Discretionary Access Control (DAC)

Similar documents
Discretionary Access Control (DAC)

Access Control Mechanisms

CIS 5373 Systems Security

Access Control. Discretionary Access Control

Attribute-Based Access Control Models

The R BAC96 RBAC96 M odel Model Prof. Ravi Sandhu

Access Control. Access Control: enacting a security policy. COMP 435 Fall 2017 Prof. Cynthia Sturton. Access Control: enacting a security policy

P1L5 Access Control. Controlling Accesses to Resources

Protecting Information Assets - Week 10 - Identity Management and Access Control. MIS 5206 Protecting Information Assets

The Future of Access Control: Attributes, Automation and Adaptation

Data Security and Privacy. Unix Discretionary Access Control

Access Control. Discretionary Access Control

Chapter 9: Database Security: An Introduction. Nguyen Thi Ai Thao

Access Control (slides based Ch. 4 Gollmann)

CS 356 Lecture 7 Access Control. Spring 2013

Computer Security 3e. Dieter Gollmann. Chapter 5: 1

Chapter 4: Access Control

Access Control Models

A Survey of Access Control Policies. Amanda Crowell

DATABASE SECURITY AND PRIVACY. Some slides were taken from Database Access Control Tutorial, Lars Olson, UIUC CS463, Computer Security

Discretionary Vs. Mandatory

Identity, Authentication and Authorization. John Slankas

CSC 474/574 Information Systems Security

Core Role Based Access Control (RBAC) mechanism for MySQL

Module 4: Access Control

Access Control/Capabili1es

Access Control. CMPSC Spring 2012 Introduction Computer and Network Security Professor Jaeger.

Access Control. Access control: ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions

Access Control Part 1 CCM 4350

General Access Control Model for DAC

CSCI 420: Mobile Application Security. Lecture 7. Prof. Adwait Nadkarni. Derived from slides by William Enck, Patrick McDaniel and Trent Jaeger

Operating system security models

Computer Security. Access control. 5 October 2017

Access Control. Protects against accidental and malicious threats by

Access Control. Steven M. Bellovin September 13,

DAC vs. MAC. Most people familiar with discretionary access control (DAC)

Príprava štúdia matematiky a informatiky na FMFI UK v anglickom jazyku

Last time. User Authentication. Security Policies and Models. Beyond passwords Biometrics

FOREWARD. Keith F. Brewster May 1996 Acting Chief, Partnerships and Processes

Secure Architecture Principles

Information Security CS 526

Secure Architecture Principles

Mobile and Heterogeneous databases Security. A.R. Hurson Computer Science Missouri Science & Technology

Access Control. Steven M. Bellovin September 2,

Data Warehouse. T rusted Application. P roject. Trusted System. T echnology. System. Trusted Network. Physical Security

The Science, Engineering, and Business of Cyber Security

Instructor: Jinze Liu. Fall 2008

Access Control for Enterprise Apps. Dominic Duggan Stevens Ins8tute of Technology Based on material by Lars Olson and Ross Anderson

Access Control. Chester Rebeiro. Indian Institute of Technology Madras

Post-Class Quiz: Access Control Domain

Operating Systems Security Access Control

Relationship-Based Access Control (ReBAC or RAC)

INF3510 Information Security University of Oslo Spring Lecture 9 Identity Management and Access Control

Outline. INF3510 Information Security University of Oslo Spring Lecture 9 Identity Management and Access Control

Access Control. Dr George Danezis

Relationship-Based Access Control (ReBAC)

Secure Role-Based Access Control on Encrypted Data in Cloud Storage using ARM

Secure Architecture Principles

Week 10 Part A MIS 5214

INF3510 Information Security University of Oslo Spring Lecture 9 Identity Management and Access Control

A GUIDE TO UNDERSTANDING DISCRETIONARY ACCESS CONTROL IN TRUSTED SYSTEMS

IBM Security Identity Manager Version Planning Topics IBM

Unix, History

RBAC: Motivations. Users: Permissions:

The Future of Access Control: Attributes, Automation and Adaptation

Multifactor authentication:

Real Application Security Administration

Discretionary Access Control

Database Security. Authentification: verifying the id of a user. Authorization: checking the access privileges

Policy vs. Mechanism. Example Reference Monitors. Reference Monitors. CSE 380 Computer Operating Systems

CSE 565 Computer Security Fall 2018

An Attribute-Based Access Matrix Model

Ravi Sandhu

CSE 380 Computer Operating Systems

Complex Access Control. Steven M. Bellovin September 10,

Security Models Trusted Zones SPRING 2018: GANG WANG

CIS433/533 - Introduction to Computer and Network Security. Access Control

INSE 6130 Operating System Security

Advanced Systems Security: Multics

Advanced Systems Security: Ordinary Operating Systems

? Resource. Announcements. Access control. Access control in operating systems. References. u Homework Due today. Next assignment out next week

Effective Visualization of File System Access-Control

Access control. Frank Piessens KATHOLIEKE UNIVERSITEIT LEUVEN

Access control models and policies. Tuomas Aura T Information security technology

CSN11111 Network Security

Group-Centric Models for Secure and Agile Information Sharing

Information Security Theory vs. Reality

CS 6393 Lecture 10. Cloud Computing. Prof. Ravi Sandhu Executive Director and Endowed Chair. April 12,

Faculty of Engineering Computer Engineering Department Islamic University of Gaza Network Lab # 7 Permissions

Database Security Lecture 10

Improving the Granularity of Access Control for Windows 2000

We ve seen: Protection: ACLs, Capabilities, and More. Access control. Principle of Least Privilege. ? Resource. What makes it hard?

