Access Control Intro, DAC and MACSystem Security

System Security• It is concerned with regulating how entities use resources in a

system• It consists of two main phases:• Authentication: uniquely identifying entities• Authorisation: assigning access rights to entities

Authentication Phase• It is only concerned with identifying an entity against a known

set• Assigning a unique identifier to the entity (i.e., user name)• Using a secret (supposedly) known only to the specific entity• Alternatively, using a unique feature that characterizes the entity

Authorisation Phase• Known also as Access Control• “The prevention of unauthorized use of a resource, including

the prevention of use of a resource in an unauthorized manner”

• It assumes users have been• authenticated to the system• assigned access rights to certain resources on the system (for

instance, by an admin)

Access Control Requirements• Reliable Input• Authenticated entities• Genuine information

• Least Privilege• Entities granted minimum set of access rights

• Administrative Duties• Only a special entity should be able to manage access rights for

other entities

Access Control Refinements• Separation of Duty• Fine Vs. Coarse Specifications• Open and Closed policies• (Automated) Conflict Resolution

Access Control Elements• Subject - entity that can access objects• a process representing user/application

• Object - access controlled resource• e.g. files, directories, records, programs etc

• Access right - way in which subject accesses an object• e.g. read, write, execute, delete, create, search

Security Modules

Access Control Models• Discretionary AC (DAC)• Mandatory AC (MAC)• Role-based AC (RBAC)• Usage Control (UCON)• Policy-based Access Control

Discretionary Access Control• A means of restricting access to objects based on the identity

of subjects and/or groups to which they belong. • The controls are discretionary in the sense that a subject with a

certain access permission is capable of passing that permission on to any other subject

• Subjects are able to assign rights to other subjects on the objects they control

• Model used in operating systems and DB management systems

• Often provided using an access matrix

Access Control Matrix

Access Control List

Capability List

Capability Myths Demolished: http://srl.cs.jhu.edu/pubs/SRL2003-02.pdf

Access Matrix Details

UNIX Access Control Lists• Modern UNIX systems support ACLs• Can specify any number of additional users / groups and

associated rwx permissions• ACLs are optional extensions to std perms

Mandatory Access Control• Entities cannot enable other entities to access their resources• It enforces a lattice between labels assigned to subjects and

object• security labels: how sensitive or critical a system resource is• security clearances: which entities are eligible to access certain

resources

MAC: The Bell-LaPadula ModelThe main goal is to control the confidentiality of information

MAC Confidentiality RulesSimple Security Property: No Read-Up

Read

MAC Confidentiality Rules*(Star)property: No Write-Down

Write

MAC Confidentiality RulesStrong *(Star)-property: No Write-Down & No Write-up

Write

MAC: Biba Integrity ModelThe main goal is to control the integrity of information

MAC Integrity RulesSimple Integrity Axiom: No Read Down

Read

MAC Integrity Rules*(Star)-Integrity Axiom: No Write Up

Write

Where is MAC used• BLP: Implemented the multi-level security policy for US

Department of Defense• BIBA: Implemented in the FreeBSD MAC policy• A combined versions of BLP and BIBA is used in Android

Summary• Introduced access control principles• subjects, objects, access rights

• Discretionary Access Control• access matrix, access control lists (ACLs), capability tickets• UNIX traditional and ACL mechanisms

• Mandatory Access Control• Bell-Lapadula• Biba

Resources• Chapter 8 in Mark Stamp, Information Security: Principles and

Practice, Wiley 2011.• Matt Bishop, Computer Security: Art and Science, Addison-

Wesley 2003.

Questions?