Computer Security Access Control

Slides:



Advertisements
Similar presentations
1 Access Control. 2 Objects and Subjects A multi-user distributed computer system offers access to objects such as resources (memory, printers), data.
Advertisements

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
Protection and Security Protection is any mechanism for controlling the access of processes to the resources of a computer system. This mechanism must.
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Lakshmi Narayana Gupta Kollepara 10/26/2009 CSC-8320.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
COEN 150: Intro to IA Authorization.
Access Control Intro, DAC and MAC System Security.
User Domain Policies.
Distributed Computer Security 8.2 Discretionary Access Control Models - Liang Zhao.
Lecture 7 Access Control
Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.
Information Classification & Access Control. Background All information is not equal  Context decides the sensitivity Even then, all information in the.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
Authentication and authorization Access control consists of two steps, authentication and authorization. Subject Do operation Reference monitor Object.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
CS-550 (M.Soneru): Protection and Security - 2 [SaS] 1 Protection and Security - 2.
Chapter 7 WORKING WITH GROUPS.
CH14 – Protection / Security. Basics Potential Violations – Unauthorized release, modification, DoS External vs Internal Security Policy vs Mechanism.
Computer Security 3e Dieter Gollmann
Systems Security & Audit Operating Systems security.
Chapter 7: WORKING WITH GROUPS
© G. Dhillon, IS Department Virginia Commonwealth University Principles of IS Security Formal Models.
Controlling Files Richard Newman based on Smith “Elementary Information Security”
Session 2 - Security Models and Architecture. 2 Overview Basic concepts The Models –Bell-LaPadula (BLP) –Biba –Clark-Wilson –Chinese Wall Systems Evaluation.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 4 – Access Control.
G53SEC 1 Access Control principals, objects and their operations.
Access Control. What is Access Control? The ability to allow only authorized users, programs or processes system or resource access The ability to disallow.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Protection (Chapter 14)
CE Operating Systems Lecture 21 Operating Systems Protection with examples from Linux & Windows.
ECE Prof. John A. Copeland fax Office: GCATT Bldg.
UNIX System Protection. Unix History Developed by Dennis Ritchie and Ken Thompson at AT&T Bell Labs Adapted some ideas from the Multics project in 1969.
Multics CysecLab Graduate School of Information Security KAIST.
Access Controls Henry Parks SSAC 2012 Presentation Outline Purpose of Access Controls Access Control Models –Mandatory –Nondiscretionary/Discretionary.
COEN 350: Network Security Authorization. Fundamental Mechanisms: Access Matrix Subjects Objects (Subjects can be objects, too.) Access Rights Example:
Privilege Management Chapter 22.
What is Access Control? Discretionary Access Control (DAC)
Computer Security: Principles and Practice
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 16 October 14, 2004.
Design and Implementation MAC in Security Operating System CAI Yi, ZHENG Zhi-rong, SHEN Chang-xiang Presented By, Venkateshwarlu Jangili. 1.
Karlstad University Operating System security Ge Zhang Karlstad University.
Access Controls Mandatory Access Control by Sean Dalton December 5 th 2008.
22 feb What is Access Control? Access control is the heart of security Definitions: * The ability to allow only authorized users, programs or.
Saurav Karmakar. Chapter 14: Protection  Goals of Protection  Principles of Protection  Domain of Protection  Access Matrix  Implementation of Access.
MLS/MCS on SE Linux Russell Coker. What is SE Linux? A system for Mandatory Access Control (MAC) based on the Linux Security Modules (LSM) framework Uses.
SE Linux Implementation Russell Coker. What is SE Linux? A system for Mandatory Access Control (MAC) based on the Linux Security Modules (LSM) framework.
CS580 Internet Security Protocols
Database System Implementation CSE 507
Protection and Security
Access Control Model SAM-5.
Access Control CSE 465 – Information Assurance Fall 2017 Adam Doupé
Introduction to NTFS Permissions
Protection and Security
Computer Data Security & Privacy
Chapter 14: Protection.
Access Control Today we will cover Access Control
Protection and Security
CE Operating Systems Lecture 21
Computer Security Confidentiality Policies
UNIX System Protection
OS Access Control Mauricio Sifontes.
Chapter 14: Protection.
Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)
Access Control.
Computer Security Confidentiality Policies
CS703 - Advanced Operating Systems
Lecture 4: File-System Interface
Presentation transcript:

Computer Security Access Control 5/8/2019

The Orange Book First published in 1983, the Department of Defense Trusted Computer System Evaluation Criteria, known as the Orange Book is the de facto standard for computer security today. The Orange Book, and others in the Rainbow Series, are still the benchmark for systems produced almost two decades later, and Orange Book classifications such as C2 provide a shorthand for the base level security features of modern operating systems. 5/8/2019

Access Control Terminology subject, object, reference monitor access request Access request Reference monitor Subject Object 5/8/2019

Access Control Terminology Authentication of statement s: . . answers the question: “who said s ? ” Authorization of object o: .. answers the question: “who is trusted to access o ?” Access request Reference monitor Subject s Object o 5/8/2019

Access Control We can specify What a subject is allowed to do Way may be done with an object 5/8/2019

