Access Control (slides based Ch. 4 Gollmann)
|
|
- Francine Melissa Beasley
- 6 years ago
- Views:
Transcription
1 Access Control (slides based Ch. 4 Gollmann)
2 Preliminary Remarks Computer systems and their use have changed over the last three decades. Traditional multi-user systems provide generic services to their users and do not know about the meaning of files they handle. PC systems support individual users in their jobs. Access operations are complex and application specific. Users are not interested in the details of how their programs are executed. 2
3 Preliminary Remarks This lecture will look at the access control (authorization) part of computer security. Traditional access control as found in operating systems like Windows or Unix. Cover the concepts typically used in defining automated security policies at that level. Keep in mind that these concepts were developed to support organizational policies in closed organizations (enterprises). 3
4 Authentication & Access Control authentication authorization ACL s o principal access request reference monitor object B. Lampson, M. Abadi, M. Burrows, E. Wobber: Authentication in Distributed Systems: Theory and Practice, ACM Transactions on Computer Systems, 10(4), pages ,
5 authorization An active entity, called principal or subject, requests access to a passive entity, called object. authorization: The reference monitor decides whether access is granted or denied. The reference monitor has to find and evaluate the (automated) security policy relevant for the current request. User identities are one of the parameters considered in security policies. 5
6 Principals and Subjects Principal and subject are both used to denote the active entity in an access operation. The word principal has many different meanings and is the source of much confusion. Subjects operate on behalf of human users we call principals, and access is based on the principal s name bound to the subject in some unforgeable manner at authentication time. Because access control structures identify principals, it is important that principal names be globally unique, human-readable and memorable, easily and reliably associated with known people. [M. Gasser, 1990] 6
7 Gollmann s Recommendation Policy: A principal is an entity that can be granted access to objects or can make statements affecting access control decisions. Example: a user ID System: Subjects operate on behalf of (human users we call) principals; access is based on the principal s name bound to the subject in some unforgeable manner at authentication time. Example: a process (running under a user ID) 7
8 Basic Terminology Subject/Principal: active entity user or process. Object: passive entity file or resource. Access operations: vary from basic memory access (read, write) to method calls in an object-oriented system. Comparable systems may use different access operations or attach different meanings to operations which appear to be the same. 8
9 Approaches to authorization Subjects and objects provide a different focus of control (first design principle): What is the principal allowed to do? What may be done with an object? Traditionally, multi-user operating systems manage files and resources, i.e. objects; access control takes the second approach. Application oriented IT systems, like database management systems, direct services to the user and often control actions of principals. 9
10 Access Operations On the most elementary level, a subject may observe an object, or alter an object. With these basic access modes we can express some fundamental policies. For practical purposes a richer set of operations is more convenient. We will give a few examples for richer sets of access operations; note how certain terms are used with different meanings. 10
11 Elementary Access Operations The Bell-LaPadula model (to be covered) has four access rights: execute read append, also called blind write write Mapping between access rights and access modes. observe alter execute append X read X write X X 11
12 Rationale In a multi-user O/S, users open files to get access. Files are opened for read or for write access so that the O/S can avoid conflicts like two users simultaneously writing to the same file. Write access usually includes read access. A user editing a file should not be asked to open it twice. Hence, the write right includes observe and alter mode. Few systems implement append. Allowing users to alter an object without observing its content is rarely useful (exception: audit log). A file can be used without being opened (read). Example: use of a cryptographic key. This can be expressed by an execute right that includes neither observe nor alter mode. 12
13 Multics Multics has access attributes for data segments and access attributes for directory segments; the access attributes are given with their mapping onto the Bell- LaPadula access rights e, r, a, w Data segments read r execute e, r read and write w write a Directory segments status r search e status & modify w append a 13
14 Unix Three access operations: read: from a file write: to a file execute: a file Access operations applied to a directory: read: list contents write: create or rename files in the directory execute: search directory These operations differ from the Bell-LaPadula model. Unix write access does not imply read access. Moral: Do not use your own intuition when interpreting access operations someone else has defined! 14
15 More Access Rights Policies for creating and deleting files can be expressed by access controls on the directory (Unix) specific create and delete rights (Windows, OpenVMS) Policies for defining security settings such as access rights could be handled similarly: access control on the directory specific rights like grant and revoke Rights in CORBA: get, set, use, manage 15
16 Who Sets the Policy? Security policies specify how principals are given access to objects. Two options for deciding who is in charge of setting the policy: The owner of a resource decrees who is allowed access. Such policies are called discretionary as access control is at the owner s discretion. A system wide policy decrees who is allowed access. Such policies are called mandatory. Warning: There exist other interpretations of discretionary and mandatory. 16
17 Access Control Structures Requirements on access control structures: The access control structure should help to express your desired access control policy. You should be able to check that your policy has been captured correctly. Access rights can be defined individually for each combination of subject and object. For large numbers of subjects and objects, such structures are cumbersome to manage. Intermediate levels of control are preferable. 17
