control"— Presentation transcript:

1 Computer Security Access Control
5/8/2019

2 The Orange Book First published in 1983, the Department of Defense Trusted Computer System Evaluation Criteria, known as the Orange Book is the de facto standard for computer security today. The Orange Book, and others in the Rainbow Series, are still the benchmark for systems produced almost two decades later, and Orange Book classifications such as C2 provide a shorthand for the base level security features of modern operating systems. 5/8/2019

3 Access Control Terminology subject, object, reference monitor
access request Access request Reference monitor Subject Object 5/8/2019

4 Access Control Terminology
Authentication of statement s: answers the question: “who said s ? ” Authorization of object o: answers the question: “who is trusted to access o ?” Access request Reference monitor Subject s Object o 5/8/2019

5 Access Control We can specify What a subject is allowed to do
Way may be done with an object 5/8/2019

6 Access Control Who is a subject? A principal, a user identity
We might say that a subject `speaks for’ a principal 5/8/2019

7 Access Operations Access modes
Observe  look at the contents of an object Alter  change the contents of an object 5/8/2019

8 Access Operations Access rights & attributes observe x x x x alter
Bell-LaPadula security model Access rights execute append read write observe x x x x alter 5/8/2019

9 Access Operations Unix file directory
read read from a file list directory contents write write to a file create or rename a file in a directory execute execute a (program) file search the directory Access rights specific to a file are changed by my modifying the file’s entry in its directory 5/8/2019

10 Access Operations Windows NT
Permissions of Windows New Technology File System (NTFS) read write execute delete change permission change ownership 5/8/2019

11 Ownership The owner of a resource decrees who is allowed to access it.
A system wide policy decrees who has access. 5/8/2019

12 Access Control Structures
Now we must state which access operations are permitted. We do this by studying their structures. Let S be a set of subjects, O a set of objects, A a set of access operations 5/8/2019

13 Access Control Matrix Access rights are determined by a matrix
M = (Mso)seS,oeO with Mso A The Bell-LaPadula model employs access contol matrices to model discretionary access policies of the Orange Book. 5/8/2019

14 Access Control Matrix An example bill.doc edit.exe fun.com
Alice {execute} {execute, read} Bob {read,write} {execute} {execute,read,write} 5/8/2019

15 Access Control Matrix Access rights can be kept with the
subjects or the objects. 5/8/2019

16 Access Control Matrix Capabilities
If the access rights are kept with the subjects then these are the subject’s access rights. Every subject is given a capability. Alice’s capability: edit.exe: execute; fun.com: execute, read Bob’s capability: bill.doc: read, write; edit.exe: execute; fun.com: execute, read, write 5/8/2019

17 Access Control Matrix Access control lists (ACL)
An ACL stores the access rights to an object with the object itself. ACLs are a typical feature of secure operating systems of the Orange Book class C2 ACL for bill.doc: Bob: read write ACL for edit.exe: Alice: execute; Bill: execute ACL for fun.com: Alice: execute, read; Bill: execute, read, write 5/8/2019

18 Access Control Matrix Access control lists (ACL)
Management of access rights can be cumbersome. Therefore users are placed in groups, and derive access from a user’s group. 5/8/2019

19 Intermediate control Managing a security policy defined by an
Access Control Matrix is a complex task in large systems. There are several means of simplifying this task. 5/8/2019

20 Group permissions s1 s2 s3 s4 s5 groups g1 g2 o3 o4 o5 o6 o1 o2
subjects groups g1 g2 o3 o4 o5 o6 o1 o2 objects 5/8/2019

21 Group and negative permissions
subjects x x groups g1 g2 o3 o4 o5 o6 o1 o2 objects 5/8/2019

22 Privileges s1 s2 s3 s4 s5 subjects privileges pr1 pr2 operations op3
5/8/2019

23 Role Based Access Control
Privileges come predefined with the OS Roles: a collection of procedures roles are assigned to users; a user can have many roles Procedures: high-level access control methods. Can only be applied to objects of certain data types. Datatypes: each object has a certain datatype and can only be accessed throuhg procedures defined for this datatype. 5/8/2019

24 Protection rings 0 operating system kernel operating system utilities
user processors Each application is assigned a number 0,1,2,3… depending on its importance. 5/8/2019

