Embed Size (px)
Citation preview
CSCE 201CSCE 201Introduction to Introduction to
Information Security Information Security Fall 2010Fall 2010
Access ControlAccess Control
CSCE 201 - Farkas 2
Required reading list:– An Introduction to Computer Security: The NIST
Handbook, Chapter 17, LOGICAL ACCESS CONTROL, http://csrc.nist.gov/publications/nistpubs/800-12/handbook.pdf
Recommended:– Ravi Sandhu, Edward Coyne, Hal Feinstein and Charles
Youman, Role-Based Access Control Models, IEEE Computer, Volume 29, Number 2, February 1996 http://www.list.gmu.edu/journals/computer/i94rbac(org).pdf
CSCE 201 - Farkas 3
Access Control ExampleAccess Control Example
Access Control Policy for son Edward– Allowed access:
House
– Disallowed access: Automobile
CSCE 201 - Farkas 4
Access Control ExampleAccess Control Example
Access Control Policy for son Edward– Allowed access:
House
– Disallowed access: Automobile
CSCE 201 - Farkas 5
Access Control ExampleAccess Control Example
Access Control policy– Allowed access:
House:
– Disallowed access: Automobile
Problem!
Unauthorized access
CSCE 201 - Farkas 6
Access Control ExampleAccess Control Example
Access Control Policy for son Edward– Allowed access:
House Kitchen
– Disallowed access: Automobile Car key
CSCE 201 - Farkas 7
Access Control ExampleAccess Control Example
Correct Access Control Policy for son Edward– Allowed access:
House Kitchen
– Disallowed access: Automobile Car key
CSCE 201 - Farkas 8
Access ControlAccess Control
Protected resources: system resources for which protection is desirable– Memory, file, directory, hardware resource, software
resources, external devices, etc. Subjects: active entities requesting accesses to
resources– User, owner, program, etc.
Access mode: type of access– Read, write, execute
CSCE 201 - Farkas 9
Access Control Requirement Access Control Requirement Cannot be bypassedEnforce least-privilege and need-to-know
restrictionsEnforce organizational policy
CSCE 201 - Farkas 10
Access ControlAccess Control
Access control: ensures that all direct accesses to object are authorized
Protects against accidental and malicious threats by regulating the reading, writing and execution of data and programs
Need:– Proper user identification and authentication– Information specifying the access rights is protected
form modification
CSCE 201 - Farkas 11
Access ControlAccess Control
Access control components:– Access control policy: specifies the authorized accesses
of a system– Access control mechanism: implements and enforces
the policy Separation of components allows to:
– Define access requirements independently from implementation
– Compare different policies– Implement mechanisms that can enforce a wide range
of policies
CSCE 201 - Farkas 12
Closed v.s. Open SystemsClosed v.s. Open Systems
Closed system Open System
Access requ. Access requ.
Exists Rule? Exists Rule?
Access permitted
Access denied
Access denied
Access permitted
Allowed accesses
Disallowed accesses
yes no yesno
(minimum privilege) (maximum privilege)
CSCE 201 - Farkas 13
Access Control ModelsAccess Control ModelsAll accesses
Discretionary AC
Mandatory AC Role-Based AC
CSCE 201 - Farkas 14
Discretionary Access ControlDiscretionary Access ControlAccess control is based on
– User’s identity and – Access control rules
Most common administration: owner based– Users can protect what they own– Owner may grant access to others– Owner may define the type of access given to
others
CSCE 201 - Farkas 15
Access Matrix ModelAccess Matrix Model
Read
Write
Own
Read
Read
Write
Own
OBJECTS AND SUBJECTS
SUBJECTS
Joe
Sam
File 1 File 2
CSCE 201 - Farkas 16
DAC and Trojan Horse
Employee
Black’s Employee
Brown: read, write
Black, Brown: read, write
Brown
Black
Read Employee
REJECTED!Black is not allowed To access Employee
CSCE 201 - Farkas 17
DAC and Trojan Horse
Employee
Black’s Employee
Brown: read, write
Black, Brown: read, writeBrown
Black
Word Processor
TH
Inserts Trojan HorseInto shared program
Uses shared program Reads Employee
CopiesEmployeeTo Black’sEmployee
CSCE 201 - Farkas 18
DAC OverviewDAC OverviewAdvantages:
– Intuitive– Easy to implement
Disadvantages:– Inherent vulnerability (look TH example)– Maintenance of ACL or Capability lists– Maintenance of Grant/Revoke– Limited power of negative authorization
CSCE 201 - Farkas 19CSCE 201 - Farkas 19
RBAC MotivationRBAC Motivation
Multi-user systems Multi-application systems Permissions are associated with roles Role-permission assignments are persistent v.s.
user-permission assignments Intuitive: competency, authority and responsibility
CSCE 201 - Farkas 20CSCE 201 - Farkas 20
MotivationMotivation
Express organizational policies– Separation of duties– Delegation of authority
Flexible: easy to modify to meet new security requirements
Supports– Least-privilege– Separation of duties– Data abstraction
CSCE 201 - Farkas 21CSCE 201 - Farkas 21
RolesRoles
User group: collection of user with possibly different permissions
Role: mediator between collection of users and collection of permissions
RBAC independent from DAC and MAC (they may coexist)
RBAC is policy neutral: configuration of RBAC determines the policy to be enforced
CSCE 201 - Farkas 22CSCE 201 - Farkas 22
RBACRBAC00
.
.
UUsers
RRoles
PPermissions
. SSessions
User assignment
Permissionassignment
CSCE 201 - Farkas 23CSCE 201 - Farkas 23
RBAC0RBAC0
User: human beingsRole: job function (title)Permission: approval of a mode of access
– Always positive– Abstract representation– Can apply to single object or to many
Next ClassNext Class
Windows XP support for Access Control
CSCE 201 - Farkas 24
