Access Control Part 1 CCM 4350
|
|
- Candice Martin
- 6 years ago
- Views:
Transcription
1 Access Control Part 1 CCM 4350
2 Overview of Access Control Lectures Three Lectures on Access Control following D. Gollmann. Computer Security. Wiley: Chapter 4. Part 1: Authorisation and Access Operation Examples Unix, Multics Access Control Matrix: ACL and Capabilities Part 2: Groups (RBAC), Intermediate Layers Part 3: Structure of Access Control, MLS 2
3 Preliminary Remarks Computer systems and their use have changed over the last three decades. Traditional multi-user systems provide generic services to their users and do not know about the meaning of files they handle. PC systems support individual users in their jobs. Access operations are complex and application specific. Users are not interested in the details of how their programs are executed. 3
4 Preliminary Remarks This lecture will look at the access control (authorisation) part of computer security. Traditional access control as found in operating systems like Windows or Unix. Cover the concepts typically used in defining automated security policies at that level. Keep in mind that these concepts were developed to support organisational policies in closed organizations (enterprises). 4
5 Authentication & Access Control authentication s authorisation o ACL principal access request reference object monitor B. Lampson, M. Abadi, M. Burrows, E. Wobber: Authentication in Distributed Systems: Theory and Practice, ACM Transactions on Computer Systems, 10(4), pages ,
6 Authorisation An active entity, called principal or subject, requests access to a passive entity, called object. Authorisation: The reference monitor decides whether access is granted or denied. What does the reference monitor do? The reference monitor has to find and evaluate the (automated) security policy relevant for the current request. User identities are one of the parameters considered in security policies. 6
7 Principals and Subjects Principal and subject are both used to denote the active entity in an access operation. Use subject more common The word principal has many different meanings and is the source of much confusion. Subjects operate on behalf of human users we call principals, and access is based on the principal s name bound to the subject in some un-forgeable manner at authentication time. Because access control structures identify principals, it is important that principal names be globally unique, humanreadable and memorable, easily and reliably associated with known people. [M. Gasser, 1990] 7
8 My Recommendation Policy: A principal is an entity that can be granted access to objects or can make statements affecting access control decisions. Example: a user ID System: Subjects operate on behalf of (human users we call) principals; access is based on the principal s name bound to the subject in some unforgeable manner at authentication time. Example: a process (running under a user ID) 8
9 Basic Terminology Subject/Principal: active entity user or process. Object: passive entity file or resource. Access operations: vary from basic memory access (read, write) to method calls in an objectoriented system. Comparable systems may use different access operations or attach different meanings to operations which appear to be the same. 9
10 Approaches to Authorisation Subjects and objects provide a different focus of control (first design principle): What is the principal allowed to do? What may be done with an object? Traditionally, multi-user operating systems manage files and resources, i.e. objects; access control takes the second approach. Application oriented IT systems, like database management systems, direct services to the user and often control actions of principals. 10
11 Access Operations On the most elementary level, a subject may observe an object, or alter an object. With these basic access modes we can express some fundamental policies. For practical purposes a richer set of operations is more convenient. We will give a few examples for richer sets of access operations; note how certain terms are used with different meanings. 11
12 Elementary Access Operations The Bell-LaPadula model (see forthcoming lecture) has four access rights: execute read append, also called blind write write Mapping between access rights and access modes. observe alter execute append X read X write X X 12
13 Rationale In a multi-user O/S, users open files to get access. Files are opened for read or for write access so that the O/S can avoid conflicts like two users simultaneously writing to the same file. Write access usually includes read access. A user editing a file should not be asked to open it twice. Hence, the write right includes observe and alter mode. Few systems implement append. Allowing users to alter an object without observing its content is rarely useful (exception: audit log). A file can be used without being opened (read). Example: use of a cryptographic key. This can be expressed by an execute right that includes neither observe nor alter mode. 13
