1 / 32

Access Control

Access Control. Access Control Example. Access Control Policy for son Edward Allowed access: House Disallowed access: Automobile. . Access Control Example. Access Control Policy for son Edward Allowed access: House Disallowed access: Automobile. Access Control Example. .

fshanna
Télécharger la présentation

Access Control

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Access Control

  2. Access Control Example • Access Control Policy for son Edward • Allowed access: • House • Disallowed access: • Automobile 

  3. Access Control Example • Access Control Policy for son Edward • Allowed access: • House • Disallowed access: • Automobile

  4. Access Control Example  • Access Control policy • Allowed access: • House: • Disallowed access: • Automobile Problem! Unauthorized access

  5. Access Control Example • Access Control Policy for son Edward • Allowed access: • House • Kitchen • Disallowed access: • Automobile • Car key

  6. Access Control Example  • Correct Access Control Policy for son Edward • Allowed access: • House • Kitchen • Disallowed access: • Automobile • Car key

  7. Access Control • Protection objects: system resources for which protection is desirable • Memory, file, directory, hardware resource, software resources, etc. • Subjects: active entities requesting accesses to resources • User, owner, program, etc. • Access mode: type of access • Read, write, execute

  8. Access Control Requirement • Cannot be bypassed • Enforce least-privilege and need-to-know restrictions • Enforce organizational policy

  9. Access Control • Access control: ensures that all direct accesses to object are authorized • Protects against accidental and malicious threats by regulating the reading, writing and execution of data and programs • Need: • Proper user identification and authentication • Information specifying the access rights is protected form modification

  10. Access Control • Access control components: • Access control policy: specifies the authorized accesses of a system • Access control mechanism: implements and enforces the policy • Separation of components allows to: • Define access requirements independently from implementation • Compare different policies • Implement mechanisms that can enforce a wide range of policies

  11. Closed v.s. Open Systems Closed system Open System (minimum privilege) (maximum privilege) Access requ. Access requ. Allowed accesses Disallowed accesses Exists Rule? Exists Rule? yes no no yes Access permitted Access denied Access permitted Access denied

  12. Authorization Management • Who can grant and revoke access rights? • Centralized administration: security officer • Decentralized administration: locally autonomous systems • Hierarchical decentralization: security officer > departmental system administrator > Windows NT administrator • Ownership based: owner of data may grant access to other to his/her data (possibly with grant option) • Cooperative authorization: predefined groups of users or predefined number of users may access data

  13. Access Control Models All accesses Discretionary AC Mandatory AC Role-Based AC

  14. Discretionary Access Control • Access control is based on • User’s identity and • Access control rules • Most common administration: owner based • Users can protect what they own • Owner may grant access to others • Owner may define the type of access given to others

  15. Access Matrix Model OBJECTS AND SUBJECTS File 1 File 2 S U B J E C T S Joe Sam

  16. Implementation File 1 File 2 Joe:Read Joe:Read Joe:Write Sam:Read Joe:Own Sam:Write Sam:Own Access Control List (column) (ACL) Capability List (row) Joe: File 1/Read, File 1/Write, File 1/Own, File 2/Read Sam: File 2/Read, File 2/Write, File 2/Own Subject Access Object Joe Read File 1 Joe Write File 1 Joe Own File 1 Joe Read File 2 Sam Read File 2 Sam Write File 2 Sam Own File 2 Access Control Triples

  17. ACL v.s. Capabilities • ACL: • Per object based • Good for file systems • Capabilities: • Per subject based • Good for environment with dynamic, short-lived subjects

  18. Access Control Conditions • Data-dependent conditions: access constraints based on the value of the accessed data • Time-dependent: access constraints based on the time of the data access • Context-dependent: access constraints based on combinations on data which can be accessed • History-dependent: access constraints based on previously accessed data

  19. Access Control Mechanisms • Security through Views • Stored Procedures • Grant and Revoke • Query modification

  20. Security Through Views • Assign rights to access predefined views CREATE VIEW Outstanding-Student AS SELECT NAME, COURSE, GRADE FROM Student WHERE GRADE > B Problem: Difficult to maintain updates.

  21. Security Through Views Studentrelation

  22. Security Through Views CREATE VIEW Outstanding-Student AS SELECT NAME, COURSE, GRADE FROM Student WHERE GRADE > B Outstanding-Student

  23. Security Through Views CREATE VIEW Fall-Student AS SELECT NAME, COURSE FROM Student WHERE SEMESTER=“Fall 2000” Fall-Student

  24. Stored Procedures • Assign rights to execute compiled programs • GRANT RUN ON <program> TO <user> Problem: Programs may access resources for which the user who runs the program does not have permission.

  25. Grant and Revoke GRANT <privilege> ON <relation> To <user> [WITH GRANT OPTION] ------------------------------------------------------------------------------------------------------------------------------------ • GRANT SELECT * ON Student TO Matthews • GRANT SELECT *, UPDATE(GRADE) ON Student TO FARKAS • GRANT SELECT(NAME) ON Student TO Brown GRANT command applies to base relations as well as views

  26. Grant and Revoke REVOKE <privileges> [ON <relation>] FROM <user> ------------------------------------------------------------------------------------------------------------------------- • REVOKE SELECT* ON Student FROM Blue • REVOKE UPDATE ON Student FROM Black • REVOKE SELECT(NAME) ON Student FROM Brown

  27. B E A D C F Non-cascading Revoke A revokes D’s privileges E B A F C

  28. B E A D C F Cascading Revoke A revokes D’s privileges B A C

  29. - B E + + D A - C Positive and Negative Authorization • Problem: • Contradictory authorizations • GRANT <privilege> ON X TO <user> • DENY <privilege> ON X TO <user>

  30. - B E + + D A - C Negative Authorization - Positive authorization granted By A to D becomes blocked but NOT deleted.

  31. - B E + + D A - C Negative Authorization - + F What should happen with the privilege given by D To F? (Blocked but not deleted)

  32. Query Modification • GRANT SELECT(NAME) ON Student TO Blue WHERE COURSE=“CSCE 590” • Blue’s query: SELECT * FROM Student • Modified query: SELECT NAME FROM Student WHERE COURSE=“CSCE 580”

More Related