Access Control Who is a subject? A principal, a user identity We might say that a subject `speaks for’ a principal 5/8/2019

Access Operations Access modes Observe  look at the contents of an object Alter  change the contents of an object 5/8/2019

Access Operations Access rights & attributes observe x x x x alter Bell-LaPadula security model Access rights execute append read write observe x x x x alter 5/8/2019

Access Operations Unix file directory read read from a file list directory contents write write to a file create or rename a file in a directory execute execute a (program) file search the directory Access rights specific to a file are changed by my modifying the file’s entry in its directory 5/8/2019

Access Operations Windows NT Permissions of Windows New Technology File System (NTFS) read write execute delete change permission change ownership 5/8/2019

Ownership The owner of a resource decrees who is allowed to access it. A system wide policy decrees who has access. 5/8/2019

Access Control Structures Now we must state which access operations are permitted. We do this by studying their structures. Let S be a set of subjects, O a set of objects, A a set of access operations 5/8/2019

Access Control Matrix Access rights are determined by a matrix M = (Mso)seS,oeO with Mso A The Bell-LaPadula model employs access contol matrices to model discretionary access policies of the Orange Book. 5/8/2019

Access Control Matrix An example bill.doc edit.exe fun.com Alice --- {execute} {execute, read} Bob {read,write} {execute} {execute,read,write} 5/8/2019

Access Control Matrix Access rights can be kept with the subjects or the objects. 5/8/2019

Access Control Matrix Capabilities If the access rights are kept with the subjects then these are the subject’s access rights. Every subject is given a capability. Alice’s capability: edit.exe: execute; fun.com: execute, read Bob’s capability: bill.doc: read, write; edit.exe: execute; fun.com: execute, read, write 5/8/2019

Access Control Matrix Access control lists (ACL) An ACL stores the access rights to an object with the object itself. ACLs are a typical feature of secure operating systems of the Orange Book class C2 ACL for bill.doc: Bob: read write ACL for edit.exe: Alice: execute; Bill: execute ACL for fun.com: Alice: execute, read; Bill: execute, read, write 5/8/2019

Access Control Matrix Access control lists (ACL) Management of access rights can be cumbersome. Therefore users are placed in groups, and derive access from a user’s group. 5/8/2019

Intermediate control Managing a security policy defined by an Access Control Matrix is a complex task in large systems. There are several means of simplifying this task. 5/8/2019

Group permissions s1 s2 s3 s4 s5 groups g1 g2 o3 o4 o5 o6 o1 o2 subjects groups g1 g2 o3 o4 o5 o6 o1 o2 objects 5/8/2019

Group and negative permissions subjects x x groups g1 g2 o3 o4 o5 o6 o1 o2 objects 5/8/2019

Privileges s1 s2 s3 s4 s5 subjects privileges pr1 pr2 operations op3 5/8/2019

Role Based Access Control Privileges come predefined with the OS Roles: a collection of procedures roles are assigned to users; a user can have many roles Procedures: high-level access control methods. Can only be applied to objects of certain data types. Datatypes: each object has a certain datatype and can only be accessed throuhg procedures defined for this datatype. 5/8/2019

Protection rings 0 operating system kernel operating system utilities user processors Each application is assigned a number 0,1,2,3… depending on its importance. 5/8/2019

Protection rings 0 operating system kernel operating system utilities user processors 3 2 1 0 5/8/2019

Protection rings Protection rings are mainly used for integrity protection An example is the QNX Neutrino microkernel OS * The Neutrino microkernel runs in ring 0 The Neutrino process runs in ring 1 All other programs run in ring 3 * A microkernel OS is structured as a tiny kernel that provides the minimal services used by a team of optional cooperating processes, which in turn provide the higher level OS functionality. 5/8/2019

Protection rings Unix employs a similar protection but uses only two levels 5/8/2019

The lattice OS Security levels The Mandatory Access Control (MAC) policies and the multi-level security policies of the Orange Book refer to security levels. top secret secret confidential unclassified This a linearly ordered set, a special case of a lattice. 5/8/2019

A lattice {a,b,c} {a,b} {a,c} {b,c} {a} {b} {c}  5/8/2019

A lattice A lattice (L, ) is a set with a partial ordering such that: For each pair of elements a,b of L there is a lub u in L and a glb v in L. 5/8/2019

An example Let H be a set of classifications with hierarchical ordering . Take a set of categories C, e.g. project names, company divisions, etc A compartment H is a set of categories, i.e. a subset of C. A security label (level) is a pair (h,c), where h in H is the security level and c in C is a compartment. 5/8/2019

An example The partial ordering is defined by: (h1,c1) (h2,c2) if and only if h1 h2 and c1 c2 5/8/2019

The VSTa operating system VSTa (Valencia's Simple Tasker) is an operating system with microkernel architecture. Abilities are defined as finite strings of positive integers separated by a dot, e.g.: .10.0.0.5 Abilities are ordered using a partial ordering: .3  .3.31  .3.1.100 but (⌐ .3.1 ≤ 3.2) Access is granted if the ability of a subject is a prefix of the object’s ability. The ability “.” defines a superuser. 5/8/2019

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.