Presentation is loading. Please wait.

Presentation is loading. Please wait.

Distributed computer security 8.2 Discretionary Access Control Models -Ranjitha Shivarudraiah.

Published byMadison Townsend Modified over 8 years ago

Similar presentations

Presentation on theme: "Distributed computer security 8.2 Discretionary Access Control Models -Ranjitha Shivarudraiah."— Presentation transcript:

1 Distributed computer security 8.2 Discretionary Access Control Models -Ranjitha Shivarudraiah

2 Agenda Concepts  What are security policies?  What is Access control?  Different types of ACM.  Concept of distributed compartment  ACM implementations  ACL vs CL Research  Case study: ACM for grid networks  Example of an ACM for Mobile devices by virtualization. Future expectations

3 CONCEPTS

4 Security policy There are two kinds of security policies:  Simple security policies Access control matrix (ACM) models are widely used to enforce the simple security policies.  Complex Security policies Security requirements how and when the accesses are performed( special constraints are involved). Relevant to the distributed systems.

5 An access control is a function that given a subject and object pair i.e. (s,o) and a requested operation r, from s to o, returns a true value if requested is permitted. R = P(s,o). P – access matrix R – set of allowable operations.( ‘r’ is a particular operation belonging to set ‘R’ ). s – subject o – object Access control

6 Access Control contd.. The process of access validation is performed by a ‘reference monitor’ with an ACM for all subjects and objects Practically it is preferable to have separate reference monitors for different categories of subjects and objects.

7 Resource ACM In a resource ACM subjects are users, objects are the files to be accessed. Access Rights may include “read”, ”write”, ”execute”, ”append”. Special privileges may be the “owner” and copy privilege.[1] [1]Randy Chow & Theodore Johnson, 1997,“Distributed Operating Systems & Algorithms”,

8 Process ACM In process ACM the subjects and objects are both processes. Operations are basically related to communication and synchronization.[1] [1]Randy Chow & Theodore Johnson, 1997,“Distributed Operating Systems & Algorithms”,

9 Domain ACM Set of objects with same access rights.[1] [1]Randy Chow & Theodore Johnson, 1997,“Distributed Operating Systems & Algorithms”,

10 ACM contd.. Reducing the Size of Access Control Matrix  Subject rows in the ACM that have identical entries i.e subjects that have similar access rights on common objects, could be merged into groups.  If a user belongs to more than one group, its access rights is the union of all access rights of all the groups it belongs to.  Similarly Object columns with same entries could be merged into ‘categories’.

11 Distributed compartment. Figure: Distributed Compartment [1] [1] Randy 1997

12 Distributed compartment. Contd.. A distributed application with collaborating processes may consists of subject users and object resources crossing the physical boundaries of physical resources. Here, a logical ACM called a ‘distributed compartment’ that regulates access among the collaborating users would serve a better purpose. Access to the distributed compartments are based on ‘distributed handles’. These handles are application oriented and they provide a protective wall around an application and are authenticated by the application

13 DCM contd.. The distributed compartment model has a number of advantages  The grouping of subjects and objects is logical and application specific.  The accesses are more transparent since they do not depend on the operating systems and administrative units.  Since the application manages the distributed handles, it allows different security policies to be implemented

14 ACM implementations For efficiency and organizational purposes, access control matrices need to be partitioned The Linked list structure that contains all entries in a column for a particular object is called a Access control List (ACL) for the object.  An ACL specifies the permissible rights that various subjects have on the object Likewise all entries in a row for a subject is called a Capability List (CL) for the subject.  A CL specifies privileges to various objects held by a subject

15 ACL vs CL Comparison between ACLs and capabilities for protecting objects. Using an ACL  Using capabilities.  Source: Randy 1997

16 Lock –Key implementation

17 ACL vs CL contd.. Comparison in terms of management functions  Authentication  Reviewing of Access Rights  Propagation of Access Rights  Revocation of Access Rights  Conversion between ACL and CL

18 Authentication  ACL Authenticates subjects, which is performed by the system  While in CL, authentication is performed on capabilities of objects, by the object server.  Objects have knowledge of the capabilities,but do not know the users or processors. This is one of the reasons why many Distributed implementations favor the CL approach

19 Review Of Access Rights  To know which subjects are authorized to use a certain objects.  Easier to review ACL, because ACL contains exactly this information. For storage efficiency subject grouping, wildcards,prohibitive rights could also be used.  It is difficult to review for a CL unless some type of activity log is kept for all subjects that are given the capability

20 Propagation of access rights  Access rights must be replicable to facilitate sharing.  Propagation is Duplication of some or all the privileges from one subject to the others.  Propagation is not transfer of rights, it is only duplication.  In ACL, propagation of rights is explicitly initiated by a request to the object server, which modifies or adds an entry to its ACL.

21 Propagation of access rights contd..  Propagation of rights must adhere to the principle of least principles.  i.e. Only the minimum privileges required to perform the tasks are given when propagating the rights  In CL, theoretically it is propagate rights between subjects without intervention of object server.  This could result in an uncontrollable system and hence is avoided.

22 Revocation of access rights  Revocation is trivial in ACL because it is easy to delete subject entries from the ACL.  It is difficult for CL’s to revoke access selectively.