14 Multics Multics has access attributes for data segments and access attributes for directory segments; the access attributes are given with their mapping onto the Bell-LaPadula access rights e, r, a, w Data segments Directory segments read r status r execute e, r search e read and write w status & modify w write a append a 14
15 Unix Three access operations: read: from a file write: to a file execute: a file Access operations applied to a directory: read: list contents write: create or rename files in the directory execute: search directory These operations differ from the Bell-LaPadula model. Unix write access does not imply read access. Moral: Do not use your own intuition when interpreting access operations someone else has defined! 15
16 More Access Rights Policies for creating and deleting files can be expressed by access controls on the directory (Unix) specific create and delete rights (Windows, OpenVMS) Policies for defining security settings such as access rights could be handled similarly: access control on the directory specific rights like grant and revoke Rights in CORBA: get, set, use, manage 16
17 Who Sets the Policy? Security policies specify how principals are given access to objects. Two options for deciding who is in charge of setting the policy: The owner of a resource decrees who is allowed access. Such policies are called discretionary as access control is at the owner s discretion. A system wide policy decrees who is allowed access. Such policies are called mandatory. Warning: There exist other interpretations of discretionary and mandatory. 17
18 Access Control Structures Requirements on access control structures: The access control structure should help to express your desired access control policy. You should be able to check that your policy has been captured correctly. Access rights can be defined individually for each combination of subject and object. For large numbers of subjects and objects, such structures are cumbersome to manage. Intermediate levels of control are preferable. 18
19 Access Control Matrix We specify for each combination of subject and object the operations that are permitted. S set of subjects O set of objects A set of access operations Access control matrix: M = (M so ) s S,o O The matrix entry M so A specifies the operations subject s may perform on object o. You can visualize the matrix as a (big) table. 19
20 Access Control Matrix When all your users (principals) are know individually, you can express your policy in an access control matrix, with a row for each principal and a column for each object bill.doc edit.exe fun.com Alice - {exec} {exec,read} Bob {read,write} {exec} {exec,read,write} 20
21 Access Control Matrix continued The access control matrix is an abstract concept, not very suitable for direct implementation, not very convenient for managing security. How do you answer the question: Has your security policy been implemented correctly? Bell-LaPadula (Orange Book): access control matrix defines discretionary access control (DAC). Warning: This use of discretionary differs from the one given some slides earlier. 21
22 Capabilities Focus on the subject: access rights are stored with the subject capabilities rows of the access control matrix Alice edit.exe: {exec} fun.com: {exec,read} Subjects may grant rights to other subjects. Subjects may grant the right to grant rights. How to check who may access a specific object? How to revoke a capability? Distributed system security has created renewed interest in capabilities. 22
23 Access Control Lists (ACLs) Focus on the object: access rights are stored with the object. ACLs columns of the access control matrix. fun.com Alice: {exec} Bill: {exec,read,write} How to check access rights of a specific subject? ACLs are implemented in most commercial operating systems but their actual use is limited. Referring to individual users in a policy works best within organisations. A management overhead has to be paid. 23
24 Summary Principals and Subjects Authorisation and Access Operations OS examples: Multics, Unix Implementing the Access Control Matrix Access Control Lists (ACL) Capabilities Next: Access Control Part 2: Groups, Intermediate Layers 24
25 Further Reading Denning, D.E.: Cryptography and Security, Addison- Wesley, 1982 Lampson, B., Abadi, M., Burrows, M., Wobber, E.: Authentication in Distributed Systems: Theory and Practice, ACM Transactions on Computer Systems, vol. 10, 1992, pages Sandhu, R.S. and Coyne, E.J. and Feinstein, H.L. Youman, C.E.: Role-Based Access Control Models, IEEE Computer, vol. 29, February 1996, pages Sandhu, R.S.: Lattice-Based Access Control Models, IEEE Computer, vol. 26, November 1993, pages
Access Control (slides based Ch. 4 Gollmann)
Access Control (slides based Ch. 4 Gollmann) Preliminary Remarks Computer systems and their use have changed over the last three decades. Traditional multi-user systems provide generic services to their
More informationComputer Security 3e. Dieter Gollmann. Chapter 5: 1
Computer Security 3e Dieter Gollmann www.wiley.com/college/gollmann Chapter 5: 1 Chapter 5: Access Control Chapter 5: 2 Introduction Access control: who is allowed to do what? Traditionally, who is a person.
