Presentation is loading. Please wait.

Presentation is loading. Please wait.

ISA 562 1 Access Control ISA 562 Internet Security Theory & Practice.

Published byToby Andrews Modified over 8 years ago

Similar presentations

Presentation on theme: "ISA 562 1 Access Control ISA 562 Internet Security Theory & Practice."— Presentation transcript:

1 ISA 562 1 Access Control ISA 562 Internet Security Theory & Practice

2 2 Objectives and References General (from ISC2 CBK Material ): Discuss Access Control mechanisms, measures and threats Details (from Bishop’s Chapters 2): Access control assurance methods General (from ISC2 CBK Material ): Intrusion detection/ intrusion prevention

3 Requirements & Concepts Some basic requirements of an access control: Avoid disclosing sensitive data to unauthorized users (Confidential) Provide sensitive information to authorized users (Available) Reliable and dependable (Integrity preserving) Scalable and expandable (long life) Some of the key concepts in Access control systems are: Separation of duties Least privilege Need-to-know Need-to-share (a contemporary buzz-phrase) Handle with care 3

4 What to protect?: Information classification Based on business risk of content released to mal- actors Example the US government classification Unclassified Confidential Secret Top secret Will be discussed in detail 4

5 Kinds of Access Control Preventive Access controls Avoid having unwanted actions/events by blocking the ability to do them. Detective Identify unwanted actions or events after they occur. Corrective Remedy circumstances that enabled the unwanted activity. Return to state prior to the unwanted activity. Directive Dictated by higher authority in laws or regulations or those specified in organization policy Deterrent Prescribe punishment for noncompliance Recovery Restore lost computing resources or capabilities. Compensating Reinforce or replace normal controls that are unavailable 5

6 3 Types of access controls Administrative Examples: separation of duties, dual control, etc Physical Examples: fences, alarms, badges, CCTV, etc Technical Examples: antivirus, antis-spam, logs, etc Further examples in ISC 2 book show how controls map to the access control types. 6

7 Steps in Accessing Systems Authentication Use a unique identifier– Example: user ID, Account number, PIN 3 main datum used for authentication Something requester know Passwords Pass-phrases Something the requester is Biometrics Physical characteristics Something the requester has Tokens (one-time passwords, time synchronized token) Smart Cards USB Tokens Authorization Accounting 7

8 Using Tokens & Smartcards for Authentication Asynchronous Token – challenge response Synchronous token Time or event based Using one-time password or hashed values Authentication server knows expected value from the token Smart Cards Contact Contact-less 8

9 Using Biometrics for Authentication Have false (rejection, acceptance) rates. Crossover = they are equal, both tunable to need. Examples static biometrics Fingerprint or palm print Hand Geometry Retina Example Dynamic biometrics Face /gesture Recognition Keystrokes Voice pattern 9

10 Identity Management What is Identity management? Set of technologies used to manage user identity information. When is it needed? For manual service provisioning Manage sophisticated and complex environments To comply with regulations What are the major challenges? Reliability of user profiles Consistency of user profiles across different systems/devices Scalability by supporting data volumes and peaks More details in the IC3 book 10

11 Identity Management: benefits and technologies Benefits Increasing productivity Reducing head-counting Technologies Found in systems that support the identity management process and managing data consistently and efficiently across multiple systems within an organization Directories Web Access Management Password Management Legacy single sign-on’s 11

12 Access Control technologies 12

13 Single Sign-on How they work One user ID and password for multiple application servers through an authentication server. Benefits Efficient log-on process Users may create stronger passwords No need for multiple passwords Major Drawback A compromised password allows intruder into all resources of the owner of that account 13

14 Single Sign-on using Kerberos 14

15 Single Sign-on – Kerberos and SESAME Kerberos Key Distribution Center serves two functions Authentication Server (AS) Ticket Granting Server (TGS) Kerberos Issues Security depends on careful implementation and maintenance Lifetime for authentication credentials should be as short as feasible using time stamps to minimize the threat of replayed credentials The KDC must be physically secured, it could be a point of single failure Redundancy is recommended The KDC should be hardened and not allow any non-Kerberos activity SESAME Stands for Secure European System for applications in a multi-vendor environment Developed to address some of the Kerberos weaknesses Supports SSO Improves key management by using both Symmetric and Asymmetric keys 15

16 Directory Service and Security Domains Directory Services Consist of applications that provide the means to hierarchically organize and manage information about network users and resources and to retrieve the information by name association Security Domains Set of objects that a subject in an information system is allowed to access Hierarchical domain relationship Equivalence classes of subjects 16

17 Access Control & Assurance Mechanisms used to assure that access control mechanisms are in place and in a good standing: Audit Trail analysis and monitoring is a record of system activities Assessment tools Audit tools cover a wide spectrum of cost, complexity, etc and must be tailored to the specific goals of the audit 17

