1 / 24

Access Control

Access Control. SFS Summer Workshop at UT Chattanooga 2012. Introduction. “Access control” is where security engineering meets computer science. Its function is to control which (active) subject have access to a which (passive) object with some specific access operation. Access

dougal
Télécharger la présentation

Access Control

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Access Control SFS Summer Workshop at UT Chattanooga 2012

  2. Introduction • “Access control” is where security engineering meets computer science. • Its function is to control which (active) subject have access to a which (passive) object with some specific access operation. Access Operation object subject

  3. Access Control • Discretionary Access Control (Identity-based) • Role-based Access Control • Mandatory Access Control

  4. Discretionary Access Control • Access to data objects (files, directories, etc.) is permitted based onthe identity of users. • Explicit access rules that establish who can, or cannot, execute which actions on which resources. • Discretionary: users can be given the ability of passing on their privileges to other users, where granting and revocation of privileges is regulated by an administrative policy.

  5. Discretionary Access Control • Access control matrix • Describes protection state precisely • Matrix describing rights of subjects • State transitions change elements of matrix • State of protection system • Describes current settings, values of system relevant to protection

  6. Access Control Matrix Model • Access control matrix • Firstly identify the objects, subjects and actions. • Describes the protection state of a system. • State of the system is defined by a triple (S, O, A) • S is the set of subject, • O is the set of objects, • A is the access matrix • Elements indicate the access rights that subjects have on objects • Entry A[s, o] of access control matrix is the privilege of s on o

  7. Subjects S = { s1,…,sn } Objects O = { o1,…,om } Rights R = { r1,…,rk } Entries A[si, oj] R A[si, oj] = { rx, …, ry } means subject si has rights rx, …, ry over object oj objects (entities) o1 … oms1 … sn s1 s2 … sn subjects Description

  8. Basic Operations in Access Control • Grantpermissions • Inserting values in the matrix’s entries • Revokepermissions • Remove values from the matrix’s entries • Checkpermissions • Verifying whether the entry related to a subject s and an object o contains a given access mode

  9. Role-based Access Control • Access depends on role/function, not identity • Example: Allison is bookkeeper for Math Dept. She has access to financial records. If she leaves and Betty is hired as the new bookkeeper, Betty now has access to those records. The role of “bookkeeper” dictates access, not the identity of the individual.

  10. Access control in organizations is based on “roles that individual users take on as part of the organization” A role is “is a collection of permissions” Role Based Access Control (RBAC)

  11. Advantages of RBAC • Allows Efficient Security Management • Administrative roles, Role hierarchy • Principle of least privilege allows minimizing damage • Separation of Duties constraints to prevent fraud • Allows grouping of objects

  12. Vulnerabilities of the Discretionary Policies • No control on the flow the information • Malicious code, i.e., Trojan horse

  13. Trojan Horse Example • Vicky, a top-level manager • A file Market on the new products release • John, subordinate of Vicky • A file called “Stolen” • An application with two hidden operations • Read operation on file Market • Write operation on file Stolen

  14. Example (cond)

  15. Example (cond) • Restriction should be enforced on the operations that processes themselves can execute. • Mandatory policies provide a way to enforce information flow control through the use of labels

  16. Mandatory Access Control; Multilevel Security (MLS); Label Security • The data has an associated classification and consequently constraints for their access • Users with different classification levels to get different views from the same data • MLS cannot allow downward leaking, meaning that a user with a lower classification views data stored with a higher classification

  17. Definition and need for MLS • MLS adds classification to data as follows:

  18. Bell – LaPadula Model • The model shows how to use Mandatory Access Control to prevent the Trojan Horse • Classification has four values {U, C, S, TS} • U = unclassified • C = confidential • S = secret • TS = top secret • Classifications are ordered: TS > S > C > U

  19. Two Principles • To protect information confidentiality • No-read-up, a subject is allowed a read access to an object only if the access class of the subject dominate the access class of the object • No-write-down, a subject is allowed a write access to an object only if the access class of the subject is dominated by the access class of the object

  20. No-read-up & No-write-down • Can TS subject write to S object? • Can S subject write to U object? • How to apply to the Trojan Horse case?

  21. Solution to Trojan Horse • Possible classification reflecting the access restrictions: • Secret for Vicky and “Market” • Unclassified to John and “Stolen” • If Vicky connect to system as secret, write is blocked • If Vicky connects to system as unclassified, read is blocked • Is Vicky allowed to write to the unclassified object? How?

  22. Project 1: Run Queries • Follow directions in Project#1 Solution • Experience Oracle 11g • Enterprise Manger • Sqldeveloper • SQL&Plus

  23. Project 2: Access Control and Trojan • Read project requirements from Project #2 • Follow directions in Project #2 Solution • Create users, profiles, roles • Grant roles as well • Check enforcement of access control rules • Run TrojanHorse program and observe results

  24. Project 3: Label Security • Read project requirements from Project #3 • Follow directions in Project #3 Solution • Create EMP_ROLE • Create users • Create Label security policy • Create Levels and Data Labels • Authorize users • Apply to Tables • Let Table owners to update classification labels • Test Access Control Rules • Run TrojanHorse code and observe results

More Related