18 Access Control Matrix We specify for each combination of subject and object the operations that are permitted. S set of subjects O set of objects A set of access operations Access control matrix: M = (Mso ) s S,o O The matrix entry Mso so A specifies the operations subject s may perform on object o. You can visualize the matrix as a (big) table. 18
19 Access Control Matrix When all your users (principals) are known individually, you can express your policy in an access control matrix, with a row for each principal and a column for each object bill.doc edit.exe fun.com Alice - {exec} {exec,read} Bob {read,write} {exec} {exec,read,write} 19
20 Access Control Matrix continued The access control matrix is an abstract concept, not very suitable for direct implementation, not very convenient for managing security. How do you answer the question: Has your security policy been implemented correctly? Bell-LaPadula (Orange Book): access control matrix defines discretionary access control (DAC). Warning: This use of discretionary differs from the one given some slides earlier. 20
21 Capabilities Focus on the subject: access rights are stored with the subject capabilities rows of the access control matrix Alice edit.exe: {exec} fun.com: {exec,read} Subjects may grant rights to other subjects. Subjects may grant the right to grant rights. How to check who may access a specific object? How to revoke a capability? Distributed system security has created renewed interest in capabilities. 21
22 Access Control Lists (ACLs) Focus on the object: access rights are stored with the object. ACLs columns of the access control matrix. fun.com Alice: {exec} Bill: {exec,read,write} How to check access rights of a specific subject? ACLs are implemented in most commercial operating systems but their actual use is limited. Referring to individual users in a policy works best within organisations. A management overhead has to be paid. 22
23 Groups Alice and Bob are students in a large class; the lecturer wants to give students access to some documents; Entering all names into several ACLs is tedious so the lecturer defines a group, declares the students to be members of the group, and puts the group into the ACLs Access rights are often defined for groups: Unix: owner, group, others 23
24 Groups & Negative Permissions Groups are an intermediate layer between users and objects. users groups objects To deal with special cases, negative permissions withdraw rights users groups objects 24
25 Roles Alternatively, in our example we could have created a role student. Definition: A role is a collection of procedures assigned to users; a user can have more than one role and more than one user can have the same role. The lecturer would create a procedure for reading course material and assign this procedure to the role student. A role course tutor could be assigned a procedure for updating documents. 25
26 Role Based Access Control (RBAC) Procedures: high level access operations with a more complex semantic than read or write; procedures can only be applied to objects of certain data types. Example: funds transfer between bank accounts. Roles are a good match for typical access control requirements in business. RBAC typical found at the application level. 26
27 More on RBAC We use intermediate levels of control to increase simplicity; RBAC can also be used in ways that complicate matters Role hierarchies may refer to hierarchies of positions (superior subordinate) and to hierarchies of access rights; these two hierarchies need not correspond. Separation of duties is an important security principle; there are numerous flavours of static and dynamic separation of duties policies. 27
28 Role Based Access Control The term RBAC itself does not have a generally accepted meaning, and it is used in different ways by different vendors and users. [R. Sandhu, D. Ferraiolo, and R. Kuhn: The NIST Model for Role-Based Access Control: Towards a Unified Standard, Proceedings of the 5th ACM Workshop on Role-Based Access Control, Berlin, Germany, July 26-27, 2000] 28
29 Intermediate Controls Intermediate controls facilitate better security management. To deal with complexity, introduce more levels of indirection. users roles procedures data types objects 29
30 Intermediate Controls Several intermediate concepts can be inserted between subjects and objects Roles: collection of procedures assigned to users. Procedures: high level access control methods with a more complex semantic than read or write; procedures can only be applied to objects of certain data types. Data types: each object is of a certain data type and can be accessed only through procedures defined for this data type. 30
31 Protection Rings Each subject (process) and each object is assigned a number, depending on its importance, e.g. 0 operating system kernel 1 operating system 2 utilities 3 user processes These numbers correspond to concentric protection rings, with ring 0 in the centre giving the highest degree of protection. If a process is assigned the number i, then we say the process runs in ring i. Access control decisions are made by comparing the subject s and object s numbers. 31
32 Protection Rings Protection rings are mainly used for integrity protection. 32
33 Structuring Access Control Some resources in an academic department can be accessed by all students, other resources only by students in a particular year. The department creates groups like All- Students and Y1-Students. The two groups are related, Y1-Students is a subgroup of All-Students; if All-Students has access to a resource, so has Y1-Students. There is no such direct relationship between Y1- Students and Y2-Students. 33
34 Partial Orderings We now can use comparisons in security policies: Is the user s group a subgroup of the group permitted to access this resource? Some groups are related but others are not (e.g. Y1-Students and Y2-Students). Relationships are transitive: CS101-Students Y1-Students All-Students In mathematical terms, we are dealing with a partial ordering. 34
35 Mathematical Definition A partial ordering ( less or equal ) on a set L is relation on L L that is reflexive: for all a L, a a transitive: for all a,b,c L, if a b and b c, then a c antisymmetric: for all a,b L, if a b and b a, then a=b If a b, we say b dominates a or a is dominated by b. 35
36 Examples Integers with the relation divides by : We can order 3 and 6 (3 divides 6) but we cannot order 4 and 6. Integers with the relation ( less or equal ): We can order any two elements (total ordering). Strings with the prefix relation: We can order AA and AABC (AA is a prefix of AABC) but not AA and AB. Power set P(C) with the subset relation : We can order {a,b} and {a,b,c} ({a,b} {a,b,c}) but not {a,b} and {a,c}. 36