More informationAccess Control Part 3 CCM 4350
Access Control Part 3 CCM 4350 Today s Lecture Repetition of Structuring Access Control Fresh up notions of Partial Orders Again Example of Groups ordering for VSTa- Microkernel abilities as Motivation
More informationCCM Lecture 12. Security Model 1: Bell-LaPadula Model
CCM 4350 Lecture 12 Security Model 1: Bell-LaPadula Model Why Security Models? When we have implemented a security policy, do we know that it will (and can) be enforced? E.g., if policies get too intricate,
More informationComputer Security. Access control. 5 October 2017
Computer Security Access control 5 October 2017 Policy and mechanism A security policy is a statement of what is, and what is not, allowed. A security mechanism is a method, tool or procedure for enforcing
More informationAccess Control. Discretionary Access Control
Access Control Discretionary Access Control 1 Outlines Access Control Discretionary Access Control (DAC) Mandatory Access Control (MAC) Role-Based Access Control (RBAC) 2 Access Control Access control
More informationAccess Control. Dr George Danezis
Access Control Dr George Danezis (g.danezis@ucl.ac.uk) Resources Key paper: Carl E. Landwehr: Formal Models for Computer Security. ACM Comput. Surv. 13(3): 247-278 (1981) See references to other optional
More informationAccess Control Models
Access Control Models Dr. Natarajan Meghanathan Associate Professor of Computer Science Jackson State University E-mail: natarajan.meghanathan@jsums.edu Access Control Models Access Control to regulate
More informationAccess control models and policies. Tuomas Aura T Information security technology
Access control models and policies Tuomas Aura T-110.4206 Information security technology 1. Access control 2. Discretionary AC 3. Mandatory AC 4. Other AC models Outline 2 ACCESS CONTROL 3 Access control
More informationAccess Control Mechanisms
Access Control Mechanisms Week 11 P&P: Ch 4.5, 5.2, 5.3 CNT-4403: 26.March.2015 1 In this lecture Access matrix model Access control lists versus Capabilities Role Based Access Control File Protection
More informationCIS 5373 Systems Security
CIS 5373 Systems Security Topic 3.2: OS Security Access Control Endadul Hoque Slide Acknowledgment Contents are based on slides from Ninghui Li (Purdue), John Mitchell (Stanford), Bogdan Carbunar (FIU)
More informationAccess Control. Access Control: enacting a security policy. COMP 435 Fall 2017 Prof. Cynthia Sturton. Access Control: enacting a security policy
Access Control: enacting a security policy Access Control COMP 435 Fall 2017 Prof. Cynthia Sturton Which users can access which resources and with which rights 2 Access Control: enacting a security policy
More informationP1L5 Access Control. Controlling Accesses to Resources
P1L5 Access Control Controlling Accesses to Resources TCB sees a request for a resource, how does it decide whether it should be granted? Authentication establishes the source of a request Authorization
More informationChapter 7: Hybrid Policies
Chapter 7: Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Slide #7-1 Overview Chinese Wall Model Focuses on conflict of interest CISS Policy Combines
More informationOverview. Evolution of Access Control in Commercial Products. Access Control is Different from other Mechanisms. Security Policies
Overview Evolution of Access Control in Commercial Products Policies, Models and Techniques David Ferraiolo National Institute of Standards and Technology 301-975-3046 dferraiolo@nist.gov Practical View
More informationA Survey of Access Control Policies. Amanda Crowell
A Survey of Access Control Policies Amanda Crowell What is Access Control? Policies and mechanisms that determine how data and resources can be accessed on a system. The Players Subjects Objects Semi-objects
More informationCS 356 Lecture 7 Access Control. Spring 2013
CS 356 Lecture 7 Access Control Spring 2013 Review Chapter 1: Basic Concepts and Terminology Integrity, Confidentiality, Availability, Authentication, and Accountability Types of threats: active vs. passive,
More informationDiscretionary Access Control (DAC)
CS 5323 Discretionary Access Control (DAC) Prof. Ravi Sandhu Executive Director and Endowed Chair Lecture 7 ravi.utsa@gmail.com www.profsandhu.com Ravi Sandhu 1 Authentication, Authorization, Audit AAA
More informationProtection. CSE473 - Spring Professor Jaeger. CSE473 Operating Systems - Spring Professor Jaeger
Protection CSE473 - Spring 2008 Professor Jaeger www.cse.psu.edu/~tjaeger/cse473-s08/ Protection Protect yourself from untrustworthy users in a common space They may try to access your resources Or modify
More informationRBAC: Motivations. Users: Permissions:
Role-based access control 1 RBAC: Motivations Complexity of security administration For large number of subjects and objects, the number of authorizations can become extremely large For dynamic user population,
