Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology
description
Transcript of Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology
![Page 1: Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology](https://reader036.fdocuments.in/reader036/viewer/2022081501/56814f80550346895dbd32e2/html5/thumbnails/1.jpg)
Chao-Hsien Chu, Ph.D.College of Information Sciences and Technology
The Pennsylvania State UniversityUniversity Park, PA 16802
Access Control: Access Control: Part IPart I
LearningbyDoing
Theo
ry
Practi
ce
IST 515
![Page 2: Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology](https://reader036.fdocuments.in/reader036/viewer/2022081501/56814f80550346895dbd32e2/html5/thumbnails/2.jpg)
• Security Architecture• Communication Network• Systems Development• Software Security• Database Security
•Application Security•Operations Security•Web Security•Computer forensics•Disaster recovery
• Laws & Regulations•Business Continuity
• Physical Security
•Access Control•Cryptography
• Security Planning• Security Policy• Security & Risk Management
•Vulnerabilities• Threats•Risks
Human Body AnalogueHuman Body Analogue
![Page 3: Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology](https://reader036.fdocuments.in/reader036/viewer/2022081501/56814f80550346895dbd32e2/html5/thumbnails/3.jpg)
Security Policy
OrganizationalDesign
Asset Classificationand Control Access Control
Compliance
Personnel SecurityAwareness Education
Physical andEnvironmental Security
System Developmentand Maintenance
Communications &Operations Mgmt.
Business ContinuityManagement
Organizational
Operational
Secu
rity
Man
agem
ent
![Page 4: Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology](https://reader036.fdocuments.in/reader036/viewer/2022081501/56814f80550346895dbd32e2/html5/thumbnails/4.jpg)
ObjectivesObjectives
Describe the access control concepts and methodologies.
Identify access control security technologies, tools and measures.
Know the potential risks, vulnerabilities, and exposures.
Describe the auditing mechanisms for analyzing behavior, use, and contents of the information systems.
![Page 5: Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology](https://reader036.fdocuments.in/reader036/viewer/2022081501/56814f80550346895dbd32e2/html5/thumbnails/5.jpg)
ReadingsReadings1. Stallings, W. and Brown, L., Computer Security: Principles and
Practice, Prentice-Hall, 2008. Chapter 4. (Required).2. Tipton, H. and Henry, K. (Eds.), Official (ISC)2 Guide to the CISSP
CBK, Auerbach, 2007. Domain 2 (Required).3. Sandhu, R. S. and Samarati, P., “Access Control: Principles and
Practice,” IEEE Communication Magazine Sept. 1994, pp. 40-48.4. NIST, RBAC Case Studies.
http://csrc.nist.gov/groups/SNS/rbac/case_studies.html#health5. Schaad, A., Moffett, J. and Jacob, J., “The Role-Based Access
Control System of a European Bank: A Case Study and Discussion,” SACMAT 2001: 6th ACM Symposium on Access Control Models and Technologies, Chantilly, VA.
6. Evered, M. and Bögeholz, S., “A Case Study in Access Control Requirements for a Health Information System,” Australasian Information Security Workshop 2004 (AISW 2004), Dunedin, New Zealand.
![Page 6: Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology](https://reader036.fdocuments.in/reader036/viewer/2022081501/56814f80550346895dbd32e2/html5/thumbnails/6.jpg)
Security PrinciplesSecurity Principles
Confidentiality prevents unauthorized disclosure of systems and information.
Integrity prevents unauthorized modifications of systems and information.
Availability prevents disruption of service and productivity.
Access Controls are the security features that control how users and systems communicate and interact with one another.
![Page 7: Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology](https://reader036.fdocuments.in/reader036/viewer/2022081501/56814f80550346895dbd32e2/html5/thumbnails/7.jpg)
Context of Access ControlContext of Access Control
AuthorizationDatabase
AuthenticationFunction
AccessControl
Function
Auditing
User
SecurityAdministrator System
ResourcesAuthentication
AccessControl
![Page 8: Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology](https://reader036.fdocuments.in/reader036/viewer/2022081501/56814f80550346895dbd32e2/html5/thumbnails/8.jpg)
Access Controls OverviewAccess Controls Overview
Controlling access to facilities, systems, services, resources, and data is critical to any security program.
Access control is the backbone (central element) of information security
Access controls (AC) are a collection of mechanisms that work together to protect the assets of the enterprise. They help protect against threats and vulnerabilities by reducing exposure to unauthorized activities and providing access to information and systems to only those who have been approved.