37 Example: VSTa Microkernel Groups in Unix are defined by their group ID and are not ordered VSTa uses (cap)abilities to support hierarchies: VSTa (cap)ability is a list of integers.i 1.i 2..i n, e.g..1,.1.2,.1.2.3,.4, Abilities are ordered by the prefix relation: a2 is a prefix of a 1 (written as a 2 a 1 ) if there exists a 3 so that a 1 = a 2 a 3 The empty string ε is the prefix of any ability For example: but not.1.4! 37
38 Abilities and our Example Assign abilities to groups: All-students:.3 Y1-Students:.3.1 CS101-Students: CS105-Students Label objects with appropriate abilities Policy: access is given if the object s label is a prefix of the subject s label; CS101-Students have access to objects labelled or.3.1 or.3 but not to objects labelled
39 Null Values Consider the dual of the previous policy: access is granted if the subject s ability is a prefix of the ability of the object. A subject without an ability has access to every object. Frequent problem: when an access control parameter is missing the policy is not evaluated and access is granted. NULL DACL problem in Windows: nobody has access to a file with an empty ACL but everyone has access to a file with no ACL. 39
40 Towards Lattices In our example, how should we label objects that may be accessed both by CS101-Students and CS105-Students? Answer:?? How should we label a subject that may access resources earmarked for CS101-Students and resources earmarked forcs105-students? Answer:?? To answer both questions, we need more structure than just partial orderings. 40
41 Towards Lattices The slide on lattices to remember Assume that a subject may observe an object only if the subject s label is higher than the object s label. We can ask two questions: Given two objects with different labels, what is the minimal label a subject must have to be allowed to observe both objects? Given two subjects with different labels, what is the maximal label an object can have so that it still can be observed by both subjects? A lattice is a mathematical structure where both questions have unique best answers. 41
42 Lattice (L, ) The slide on lattices you must not memorize A lattice (L, ) is a set L with a partial ordering so that for every two elements a,b L there exists a least upper bound u L: a u, b u, and for all v L: (a v b v) u v a greatest lower bound l L: l a, l b, and for all k L: (k a k b) k l. Lattices come naturally whenever one deals with hierarchical security attributes. 42
43 System Low and System High A label that is dominated by all other labels is called System Low. A label that dominates all other labels is called System High. System Low and System High need not exist; if they exist, they are unique. When L is a finite set, the elements System Low and System High exist. 43
44 Lattices Example 1 The natural numbers with the ordering relation divides by form a lattice: The l.u.b. of a,b is their least common multiple. The g.l.b. of a,b is their greatest common divisor. There exists an element System Low: the number 1. There is no element System High. 44
45 Lattices Example 2 The integers with the ordering form a lattice: The l.u.b. of a,b is the maximum of a and b. The g.l.b. of a,b is the minimum of a and b. Elements System Low and System High do not exist. (The integers with the ordering are a total ordering). 45
46 Lattices Example 3 (P({a,b,c}), ), i.e. the power set of {a,b,c}, with the subset relation as partial ordering least upper bound: union of two sets greatest lower bound: intersection of two sets {a,b,c} {a,b} {a,c} {b,c} {a} {b} {c} {} Lines indicate the subset relation 46
47 Multi-level Security A partial ordering of security labels is used in multi-level ( military ) security (MLS). Mandatory security policies: Subjects and objects are assigned security labels. No read up : a subject may observe an object only if the subject s label dominates the object s label. No write-down : a subject may alter an object only if the subject s label is dominated by the object s label. Trusted as in Trusted Unix or Trusted Solaris usually indicates MLS support. 47
48 Multi-level Security Security policy for protecting classified information: Documents are assigned security levels. The user s clearance dictates which documents the user may read. Mandatory access control policies (MAC) and multi-level security policies of the Orange Book use security levels and adapt these policies to IT systems. In their most elementary version, these policies refer to a linearly ordered hierarchy of four security levels, unclassified, confidential, secret, top secret. 48
49 Basic Security Levels top secret secret confidential unclassified 49
50 Compartments With the basic security levels, we cannot restrict access to documents relating to a secret project X just to people working on X; anyone at level secret would have access. To state need-to-know policies that control access to the resources of specific projects, the following lattice of security levels was introduced: H is a set of classifications with a linear ordering H. C is a set of categories, e.g. project names, company divisions, academic departments, etc. A compartment is a set of categories. A security label (security level) is a pair (h,c), where h H is a security level and c C is a compartment. The partial ordering of security labels is defined by (h1,c 1 ) (h 2,c 2 ) if h 1 H h 2 and c 1 c 2. 50
51 Example Compartments private, {PER,ENG} private, {PER} private, {ENG} private, {} public, {PER,ENG} public, {PER} public, {ENG} public, {} 51
52 Summary Security terminology is ambiguous. Access control has to remain manageable. More sophisticated policies draw you into mathematics. Today we have covered classical access control; we return to current trends later. 52
53 Further Reading Denning, D.E.: Cryptography and Security, Addison- Wesley, 1982 Lampson, B., Abadi, M., Burrows, M., Wobber, E.: Authentication in Distributed Systems: Theory and Practice, ACM Transactions on Computer Systems, vol. 10, 1992, pages Sandhu, R.S. and Coyne, E.J. and Feinstein, H.L. Youman, C.E.: Role-Based Access Control Models, IEEE Computer, vol. 29, February 1996, pages Sandhu, R.S.: Lattice-Based Access Control Models, IEEE Computer, vol. 26, November 1993, pages
Access Control Part 1 CCM 4350
Access Control Part 1 CCM 4350 Overview of Access Control Lectures Three Lectures on Access Control following D. Gollmann. Computer Security. Wiley: Chapter 4. Part 1: Authorisation and Access Operation
More informationComputer Security 3e. Dieter Gollmann. Chapter 5: 1
Computer Security 3e Dieter Gollmann www.wiley.com/college/gollmann Chapter 5: 1 Chapter 5: Access Control Chapter 5: 2 Introduction Access control: who is allowed to do what? Traditionally, who is a person.