More informationAccess control models and policies
Access control models and policies Tuomas Aura T-110.4206 Information security technology Aalto University, autumn 2011 1. Access control 2. Discretionary AC 3. Mandatory AC 4. Other AC models Outline
More informationSecurity Models Trusted Zones SPRING 2018: GANG WANG
Security Models Trusted Zones SPRING 2018: GANG WANG Access Control Slides credit to Ethan L. Miller and Scott A. Brandt Protection Domains Three protection domains Each lists objects with permitted operations
More informationModule 4: Access Control
Module 4: Access Control Dr. Natarajan Meghanathan Associate Professor of Computer Science Jackson State University, Jackson, MS 39232 E-mail: natarajan.meghanathan@jsums.edu Access Control In general,
More informationComputer Security Operating System Security & Access Control. Dr Chris Willcocks
Computer Security Operating System Security & Access Control Dr Chris Willcocks Lecture Content Access Control ACMs ACLs Introduction to *NIX security - we ll cover this more due to server popularity -
More informationInformation Security Theory vs. Reality
Information Security Theory vs. Reality 0368-4474-01, Winter 2011 Lecture 4: Access Control Eran Tromer 1 Slides credit: John Mitchell, Stanford course CS155, 2010 Access control Assumptions System knows
More informationLast time. User Authentication. Security Policies and Models. Beyond passwords Biometrics
Last time User Authentication Beyond passwords Biometrics Security Policies and Models Trusted Operating Systems and Software Military and Commercial Security Policies 9-1 This time Security Policies and
More informationWeek 10 Part A MIS 5214
Week 10 Part A MIS 5214 Agenda Project Authentication Biometrics Access Control Models (DAC Part A) Access Control Techniques Centralized Remote Access Control Technologies Project assignment You and your
More informationDiscretionary Vs. Mandatory
Discretionary Vs. Mandatory Discretionary access controls (DAC) Privilege propagated from one subject to another Possession of an access right is sufficient to access the object Mandatory access controls
More informationWe ve seen: Protection: ACLs, Capabilities, and More. Access control. Principle of Least Privilege. ? Resource. What makes it hard?
We ve seen: Protection: ACLs, Capabilities, and More Some cryptographic techniques Encryption, hashing, types of keys,... Some kinds of attacks Viruses, worms, DoS,... And a distributed authorization and
More informationProtecting Information Assets - Week 10 - Identity Management and Access Control. MIS 5206 Protecting Information Assets
Protecting Information Assets - Week 10 - Identity Management and Access Control MIS5206 Week 10 Identity Management and Access Control Presentation Schedule Test Taking Tip Quiz Identity Management and
More informationAccess control models and policies
Access control models and policies Tuomas Aura T-110.4206 Information security technology Aalto University, autumn 2013 1. Access control 2. Discretionary AC 3. Mandatory AC 4. Other AC models Outline
More informationSecure Architecture Principles
CS 155 Spring 2016 Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Acknowledgments: Lecture slides are from
More information? Resource. Announcements. Access control. Access control in operating systems. References. u Homework Due today. Next assignment out next week
Announcements Access control John Mitchell u Homework Due today. Next assignment out next week u Graders If interested in working as grader, send email to Anupam u Projects Combine some of the project
More informationOperating Systems Security Access Control
Authorization and access control Operating Systems Security Access Control Ozalp Babaoglu From authentication to authorization Once subjects have been authenticated, the next problem to confront is authorization
More informationData Security and Privacy. Unix Discretionary Access Control
Data Security and Privacy Unix Discretionary Access Control 1 Readings for This Lecture Wikipedia Filesystem Permissions Other readings UNIX File and Directory Permissions and Modes http://www.hccfl.edu/pollock/aunix1/filepermissions.htm
More informationSecure Architecture Principles
Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Original slides were created by Prof. John Mitchel 1 Secure
More informationSecure Architecture Principles
CS 155 Spring 2016 Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Acknowledgments: Lecture slides are from
More informationComplex Access Control. Steven M. Bellovin September 10,
Complex Access Control Steven M. Bellovin September 10, 2013 1 Access Control Matrix List all proceses and files in a matrix Each row is a process ( subject ) Each column is a file ( object ) Each matrix
More informationAccess Control. Discretionary Access Control
