1 / 59

Authentication, access control, and policy configuration

This article provides an outline of definitions and concepts related to authentication, access control, and policy management. It discusses various authentication mechanisms and explores the challenges and solutions in password selection and management. The article also introduces alternative approaches, such as biometrics and graphical passwords, and explores the concept of browser-based mutual authentication.

pkaplan
Télécharger la présentation

Authentication, access control, and policy configuration

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Authentication, access control, and policy configuration Lorrie Faith Cranor October 2009

  2. Outline • Definitions • Authentication • Access control • Policy management • Policy authoring

  3. Definitions • Identification - a claim about identity • Who or what I am (global or local) • Authentication - confirming that claims are true • I am who I say I am • I have a valid credential • Authorization - granting permission based on a valid claim • Now that I have been validated, I am allowed to access certain resources or take certain actions • Access control system - a system that authenticates users and gives them access to resources based on their authorizations • Includes or relies upon an authentication mechanism • May include the ability to grant course or fine-grained authorizations, revoke or delegate authorizations • Also includes an interface for policy configuration and management

  4. Building blocks of authentication • Factors • Something you know (or recognize) • Something you have • Something you are • Two factors are better than one • Especially two factors from different categories • What are some examples of each of these factors? • What are some examples of two-factor authentication?

  5. Authentication mechanisms • Text-based passwords • Graphical passwords • Hardware tokens • Public key crypto protocols • Biometrics

  6. Evaluation • Accessibility • Memorability • Security • Cost • Environmental considerations

  7. Typical password advice

  8. Typical password advice • Pick a hard to guess password • Don’t use it anywhere else • Change it often • Don’t write it down So what do you do when every web site you visit asks for a password?

  9. Bank = b3aYZ Amazon = aa66x! Phonebill = p$2$ta1

  10. Problems with Passwords • Selection • Difficult to think of a good password • Passwords people think of first are easy to guess • Memorability • Easy to forget passwords that aren’t frequently used • Difficult to remember “secure” passwords with a mix of upper & lower case letters, numbers, and special characters • Reuse • Too many passwords to remember • A previously used password is memorable • Sharing • Often unintentional through reuse • Systems aren’t designed to support the way people work together and share information

  11. Substitute numbers for words or similar-looking letters fsasya,oF Substitute symbols for words or similar-looking letters 4sa7ya,oF Mnemonic Passwords Four F Four and and a , , score s y years seven s seven a ago o our F Fathers First letter of each word (with punctuation) 4sa7ya,oF 4sasya,oF 4s&7ya,oF Source: Cynthia Kuo, SOUPS 2006

  12. The Promise? • Phrases help users incorporate different character classes in passwords • Easier to think of character-for-word substitutions • Virtually infinite number of phrases • Dictionaries do not contain mnemonics Source: Cynthia Kuo, SOUPS 2006

  13. The Problem? • “Goodness” of mnemonic passwords unknown • Yan et al. compared regular, mnemonic, and randomly generated passwords • Used standard (non-mnemonic) dictionary • Effectively evaluated whether mnemonic passwords contained dictionary words Source: Cynthia Kuo, SOUPS 2006

  14. Mnemonic password evaluation • Mnemonic passwords are not a panacea for password creation • No comprehensive dictionary today • May become more vulnerable in future • Many people start to use them • Attackers incentivized to build dictionaries • Publicly available phrases should be avoided! C. Kuo, S. Romanosky, and L. Cranor. Human Selection of Mnemonic Phrase-Based Passwords. In Proceedings of the 2006 Symposium On Usable Privacy and Security, 12-14 July 2006, Pittsburgh, PA. Source: Cynthia Kuo, SOUPS 2006

  15. Password keeper software • Run on PC or handheld • Only remember one password

  16. Single sign-on • Login once to get access to all your passwords

  17. Biometrics

  18. Graphical passwords

  19. “Forgotten password” mechanism • Email password or magic URL to address on file • Challenge questions • Why not make this the normal way to access infrequently used sites?

  20. Convenient SecureID 1 • What problems does this approach solve? • What problems does it create? Source: http://worsethanfailure.com/Articles/Security_by_Oblivity.aspx

  21. Convenient SecureID 2 • What problems does this approach solve? • What problems does is create? Previously available at: http://fob.webhop.net/

  22. Browser-based mutual authentication • Chris Drake’s “Magic Bullet” proposal • http://lists.w3.org/Archives/Public/public-usable-authentication/2007Mar/0004.html • User gets ID, password (or alternative), image, hotspot at enrollment • Before user is allowed to login they are asked to confirm URL and SSL cert and click buttons • Then login box appears and user enters username and password (or alternative) • Server displays set of images, including user’s image (or if user entered incorrect password, random set of images appear) • User finds their image and clicks on hotspot • Image manipulation can help prevent replay attacks • What problems does this solve? • What problems doesn’t it solve? • What kind of testing is needed

  23. Types of access control • Discretionary access control • Distributed, dynamic, users set access rules for resources they own and can delegate access to others • Role-based access control • Centralized admin assigns users to roles and sets access rules based on roles • And many others that vary • discretionary/mandatory • centralized/distributed • granularity • grouping