More informationAccess Control Part 3 CCM 4350
Access Control Part 3 CCM 4350 Today s Lecture Repetition of Structuring Access Control Fresh up notions of Partial Orders Again Example of Groups ordering for VSTa- Microkernel abilities as Motivation
More informationCCM Lecture 12. Security Model 1: Bell-LaPadula Model
CCM 4350 Lecture 12 Security Model 1: Bell-LaPadula Model Why Security Models? When we have implemented a security policy, do we know that it will (and can) be enforced? E.g., if policies get too intricate,
More informationAccess Control Mechanisms
Access Control Mechanisms Week 11 P&P: Ch 4.5, 5.2, 5.3 CNT-4403: 26.March.2015 1 In this lecture Access matrix model Access control lists versus Capabilities Role Based Access Control File Protection
More informationAccess Control Models
Access Control Models Dr. Natarajan Meghanathan Associate Professor of Computer Science Jackson State University E-mail: natarajan.meghanathan@jsums.edu Access Control Models Access Control to regulate
More informationAccess Control. Discretionary Access Control
Access Control Discretionary Access Control 1 Outlines Access Control Discretionary Access Control (DAC) Mandatory Access Control (MAC) Role-Based Access Control (RBAC) 2 Access Control Access control
More informationLast time. User Authentication. Security Policies and Models. Beyond passwords Biometrics
Last time User Authentication Beyond passwords Biometrics Security Policies and Models Trusted Operating Systems and Software Military and Commercial Security Policies 9-1 This time Security Policies and
More informationAccess control models and policies. Tuomas Aura T Information security technology
Access control models and policies Tuomas Aura T-110.4206 Information security technology 1. Access control 2. Discretionary AC 3. Mandatory AC 4. Other AC models Outline 2 ACCESS CONTROL 3 Access control
More informationSecurity Models Trusted Zones SPRING 2018: GANG WANG
Security Models Trusted Zones SPRING 2018: GANG WANG Access Control Slides credit to Ethan L. Miller and Scott A. Brandt Protection Domains Three protection domains Each lists objects with permitted operations
More informationComputer Security. Access control. 5 October 2017
Computer Security Access control 5 October 2017 Policy and mechanism A security policy is a statement of what is, and what is not, allowed. A security mechanism is a method, tool or procedure for enforcing
More informationDiscretionary Vs. Mandatory
Discretionary Vs. Mandatory Discretionary access controls (DAC) Privilege propagated from one subject to another Possession of an access right is sufficient to access the object Mandatory access controls
More informationAccess control models and policies
Access control models and policies Tuomas Aura T-110.4206 Information security technology Aalto University, autumn 2011 1. Access control 2. Discretionary AC 3. Mandatory AC 4. Other AC models Outline
More informationAccess control models and policies
Access control models and policies Tuomas Aura T-110.4206 Information security technology Aalto University, autumn 2013 1. Access control 2. Discretionary AC 3. Mandatory AC 4. Other AC models Outline
More informationCS 356 Lecture 7 Access Control. Spring 2013
CS 356 Lecture 7 Access Control Spring 2013 Review Chapter 1: Basic Concepts and Terminology Integrity, Confidentiality, Availability, Authentication, and Accountability Types of threats: active vs. passive,
More informationComplex Access Control. Steven M. Bellovin September 10,
Complex Access Control Steven M. Bellovin September 10, 2013 1 Access Control Matrix List all proceses and files in a matrix Each row is a process ( subject ) Each column is a file ( object ) Each matrix
More informationLecture 4: Bell LaPadula
CS 591: Introduction to Computer Security Lecture 4: Bell LaPadula James Hook Objectives Introduce the Bell LaPadula framework for confidentiality policy Discuss realizations of Bell LaPadula References:
More informationChapter 7: Hybrid Policies
Chapter 7: Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Slide #7-1 Overview Chinese Wall Model Focuses on conflict of interest CISS Policy Combines
More informationInformation Security Theory vs. Reality
Information Security Theory vs. Reality 0368-4474-01, Winter 2011 Lecture 4: Access Control Eran Tromer 1 Slides credit: John Mitchell, Stanford course CS155, 2010 Access control Assumptions System knows
More informationCSE509: (Intro to) Systems Security
CSE509: (Intro to) Systems Security Fall 2012 Radu Sion Integrity Policies Hybrid Policies 2005-12 parts by Matt Bishop, used with permission Integrity Policies: Overview Requirements Very different than
More informationAccess Control Models Part II
Access Control Models Part II CERIAS and CS &ECE Departments Pag. 1 Introduction Other models: The Chinese Wall Model it combines elements of DAC and MAC RBAC Model it is a DAC model; however, it is sometimes
More informationA Survey of Access Control Policies. Amanda Crowell
A Survey of Access Control Policies Amanda Crowell What is Access Control? Policies and mechanisms that determine how data and resources can be accessed on a system. The Players Subjects Objects Semi-objects