Access Control Discretionary Access Control 1 Access Control Access control is where security engineering meets computer science. Its function is to control which (active) subject have access to a which
More informationInformation Security CS 526
Information Security CS 526 Topic 23: Role Based Access Control CS526 Topic 23: RBAC 1 Readings for This Lecture RBAC96 Family R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman. Role-Based Access
More informationCSE 127: Computer Security. Security Concepts. Kirill Levchenko
CSE 127: Computer Security Security Concepts Kirill Levchenko October 3, 2014 Computer Security Protection of systems against an adversary Secrecy: Can t view protected information Integrity: Can t modify
More informationLampson, Abadi, Burrows and Wobber. Authentication: Theory and Practice, Taos OS ACM TOCS 1992, 1994
Lampson, Abadi, Burrows and Wobber Authentication: Theory and Practice, Taos OS ACM TOCS 1992, 1994 Logic (1) 1. K says S ( A and B ) says S ( A says S ) and ( B says S ) if A = B, then ( A says S ) (
More informationAccess Control. Steven M. Bellovin September 13,
Access Control Steven M. Bellovin September 13, 2016 1 Security Begins on the Host Even without a network, hosts must enforce the CIA trilogy Something on the host the operating system aided by the hardware
More informationAccess Control. Protects against accidental and malicious threats by
Access Control 1 Access Control Access control: ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions Protection objects: system resources for which protection
More informationAccess Control. Steven M. Bellovin September 2,
Access Control Steven M. Bellovin September 2, 2014 1 Security Begins on the Host Even without a network, hosts must enforce the CIA trilogy Something on the host the operating system aided by the hardware
More informationPolicy vs. Mechanism. Example Reference Monitors. Reference Monitors. CSE 380 Computer Operating Systems
Policy vs. Mechanism CSE 380 Computer Operating Systems Instructor: Insup Lee and Dianna Xu University of Pennsylvania Fall 2003 Lecture Note: Protection Mechanisms q Access control policy is a specification
More informationCSCI 420: Mobile Application Security. Lecture 7. Prof. Adwait Nadkarni. Derived from slides by William Enck, Patrick McDaniel and Trent Jaeger
CSCI 420: Mobile Application Security Lecture 7 Prof. Adwait Nadkarni Derived from slides by William Enck, Patrick McDaniel and Trent Jaeger 1 cryptography < security Cryptography isn't the solution to
More informationCSE 380 Computer Operating Systems
CSE 380 Computer Operating Systems Instructor: Insup Lee and Dianna Xu University of Pennsylvania Fall 2003 Lecture Note: Protection Mechanisms 1 Policy vs. Mechanism q Access control policy is a specification
More informationCS590U Access Control: Theory and Practice. Lecture 12 (February 23) Role Based Access Control
CS590U Access Control: Theory and Practice Lecture 12 (February 23) Role Based Access Control Role-Based Access Control Models. R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman. IEEE Computer,
More informationCPSC 481/681 SPRING 2006 QUIZ #1 7 MAR 2006 NAME:
CPSC 481/681 SPRING 2006 QUIZ #1 7 MAR 2006 NAME: There are 6 questions on this quiz. Each question is individually weighted. If you do not understand the question, please ask for clarification. 1 I. (24
More informationCIS433/533 - Introduction to Computer and Network Security. Access Control
CIS433/533 - Introduction to Computer and Network Security Access Control Professor Butler Winter 2011 Computer and Information Science Trusted Computing Base The trusted computing base is the infrastructure
More informationSupporting Relationships in Access Control Using Role Based Access Control
Supporting Relationships in Access Control Using Role Based Access Control John Barkley National Institute of Standards and Technology jbarkley@nist.gov Konstantin Beznosov Baptist Health Systems of South
More informationSecure Architecture Principles
CS 155 Spring 2017 Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Secure Architecture Principles Isolation
More informationAccess Control. Tom Chothia Computer Security, Lecture 5
Access Control Tom Chothia Computer Security, Lecture 5 The Crypto Wars 1993-1996: Clipper chip considered in US congress and rejected. Due partly to Matt Blaze s analysis and strongly attack by John Kerry
More informationAccess Control. Access control: ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions
Access Control 1 Access Control Access control: ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions Protection objects: system resources for which protection
More informationCCM Lecture 14. Security Models 2: Biba, Chinese Wall, Clark Wilson
CCM 4350 Lecture 14 Security Models 2: Biba, Chinese Wall, Clark Wilson Introduction Bell-LaPadula model designed to capture a specific military security policy. At one time treated as the model of security.