18 The Access Control Matrix Model Chapter 2 from Bishop’s book

19 Chapter 2: Access Control Matrix Overview Access Control Matrix Model Boolean Expression Evaluation History Protection State Transitions Commands Conditional Commands Special Rights Principle of Attenuation of Privilege

20 Overview Protection state of system Describes current settings, values of system relevant to protection Access control matrix Describes protection state precisely Matrix describing rights of subjects State transitions change elements of matrix

21 Description objects (entities) subjects s1s2…sns1s2…sn o 1 … o m s 1 … s n Subjects S = { s 1,…,s n } Objects O = { o 1,…,o m } Rights R = { r 1,…,r k } Entries A[s i, o j ]   R A[s i, o j ] = { r x, …, r y } means subject s i has rights r x, …, r y over object o j

22 Example 1 Processes (subjects) p, q Files (objects) f, g Rights r, w, x, a, o fgpq prworrwxow qarorrwxo

23 Example 2 Procedures inc_ctr, dec_ctr, manage Variable counter Rights +, –, call counterinc_ctrdec_ctrmanage inc_ctr+ dec_ctr– managecallcallcall

24 Boolean Expression Evaluation ACM controls access to database fields Subjects have attributes Verbs define type of access example, read, write Rules associated with (objects, verb) pair (foo, write) Subject attempts to access object Rule for object, verb evaluated, grants or denies access

25 Example Subject Alice Attributes role (artist), groups (creative) Verb paint Default 0 (deny unless explicitly granted) Object picture Rule: paint:‘artist’ in subject.role and ‘creative’ in subject.groups and time.hour ≥ 0 and time.hour < 5

26 ACM at 3AM and 10AM … picture … … annie … paint At 3AM, time condition met; ACM is: … picture … … annie … At 10AM, time condition not met; ACM is:

27 AC by History and Inference Database: namepositionagesalary Aliceteacher45$40,000 Bobaide20$20,000 Cathyprincipal37$60,000 Dilbertteacher50$50,000 Eveteacher33$50,000 Queries: 1. sum(salary, “position = teacher”) = 140,000 2. sum(salary, “age > 40 & position = teacher”) should not be answered (deduce Eve’s salary)

28 ACM of Database Queries O i = { objects referenced in query i } f(o i ) = permission set of query i f(o i ) = {read}for o j  O i, if |  j = 1,…,i  O j | < 2 f(o i ) =  for o j  O i, otherwise O 1 = { Alice, Dilbert, Eve } and no previous query set, so: A[asker, Alice] = f(Alice) = { read } A[asker, Dilbert] = f(Dilbert) = { read} A[asker, Eve] = f(Eve) = { read } and the query can be answered

29 But Query 2 From last slide: f(o i ) = { read }for o j in O i, if |  j = 1,…,i  O j | <2 f(o i ) =  for o j in O i, otherwise 2. O 2 = { Alice, Dilbert } but | O 2  O 1 | = 2 so A[asker, Alice] = f(Alice) =  A[asker, Dilbert] = f(Dilbert) =  and query cannot be answered

30 State Transitions Change the protection state of system X i is a state of the ACM at time i |– represents transition X i |–  X i+1 : command  moves system from state X i to X i+1 X i |– * X i+1 : a sequence of commands moves system from state X i to X i+1 Commands often called transformation procedures, because the transform the sate of the access control matrix

31 Primitive Operations create subject s, create object o Creates new row, column in ACM; creates new column in ACM destroy subject s, destroy object o Deletes row, column from ACM; deletes column from ACM enter r into A[s, o] Adds r rights for subject s over object o delete r from A[s, o] Removes r rights from subject s over object o

32 Access control requests Transforms sate of the access control matrix An access control request can be precisely defined using Pre-conditions Post-conditions Use notation (from Z) Pre-state without primes Post-state with primes Example: pre-state - A[alice, file1] is the permission set of Alice to file 1 before a requests, and A’[alice, file1] is a post-state

33 Create Subject – pre and post conditions Pre-condition: s  S Primitive command: create subject s Post-conditions: S = S  { s }, O = O  { s } (  y  O)[a[s, y] =  ] (  x  S)[a[x, s] =  ] (  x  S)(  y  O)[a[x, y] = a[x, y]]

34 Create Object Precondition: o  O Primitive command: create object o Post-conditions: S = S, O = O  { o } (  x  S)[a[x, o] =  ] (  x  S)(  y  O)[a[x, y] = a[x, y]]

