Buy latest authentic and designer Ring online at Shree Nandita
Summary of Lecture 4 Authentication (Review). CSE2500 System Security & Privacy Access Control Srini...
-
date post
20-Dec-2015 -
Category
Documents
-
view
215 -
download
0
Transcript of Summary of Lecture 4 Authentication (Review). CSE2500 System Security & Privacy Access Control Srini...
Access Control Srini & Nandita 2
CSE2500 System Security & Privacy
Authentication means
to establish the proof of identity. Authentication techniques may vary
depending on the kind of resource being accessed.
The various kinds of access can be classified into– user-to-host– host-to-host– user(or process) –to – user (process)
Access Control Srini & Nandita 3
CSE2500 System Security & Privacy
Authentication is done by
by something you are (SYA) by something you know (SYK) by something you have (SYH)
– SYA is more reliable and accurate compared to SYH.
Access Control Srini & Nandita 4
CSE2500 System Security & Privacy
Authentication
SYK is the most commonly used end-user authentication (user to systems).– e.g: user name and password.
Can also be applied to programs that exchange the data over the network without human intervention.
The strength of SYK authentication depends on whether what is known is a secret, and can be kept as a secret.
Access Control Srini & Nandita 5
CSE2500 System Security & Privacy
User-to-Host authentication
Typical methods are– static passwords– challenge and response– one-time passwords– trusted third parties
Access Control Srini & Nandita 6
CSE2500 System Security & Privacy
Today’s lecture will be
So far we have discussed how to authenticate user to host.
Once user is logged on the system, we need a mechanisms to control the access of objects (such as files, programs, processes,etc.) within the system.
Access Control Srini & Nandita 8
CSE2500 System Security & Privacy
Fundamental Model of Access Control
subject Access request Reference
Monitorsobject
Access Control Srini & Nandita 9
CSE2500 System Security & Privacy
Controlling Access Access control policy: what can be used to
indicate who is allowed to do what to/with whom on the system.
Who is who ? Subject is what we call active entities(processes, users, other computers) that want to
“do something” The what the subject does with the object can
be just about anything, and it may be multi-part. Typical manipulations include READ, MODIFY,
CREATE, CHANGE, DELETE
Access Control Srini & Nandita 10
CSE2500 System Security & Privacy
Access Control Policy Access right or privilege:
– An indication that a SUBJECT may legitimately use a specific type of ACCESS or MANIPULATION with respect to a particular OBJECT or set of OBJECTS.
The underlying system itself determines which primitive (or bottom level) access rights are available for which user/object combinations
Access Control Srini & Nandita 11
CSE2500 System Security & Privacy
Levels of Access Control
Application Middleware Operating system Hardware
Access Control Srini & Nandita 12
CSE2500 System Security & Privacy
Operating System Access Controls
Authenticate prinicipals/users– Passwords– Kerberos
Mediate access– Files– Communication ports– System resources
Access Control Srini & Nandita 13
CSE2500 System Security & Privacy
Models of Security
Need for a model– High assurance security system
What a model supposed to do?– Express the security policy in a formal way– Describe the entities governed by the policy– State the rules that decide who gets access to
your data
Scope and limitations of models
Access Control Srini & Nandita 14
CSE2500 System Security & Privacy
Security Models : Bell-LaPadula
– The Bell-LaPadula model is about information confidentiality, and this model formally represents the long tradition of attitudes to the flow of information concerning national secrets.
– Multi-level security (MLS)
Access Control Srini & Nandita 15
CSE2500 System Security & Privacy
Security Models: Chinese Wall
– Large consultancies can easily find there are conflicts of interest if individual consultants are given access to all information held by the consultancy. Chinese Wall models a particular way of restricting information flow.
Access Control Srini & Nandita 16
CSE2500 System Security & Privacy
Security Models : Biba We need models – continued Based on the Cold War experiences,
information integrity is also important, and the Biba model, complementary to Bell-LaPadula, is based on the flow of information where preserving integrity is critical.
Access Control Srini & Nandita 17
CSE2500 System Security & Privacy
Security Models: Clarke-Wilson
In the commercial sphere, the need is to engage in well-formed transactions which can only be undertaken by authorised personnel, and the Clarke-Wilson model is an attempt to formally model a policy based on well-formed transactions.