More informationOperating System Security. Access control for memory Access control for files, BLP model Access control in Linux file systems (read on your own)
Operating System Security Access control for memory Access control for files, BLP model Access control in Linux file systems (read on your own) Hw1 grades out this Friday Announcement Travel: out of town
More informationDiscretionary Access Control (DAC)
CS 5323 Discretionary Access Control (DAC) Prof. Ravi Sandhu Executive Director and Endowed Chair Lecture 7 ravi.utsa@gmail.com www.profsandhu.com Ravi Sandhu 1 Authentication, Authorization, Audit AAA
More informationCS590U Access Control: Theory and Practice. Lecture 12 (February 23) Role Based Access Control
CS590U Access Control: Theory and Practice Lecture 12 (February 23) Role Based Access Control Role-Based Access Control Models. R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman. IEEE Computer,
More informationModule 4: Access Control
Module 4: Access Control Dr. Natarajan Meghanathan Associate Professor of Computer Science Jackson State University, Jackson, MS 39232 E-mail: natarajan.meghanathan@jsums.edu Access Control In general,
More informationDAC vs. MAC. Most people familiar with discretionary access control (DAC)
p. 1/1 DAC vs. MAC Most people familiar with discretionary access control (DAC) - Example: Unix user-group-other permission bits - Might set a fileprivate so only groupfriends can read it Discretionary
More informationRBAC: Motivations. Users: Permissions:
Role-based access control 1 RBAC: Motivations Complexity of security administration For large number of subjects and objects, the number of authorizations can become extremely large For dynamic user population,
More informationCSE Computer Security
CSE 543 - Computer Security Lecture 11 - Access Control October 10, 2006 URL: http://www.cse.psu.edu/~tjaeger/cse543-f06/ Access Control System Protection Domain What can be accessed by a process Default
More informationChapter 6: Integrity Policies
Chapter 6: Integrity Policies Overview Requirements Biba s models Clark-Wilson model Slide #6-1 Overview Requirements Very different than confidentiality policies Biba s model Clark-Wilson model Slide
More informationInformation Security CS 526
Information Security CS 526 Topic 23: Role Based Access Control CS526 Topic 23: RBAC 1 Readings for This Lecture RBAC96 Family R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman. Role-Based Access
More informationGeneral Access Control Model for DAC
General Access Control Model for DAC Also includes a set of rules to modify access control matrix Owner access right Control access right The concept of a copy flag (*) Access control system commands General
More informationContent-based Management of Document Access. Control
Content-based Management of Document Access Control Edgar Weippl, Ismail Khalil Ibrahim Software Competence Center Hagenberg Hauptstr. 99, A-4232 Hagenberg, Austria {edgar.weippl, ismail.khalil-ibrahim}@scch.at
More informationCPSC 481/681 SPRING 2006 QUIZ #1 7 MAR 2006 NAME:
CPSC 481/681 SPRING 2006 QUIZ #1 7 MAR 2006 NAME: There are 6 questions on this quiz. Each question is individually weighted. If you do not understand the question, please ask for clarification. 1 I. (24
More informationAccess control. Frank Piessens KATHOLIEKE UNIVERSITEIT LEUVEN
Access control Frank Piessens (Frank.Piessens@cs.kuleuven.be) Secappdev 2010 1 Overview Introduction: Lampson s model for access control Classical Access Control Models Discretionary Access Control (DAC)
More informationProtecting Information Assets - Week 10 - Identity Management and Access Control. MIS 5206 Protecting Information Assets
Protecting Information Assets - Week 10 - Identity Management and Access Control MIS5206 Week 10 Identity Management and Access Control Presentation Schedule Test Taking Tip Quiz Identity Management and
More informationAccess Control. Access Control: enacting a security policy. COMP 435 Fall 2017 Prof. Cynthia Sturton. Access Control: enacting a security policy
Access Control: enacting a security policy Access Control COMP 435 Fall 2017 Prof. Cynthia Sturton Which users can access which resources and with which rights 2 Access Control: enacting a security policy
More informationChapter 9: Database Security: An Introduction. Nguyen Thi Ai Thao
Chapter 9: Database Security: An Introduction Nguyen Thi Ai Thao thaonguyen@cse.hcmut.edu.vn Spring- 2016 Outline Introduction to Database Security Issues Types of Security Threats to databases Database
More informationP1L5 Access Control. Controlling Accesses to Resources
P1L5 Access Control Controlling Accesses to Resources TCB sees a request for a resource, how does it decide whether it should be granted? Authentication establishes the source of a request Authorization
More informationCore Role Based Access Control (RBAC) mechanism for MySQL
Core Role Based Access Control (RBAC) mechanism for MySQL by Ian Molloy Radu Dondera Umang Sharan CS541 Project Report Under the Guidance of Prof. Elisa Bertino With the Department of Computer Science
