2. Access Control Matrix Introduction to Computer Security © 2004 Matt Bishop 9/21/2018.

Slides:



Advertisements
Similar presentations
Computer Security Computer Security is defined as:
Advertisements

Database Management System
1 Access Control Matrix CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 9, 2004.
Authentication James Walden Northern Kentucky University.
Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.
April 6, 2004ECS 235Slide #1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe Defaults –Economy of Mechanism –Complete Mediation.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
CMSC 414 Computer (and Network) Security Lecture 10 Jonathan Katz.
SE571 Security in Computing
1 Access Control Matrix CSSE 442 Computer Security Larry Merkle, Rose-Hulman Institute March 16, 2007.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson.
Lecture 7 Access Control
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
Li Xiong CS573 Data Privacy and Security Access Control.
Csci5233 computer security & integrity 1 Access Control Matrix.
ECE509 Cyber Security : Concept, Theory, and Practice Access Control Matrix Spring 2014.
Chapter 2: Access Control Matrix
ISA Access Control ISA 562 Internet Security Theory & Practice.
Chapter 5 Network Security
Slide #2-1 Chapter 2: Access Control Matrix Overview Access Control Matrix Model Protection State Transitions –Commands –Conditional Commands.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 4 – Access Control.
Li Xiong CS573 Data Privacy and Security Access Control.
CE Operating Systems Lecture 21 Operating Systems Protection with examples from Linux & Windows.
14.1/21 Part 5: protection and security Protection mechanisms control access to a system by limiting the types of file access permitted to users. In addition,
Slide #2-1 Access Control Matrix and Safety Results CS461/ECE422 Computer Security I, Fall 2009 Based on slides provided by Matt Bishop for use with Computer.
INTRODUCTION TO BIOMATRICS ACCESS CONTROL SYSTEM Prepared by: Jagruti Shrimali Guided by : Prof. Chirag Patel.
Access Control: Policies and Mechanisms Vinod Ganapathy.
Privilege Management Chapter 22.
Computer Security: Principles and Practice
1/30/20161 Computer Security Access Control Matrix.
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #2-1 Chapter 2: Access Control Matrix Overview Access Control Matrix Model.
November 1, 2004Introduction to Computer Security © 2004 Matt Bishop Slide #2-1 Chapter 2: Access Control Matrix Overview Access Control Matrix Model Protection.
Database Security. Introduction to Database Security Issues (1) Threats to databases Loss of integrity Loss of availability Loss of confidentiality To.
Chapter 29: Program Security Dr. Wayne Summers Department of Computer Science Columbus State University
CSEN 1001 Computer and Network Security Amr El Mougy Mouaz ElAbsawi.
September 10, 2012Introduction to Computer Security © 2004 Matt Bishop Slide #2-1 Chapter 2: Access Control Matrix Overview Access Control Matrix Model.
SECURITY Prepared By: Dr. Vipul Vekariya.. 2 S ECURITY Secure system will control, through use of specific futures, access to information that only properly.
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
Access Control Model SAM-5.
Access Control CSE 465 – Information Assurance Fall 2017 Adam Doupé
IS 2150 / TEL 2810 Introduction to Security
Chapter One: Mastering the Basics of Security
Chapter 14: System Protection
Database Security and Authorization
Chapter 6 Integrity Policies
Chapter 14: Protection.
General OS Security: Memory Protection and Access Control
Chapter 14: Protection.
Chapter 14: Protection.
Chapter 13: Design Principles
CE Operating Systems Lecture 21
Chapter 14: Protection.
Computer Security Access Control Matrix
Chapter 14: Protection.
IS 2150 / TEL 2810 Introduction to Security
Chapter 14: Protection.
Chapter 14: Protection.
Chapter 29: Program Security
Outline Motivation Access Control Matrix Model
Computer Security: Art and Science, 2nd Edition
Module 2 OBJECTIVE 14: Compare various security mechanisms.
Chapter 2: Access Control Matrix
Chapter 14: Protection.
Chapter 14: Protection.
Chapter 6: Integrity Policies
IS 2150 / TEL 2810 Introduction to Security
Chapter 4: Security Policies
Computer Security Access Control Mechanisms
IS 2150 / TEL 2810 Introduction to Security
Chapter 2: Access Control Matrix
Presentation transcript:

2. Access Control Matrix Introduction to Computer Security © 2004 Matt Bishop 9/21/2018

Introduction Chapter 1 Objectives of Access Control Confidentiality: Avoid disclosing sensitive data to unauthorized users Integrity: Reliable and dependable Availability: Provide information to authorized users on demand Threats: Violation of Security Some Secondary Objectives of providing access control Separation of duties Least privilege Need-to-know Need-to-share Introduction to Computer Security © 2004 Matt Bishop 9/21/2018

Policy and Mechanism Security Policy is a statement of what is and what is not allowed Security Mechanism is a method, tool, or procedure for enforcing a security policy Secure, precise or broad P: set of all possible states Q: set of secure states: defined by security policy Security mechanisms restricts to R states (R  P) Security Mechanism is secure R  Q is precise R = Q Is broad if there are states r such that r ∈ R and r ∈ Q Introduction to Computer Security © 2004 Matt Bishop 9/21/2018

Goals of security Prevention Detection Recovery Introduction to Computer Security © 2004 Matt Bishop 9/21/2018

What to protect Based on business risk Example the government classification Unclassified Confidential Secret Top secret Introduction to Computer Security © 2004 Matt Bishop 9/21/2018

3 Types of access controls Administrative Examples: separation of duties, dual control, etc. Physical Examples: fences, alarms, badges, CCTV, etc. Technical Examples: antivirus, antis-spam, logs, etc. Introduction to Computer Security © 2004 Matt Bishop 9/21/2018

Steps in accessing systems Authentication Use a unique identifier– Example: user ID, Account number, PIN 3 main datum used for authentication Something requester know Passwords Pass-phrases Something the requester is Biometrics Physical characteristics Something the requester has Tokens (one-time passwords, time synchronized token) Smart Cards USB Tokens Authorization Accounting Introduction to Computer Security © 2004 Matt Bishop 9/21/2018

Using Biometrics for Authentication Have false (rejection, acceptance) rates. Examples static biometrics Fingerprint or palm print Hand Geometry Retina Example Dynamic biometrics Face /gesture Recognition Keystrokes Voice characteristics Introduction to Computer Security © 2004 Matt Bishop 9/21/2018

Chapter 2: Access Control Matrix Overview Defining the State Access Control Matrix Model Protection State Transitions Commands Conditional Commands Introduction to Computer Security © 2004 Matt Bishop 9/21/2018

Typical Layer for Access Control Operating System Database Application Introduction to Computer Security © 2004 Matt Bishop 9/21/2018

Access Control Matrix A model of protection systems Describes who (subject) can do what (rights) to whom (object/subject) Examples: An instructor can assign and grade homework and exams A Teaching Assistant can grade homework Students can evaluate the instructor and TA Introduction to Computer Security © 2004 Matt Bishop 9/21/2018

Defining Terms System State (S) Q  P  S Protection State (P) Collection of memory contents Registers Main memory Secondary storage Protection State (P) Conditions under which a system is secure Authorized States (Q) Subset of Protection States in which a system is authorized to reside Secure states Q  P  S Introduction to Computer Security © 2004 Matt Bishop 9/21/2018

More Terms Security policy defines states in Q Security mechanisms prevent transitions to states in P-Q. Access Control Matrix describes protection states Specifies rights of each subject (active entity) w.r.t. every other entity State transitions are triggered by commands that change from one state to another Constrains on State Transitions assures Security Set of authorized states Set of operations in authorized states Introduction to Computer Security © 2004 Matt Bishop 9/21/2018