More informationLabels and Information Flow
Labels and Information Flow Robert Soulé March 21, 2007 Problem Motivation and History The military cares about information flow Everyone can read Unclassified Few can read Top Secret Problem Motivation
More informationGeneral Access Control Model for DAC
General Access Control Model for DAC Also includes a set of rules to modify access control matrix Owner access right Control access right The concept of a copy flag (*) Access control system commands General
More informationContent-based Management of Document Access. Control
Content-based Management of Document Access Control Edgar Weippl, Ismail Khalil Ibrahim Software Competence Center Hagenberg Hauptstr. 99, A-4232 Hagenberg, Austria {edgar.weippl, ismail.khalil-ibrahim}@scch.at
More informationINF3510 Information Security University of Oslo Spring Lecture 9 Identity Management and Access Control
INF3510 Information Security University of Oslo Spring 2017 Lecture 9 Identity Management and Access Control University of Oslo Spring 2017 Outline Identity and access management concepts Identity management
More informationDiscretionary Access Control (DAC)
CS 5323 Discretionary Access Control (DAC) Prof. Ravi Sandhu Executive Director and Endowed Chair Lecture 2 ravi.utsa@gmail.com www.profsandhu.com Ravi Sandhu 1 Authentication Ravi Sandhu 2 Authentication,
More informationChapter 9: Database Security: An Introduction. Nguyen Thi Ai Thao
Chapter 9: Database Security: An Introduction Nguyen Thi Ai Thao thaonguyen@cse.hcmut.edu.vn Spring- 2016 Outline Introduction to Database Security Issues Types of Security Threats to databases Database
More informationCSE509: (Intro to) Systems Security
CSE509: (Intro to) Systems Security Fall 2012 Radu Sion Integrity Policies Hybrid Policies 2005-12 parts by Matt Bishop, used with permission Integrity Policies: Overview Requirements Very different than
More informationOutline. INF3510 Information Security University of Oslo Spring Lecture 9 Identity Management and Access Control
INF50 Information Security University of Oslo Spring 07 Outline Identity and access management concepts Identity management models Access control models (security models) Lecture 9 Identity Management
More informationSecure Architecture Principles
Computer Security Course. Secure Architecture Principles Slides credit: John Mitchell Basic idea: Isolation A Seaman's Pocket-Book, 1943 (public domain) http://staff.imsa.edu/~esmith/treasurefleet/treasurefleet/watertight_compartments.htm
More informationOperating System Security. Access control for memory Access control for files, BLP model Access control in Linux file systems (read on your own)
Operating System Security Access control for memory Access control for files, BLP model Access control in Linux file systems (read on your own) Hw1 grades out this Friday Announcement Travel: out of town
More informationCSN11111 Network Security
CSN11111 Network Security Access Control r.ludwiniak@napier.ac.uk Learning Objectives Access Control definition Models Information access control Network based access control AAA Radius Tacacs+ ACCESS
More informationAccess Control. CMPSC Spring 2012 Introduction Computer and Network Security Professor Jaeger.
Access Control CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Access Control Describe the permissions available to computing processes
More informationOperating Systems. Week 13 Recitation: Exam 3 Preview Review of Exam 3, Spring Paul Krzyzanowski. Rutgers University.