More informationMay 1: Integrity Models
May 1: Integrity Models Biba Clark-Wilson Comparison Trust models May 1, 2017 ECS 235B Spring Quarter 2017 Slide #1 Integrity Overview Requirements Very different than confidentiality policies Biba s models
More informationSummary. Final Week. CNT-4403: 21.April
Summary Final Week CNT-4403: 21.April.2015 1 List of Final Topics User Authentication Protocols Key Distribution and Public Key Certificates Symmetric Key Crypto Access Control Public Key Crypto Cryptographic
More informationUnix, History
Operating systems Examples from Unix, VMS, Windows NT on user authentication, memory protection and file and object protection. Trusted Operating Systems, example from PitBull Unix, History Unix, History
More informationProtection. CSE473 - Spring Professor Jaeger. CSE473 Operating Systems - Spring Professor Jaeger
Protection CSE473 - Spring 2008 Professor Jaeger www.cse.psu.edu/~tjaeger/cse473-s08/ Protection Protect yourself from untrustworthy users in a common space They may try to access your resources Or modify
More informationOverview. Evolution of Access Control in Commercial Products. Access Control is Different from other Mechanisms. Security Policies
Overview Evolution of Access Control in Commercial Products Policies, Models and Techniques David Ferraiolo National Institute of Standards and Technology 301-975-3046 dferraiolo@nist.gov Practical View
More informationPolicy, Models, and Trust
Policy, Models, and Trust 1 Security Policy A security policy is a well-defined set of rules that include the following: Subjects: the agents who interact with the system, Objects:the informational and
More informationP1_L6 Mandatory Access Control Page 1
P1_L6 Mandatory Access Control Page 1 We discussed access control in the last lesson. But that was only one kind of access control called discretionary access control, or DAC. That allows you to decide
More informationWeek 10 Part A MIS 5214
Week 10 Part A MIS 5214 Agenda Project Authentication Biometrics Access Control Models (DAC Part A) Access Control Techniques Centralized Remote Access Control Technologies Project assignment You and your
More informationLabels and Information Flow
Labels and Information Flow Robert Soulé March 21, 2007 Problem Motivation and History The military cares about information flow Everyone can read Unclassified Few can read Top Secret Problem Motivation
More informationData Warehouse. T rusted Application. P roject. Trusted System. T echnology. System. Trusted Network. Physical Security
T rusted Application Trusted System Trusted Network Physical Security System T echnology Data Warehouse P roject Filetransfer Access right just on the data transfer directories Mailbox L oadprocess Data
More informationCIS433/533 - Introduction to Computer and Network Security. Access Control
CIS433/533 - Introduction to Computer and Network Security Access Control Professor Butler Winter 2011 Computer and Information Science Trusted Computing Base The trusted computing base is the infrastructure
More informationCS 392/ CS Computer Security. Nasir Memon Polytechnic University Module 7 Security Policies
CS 392/ CS 681 - Computer Security Nasir Memon Polytechnic University Module 7 Security Policies Course Logistics Security Week Questions about Midterm grading Read parts of chapters 4, 5, 6 and 7. Homework
More informationAccess Control. Steven M. Bellovin September 13,
Access Control Steven M. Bellovin September 13, 2016 1 Security Begins on the Host Even without a network, hosts must enforce the CIA trilogy Something on the host the operating system aided by the hardware
More informationCIS 5373 Systems Security
CIS 5373 Systems Security Topic 3.2: OS Security Access Control Endadul Hoque Slide Acknowledgment Contents are based on slides from Ninghui Li (Purdue), John Mitchell (Stanford), Bogdan Carbunar (FIU)
More informationTowards Modal Logic Formalization of Role-Based Access Control with Object Classes
Towards Modal Logic Formalization of Role-Based Access Control with Object Classes Junghwa Chae École Polytechnique de Montréal Montréal, Québec, Canada chae@cse.concordia.ca Abstract. This paper addresses
More informationData Security and Privacy. Topic 8: Role Based Access Control
Data Security and Privacy Topic 8: Role Based Access Control Plan for this lecture CodeShield: towards personalized application whitelisting. Christopher S. Gates, Ninghui Li, Jing Chen, Robert W. Proctor:
More informationBinary Relations McGraw-Hill Education
Binary Relations A binary relation R from a set A to a set B is a subset of A X B Example: Let A = {0,1,2} and B = {a,b} {(0, a), (0, b), (1,a), (2, b)} is a relation from A to B. We can also represent
More informationAccess Control. Dr George Danezis
Access Control Dr George Danezis (g.danezis@ucl.ac.uk) Resources Key paper: Carl E. Landwehr: Formal Models for Computer Security. ACM Comput. Surv. 13(3): 247-278 (1981) See references to other optional
More informationWe ve seen: Protection: ACLs, Capabilities, and More. Access control. Principle of Least Privilege. ? Resource. What makes it hard?
