Access Control. Assignment Review  Current –You decide what categories you want to include. Just provide the required justification.  Next  Detailed.

Slides:



Advertisements
Similar presentations
Information Flow and Covert Channels November, 2006.
Advertisements

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
Access Control Chapter 3 Part 3 Pages 209 to 227.
Access Control Methodologies
CMSC 414 Computer (and Network) Security Lecture 12 Jonathan Katz.
Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality model Bell-LaPadula Model –General idea –Informal description of rules.
Access Control Intro, DAC and MAC System Security.
Chapter 2.  CIA Model  Host Security VS Network Security  Least Privileges  Layered Security  Access Controls Prepared by Mohammed Saher2.
Security Fall 2006McFadyen ACS How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.
Information Systems Security Security Architecture Domain #5.
User Domain Policies.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson.
Lecture 7 Access Control
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
Security Certification
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.
Information Security Update CTC 18 March 2015 Julianne Tolson.
© G. Dhillon, IS Department Virginia Commonwealth University Principles of IS Security Formal Models.
7-Oct-15 System Auditing. AUDITING Auditing is a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic.
Session 2 - Security Models and Architecture. 2 Overview Basic concepts The Models –Bell-LaPadula (BLP) –Biba –Clark-Wilson –Chinese Wall Systems Evaluation.
Security+ All-In-One Edition Chapter 19 – Privilege Management Brian E. Brzezicki.
Access Control. What is Access Control? The ability to allow only authorized users, programs or processes system or resource access The ability to disallow.
Chapter 6: Integrity Policies  Overview  Requirements  Biba’s models  Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.
Trusted OS Design and Evaluation CS432 - Security in Computing Copyright © 2005, 2010 by Scott Orr and the Trustees of Indiana University.
Secure Operating Systems Lesson 4: Access Control.
Access Controls Henry Parks SSAC 2012 Presentation Outline Purpose of Access Controls Access Control Models –Mandatory –Nondiscretionary/Discretionary.
Policy, Models, and Trust
Trusted Operating Systems
Privilege Management Chapter 22.
Computer Security: Principles and Practice
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
Chapter 8: Principles of Security Models, Design, and Capabilities
Chapter 14: Controlling and Monitoring Access. Comparing Access Control Models Comparing permissions, rights, and privileges Understanding authorization.
Access Controls Mandatory Access Control by Sean Dalton December 5 th 2008.
PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.
22 feb What is Access Control? Access control is the heart of security Definitions: * The ability to allow only authorized users, programs or.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
Access Control. Assignment Review  Current  Next 6/23/2016 Access Control 2.
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
Security Architecture and Design Chapter 4 Part 4 Pages 377 to 416.
Identity and Access Management
Review of IT General Controls
Enhancing Network Security
Information Security Policy
Access Control Model SAM-5.
Access Control CSE 465 – Information Assurance Fall 2017 Adam Doupé
On-Line Meeting 2 October 25, 2016.
Identity and Access Management
Protection and Security
Configuring Windows Firewall with Advanced Security
UNIT I INTRODUCTION Growing IT Security Importance and New Career Opportunities – Becoming an Information Security Specialist – Conceptualizing.
Chapter 6 Integrity Policies
IS4680 Security Auditing for Compliance
CompTIA Security+ Study Guide (SY0-401)
2. Access Control Matrix Introduction to Computer Security © 2004 Matt Bishop 9/21/2018.
CIS 333 RANK Education for Service-- cis333rank.com.
Understanding Security Layers
System state models.
Protection and Security
Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)
Chapter 5: Confidentiality Policies
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
Computer Security Access Control
Chapter 6: Integrity Policies
Access Control and Audit
OU BATTLECARD: Oracle Identity Management Training
AUTHORIZATION AND ACCESS CONTROL DATA SECURITY identification Authentication Authorization.
Presentation transcript:

Access Control

Assignment Review  Current –You decide what categories you want to include. Just provide the required justification.  Next  Detailed rubrics are in the Instructor Files section. 7/9/2016 Access Control 2

7/9/2016 Access Control 3 Traditional AAA  Authentication  Access Control  Auditing