35 Add Right Precondition: s  S, o  O Primitive command: enter r into a[s, o] Post-conditions: S = S, O = O a[s, o] = a[s, o]  { r } (  x  S)(  y  O – { o }) [a[x, y] = a[x, y]] (  x  S – { s })(  y  O) [a[x, y] = a[x, y]]

36 Delete Right Precondition: s  S, o  O Primitive command: delete r from a[s, o] Postconditions: S = S, O = O a[s, o] = a[s, o] – { r } (  x  S)(  y  O – { o }) [a[x, y] = a[x, y]] (  x  S – { s })(  y  O) [a[x, y] = a[x, y]]

37 Destroy Subject Precondition: s  S Primitive command: destroy subject s Postconditions: S = S – { s }, O = O – { s } (  y  O)[a[s, y] =  ], (  x  S)[a´[x, s] =  ] (  x  S)(  y  O) [a[x, y] = a[x, y]]

38 Destroy Object Precondition: o  O Primitive command: destroy object o Postconditions: S = S, O = O – { o } (  x  S)[a[x, o] =  ] (  x  S)(  y  O) [a[x, y] = a[x, y]]

39 Creating File Process p creates file f with r and w permission command createfile(p, f) create object f; enter own into A[p, f]; enter r into A[p, f]; enter w into A[p, f]; end

40 Mono-Operational Commands Make process p the owner of file g command makeowner(p, g) enter own into A[p, g]; end Mono-operational command Single primitive operation in this command

41 Conditional Commands Let p give q r rights over f, if p owns f command grantreadfile1(p, f, q) if own in A[p, f] then enter r into A[q, f]; end Mono-conditional command Single condition in this command

42 Multiple Conditions Let p give q r and w rights over f, if p owns f and p has c rights over q command grantreadfile2(p, f, q) if own in A[p, f] and c in A[p, q] then enter r into A[q, f]; enter w into A[q, f]; end

43 Copy Right Allows possessor to give rights to another Often attached to a right, so only applies to that right r is read right that cannot be copied rc is read right that can be copied Is copy flag copied when giving r rights? Depends on the model and its instantiation

44 Own Right Usually allows possessor to change entries in ACM column Owner of an object can add, delete rights for others May depend on what system allows Can’t give rights to specific (set of) users Can’t pass copy flag to specific (set of) users

45 Attenuation of Privilege Principle says you can’t give rights you do not possess Restricts addition of rights within a system Usually ignored for owner Why? Owner gives herself rights, gives them to others, deletes her rights.

46 Main Points Access control matrix simplest abstraction mechanism for representing protection state Transitions alter protection state 6 primitive operations that alter the matrix Transitions can be expressed as commands composed of these operations and, possibly, conditions

Download ppt "ISA 562 1 Access Control ISA 562 Internet Security Theory & Practice."

Similar presentations

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Computer Security Computer Security is defined as:

Computer Security Computer Security is defined as:
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
Access Control Methodologies

Access Control Methodologies
Authentication & Kerberos

Authentication & Kerberos
1 Access Control Matrix CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 9, 2004.

1 Access Control Matrix CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 9, 2004.
Authentication James Walden Northern Kentucky University.

Authentication James Walden Northern Kentucky University.
April 6, 2004ECS 235Slide #1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe Defaults –Economy of Mechanism –Complete Mediation.

April 6, 2004ECS 235Slide #1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe Defaults –Economy of Mechanism –Complete Mediation.
SE571 Security in Computing

SE571 Security in Computing
1 Access Control Matrix CSSE 442 Computer Security Larry Merkle, Rose-Hulman Institute March 16, 2007.

1 Access Control Matrix CSSE 442 Computer Security Larry Merkle, Rose-Hulman Institute March 16, 2007.
Lecture 7 Access Control

Lecture 7 Access Control
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.

Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.
Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.

Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.
ACCESS CONTROLS SZABIST – Spring 2012. Access Controls This chapter presents the following:  Identification methods and technologies  Authentication.

ACCESS CONTROLS SZABIST – Spring Access Controls This chapter presents the following:  Identification methods and technologies  Authentication.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.
The University of Akron Dept of Business Technology Computer Information Systems DBMS Functions 2440: 180 Database Concepts Instructor: Enoch E. Damson.

The University of Akron Dept of Business Technology Computer Information Systems DBMS Functions 2440: 180 Database Concepts Instructor: Enoch E. Damson.
Csci5233 computer security & integrity 1 Access Control Matrix.

Csci5233 computer security & integrity 1 Access Control Matrix.
IS-2150/TEL-2810: Introduction of Computer Security1 September 7, 2005 Introduction to Computer Security Access Control Matrix Take-grant model.

IS-2150/TEL-2810: Introduction of Computer Security1 September 7, 2005 Introduction to Computer Security Access Control Matrix Take-grant model.

Similar presentations

Ads by Google