We ve seen: Protection: ACLs, Capabilities, and More Some cryptographic techniques Encryption, hashing, types of keys,... Some kinds of attacks Viruses, worms, DoS,... And a distributed authorization and
More informationAccess Control. Discretionary Access Control
Access Control Discretionary Access Control 1 Access Control Access control is where security engineering meets computer science. Its function is to control which (active) subject have access to a which
More informationCSCI 420: Mobile Application Security. Lecture 7. Prof. Adwait Nadkarni. Derived from slides by William Enck, Patrick McDaniel and Trent Jaeger
CSCI 420: Mobile Application Security Lecture 7 Prof. Adwait Nadkarni Derived from slides by William Enck, Patrick McDaniel and Trent Jaeger 1 cryptography < security Cryptography isn't the solution to
More informationAccess control. Frank Piessens KATHOLIEKE UNIVERSITEIT LEUVEN
Access control Frank Piessens (Frank.Piessens@cs.kuleuven.be) Secappdev 2013 1 Overview Introduction: Lampson s model for access control Classical User Access Control Models Discretionary Access Control
More informationOperating Systems Security Access Control
Authorization and access control Operating Systems Security Access Control Ozalp Babaoglu From authentication to authorization Once subjects have been authenticated, the next problem to confront is authorization
More informationAccess Control. Steven M. Bellovin September 2,
Access Control Steven M. Bellovin September 2, 2014 1 Security Begins on the Host Even without a network, hosts must enforce the CIA trilogy Something on the host the operating system aided by the hardware
More informationSecure Architecture Principles
CS 155 Spring 2016 Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Acknowledgments: Lecture slides are from
More informationCSN11111 Network Security
CSN11111 Network Security Access Control r.ludwiniak@napier.ac.uk Learning Objectives Access Control definition Models Information access control Network based access control AAA Radius Tacacs+ ACCESS
More informationDiscretionary Access Control (DAC)
CS 5323 Discretionary Access Control (DAC) Prof. Ravi Sandhu Executive Director and Endowed Chair Lecture 2 ravi.utsa@gmail.com www.profsandhu.com Ravi Sandhu 1 Authentication Ravi Sandhu 2 Authentication,
More informationPower Set of a set and Relations
Power Set of a set and Relations 1 Power Set (1) Definition: The power set of a set S, denoted P(S), is the set of all subsets of S. Examples Let A={a,b,c}, P(A)={,{a},{b},{c},{a,b},{b,c},{a,c},{a,b,c}}
More informationCSE361 Web Security. Access Control. Nick Nikiforakis
CSE361 Web Security Access Control Nick Nikiforakis nick@cs.stonybrook.edu Access Control: introduction How do we protect our confidential data from unauthorized usage? Two important cases: An attacker
More informationCCM Lecture 14. Security Models 2: Biba, Chinese Wall, Clark Wilson
CCM 4350 Lecture 14 Security Models 2: Biba, Chinese Wall, Clark Wilson Introduction Bell-LaPadula model designed to capture a specific military security policy. At one time treated as the model of security.
More informationPerformance Evaluation of A Role Based Access Control Constraints in Role Mining Using Cardinality
Performance Evaluation of A Role Based Access Control Constraints in Role Mining Using Cardinality Yogita R. More 1, Dr. S. V. Gumaste 2 PG Scholar, Dept.Of Computer Engineering, GES's R. H. Sapat COE,
More information? Resource. Announcements. Access control. Access control in operating systems. References. u Homework Due today. Next assignment out next week
Announcements Access control John Mitchell u Homework Due today. Next assignment out next week u Graders If interested in working as grader, send email to Anupam u Projects Combine some of the project
More informationLampson, Abadi, Burrows and Wobber. Authentication: Theory and Practice, Taos OS ACM TOCS 1992, 1994
Lampson, Abadi, Burrows and Wobber Authentication: Theory and Practice, Taos OS ACM TOCS 1992, 1994 Logic (1) 1. K says S ( A and B ) says S ( A says S ) and ( B says S ) if A = B, then ( A says S ) (
More informationChapter 13: Protection. Operating System Concepts Essentials 8 th Edition
Chapter 13: Protection Operating System Concepts Essentials 8 th Edition Silberschatz, Galvin and Gagne 2011 Chapter 13: Protection Goals of Protection Principles of Protection Domain of Protection Access
More informationCSE 127: Computer Security. Security Concepts. Kirill Levchenko
CSE 127: Computer Security Security Concepts Kirill Levchenko October 3, 2014 Computer Security Protection of systems against an adversary Secrecy: Can t view protected information Integrity: Can t modify
More informationRole-Evolution in Role-based Access Control System Suganthy. A * Department of Banking Technology Pondicherry University, Puducherry, India
International Journal of Emerging Research in Management &Technology Research Article July 2017 -Evolution in -based Access Control System Suganthy. A * Department of Banking Technology Pondicherry University,
More informationIntrusion Detection Types
Intrusion Detection Continued Tom Longstaff SM Software Engineering Institute Pittsburgh PA 1521 The is sponsored by the Advanced Research Projects Agency (ARPA). The Software Engineering Institute is
More informationFormal methods and access control. Dr. Hale University of Nebraska at Omaha Information Security and Policy Lecture 8
Formal methods and access control Dr. Hale University of Nebraska at Omaha Information Security and Policy Lecture 8 Today s topics: Access control basics Model Matrix and protection states Access control
More informationTPM Entities. Permanent Entities. Chapter 8. Persistent Hierarchies
Chapter 8 TPM Entities A TPM 2.0 entity is an item in the TPM that can be directly referenced with a handle. The term encompasses more than objects because the specification uses the word object to identify
More informationSecure Architecture Principles
CS 155 Spring 2016 Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Acknowledgments: Lecture slides are from