7/9/2016 Access Control 4  Discretionary Access Control  Mandatory Access Control  Role Based Access Control  ACL

7/9/2016 Access Control 5 Discretionary Access Control  Owner Decides  Default mode for may mobile, home devices

7/9/2016 Access Control 6 Mandatory Access Control (MAC)  Hierarchical  Top Secret  Secret  Confidential

Bell LaPadula is model for MAC  Objects have sensitivity label  Users have clearance level  Access granted if clearance=>label  Can write up but not down and can read down but not up (* property)  Does not consider compartmentalization or need to know 7/9/2016 Intro Computer Security 7

Biba Integrity Model  Can read at their highest integrity level  Can write at or lower then their integrity level 7/9/2016 Intro Computer Security 8

Clark-Wilson  Focus on “well ordered transactions” to raise integrity levels  Separation of Duties also key to preserve integrity 7/9/2016 Intro Computer Security 9

7/9/2016 Access Control 10 Role Based Access Control  What you can do depends on what job you have  Popular in active directory environments  Typically pushes assignment of rights to resource to owner of resource

7/9/2016 Access Control 11 ACL  Specific list  Often matrix of User, resource, rights generated by the system  Often seen in routers, firewalls, personnel access

7/9/2016 Access Control 12 Auditing  Two senses  Log watch  Auditing for Compliance

Logs  Critical to monitor  Organization will generate tons of logs  Must use tools to monitor for exceptions 7/9/2016 Access Control 13

Auditing for Compliance  Should verify you comply with appropriate laws  Especially prior to review/audit 7/9/2016 Access Control 14

Some Fundamentals 7/9/2016 Intro Computer Security 15

Three types of Security Controls  Classical –Physical –Administrative –Technical  Popular –Preventative–Preventative –Detective–Detective –Responsive–Responsive 7/9/2016 Intro Computer Security 16

Other Controls  In the course we will refer to controls not by category but more specifically: –AV –IDS –Policy 7/9/2016 Intro Computer Security 17

Information Security Principles of Success  Defense in Depth Critical  People Make Bad Security Decisions  Security Depends on –Functional Requirements –Assurance Requirements  Security Through Obscurity  Security is Risk Management 7/9/2016 Intro Computer Security 18

7/9/2016 Intro Computer Security 19 And More Principles  Complexity is the Enemy of Security  FUD Doesn't Work –Long term anyway  People, Process & Technology are all needed  Open Disclosure is Good for Security

7/9/2016 Intro Computer Security 20 Principles  No Absolute Security  Non-repudiation –You cannot deny having done a particular action –No shared IDs or passwords

More Security Principles  Separation of Duties  Principle of Least Privilege  Need to know  Defense in Depth  Complexity is the enemy of security  Industry best practices is only the lowest common denominator 7/9/2016 Access Control 21

7/9/2016 Intro Computer Security 22 Why Study InfoSEC?  Increasing Threat Spectrum  Compliance  Business Enabler

7/9/2016 Intro Computer Security 23 The InfoSEC Professional  Old Guys  The New folks

7/9/2016 Intro Computer Security 24 Other InfoSEC terms  IA  Computer Security  Information Security

Professional Development

7/9/2016 Intro Computer Security 26 Certifying Organizations  Establishment of certifying organizations key step to security as a profession

7/9/2016 Intro Computer Security 27 Some Organizations  ISC2  ISACA  CompTIA  ASIS  Other key security organizations –NIST - U.S., but a leading organization –ISO - world wide

7/9/2016 Intro Computer Security 28 Certification Programs  ISC2 Common Body of Knowledge  Not universal, ISC2 adds several specialized domains –The most Widely Accepted  DHS has another view as does SANS and CompTIA

7/9/2016 Intro Computer Security 29 ISC2 CBK often used in Educational Environments  10 Domains are good intro coverage

Question for you  What did you find most interesting in the reading so far?  Any war stories where one of these went wrong? Weren’t in place? 7/9/2016 Intro Computer Security 30

7/9/2016 Access Control 31 Questions ?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.