1 / 26

G53SEC

G53SEC. Access Control principals, objects and their operations. 1. G53SEC. Overview of Today’s Lecture: Authentication and Authorisation Access Operations Ownership Access Control Structures Access Control Matrix Capabilities Access Control List Intermediate Controls.

sorrells
Download Presentation

G53SEC

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. G53SEC Access Control principals, objects and their operations 1

  2. G53SEC • Overview of Today’s Lecture: • Authentication and Authorisation • Access Operations • Ownership • Access Control Structures • Access Control Matrix • Capabilities • Access Control List • Intermediate Controls 2

  3. G53SEC • Background: • Logged on • Protect your files • Some are private and some public • Language needed to express this • Mechanisms needed to enforce it 3

  4. G53SEC • Authentication and Authorisation: • Subject/Principal - an active entity • Object - being accessed • Access operation • Reference monitor – grants or denies access principal reference monitor object operation 4

  5. G53SEC • continued… • Access Control - 2 steps • Authentication – who requested access? • Authorisation – who is allowed to access x? • Subject – operates on behalf of principals (human users) • Principal – a name associated with a subject 5

  6. G53SEC • Principal vs. Subject: • Principal - • “An entity that can be granted access to objects or can make statements affecting access control decisions” • e.g. user identity in an OS • - when discussing security policies • Subject – • “An active entity within an IT system” • e.g. process running under a user identity • - when discussing operational systems enforcing policies 6

  7. G53SEC • Subject vs. Object: • Object – files or resources (memory, printers, etc…) • Not a clear distinction between the two • Subjects and Objects merely distinguish between the active and passive party in an access request • Two options of focusing control: • what a subject is allowed to do • what may be done with an object 7

  8. G53SEC • Access Operations: • from reading and writing to method calls • various systems use different access operations • sometimes similar operations have different meanings • Access Modes • Observe – look at contents of an object • Alter – change contents of an object 8

  9. G53SEC • Access Operations: • Access Rights – Bell-LaPadula model • execute, read, append, write • operates on files only • Access Attributes – Multics OS • distinguishes between data and directory access attributes • write = append (Bell-LaPadula) 9

  10. G53SEC • Continued… • Unix • read – reading from a file / list contents of dir • write – writing to a file / create, rename file in dir • execute – executing a (program) file/ search dir • Windows - (standard permissions) • read control • delete • write DACL (modify access control list) • write owner (modify owner of a resource) • synchronise 10

  11. G53SEC • Ownership: • Who is in charge of setting security policies? • Owner can be defined for each resource • Owner decides who gets access (discretionary policy) • or • A system wide policy (mandatory policy) • Most OSs support the concept of ownership 11

  12. G53SEC • Access Control Structures: • Help express access control policy • A way to check that policy is captured correctly • Access Control Matrix • Capabilities • Access Control Lists 12

  13. G53SEC • Access Control Matrix: • Access rights defined individually for each combination of subject and object • An abstract concept • Not very suitable direct implementation • Not very scalable 13

  14. G53SEC • Capabilities: • Access rights kept with subject or object • Every subject is given a capability • Capability – an un-forgeable token specifying the subject’s access rights • Corresponds to a row in a an access control matrix • e.g. • Alice’s capability: edit.exe: execute, game.exe: execute, read; 14

  15. G53SEC • Capabilities: • Typically associated with discretionary access control • Subject can pass on its capabilities • Not a widely used security mechanism • Difficult to get an overview of permissions of an object • Difficult to revoke capability 15

  16. G53SEC • Access Control List (ACL): • Access rights to an object stored with the object itself • Corresponds to the column of access control matrix • e.g. ACL for edit.exe: Alice: execute; Bill: execute; • Management of individual subjects cumbersome • Groups – derive access rights from user’s group • In Unix – user, group and others 16

  17. G53SEC • continued… • Good for managing access to objects • Overview of permissions given to users difficult • Summary • Managing access control - complex in large systems • Tedious and error prone • Subject - or Object-only based access control limited 17

  18. G53SEC • Intermediate Controls: • Problems of complexity solved by indirection • Groups • Negative Permissions • Privileges • Role-Based Access Control • Protection Rings 18

  19. G53SEC • Groups: • Users with similar access rights collected in groups • Groups are given permissions to access objects u1 u2 u3 users g1 groups o1 o2 o3 objects 19

  20. G53SEC • Negative Permission: • An access operation a user is not allowed to perform • Policy conflict – negative permission contradicts the positive one – resolved by reference monitor u1 u2 u3 users g1 groups o1 o2 o3 objects 20

  21. G53SEC • Privileges: • Collection of rights to execute certain operations • An intermediate layer between subjects and operations • Associated with operating system functions • Activities such as administration, backup, network access 21

  22. G53SEC • Role-Based Access Control (RBAC): • Privileges come predefined with OS • ARole - Collection of application specific operations • Subjects derive access rights from the role they perform • RBAC focuses on users and jobs they perform 22

  23. G53SEC • continued… • Layers (between subject and objects): • Roles – collection of procedures, assigned to users • Procedures – high level access control methods • Datatypes – each object of certain data type 23

  24. G53SEC • Protection Rings: • Hardware based access control • Each subject and object assigned a number depending on importance • Decision made by comparing subject’s and object’s numbers 3 0 – operating system kernel 1 – operating system 2 – utilities 3 – user processes 2 0 1 0 24

  25. G53SEC • Summary: • Access Control • Its structures • Next Lecture • Enforcing Access Control 25

  26. G53SEC End 26

More Related