More informationConflict Checking of Separation of Duty Constraints in RBAC - Implementation Experiences
xorbac Conflict Checking of Separation of Duty Constraints in RBAC - Implementation Experiences Mark Strembeck Department of Information Systems, New Media Lab Vienna University of Economics and BA, Austria
More informationA Framework for Enforcing Constrained RBAC Policies
A Framework for Enforcing Constrained RBAC Policies Jason Crampton Information Security Group Royal Holloway, University of London jason.crampton@rhul.ac.uk Hemanth Khambhammettu Information Security Group
More informationINF3510 Information Security University of Oslo Spring Lecture 9 Identity Management and Access Control
INF3510 Information Security University of Oslo Spring 2017 Lecture 9 Identity Management and Access Control University of Oslo Spring 2017 Outline Identity and access management concepts Identity management
More informationDiscrete Mathematics. Kruskal, order, sorting, induction
Discrete Mathematics wwwmifvult/~algis Kruskal, order, sorting, induction Kruskal algorithm Kruskal s Algorithm for Minimal Spanning Trees The algorithm constructs a minimal spanning tree as follows: Starting
More informationChapter 14: Protection. Operating System Concepts 9 th Edition
Chapter 14: Protection Silberschatz, Galvin and Gagne 2013 Chapter 14: Protection Goals of Protection Principles of Protection Domain of Protection Access Matrix Implementation of Access Matrix Access
More informationComputer Security. 04r. Pre-exam 1 Concept Review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 04r. Pre-exam 1 Concept Review Paul Krzyzanowski Rutgers University Spring 2018 February 15, 2018 CS 419 2018 Paul Krzyzanowski 1 Key ideas from the past four lectures February 15, 2018
More informationINF3510 Information Security University of Oslo Spring Lecture 9 Identity Management and Access Control
INF3510 Information Security University of Oslo Spring 2018 Lecture 9 Identity Management and Access Control University of Oslo Spring 2018 Outline Identity and access management concepts Identity management
More informationCS 441 Discrete Mathematics for CS Lecture 24. Relations IV. CS 441 Discrete mathematics for CS. Equivalence relation
CS 441 Discrete Mathematics for CS Lecture 24 Relations IV Milos Hauskrecht milos@cs.pitt.edu 5329 Sennott Square Equivalence relation Definition: A relation R on a set A is called an equivalence relation
More informationCS 425 / ECE 428 Distributed Systems Fall 2017
CS 425 / ECE 428 Distributed Systems Fall 2017 Indranil Gupta (Indy) Dec 5, 2017 Lecture 27: Security All slides IG Security Threats Leakage Unauthorized access to service or data E.g., Someone knows your
More informationOperating Systems. Week 13 Recitation: Exam 3 Preview Review of Exam 3, Spring Paul Krzyzanowski. Rutgers University.
Operating Systems Week 13 Recitation: Exam 3 Preview Review of Exam 3, Spring 2014 Paul Krzyzanowski Rutgers University Spring 2015 April 22, 2015 2015 Paul Krzyzanowski 1 Question 1 A weakness of using
More informationCSE543 - Introduction to Computer and Network Security. Module: Operating System Security
CSE543 - Introduction to Computer and Network Security Module: Operating System Security Professor Trent Jaeger 1 OS Security An secure OS should provide (at least) the following mechanisms Memory protection
More informationCS 416: Operating Systems Design April 22, 2015
Question 1 A weakness of using NAND flash memory for use as a file system is: (a) Stored data wears out over time, requiring periodic refreshing. Operating Systems Week 13 Recitation: Exam 3 Preview Review
More informationSecure Role-Based Workflow Models
Secure Role-Based Workflow Models Savith Kandala and Ravi Sandhu Savith Kandala Ravi Sandhu CygnaCom Solutions. SingleSignOn.Net and George Mason University (An Entrust Technologies Company) Dept. of Information
More informationDATABASE SECURITY AND PRIVACY. Some slides were taken from Database Access Control Tutorial, Lars Olson, UIUC CS463, Computer Security
DATABASE SECURITY AND PRIVACY Some slides were taken from 463.5.1 Database Access Control Tutorial, Lars Olson, UIUC CS463, Computer Security Database Security Protect Sensitive Data from Unauthorized
More informationAccess Control. Protects against accidental and malicious threats by
Access Control 1 Access Control Access control: ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions Protection objects: system resources for which protection
More informationAdvanced Access Control. Role-Based Access Control. Common Concepts. General RBAC Rules RBAC96
Advanced Access Control In many cases, identity is a bad criteria for authorization. We examine two modern paradigms for access control, which overcome this limitation: 1. Role-Based Access Control 2.
More informationFormal Specification for Role Based Access Control User/Role and Role/Role Relationship Management
Formal Specification for Role Based Access Control User/Role and Role/Role Relationship Management Serban I. Gavrila VDG Inc. 6009 Brookside Drive Chevy Chase, MD 20815 gavrila@csmes.ncsl.nist.gov John
More informationAn Object-Dependent and Context Constraints-Aware Access Control Approach Based on RBAC
An Object-Dependent and Context Constraints-Aware Access Control Approach Based on RBAC Xiaoli Ren, Lu Liu and Chenggong Lv School of Economics & Management, Beihang University, Beijing 100083, P.R. China
More informationComputer Security Operating System Security & Access Control. Dr Chris Willcocks
Computer Security Operating System Security & Access Control Dr Chris Willcocks Lecture Content Access Control ACMs ACLs Introduction to *NIX security - we ll cover this more due to server popularity -
More informationAn Equivalent Access Based Approach for Building Collaboration Model between Distinct Access Control Models
An Equivalent Access Based Approach for Building Collaboration Model between Distinct Access Control Models Xiaofeng Xia To cite this version: Xiaofeng Xia. An Equivalent Access Based Approach for Building
More information