Operating Systems Week 13 Recitation: Exam 3 Preview Review of Exam 3, Spring 2014 Paul Krzyzanowski Rutgers University Spring 2015 April 22, 2015 2015 Paul Krzyzanowski 1 Question 1 A weakness of using
More informationDAC vs. MAC. Most people familiar with discretionary access control (DAC)
p. 1/1 DAC vs. MAC Most people familiar with discretionary access control (DAC) - Example: Unix user-group-other permission bits - Might set a fileprivate so only groupfriends can read it Discretionary
More informationCS 416: Operating Systems Design April 22, 2015
Question 1 A weakness of using NAND flash memory for use as a file system is: (a) Stored data wears out over time, requiring periodic refreshing. Operating Systems Week 13 Recitation: Exam 3 Preview Review
More informationINF3510 Information Security University of Oslo Spring Lecture 9 Identity Management and Access Control
INF3510 Information Security University of Oslo Spring 2018 Lecture 9 Identity Management and Access Control University of Oslo Spring 2018 Outline Identity and access management concepts Identity management
More informationFormal methods and access control. Dr. Hale University of Nebraska at Omaha Information Security and Policy Lecture 8
Formal methods and access control Dr. Hale University of Nebraska at Omaha Information Security and Policy Lecture 8 Today s topics: Access control basics Model Matrix and protection states Access control
More informationAccess control. Frank Piessens KATHOLIEKE UNIVERSITEIT LEUVEN
Access control Frank Piessens (Frank.Piessens@cs.kuleuven.be) Secappdev 2010 1 Overview Introduction: Lampson s model for access control Classical Access Control Models Discretionary Access Control (DAC)
More informationTowards Modal Logic Formalization of Role-Based Access Control with Object Classes
Towards Modal Logic Formalization of Role-Based Access Control with Object Classes Junghwa Chae École Polytechnique de Montréal Montréal, Québec, Canada chae@cse.concordia.ca Abstract. This paper addresses
More informationChapter 6: Integrity Policies
Chapter 6: Integrity Policies Overview Requirements Biba s models Clark-Wilson model Slide #6-1 Overview Requirements Very different than confidentiality policies Biba s model Clark-Wilson model Slide
More informationCS 392/681 - Computer Security. Module 6 Access Control: Concepts and Mechanisms
CS 392/681 - Computer Security Module 6 Access Control: Concepts and Mechanisms Course Policies and Logistics Midterm grades Thursday. Read Chapter 2 and 15 th of text Lab 4 postponed - due next week.
More informationLecture 4: Bell LaPadula
CS 591: Introduction to Computer Security Lecture 4: Bell LaPadula James Hook Objectives Introduce the Bell LaPadula framework for confidentiality policy Discuss realizations of Bell LaPadula References:
More informationBackground. Network Security - Certificates, Keys and Signatures - Digital Signatures. Digital Signatures. Dr. John Keeney 3BA33
Background Network Security - Certificates, Keys and Signatures - Dr. John Keeney 3BA33 Slides Sources: Karl Quinn, Donal O Mahoney, Henric Johnson, Charlie Kaufman, Wikipedia, Google, Brian Raiter. Recommended
More informationCSE361 Web Security. Access Control. Nick Nikiforakis
CSE361 Web Security Access Control Nick Nikiforakis nick@cs.stonybrook.edu Access Control: introduction How do we protect our confidential data from unauthorized usage? Two important cases: An attacker
More informationCore Role Based Access Control (RBAC) mechanism for MySQL
Core Role Based Access Control (RBAC) mechanism for MySQL by Ian Molloy Radu Dondera Umang Sharan CS541 Project Report Under the Guidance of Prof. Elisa Bertino With the Department of Computer Science
More informationFile Systems: Interface and Implementation
File Systems: Interface and Implementation CSCI 315 Operating Systems Design Department of Computer Science File System Topics File Concept Access Methods Directory Structure File System Mounting File
More informationFile Systems: Interface and Implementation
File Systems: Interface and Implementation CSCI 315 Operating Systems Design Department of Computer Science Notice: The slides for this lecture have been largely based on those from an earlier edition
More informationCSE Computer Security
CSE 543 - Computer Security Lecture 11 - Access Control October 10, 2006 URL: http://www.cse.psu.edu/~tjaeger/cse543-f06/ Access Control System Protection Domain What can be accessed by a process Default
More informationData Security and Privacy. Topic 8: Role Based Access Control