![Page 9: Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology](https://reader036.fdocuments.in/reader036/viewer/2022081501/56814f80550346895dbd32e2/html5/thumbnails/9.jpg)
Access Controls OverviewAccess Controls Overview
AC enables management to:- Specify which users can access the system- Specify what resources they can access- Specify what operations they can perform- Provide individual accountability.
Access controls encompass all aspects and levels of an organization:- Facilities- Support systems- Information systems- Personnel – management, users, customers,
partners, etc.
![Page 10: Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology](https://reader036.fdocuments.in/reader036/viewer/2022081501/56814f80550346895dbd32e2/html5/thumbnails/10.jpg)
Access Control ElementsAccess Control Elements
• Subject - entity that can access objects:- A process representing user/application- Often have 3 classes: owner, group, world
• Object - access controlled resources:- e.g. files, directories, records, programs etc.- Number/type depend on the environment
• Access right - ways in which subject accesses an object:- e.g. read, write, execute, delete, create, search
![Page 11: Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology](https://reader036.fdocuments.in/reader036/viewer/2022081501/56814f80550346895dbd32e2/html5/thumbnails/11.jpg)
Example of Access PermissionsExample of Access Permissions
No Access/Null No access permission granted
Read (R) Read but make no changes
Write (W)Write to files; includes change capability
Execute (X) Execute a program
Delete (D) Delete file
Change (C)Read, write, execute and delete; may not change file permission
Full ControlAll abilities; including changing access control permission
![Page 12: Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology](https://reader036.fdocuments.in/reader036/viewer/2022081501/56814f80550346895dbd32e2/html5/thumbnails/12.jpg)
Access Control RequirementsAccess Control Requirements
• Reliable input: All inputs to the access control system must be reliable.
• Support for fine and coarse specifications, allowing access to be regulated at the level of individual records in files, and individual fields within records.
• Least privilege. Access control should be implemented so that each entity is granted the minimum system resources and authorizations that the entity needs to do its work.
• Separation of duty. A practice of dividing the process in a system functions among different individuals so as to keep a single individual from subverting the process.
![Page 13: Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology](https://reader036.fdocuments.in/reader036/viewer/2022081501/56814f80550346895dbd32e2/html5/thumbnails/13.jpg)
Access Control RequirementsAccess Control Requirements
• Open and closed policies. The typical class of access control policies are closed policies. However, in some applications, it may also be useful to allow an open policies for some classes of resources.
• Policy combinations and conflict resolution. An access control mechanism may apply multiple policies to a given class of resources. In case, if conflict exists, a conflict resolution procedure must be defined.
• Administrative policies. Administrative policies are needed to specify who can add, delete, or modify authorization rules.
• Dual control. In some cases, a task may require two or more individuals working in tandem.
![Page 14: Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology](https://reader036.fdocuments.in/reader036/viewer/2022081501/56814f80550346895dbd32e2/html5/thumbnails/14.jpg)
Types of Access ControlsTypes of Access Controls
DiscretionaryAC Policy
MandatoryAC Policy
Role-basedAC Policy
![Page 15: Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology](https://reader036.fdocuments.in/reader036/viewer/2022081501/56814f80550346895dbd32e2/html5/thumbnails/15.jpg)
Types of Access ControlsTypes of Access Controls
Discretionary access control (DAC): A system that uses discretionary access control allows the owner of the resource to determine who has access and what privileges they have. Access control is at the discretion of the owner.
Mandatory access control (MAC): The system applies controls based on privilege (or clearance) of a subject (or user) and the sensitivity (or classification) of an object (or data). This model is used in environments where information classification and confidentiality is very important.
Role-based access control (RBAC): Control access based on the roles (functions) that users have within the system and on rules stating what accesses are allowed to users in given roles.
![Page 16: Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology](https://reader036.fdocuments.in/reader036/viewer/2022081501/56814f80550346895dbd32e2/html5/thumbnails/16.jpg)
Access Control TechniquesAccess Control Techniques
Access Control Matrix
Access Control List (ACL)
Capability Table
Content Dependent Access Control
Context Dependent Access Control
Constrained User Interfaces
Rule Based Access Control
Temporal (Time-based) Isolation
![Page 17: Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology](https://reader036.fdocuments.in/reader036/viewer/2022081501/56814f80550346895dbd32e2/html5/thumbnails/17.jpg)
Access Control MatrixAccess Control Matrix
File 1 File 2 File 3 File 4
User AOwnReadWrite
OwnReadWrite
User B ReadOwnReadWrite
Write Read
User CReadWrite Read
OwnReadWrite
Sub
ject
s
Objects
• Is a table of subjects and objects indicating what access right each individual subject has to objects.