23 Conversion between ACL & CL  Interactions among processes involving different Access control models would require gateways for conversions.  Conversion to ACL is straightforward.  Consider example of processes in a CL requiring to access remote objects in ACL Gateway Authenticates the process identifier. It Then verifies the operation in the capability list. The request is then converted to ACL and is presented to the remote host

24 Research

25 Case study: ACM for grid networks[2] “Access control of global distributed storage system”(Dr Xie et al,2004)

26 Local distributed storage system. Source: “Access control of global distributed storage system” (Dr Xie et al -2004 ) Certification and Authentication Server Name Server

27 3. Requirements of Access Control in Data grid Environment Single sign on Separation of duties High efficiency Centralized management and autonomy Support Qos( Quality of service).

28 Source: “Access control of global distributed storage system” Dr Xie et al -2004 )

29 Access control methods for mobile devices[5]

30 [5] ACM for mobile devices( Dr Lee et.al. 2008 ). Root of trust. Rom has The master key. Virtual Machine Monitor ACM for Mobile devices. Provides security Provides Flexibilty

31 Future Expectations Absolute trust mechanism in access control system is an important subject of P2P security research. Also secure efficient ACM for huge networks especially the data-centric networks will be effectively realized. Excellent Access control methods for highly dynamic real time systems.

32 References [1]Randy Chow & Theodore Johnson, 1997,“Distributed Operating Systems & Algorithms”, (Addison- Wesley), p. 271 to 278. [2] Access control of global distributed storage system Chao Xie; Hai Jin; Song Wu; Shengli Li; Zhiping Wang; Computer and Information Technology, 2004. CIT '04. Computer and Information Technology, 2004. CIT '04. [3] Samarati, P.; Bertino, E.; Ciampichetti, A.; Jajodia, S.; “Information flow control in object-oriented systems”. Knowledge and Data Engineering, IEEE Transactions on Volume 9, Issue 4, July-Aug. 1997 Page(s):524 - 538 [4] Lin, Tsau Young (T. Y.); “Managing Information Flows on Discretionary Access Control Models” Systems, Man and Cybernetics, 2006. ICSMC '06. IEEE International Conference onVolume 6, 8-11 Oct. 2006 Page(s):4759 - 4762Systems, Man and Cybernetics, 2006. ICSMC '06. IEEE International Conference on [5] A Multi-Layer Mandatory Access Control Mechanism for Mobile Devices Based on Virtualization Sung-Min Lee; Sang-bum Suh; Bokdeuk Jeong; Sangdok Mo; Consumer Communications and Networking Conference, 2008. CCNC 2008. 5th IEEE Consumer Communications and Networking Conference, 2008. CCNC 2008. 5th IEEE [6] http://en.wikipedia.org/wiki/Access_control( Accessed on 27th October 2008). http://en.wikipedia.org/wiki/Access_control( Accessed on 27th

Download ppt "Distributed computer security 8.2 Discretionary Access Control Models -Ranjitha Shivarudraiah."

Similar presentations

Protection Goals of Protection Domain of Protection Access Matrix

Protection Goals of Protection Domain of Protection Access Matrix
Distributed Systems Major Design Issues Presented by: Christopher Hector CS8320 – Advanced Operating Systems Spring 2007 – Section 2.6 Presentation Dr.

Distributed Systems Major Design Issues Presented by: Christopher Hector CS8320 – Advanced Operating Systems Spring 2007 – Section 2.6 Presentation Dr.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
Issues Relevant To Distributed Security xuhong Zhang.

Issues Relevant To Distributed Security xuhong Zhang.
Vinay Kumar Madhadi 10/28/2009 CSC-8320. Outline  Part 1 : Mandatory Flow Control Models? MAC vs. DAC Information Flow Control  Part 2 : Different Models-Lattice.

Vinay Kumar Madhadi 10/28/2009 CSC Outline  Part 1 : Mandatory Flow Control Models? MAC vs. DAC Information Flow Control  Part 2 : Different Models-Lattice.
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Lakshmi Narayana Gupta Kollepara 10/26/2009 CSC-8320.

Lakshmi Narayana Gupta Kollepara 10/26/2009 CSC-8320.
8.2 Discretionary Access Control Models Weiling Li.

8.2 Discretionary Access Control Models Weiling Li.
Database Management System

Database Management System
Fundamentals of Computer Security Geetika Sharma Fall 2008.

Fundamentals of Computer Security Geetika Sharma Fall 2008.
Bilkent University Department of Computer Engineering

Bilkent University Department of Computer Engineering
19: Protection1 PROTECTION Protection is the mechanism for controlling access to computer resources. Security concerns the physical integrity of the system.

19: Protection1 PROTECTION Protection is the mechanism for controlling access to computer resources. Security concerns the physical integrity of the system.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
CMSC 414 Computer and Network Security Lecture 10 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 10 Jonathan Katz.
1 Clark Wilson Implementation Shilpa Venkataramana.

1 Clark Wilson Implementation Shilpa Venkataramana.
Chapter 14: Protection.

Chapter 14: Protection.
SE571 Security in Computing

SE571 Security in Computing
Definition of terms Definition of terms Explain business conditions driving distributed databases Explain business conditions driving distributed databases.

Definition of terms Definition of terms Explain business conditions driving distributed databases Explain business conditions driving distributed databases.
G22.3250-001 Robert Grimm New York University Protection and the Control of Information Sharing in Multics.

G Robert Grimm New York University Protection and the Control of Information Sharing in Multics.

Similar presentations

Ads by Google