25 Protection rings 0 operating system kernel operating system utilities
user processors 5/8/2019

26 Protection rings Protection rings are mainly used for integrity protection An example is the QNX Neutrino microkernel OS * The Neutrino microkernel runs in ring 0 The Neutrino process runs in ring 1 All other programs run in ring 3 * A microkernel OS is structured as a tiny kernel that provides the minimal services used by a team of optional cooperating processes, which in turn provide the higher level OS functionality. 5/8/2019

27 Protection rings Unix employs a similar protection but uses only two
levels 5/8/2019

28 The lattice OS Security levels
The Mandatory Access Control (MAC) policies and the multi-level security policies of the Orange Book refer to security levels. top secret secret confidential unclassified This a linearly ordered set, a special case of a lattice. 5/8/2019

29 A lattice {a,b,c} {a,b} {a,c} {b,c} {a} {b} {c} 5/8/2019

30 A lattice A lattice (L, ) is a set with a partial ordering such that:
For each pair of elements a,b of L there is a lub u in L and a glb v in L. 5/8/2019

31 An example Let H be a set of classifications with hierarchical ordering . Take a set of categories C, e.g. project names, company divisions, etc A compartment H is a set of categories, i.e. a subset of C. A security label (level) is a pair (h,c), where h in H is the security level and c in C is a compartment. 5/8/2019

32 An example The partial ordering is defined by:
(h1,c1) (h2,c2) if and only if h1 h2 and c1 c2 5/8/2019

33 The VSTa operating system
VSTa (Valencia's Simple Tasker) is an operating system with microkernel architecture. Abilities are defined as finite strings of positive integers separated by a dot, e.g.: Abilities are ordered using a partial ordering: .3   but (⌐ .3.1 ≤ 3.2) Access is granted if the ability of a subject is a prefix of the object’s ability. The ability “.” defines a superuser. 5/8/2019

Download ppt "Computer Security Access Control"

Similar presentations

1 Access Control. 2 Objects and Subjects A multi-user distributed computer system offers access to objects such as resources (memory, printers), data.

1 Access Control. 2 Objects and Subjects A multi-user distributed computer system offers access to objects such as resources (memory, printers), data.
1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
Protection and Security Protection is any mechanism for controlling the access of processes to the resources of a computer system. This mechanism must.

Protection and Security Protection is any mechanism for controlling the access of processes to the resources of a computer system. This mechanism must.
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Lakshmi Narayana Gupta Kollepara 10/26/2009 CSC-8320.

Lakshmi Narayana Gupta Kollepara 10/26/2009 CSC-8320.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
COEN 150: Intro to IA Authorization.

COEN 150: Intro to IA Authorization.
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
User Domain Policies.

User Domain Policies.
Distributed Computer Security 8.2 Discretionary Access Control Models - Liang Zhao.

Distributed Computer Security 8.2 Discretionary Access Control Models - Liang Zhao.
Lecture 7 Access Control

Lecture 7 Access Control
Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.

Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.
Information Classification & Access Control. Background All information is not equal  Context decides the sensitivity Even then, all information in the.

Information Classification & Access Control. Background All information is not equal  Context decides the sensitivity Even then, all information in the.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
Authentication and authorization Access control consists of two steps, authentication and authorization. Subject Do operation Reference monitor Object.

Authentication and authorization Access control consists of two steps, authentication and authorization. Subject Do operation Reference monitor Object.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
CS-550 (M.Soneru): Protection and Security - 2 [SaS] 1 Protection and Security - 2.

CS-550 (M.Soneru): Protection and Security - 2 [SaS] 1 Protection and Security - 2.
Chapter 7 WORKING WITH GROUPS.

Chapter 7 WORKING WITH GROUPS.
CH14 – Protection / Security. Basics Potential Violations – Unauthorized release, modification, DoS External vs Internal Security Policy vs Mechanism.

CH14 – Protection / Security. Basics Potential Violations – Unauthorized release, modification, DoS External vs Internal Security Policy vs Mechanism.
Computer Security 3e Dieter Gollmann www.wiley.com/college/gollmann.

Computer Security 3e Dieter Gollmann

Similar presentations

Ads by Google