• A matrix is a data structure that programmers implement as table lookups that will be used and enforced by the operating system.
![Page 18: Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology](https://reader036.fdocuments.in/reader036/viewer/2022081501/56814f80550346895dbd32e2/html5/thumbnails/18.jpg)
Access Control ListAccess Control List
AOwn
RW
B
R
C
RW
File 1 BOwn
RW
C
R
File 2
AOwn
RW
B
W
File 3 B
R
COwn
RW
File 4
• ACL is a list of subjects that are authorized to access a specific object and it define what levels of authorization is granted.
• It was decomposed by column from an access control matrix.
![Page 19: Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology](https://reader036.fdocuments.in/reader036/viewer/2022081501/56814f80550346895dbd32e2/html5/thumbnails/19.jpg)
Capability ListsCapability Lists
File1Own
RW
File3Own
RW
User A File1
RW
File2
R
File4Own
RW
User C
File1
R
File2Own
RW
File3
W
File4
R
User B
• A capability table specifies the access rights a certain subject processes pertaining to specific objects. A capacity can be in the form of a token, ticket or key.
• It was decomposed by row from access control matrix.
![Page 20: Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology](https://reader036.fdocuments.in/reader036/viewer/2022081501/56814f80550346895dbd32e2/html5/thumbnails/20.jpg)
Access Control ListAccess Control List
Mary:
UserMary Directory: Full control
UserBob Directory: Write
UserBruce Directory: Write
Printer 001: Execute
Bob:
UserMary Directory: Read
UserBob Directory: Full control
UserBruce Directory: Write
Printer 001: Execute
Bruce:
UserMary Directory: Null
UserBob Directory: Write
UserBruce Directory: Full control
Printer 001: Execute
Sally:
UserMary Directory: Null
UserBob Directory: Null
UserBruce Directory: Null
Printer 001: Null
ACL specifies a list of users who are allowed access to each object.
![Page 21: Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology](https://reader036.fdocuments.in/reader036/viewer/2022081501/56814f80550346895dbd32e2/html5/thumbnails/21.jpg)
Subject Access Right Object
A Own File 1
A Read File 1
A Write File 1
A Own File 3
A Read File 3
A Write File 3
B Read File 1
B Own File 2
B Read File 2
B Write File 2
B Write File 3
B Read File 4
C Read File 1
C Write File 1
C Read File 2
C Own File 4
C Read File 4
C Write File 4
Authorization Table
Sorting
Subjects
=
Capacity
Tables
Sorting
Objects
=
ACLs
![Page 22: Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology](https://reader036.fdocuments.in/reader036/viewer/2022081501/56814f80550346895dbd32e2/html5/thumbnails/22.jpg)
Extended Access Control MatrixExtended Access Control Matrix
Subjects Files ProcessesDisk
Drives
S1 S2 S3 F1 F2 P1 P2 D1 D2
S1 Control OwnerOwner
ControlRead*
Read
OwnerWakeup Wakeup Seek Owner
S2 Control Write* Execute Owner Seek*
S3 Control Write Stop
Su
bje
cts
Objects
*: Copy flag set
![Page 23: Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology](https://reader036.fdocuments.in/reader036/viewer/2022081501/56814f80550346895dbd32e2/html5/thumbnails/23.jpg)
Content Dependent Access ControlContent Dependent Access Control
Access to an object is determined by the content within the object that related to that subject.
For example, a manager has access to a payroll database, but it will only be allow to access to the records that pertain to his/her own employees, not others.
A
B
![Page 24: Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology](https://reader036.fdocuments.in/reader036/viewer/2022081501/56814f80550346895dbd32e2/html5/thumbnails/24.jpg)
Context -based Access ControlContext -based Access Control
Context-based access control differs from content-based access control in that it makes access decision based on the context of a collection of information rather than the content (sensitivity of data) within an object.
Firewalls make context-based access decisions when they collect state information on a packet before allowing it into the network.
For example, if no SYN packet has been received, firewalls will not allow the SYN/ACK packet to correlate the connection.
![Page 25: Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology](https://reader036.fdocuments.in/reader036/viewer/2022081501/56814f80550346895dbd32e2/html5/thumbnails/25.jpg)
Constrained User InterfacesConstrained User Interfaces
• Restrict user’s access abilities by not allowing them to request certain types of access, functions, information or specific system resources.
• Three major types of restricted interfaces are:
– Menus and Shells. The screen only displays the menu options that the subject is allowed to access.
