1 / 27

Authorization and Policy

Authorization and Policy. Authorization. Is principal P permitted to perform action A on object O? Authorization system will provide yes/no answer. Access Control. Who is permitted to perform which actions on what objects? Access Control Matrix (ACM) Columns indexed by principal

alton
Download Presentation

Authorization and Policy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Authorization and Policy

  2. Authorization • Is principal P permitted to perform action A on object O? • Authorization system will provide yes/no answer

  3. Access Control • Who is permitted to perform which actions on what objects? • Access Control Matrix (ACM) • Columns indexed by principal • Rows indexed by objects • Elements are arrays of permissions indexed by action • In practice, ACMs are abstract objects • Huge and sparse • Possibly distributed

  4. Example ACM

  5. Instantiations of ACMs • Access Control Lists (ACLs) • For each object, list principals and actions permitted on that object • Corresponds to rows of ACM

  6. Instantiations of ACMs • Capabilities • For each principal, list objects and actions permitted for that principal • Corresponds to columns of ACM • The Unix file system is an example of…?

  7. Types of Access Control • Discretionary • Mandatory • Rule-based • Role-based • Originator-controlled

  8. Discretionary Access Control • Owners control access to objects • Access permissions based on identity of subject/object • E.g., access to health information

  9. Mandatory Access Control • Rules set by the system, cannot be overriden by owners • Each object has a classification and each subject has a clearance (unclassified, classified, secret, top-secret) • Rules speak about how to match categories and classifications • Access is granted on a match

  10. Role-Based Access Control • Ability to access objects depends on one’s role in the organization • Roles of a user can change • Restrictions may limit holding multiple roles simultaneously or within a session, or over longer periods. • Supports separation of roles • Maps to organization structure

  11. Authorization • Final goal of security • Determine whether to allow an operation • Depends upon • Policy • Authentication

  12. Policy • Policy defines what is allowed and how the system and security mechanisms should act • Policy is enforced by mechanism which interprets it, e.g. • Firewalls • IDS • Access control lists • Implemented as • Software (which must be implemented correctly and without vulnerabilities)

  13. Policy models: Bell-LaPadula • Focuses on controlled access to classified information and on confidentiality • No concern about integrity • The model is a formal state transition model of computer security policy • Describes a set of access control rules which use security classification on objects and clearances for subjects • To determine if a subject can access an object • Combine mandatory and discretionary AC (ACM) • Compare object’s classification with subject’s clearance (Top Secret, Secret, Confid., Unclass.) • Allow access if ACM and level check say it’s OK

  14. Policy models: Bell-LaPadula • Mandatory access control rules: • a subject at a given clearance may not read an object at a higher classification (no read-up) • a subject at a given clearance must not write to any object at a lower classification (no write-down). • Trusted subjects – the “no write-down” rule does not apply to them • Transfer info from high clearance to low clearance

  15. Intrusions

  16. Disclaimer Dangerous • Some techniques and tools mentioned in this class could be: • Illegal to use • Dangerous for others – they can crash machines and clog the network • Dangerous for you – downloading the attack code you provide attacker with info about your machine • Don’t use any such tools in real networks • Especially not on USC network • You can only use them in a controlled environment, e.g.DeterLabtestbed

  17. Intrusions • Why do people break into computers? • Fame, profit, politics • What type of people usually breaks into computers? • Used to be young hackers • Today mostly organized criminal • I thought that this was a security course. Why are we learning about attacks?

  18. Intrusion Scenario • Reconnaissance • Scanning • Gaining access at OS, application or network level • Maintaining access • Covering tracks

  19. Phase 1: Reconnaissance • Get a lot of information about intended target: • Learn how its network is organized • Learn any specifics about OS and applications running

  20. Low Tech Reconnaissance • Social engineering • Instruct the employees not to divulge sensitive information on the phone • Physical break-in • Insist on using badges for access, everyone must have a badge, lock sensitive equipment • How about wireless access? • Dumpster diving • Shred important documents

  21. Web Reconnaissance • Search organization’s web site • Make sure not to post anything sensitive • Search information onvarious mailing list archives and interest groups • Instruct your employees what info should not be posted • Find out what is posted about you • Search the Web to find all documents mentioning this company • Find out what is posted about you

  22. Whois and ARIN Databases • When an organization acquires domain name it provides information to a registrar • Public registrar files contain: • Registered domain names • Domain name servers • Contact people names, phone numbers,E-mail addresses • http://www.networksolutions.com/whois/ • ARIN database • Range of IP addresses • http://whois.arin.net/ui/

  23. Domain Name System • What does DNS do? • How does DNS work? • Types of information an attacker can gather: • Range of addresses used • Address of a mail server • Address of a web server • OS information • Comments

  24. Domain Name System • What does DNS do? • How does DNS work? • Types of information an attacker can gather: • Range of addresses used • Address of a mail server • Address of a web server • OS information • Comments

  25. Interrogating DNS – Zone Transfer Dangerous $ nslookup Default server:evil.attacker.com Address: 10.11.12.13 server 1.2.3.4 Default server:dns.victimsite.com Address: 1.2.3.4 set type=any ls –dvictimsite.com system1 1DINA 1.2.2.1 1DINHINFO “Solaris 2.6 Mailserver” 1DINMX 10 mail1 web 1DINA 1.2.11.27 1DINHINFO “NT4www”

  26. Protecting DNS • Provide only necessary information • No OS info and no comments • Restrict zone transfers • Allow only a few necessary hosts • Use split-horizon DNS

  27. Split-horizon DNS • Show a different DNS view to external and internal users InternalDNS InternalDB ExternalDNS Web server Mailserver Employees External users

More Related