Overview Protection state of system Access control matrix Describes current settings, values of system relevant to protection Access control matrix Describes protection state precisely Matrix describing rights of subjects State transitions change elements of matrix Introduction to Computer Security © 2004 Matt Bishop 9/21/2018

Description Subjects S = { s1,…,sn } Objects O = { o1,…,om } Rights R = { r1,…,rk } Entries A[si, oj]  R A[si, oj] = { rx, …, ry } means subject si has rights rx, …, ry over object oj objects (entities) subjects s1 s2 … sn o1 … om s1 … sn Introduction to Computer Security © 2004 Matt Bishop 9/21/2018

Example 1 Processes p, q Files f, g Rights r, w, x, a, o (read, write, execute, append, own) f g p q p rwo r rwxo w q a ro r rwxo Introduction to Computer Security © 2004 Matt Bishop 9/21/2018

Example 2 Procedures inc_ctr, dec_ctr, manage Variable counter Rights +, –, call counter inc_ctr dec_ctr manage inc_ctr + dec_ctr – manage call call call Introduction to Computer Security © 2004 Matt Bishop 9/21/2018

State Transitions Change the protection state of system |– represents transition Xi |–  Xi+1: command  moves system from state Xi to Xi+1 Xi |– * Xi+1: a sequence of commands moves system from state Xi to Xi+1 Commands often called transformation procedures Introduction to Computer Security © 2004 Matt Bishop 9/21/2018

Primitive Operations create subject s; create object o Creates new row, column in ACM; creates new column in ACM No rights added – just modifies matrix destroy subject s; destroy object o Deletes row, column from ACM; deletes column from ACM enter r into A[s, o] Adds r rights for subject s over object o delete r from A[s, o] Removes r rights from subject s over object o Introduction to Computer Security © 2004 Matt Bishop 9/21/2018

Creating File create object f; enter own into A[p, f]; Process p creates file f with r and w permission command create•file(p, f) create object f; enter own into A[p, f]; enter r into A[p, f]; enter w into A[p, f]; end Introduction to Computer Security © 2004 Matt Bishop 9/21/2018

Mono-Operational Commands Make process p the owner of file g command make•owner(p, g) enter own into A[p, g]; end Mono-operational command Single primitive operation in this command Introduction to Computer Security © 2004 Matt Bishop 9/21/2018

Conditional Commands Let p give q r rights over f, if p owns f command grant•read•file•1(p, f, q) if own in A[p, f] then enter r into A[q, f]; end Mono-conditional command Single condition in this command Introduction to Computer Security © 2004 Matt Bishop 9/21/2018

Multiple Conditions Let p give q r and w rights over f, if p owns f and p has c rights over q command grant•read•file•2(p, f, q) if own in A[p, f] and c in A[p, q] then enter r into A[q, f]; enter w into A[q, f]; end Introduction to Computer Security © 2004 Matt Bishop 9/21/2018

Copy Right Allows possessor to give rights to another Often attached to a right, so only applies to that right r is read right that cannot be copied rc is read right that can be copied Is copy flag copied when giving r rights? Depends on the model and its instantiation Introduction to Computer Security © 2004 Matt Bishop 9/21/2018

Own Right Usually allows possessor to change entries in ACM column Owner of an object can add, delete rights for others May depend on what system allows Can’t give rights to specific (set of) users Can’t pass copy flag to specific (set of) users Introduction to Computer Security © 2004 Matt Bishop 9/21/2018

Attenuation of Privilege Principle says you can’t give rights you do not possess Restricts addition of rights within a system Usually ignored for owner Why? Owner gives herself rights, gives them to others, deletes her rights. Introduction to Computer Security © 2004 Matt Bishop 9/21/2018

Key Points Access control matrix simplest abstraction mechanism for representing protection state Transitions alter protection state 6 primitive operations alter matrix Transitions can be expressed as commands composed of these operations and, possibly, conditions Introduction to Computer Security © 2004 Matt Bishop 9/21/2018