Data Security and Privacy Topic 8: Role Based Access Control Plan for this lecture CodeShield: towards personalized application whitelisting. Christopher S. Gates, Ninghui Li, Jing Chen, Robert W. Proctor:
More informationCSE543 - Introduction to Computer and Network Security. Module: Operating System Security
CSE543 - Introduction to Computer and Network Security Module: Operating System Security Professor Trent Jaeger 1 OS Security An secure OS should provide (at least) the following mechanisms Memory protection
More informationMay 1: Integrity Models
May 1: Integrity Models Biba Clark-Wilson Comparison Trust models May 1, 2017 ECS 235B Spring Quarter 2017 Slide #1 Integrity Overview Requirements Very different than confidentiality policies Biba s models
More informationRole and Task-based Access Control in the PerDiS Groupware Platform
Role and Task-based Access Control in the PerDiS Groupware Platform George Coulouris, Jean Dollimore, Marcus Roberts Department of Computer Science Queen Mary and Westfield College University of London
More informationThe Spring Name Service
The Spring Name Service Sanjay Radia Michael N. Nelson Michael L. Powell SMLI TR-93-16 November 1993 Abstract: The Spring name service exploits and supports the uniformity of objects in the Spring object-oriented
More informationA Framework for Enforcing Constrained RBAC Policies
A Framework for Enforcing Constrained RBAC Policies Jason Crampton Information Security Group Royal Holloway, University of London jason.crampton@rhul.ac.uk Hemanth Khambhammettu Information Security Group
More informationPerformance Evaluation of A Role Based Access Control Constraints in Role Mining Using Cardinality
Performance Evaluation of A Role Based Access Control Constraints in Role Mining Using Cardinality Yogita R. More 1, Dr. S. V. Gumaste 2 PG Scholar, Dept.Of Computer Engineering, GES's R. H. Sapat COE,
More informationData Warehouse. T rusted Application. P roject. Trusted System. T echnology. System. Trusted Network. Physical Security
T rusted Application Trusted System Trusted Network Physical Security System T echnology Data Warehouse P roject Filetransfer Access right just on the data transfer directories Mailbox L oadprocess Data
More informationComputer Security. 04r. Pre-exam 1 Concept Review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 04r. Pre-exam 1 Concept Review Paul Krzyzanowski Rutgers University Spring 2018 February 15, 2018 CS 419 2018 Paul Krzyzanowski 1 Key ideas from the past four lectures February 15, 2018
More informationAn Equivalent Access Based Approach for Building Collaboration Model between Distinct Access Control Models
An Equivalent Access Based Approach for Building Collaboration Model between Distinct Access Control Models Xiaofeng Xia To cite this version: Xiaofeng Xia. An Equivalent Access Based Approach for Building
More informationIntrusion Detection Types
Intrusion Detection Continued Tom Longstaff SM Software Engineering Institute Pittsburgh PA 1521 The is sponsored by the Advanced Research Projects Agency (ARPA). The Software Engineering Institute is
More informationSummary. Final Week. CNT-4403: 21.April
Summary Final Week CNT-4403: 21.April.2015 1 List of Final Topics User Authentication Protocols Key Distribution and Public Key Certificates Symmetric Key Crypto Access Control Public Key Crypto Cryptographic
More informationCS 392/681 - Computer Security. Module 5 Access Control: Concepts and Mechanisms
CS 392/681 - Computer Security Module 5 Access Control: Concepts and Mechanisms Course Policies and Logistics Midterm next Thursday!!! Read Chapter 2 and 15 of text 10/15/2002 Module 5 - Access Control
More informationOperating Systems Design Exam 3 Review: Spring Paul Krzyzanowski
Operating Systems Design Exam 3 Review: Spring 2012 Paul Krzyzanowski pxk@cs.rutgers.edu 1 Question 1 An Ethernet device driver implements the: (a) Data Link layer. (b) Network layer. (c) Transport layer.
More informationSecurity and Authorization
Security and Authorization Sub-sets of SQL Data retrieval: SELECT Data Manipulation Language (DML): INSERT, UPDATE, DELETE Data Definition Language (DDL): CREATE, ALTER, DROP, RENAME Transaction control:
More informationProtection Kevin Webb Swarthmore College April 19, 2018
Protection Kevin Webb Swarthmore College April 19, 2018 xkcd #1200 Before you say anything, no, I know not to leave my computer sitting out logged in to all my accounts. I have it set up so after a few
More information