Access Control Srini & Nandita 18
CSE2500 System Security & Privacy
Possible Access Control Mechanisms are Control Matrix Control lists Groups and Roles Extension to Distributed (+file) Systems
Access Control Srini & Nandita 19
CSE2500 System Security & Privacy
Access Control Matrix
Object
Users
Operating system
Accounts Program
Accounting Data
Audit Trail
Sam rwx rwx rw r
Alice x x rw -
Bob rx r r r
Access Control Srini & Nandita 20
CSE2500 System Security & Privacy
Example Access Control Matrix for Bookkeeping
Operating system
Accounts Program
Accounting Data
Audit Trail
Sam rwx rwx r r
Alice rx x - -
Accounts program
rx r rw w
Bob rx r r r
Srini rx r r r
Access Control Srini & Nandita 21
CSE2500 System Security & Privacy
Access Control Matrices
2/3 dimensions used to implement protection mechanisms and model them
Do not scale well– A bank with 50,000 staff & 300 objects
15million entries– Update and performance problem– Prone to administrators’ mistakes
A more compact way is required
Access Control Srini & Nandita 22
CSE2500 System Security & Privacy
Groups and Roles
Group is a list of users/principals-- categories
Role is a fixed set of access permissions that one or more principals may assume
Group manager is a rank while the role of acting manager can be taken up by an assistant accountant standing in while the manager, deputy manager and accountant are all sick
Access Control Srini & Nandita 23
CSE2500 System Security & Privacy
Let us look at the example once againOperating
systemAccounts Program
Accounting Data
Audit Trail
Sam rwx rwx r r
Alice rx x - -
Accounts program
rx r w w
Bob rx r r r
Srini rx r r r
Access Control Srini & Nandita 24
CSE2500 System Security & Privacy
ACLs per subject(Capabilities list)
Sam
rwx
rwx
r
r
Alice
rx
x
-
-
Acc.pgm
rx
r
rw
w
Bob
rx
r
r
r
Srini
rx
r
r
r
User
OS
A/C Prgm
A/C Data
Audit trail
Access Control Srini & Nandita 25
CSE2500 System Security & Privacy
Access Control Lists
User Accounting Data
Sam rw
Alice rw
Bob r
Srini r
Access Control Srini & Nandita 26
CSE2500 System Security & Privacy
Access Control Lists/Capabilities
How do you modify the entries in the lists?– add a new entry– delete an existing entry– modify the access right to an object?
Access Control Srini & Nandita 27
CSE2500 System Security & Privacy
Access Control Triples
Subject Object Access r, w, x, ?
Access Control Srini & Nandita 28
CSE2500 System Security & Privacy
Capabilities While ACLs are kept by the
O/S,capabilities are kept by the subject. Capabilities give the possessor (of the
token) certain rights to an object Capabilities do not require authentication
of subjects, but do require that the token be unforgeable (encrypted or in inaccessible storage) and that the propagation of capabilities be controlled.
Access Control Srini & Nandita 29
CSE2500 System Security & Privacy
Access Control lists (cont.)
Users manage their own file security, Unix Data-oriented protection, for centrally set access
control policy OS checks the ACL at each file access Not efficient security checking at runtime, though
simple to implement Tedious to find all files to which a user has access
or perform system-wide checks
Access Control Srini & Nandita 30
CSE2500 System Security & Privacy
Let us look at an example of ACL implementations UNIX NT
Access Control Srini & Nandita 31
CSE2500 System Security & Privacy
Unix Operating System Security
Superuser account on Unix is root – UID (user identifier) equal to ‘0’
The superuser can effectively do anything within the system
Superuser password is the most valuable password in the system
Don’t share the superuser password outside the administrative group.
Access Control Srini & Nandita 32
CSE2500 System Security & Privacy
Basic file security-rw-rw-r-- 1 root sys 1344 Jul 2 22:57 /etc/vfstab
Owner
Group
-rwxrwxrwx Owner permissions
-rwxrwxrwx Group permissions
-rwxrwxrwx Other permissions
Others
Access Control Srini & Nandita 33
CSE2500 System Security & Privacy
Basic file security Important system files must have appropriate file
permissions e.g:
-r--r--r-- 1 root other /etc/passwd-r-------- 1 root sys /etc/shadow-rw-r--r-- 1 root sys /etc/profile drwxr-xr-x 18 root sys /usr
A finer granularity of file permissions can be achieved with access control lists (ACLs), e.g. AIX, HP-UX.
Access Control Srini & Nandita 34
CSE2500 System Security & Privacy
Unix Operating System Security(cont.)
A common defense against root compromise by hackers -- is system log to a printer in a locked room or to another machine/server, eg. Berkeley, FreeBSD
ACLs have only names of users, not of programs
Indirect method => suid and sgid file attributes
Access Control Srini & Nandita 35
CSE2500 System Security & Privacy
SUID and SGID Security
Owner of a program can mark it as suid, enabling a user, special privileges of access control attributes
sgid for groups What is the security issue here?
Access Control Srini & Nandita 36
CSE2500 System Security & Privacy
SUID and SGID Security(cont.)
SUID root programs are particularly vulnerable to attack.
If it is possible to subvert the program in some way, then root access can be gained.
A very well known method of such subversion is the buffer overflow.
Buffer overflow vulnerability results from bad coding practices on the part of the original programmer of the SUID root program!