  24. Policy management problems • Admins, large organizations understanding large access control policies • Someone in marketing changed a policy and now we can’t figure out why people in sales no longer have access to a document • Who has access to this document anyway? • End users creating and understanding policies • Examples: File system permissions, Grey, Perspective, privacy rules • Home users want to share some files with some other users, but don’t want to share everything

  25. Roles for policy professionals • Policy makers • Policy implementers L. Bauer, L. Cranor, R.W. Reeder, M.K. Reiter, and K. Vaniea. Real life challenges in access-control management. CHI 2009. http://www.ece.cmu.edu/~lbauer/papers/2009/chi09-management.pdf

  26. Policy conflicts • Given • Alice is in GroupA and GroupB • FileQ is in FolderX • What types of conflicts might occur? • Direct conflict • Alice allowed access to FileQ • Alice denied access to FileQ • Group/group conflict • GroupA allowed access to FileQ • GroupB denied access to FileQ • User/group conflict • Alice allowed access to FileQ • GroupA denied access to FileQ • File/directory conflict • Alice allowed access to FileQ • Alice denied access to FolderX • 2-way conflict • Alice allowed access to FileQ • GroupA denied access to FolderX

  27. How can conflicts be resolved? • Default rule – deny/allow takes precedence • Ordered rules – policy author sets order • Ordered rules – most recent first/last • Specificity – most/least specific takes precedence • Weighted rules – policy author assigns weights • Exceptions – policy authors defines exceptions (essentially a partial ordering) • Combination

  28. Policy Authoring Slides courtesy of Rob Reeder R. W. Reeder. Expandable Grids: A user interface visualization technique and a policy semantics to support fast, accurate security and privacy policy authoring. PhD Thesis, Computer science department, Carnegie Mellon University, Pittsburgh, PA, July 2008. Available as tech report number CMU-CS-08-143.

  29. Memogate

  30. File systems Location disclosure applications Online social networks Websites Proliferation of policies

  31. Policy authoring • Policy – a set of rules that determine the conditions under which access is allowed to a resource • Policies are created, edited, and viewed – authored • Someone determines policy – the author • Policies should fulfill the author’s intentions • Policy authoring is done with a user interface

  32. List of rules interfaces support policy authoring operations poorly • Viewing policy • Often only one rule at a time is visible • Difficult to understand policy by reading long list of rules • Changing policy • Difficult to understand effect of changes because you can’t see all relevant parts of a policy together • Viewing group memberships • Usually requires using a separate interface • Detecting and resolving conflicts • When rules interact, it isn’t clear what the outcome will be

  33. Solution: Expandable Grid Key insight: Center policy-authoring user interfaces around a display of the wholeeffective policy, not a list of rules

  34. Expandable Grid details Jana

  35. Direct manipulation interface • To change a policy, just click on a cell and toggle the color • In order to make this work, we had to change the conflict resolution semantics • Widows semantics: Deny takes precedence, but specificity precedence in resource dimension • Expandable Grid semantics: Recency precedence

  36. User study of Expandable Grid for file permissions • Laboratory study • 2 conditions: • Expandable Grid • Native Windows file permissions interface • 36 participants, 18 per condition, novice policy authors • Training: • 3.5 minutes for Grid • 5.5 minutes for Windows • 18 tasks based on a teaching assistant scenario

  37. Example task: Jana • Set permissions so that Jana can read and write the Four-part Harmony.doc file in the Theory 101\Handouts folder. • Task setup: • Jana is a TA “this” year (did the study in 2007) • Is in the group Theory 101 TAs 2007 • Jana was a TA last year • Is in the group Theory 101 TAs 2006 • 2007 TAs are allowed READ & WRITE • 2006 TAs are denied READ & WRITE • Since Jana is in both groups, she is denied access

  38. Jana task – common error

  39. Learning Jana’s effective permissions 1 2 Click “Effective Permissions” Click “Advanced” 3 Select Jana 4 View Jana’s Effective Permissions

  40. Learning Jana’s group membership Bring up Computer Management interface 5 6 Click on “Users” TAs 2006 TAs 2007 Double-click Jana 7 9 Read Jana’s group membership 8 Click “Member Of”

  41. Learning Jana’s groups’ permissions 10 11 Read permissions for TAs 2006 12 Click on TAs 2006 13 Click on TAs 2007 Read permissions for TAs 2007

  42. Changing Jana’s groups’ permissions 14 15 Change permissions for TAs 2006 Click on TAs 2006

  43. Checking work 16 17 Click “Advanced” Click “Effective Permissions” 18 Select Jana 19 View Jana’s Effective Permissions

  44. XP support for fundamental operations • Viewing policy • Effective policy is 3 screens away (most authors don’t find them) • Changing policy • Authors operate on rules, not effective policy • Viewing group memberships • In a separate application from file permissions • Detecting and resolving conflicts • Has to be done manually

  45. Viewing effective policy 1

  46. Viewing group membership 2

  47. Changing policy 3

  48. Resolving rule conflicts

  49. Grid support for fundamental operations • Viewing policy • Effective policy directly shown on screen • Changing policy • Changes take one click • Viewing group memberships • Group memberships are shown in the trees • Detecting and resolving conflicts • Happens automatically

More Related