Secure Architecture Principles

CSE 127: Computer Security. Security Concepts. Kirill Levchenko

Enterprise Data Access Management in a Multi-Tenant SAS BI environment

Datasäkerhet/Data security EDA625 Lect5

Oracle Database. Installation and Configuration of Real Application Security Administration (RASADM) Prerequisites

CPSC 481/681 SPRING 2006 QUIZ #1 7 MAR 2006 NAME:

OS Security III: Sandbox and SFI

Access control models and policies

Transcription:

CS 5323 Discretionary Access Control (DAC) Prof. Ravi Sandhu Executive Director and Endowed Chair Lecture 7 ravi.utsa@gmail.com www.profsandhu.com Ravi Sandhu 1

Authentication, Authorization, Audit AAA Authentication Authorization Audit Who are You? What are You Allowed to Do? What Did You Do? siloed integrated Ravi Sandhu 2

Access Control Fixed policy Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Flexible policy Attribute Based Access Control (ABAC),???? Ravi Sandhu 3

Access Matrix Model Ravi Sandhu 4

Access Matrix Model Objects (and Subjects) F G S u b j e c t s U V r w own r r w own rights Ravi Sandhu 5

Access Matrix Model Basic Abstractions Subjects Objects Rights The rights in a cell specify the access of the subject (row) to the object (column) Ravi Sandhu 6

Users and Subjects A subject is a program (application) executing on behalf of a user A user may at any time be idle, or have one or more subjects executing on its behalf User-subject distinction is important if subject s rights are different from a user s rights Usually a subset In many systems a subject has all the rights of a user A human user may manifest as multiple users (accounts, principals) in the system Ravi Sandhu 7

Users and Subjects JOE.TOP-SECRET JOE.SECRET JOE JOE.CONFIDENTIAL JOE.UNCLASSIFIED USER SUBJECTS Ravi Sandhu 8

Users and Subjects JANE.CHAIRPERSON JANE.FACULTY JANE JANE. EMPLOYEE JANE.SUPER-USER USER SUBJECTS Ravi Sandhu 9

Objects An object is anything on which a subject can perform operations (mediated by rights) Usually objects are passive, for example: File Directory (or Folder) Memory segment with CRUD operations (create, read, update, delete) But, subjects can also be objects, with operations kill suspend resume Ravi Sandhu 10

Access Matrix Model Objects (and Subjects) F W S u b j e c t s U W r w own r w own parent Ravi Sandhu 11

Implementation Access Control Lists Capabilities Relations Ravi Sandhu 12

Access Control Lists F U:r U:w U:own G U:r V:r V:w V:own each column of the access matrix is stored with the object corresponding to that column Ravi Sandhu 13

Capabilities U V F/r, F/w, F/own, G/r G/r, G/w, G/own each row of the access matrix is stored with the subject corresponding to that row Ravi Sandhu 14

Relations Subject Access Object U r F U w F U own F U r G V r G V w G V own G commonly used in relational database management systems Ravi Sandhu 15

ACLs versus Capabilities Authentication ACL's require authentication of subjects and ACL integrity Capabilities require integrity and propagation control Access review ACL's are superior on a per-object basis Capabilities are superior on a per-subject basis Revocation ACL's are superior on a per-object basis Capabilities are superior on a per-subject basis Least privilege Capabilities provide for finer grained least privilege control with respect to subjects, especially dynamic short-lived subjects created for specific tasks Ravi Sandhu 16

ACLs versus Capabilities Authentication ACL's require authentication of subjects and ACL integrity Capabilities require integrity and propagation control Access review ACL's are superior on a per-object basis Capabilities are superior on a per-subject basis Revocation ACL's are superior on a per-object basis Capabilities are superior on a per-subject basis Least privilege Capabilities provide for finer grained least privilege control with respect to subjects, especially dynamic short-lived subjects created for specific tasks Most Operating Systems use ACLs often in abbreviated form: owner, group, world Ravi Sandhu 17

Content-Dependent Controls content dependent controls you can only see salaries less than 50K, or you can only see salaries of employees who report to you beyond the scope of Operating Systems and are provided by Database Management Systems Ravi Sandhu 18

Context-Dependent Controls context dependent controls cannot access classified information via remote login salary information can be updated only at year end company's earnings report is confidential until announced at the stockholders meeting can be partially provided by the Operating System and partially by the Database Management System more sophisticated context dependent controls such as based on past history of accesses definitely require Database support Ravi Sandhu 19

Trojan Horse Vulnerability of DAC Information from an object which can be read can be copied to any other object which can be written by a subject Suppose our users are trusted not to do this deliberately. It is still possible for Trojan Horses to copy information from one object to another. Ravi Sandhu 20

Trojan Horse Vulnerability of DAC File F ACL A:r File G B:r A:w User B cannot read file F Ravi Sandhu 21

Trojan Horse Vulnerability of DAC User A executes Program Goodies read File F ACL A:r Trojan Horse write File G B:r A:w User B can read contents of file F copied to file G Ravi Sandhu 22

Copy Difference for rw Read of a digital copy is as good as read of original Write to a digital copy is not so useful Ravi Sandhu 23

DAC Subtleties Chains of grants and revokes Inheritance of permissions Negative rights Ravi Sandhu 24

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback