1 / 30

Computer Security Access Control

Computer Security Access Control. The Orange Book. First published in 1983, the Department of Defense Trusted Computer System Evaluation Criteria , known as the Orange Book is the de facto standard for computer security today.

jaymem
Download Presentation

Computer Security Access Control

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer SecurityAccess Control

  2. The Orange Book First published in 1983, the Department of Defense Trusted Computer System Evaluation Criteria, known as the Orange Book is the de facto standard for computer security today. The Orange Book, and others in the Rainbow Series, are still the benchmark for systems produced almost two decades later, and Orange Book classifications such as C2 provide a shorthand for the base level security features of modern operating systems.

  3. Access Control Terminology • subject, object, reference monitor • access request Access request Reference monitor Subject Object

  4. Access Control We can specify • What a subject is allowed to do • Way may be done with an object

  5. Access Operations • Access modes • Observe look at the contents of an object • Alter  change the contents of an object

  6. Access Operations • Access rights & attributes • Bell-LaPadula security model Access rights execute append read write observe x x x x alter

  7. Access Operations • Unix file directory read read from a filelist directory contents Write write to a file create or rename a file in adirectory execute execute a (program) filesearch the directory Access rights are changed by my modifying the file’s entry in its directory

  8. Access Operations • Windows NT Permissions of Windows New Technology File System (NTFS) • read • write • execute • delete • change permission • change ownership One does not rely on operations on directories for deletion of files, or to change access rights.

  9. Ownership • The owner of a resource decrees who is • allowed to access it. • A system wide policy decrees who has access./

  10. Access Control Structures • Now we must state which access operations are permitted. • We do this by studying their structures. • Let • S be a set of subjects, • O a set of objects, • A a set of access operations

  11. Access Control Matrix Access rights are determined by a matrix M = (Mso)seS,oeO with MsoA The Bell-LaPadula model employs access contol matrices to model discretionary access policies of the Orange Book.

  12. Access Control Matrix An example bill.doc edit.exe fun.com Alice --- {execute} {execute, read} Bob {read,write} {execute} {execute,read,write}

  13. Access Control Matrix • Access rights can be kept with the • subjects or the • objects.

  14. Access Control Matrix Capabilities If the access rights are kept with the subjects then these are the subject’s access rights. Every subject is given a capability. Alice’s capability: edit.exe: execute; fun.com: read Bob’s capability: bill.doc: read, write; edit.exe: execute; fun.com: execute, read, write

  15. Access Control Matrix Access control lists (ACL) An ACL stores the access rights to an object with the object itself. ACLs are a typical feature of secure operating systems of the Orange Book class C2 ACL for bill.doc: Bill: read write ACL for bill.doc: Alice: execute; Bill: execute ACL for fun.com: Alice: execute, read; Bill: execute,read, write

  16. Access Control Matrix Access control lists (ACL) Management of access rights can be cumbersome. Therefore users are placed in groups, and derive access from a user’s group.

  17. Intermediate control Managing a security policy defined by an access control matrix is a complex task in large systems. There are several means of simplifying this task.

  18. Groups and negative permissions s1 s2 s3 s4 s5 subjects g1 g2 groups o3 o4 o5 o6 o1 o2 objects

  19. Groups and negative permissions s1 s2 s3 s4 s5 subjects x x g1 g2 groups o3 o4 o5 o6 o1 o2 objects

  20. Protection rings • 0 operating system kernel • operating system • utilities • user processors Each subject (or process) is assigned a number 0,1,2,3… depending on its importance.

  21. Protection rings • 0 operating system kernel • operating system • utilities • user processors 321 0

  22. Protection rings • Protection rings are mainly used for integrity protection • An example is the QNX Neutrino microkernel OS * • The Neutrino microkernel runs in ring 0 • The Neutrino process runs in ring 1 • All other programs run in ring 3 * A microkernel OS is structured as a tiny kernel that provides the minimal services used by a team of optional cooperating processes, which in turn provide the higher level OS functionality.

  23. Protection rings Unix employs a similar protection but uses only two levels

  24. Privileges s1 s2 s3 s4 s5 subjects pr1 pr2 privileges op3 op4 op5 op6 op1 op2 operations

  25. Role base access control Privileges come predefined with the OS • Roles: a collection of procedures • roles are assigned to users; a user can have many roles • Procedures: high-level access control methods. Can only be applied to objects of certain data types. • Datatypes: each object has a certain datatype and can only be accessed throuhg procedures defined for this datatype.

  26. The lattice OS Security levels The Mandatory Access Control (MAC) policies and the multi-level security policies of the Orange Book refer to security levels. top secret secret confidential unclassified

  27. A lattice {a,b,c} {a,b} {b,c} {a,c} {a} {b} {c} {0}

  28. A lattice A lattice (L, ) is a set with a partial ordering Such that for each pair of elements a,b of L there is a lub u in L and a glb v in L.

  29. An example • Let H be a set of classifications with hierarchical ordering . • Take a set of categories C, e.g. project names, company divisions, etc • A compartment is a set of categories. • A security label (level) is a pair (h,c), where h in H is the security level and c in C is a compartment.

  30. An example • The partial ordering is defined by: (h1,c1) (h2,c2) if and only if h1 h2 and c1 c2

More Related