– Database Views. The system only allows the subject to view the database view s/he is allowed to see.
– Physically Constrained Interfaces. The system only provides certain key on a keypad or certain touch buttons on a screen that the subject is allowed to access.
![Page 26: Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology](https://reader036.fdocuments.in/reader036/viewer/2022081501/56814f80550346895dbd32e2/html5/thumbnails/26.jpg)
Rule Based Access ControlRule Based Access Control
Uses specific rules that indicate what can and cannot happen between a subject and an object. Before a subject can access an object, it must meet a set of predefined rules.
For example, “if the user is accessing the system between Monday and Friday and between 8 AM and 5 PM, and if the user’s security clearance equals or dominates the object’s classification, then the user can access the object.”
Not necessarily identity based.
Traditionally, rule based access control has been used in MAC systems as an enforcement mechanism.
Many routers and firewalls use rules to determine which types of packets are allowed into a network or rejected.
![Page 27: Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology](https://reader036.fdocuments.in/reader036/viewer/2022081501/56814f80550346895dbd32e2/html5/thumbnails/27.jpg)
Temporal (Time-based) Isolation
• Time based access controls are those mechanisms employed at a given time for a predetermined duration.
• If a request is made for access or privileged use of information or services not in the defined time window, the process is denied.
• For example, if the access control specified only process confidential data in the morning, then any request of processing confidential data in other times is denied, although it was requested by an authorized person.
![Page 28: Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology](https://reader036.fdocuments.in/reader036/viewer/2022081501/56814f80550346895dbd32e2/html5/thumbnails/28.jpg)
Access Access Control Control
Function Function
![Page 29: Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology](https://reader036.fdocuments.in/reader036/viewer/2022081501/56814f80550346895dbd32e2/html5/thumbnails/29.jpg)
UNIX File UNIX File ConceptsConcepts
• UNIX files administered using inodes– control structure with key info on file
• attributes, permissions of a single file
– may have several names for same inode– have inode table / list for all files on a disk
• copied to memory when disk mounted
• directories form a hierarchical tree– may contain files or other directories– are a file of names and inode numbers
![Page 30: Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology](https://reader036.fdocuments.in/reader036/viewer/2022081501/56814f80550346895dbd32e2/html5/thumbnails/30.jpg)
UNIX File UNIX File Access ControlAccess Control
Owner Group Other
![Page 31: Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology](https://reader036.fdocuments.in/reader036/viewer/2022081501/56814f80550346895dbd32e2/html5/thumbnails/31.jpg)
Role-Role-Based Based Access Access ControlControl
User ObjectRole
Many to one
One to
many
Many to one
One to
many
![Page 32: Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology](https://reader036.fdocuments.in/reader036/viewer/2022081501/56814f80550346895dbd32e2/html5/thumbnails/32.jpg)
RBAC ModelsRBAC Models
![Page 33: Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology](https://reader036.fdocuments.in/reader036/viewer/2022081501/56814f80550346895dbd32e2/html5/thumbnails/33.jpg)
Define Users to Roles RelationshipDefine Users to Roles Relationship
Roles
R1 R2 Rn
U1 X
U2 X
U3 X X
U4 X
U5 X
U6 X
Um X
Use
rs
…
…
(Many to Many)
![Page 34: Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology](https://reader036.fdocuments.in/reader036/viewer/2022081501/56814f80550346895dbd32e2/html5/thumbnails/34.jpg)
Define Roles to Resources RelationshipDefine Roles to Resources Relationship
Objects
R1 R2 Rn F1 F2 P1 P2 D1 D2
R1 Control OwnerOwner
ControlRead*
Read
OwnerWakeup Wakeup Seek Owner
R2 Control Write* Execute Owner Seek*
Rn Control Write Stop
Rol
es…
(Many to Many)
*: Copy flag set
![Page 35: Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology](https://reader036.fdocuments.in/reader036/viewer/2022081501/56814f80550346895dbd32e2/html5/thumbnails/35.jpg)
NIST RBAC ModelNIST RBAC Model
![Page 36: Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology](https://reader036.fdocuments.in/reader036/viewer/2022081501/56814f80550346895dbd32e2/html5/thumbnails/36.jpg)
RBAC Administration for a BankRBAC Administration for a Bank
![Page 37: Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology](https://reader036.fdocuments.in/reader036/viewer/2022081501/56814f80550346895dbd32e2/html5/thumbnails/37.jpg)
To be Continued
This is the end of part I of the lecture. Please continue to review part II.