Post on 23-Feb-2016
description
Access Control Intro, DAC and MACSystem Security
System Security• It is concerned with regulating how entities use resources in a
system• It consists of two main phases:• Authentication: uniquely identifying entities• Authorisation: assigning access rights to entities
Authentication Phase• It is only concerned with identifying an entity against a known
set• Assigning a unique identifier to the entity (i.e., user name)• Using a secret (supposedly) known only to the specific entity• Alternatively, using a unique feature that characterizes the entity
Authorisation Phase• Known also as Access Control• “The prevention of unauthorized use of a resource, including
the prevention of use of a resource in an unauthorized manner”
• It assumes users have been• authenticated to the system• assigned access rights to certain resources on the system (for
instance, by an admin)
Access Control Requirements• Reliable Input• Authenticated entities• Genuine information
• Least Privilege• Entities granted minimum set of access rights
• Administrative Duties• Only a special entity should be able to manage access rights for
other entities
Access Control Refinements• Separation of Duty• Fine Vs. Coarse Specifications• Open and Closed policies• (Automated) Conflict Resolution
Access Control Elements• Subject - entity that can access objects• a process representing user/application
• Object - access controlled resource• e.g. files, directories, records, programs etc
• Access right - way in which subject accesses an object• e.g. read, write, execute, delete, create, search
Security Modules
Access Control Models• Discretionary AC (DAC)• Mandatory AC (MAC)• Role-based AC (RBAC)• Usage Control (UCON)• Policy-based Access Control
Discretionary Access Control• A means of restricting access to objects based on the identity
of subjects and/or groups to which they belong. • The controls are discretionary in the sense that a subject with a
certain access permission is capable of passing that permission on to any other subject
• Subjects are able to assign rights to other subjects on the objects they control
• Model used in operating systems and DB management systems
• Often provided using an access matrix
Access Control Matrix
Access Control List
Capability List
Capability Myths Demolished: http://srl.cs.jhu.edu/pubs/SRL2003-02.pdf
Access Matrix Details
UNIX Access Control Lists• Modern UNIX systems support ACLs• Can specify any number of additional users / groups and
associated rwx permissions• ACLs are optional extensions to std perms
Mandatory Access Control• Entities cannot enable other entities to access their resources• It enforces a lattice between labels assigned to subjects and
object• security labels: how sensitive or critical a system resource is• security clearances: which entities are eligible to access certain
resources
MAC: The Bell-LaPadula ModelThe main goal is to control the confidentiality of information
MAC Confidentiality RulesSimple Security Property: No Read-Up
Read
MAC Confidentiality Rules*(Star)property: No Write-Down
Write
MAC Confidentiality RulesStrong *(Star)-property: No Write-Down & No Write-up
Write
MAC: Biba Integrity ModelThe main goal is to control the integrity of information
MAC Integrity RulesSimple Integrity Axiom: No Read Down
Read
MAC Integrity Rules*(Star)-Integrity Axiom: No Write Up
Write
Where is MAC used• BLP: Implemented the multi-level security policy for US
Department of Defense• BIBA: Implemented in the FreeBSD MAC policy• A combined versions of BLP and BIBA is used in Android
Summary• Introduced access control principles• subjects, objects, access rights
• Discretionary Access Control• access matrix, access control lists (ACLs), capability tickets• UNIX traditional and ACL mechanisms
• Mandatory Access Control• Bell-Lapadula• Biba
Resources• Chapter 8 in Mark Stamp, Information Security: Principles and
Practice, Wiley 2011.• Matt Bishop, Computer Security: Art and Science, Addison-
Wesley 2003.
Questions?