Access Control CS461/ECE422 Fall 2011. Reading Material Chapter 4 through section 4.5 Chapters 23 and 24 – For the access control aspects of Unix and.

Slides:



Advertisements
Similar presentations
ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University.
Advertisements

Future Directions in Role-Based Access Control Models Ravi Sandhu Co-Founder and Chief Scientist SingleSignOn.Net & Professor of Information Technology.
RBAC and HIPAA Security Uday O. Ali Pabrai, CHSS, SCNA Chief Executive, HIPAA Academy.
Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 14 Protection and Security.
Role-Based Access Control CS461/ECE422 Fall 2011.
Operating System Security
Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5.
1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
Access Control Chapter 3 Part 3 Pages 209 to 227.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
Access Control Intro, DAC and MAC System Security.
1 Access Control Matrix CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 9, 2004.
Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.
CMSC 414 Computer and Network Security Lecture 10 Jonathan Katz.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 4: Access Control.
Role Based Access Control Models Presented By Ankit Shah 2 nd Year Master’s Student.
Access Control CS461/ECE422 Spring Reading Material Chapter 4 through section 4.5 Chapters 25 and 26 – For the access control aspects of Unix and.
Lecture 7 Access Control
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
Access Control: Part I Chao-Hsien Chu, Ph.D.
Authentication and authorization Access control consists of two steps, authentication and authorization. Subject Do operation Reference monitor Object.
Li Xiong CS573 Data Privacy and Security Access Control.
Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.
1 September 14, 2006 Lecture 3 IS 2150 / TEL 2810 Introduction to Security.
ECE509 Cyber Security : Concept, Theory, and Practice Access Control Matrix Spring 2014.
Security Policy What is a security policy? –Defines what it means for a system to be secure Formally: Partition system into –Secure (authorized) states.
1 A pattern language for security models Eduardo B. Fernandez and Rouyi Pan Presented by Liping Cai 03/15/2006.
Controlling Files Richard Newman based on Smith “Elementary Information Security”
Security+ All-In-One Edition Chapter 19 – Privilege Management Brian E. Brzezicki.
CSCE 201 Introduction to Information Security Fall 2010 Access Control.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 4 – Access Control.
G53SEC 1 Access Control principals, objects and their operations.
Li Xiong CS573 Data Privacy and Security Access Control.
Access Control. What is Access Control? The ability to allow only authorized users, programs or processes system or resource access The ability to disallow.
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Chapter 14: Protection.
CE Operating Systems Lecture 21 Operating Systems Protection with examples from Linux & Windows.
Slide #2-1 Access Control Matrix and Safety Results CS461/ECE422 Computer Security I, Fall 2009 Based on slides provided by Matt Bishop for use with Computer.
SELinux. The need for secure OS Increasing risk to valuable information Dependence on OS protection mechanisms Inadequacy of mainstream operating systems.
Access Controls Henry Parks SSAC 2012 Presentation Outline Purpose of Access Controls Access Control Models –Mandatory –Nondiscretionary/Discretionary.
COEN 350: Network Security Authorization. Fundamental Mechanisms: Access Matrix Subjects Objects (Subjects can be objects, too.) Access Rights Example:
CSCE 201 Introduction to Information Security Fall 2010 Access Control Models.
Trusted Operating Systems
Access Control Lesson Introduction ●Understand the importance of access control ●Explore ways in which access control can be implemented ●Understand how.
Access Control: Policies and Mechanisms Vinod Ganapathy.
Privilege Management Chapter 22.
Computer Security: Principles and Practice
Protection & Security Greg Bilodeau CS 5204 October 13, 2009.
Chapter 14: Controlling and Monitoring Access. Comparing Access Control Models Comparing permissions, rights, and privileges Understanding authorization.
Access Controls Mandatory Access Control by Sean Dalton December 5 th 2008.
PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.
Chapter 4 Access Control. Access Control Principles RFC 4949 defines computer security as: “Measures that implement and assure security services in a.
22 feb What is Access Control? Access control is the heart of security Definitions: * The ability to allow only authorized users, programs or.
Access control Presented by: Pius T. S. : Christian C. : Gabes K. : Ismael I. H. : Paulus N.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Chapter 4 – Access Control.
Access Control Model SAM-5.
Access Control CSE 465 – Information Assurance Fall 2017 Adam Doupé
Protection and Security
Chapter 14: System Protection
Computer Data Security & Privacy
CompTIA Security+ Study Guide (SY0-401)
Chapter 14: Protection.
CE Operating Systems Lecture 21
Discretionary Access Control (DAC)
OS Access Control Mauricio Sifontes.
Chapter 14: Protection.
Access Control.
Access Control What’s New?
Access Control and Audit
Presentation transcript:

Access Control CS461/ECE422 Fall 2011

Reading Material Chapter 4 through section 4.5 Chapters 23 and 24 – For the access control aspects of Unix and Windows

Outline Access Control Matrix Access Control List Capabilities

Access Control in Context

AAA Access control part of a broader context Authentication – Discussed last time. Bind external entity to system entity Authorization – Grant a right or permission to the system entity to access a system resource Audit – Independent review of system actions

Types of Access Control Policies Discretionary Access Control (DAC) – Decision made based on identity of requestor and access rules – Regular users can adjust the policy Mandatory Access Control (MAC) – Decision made by testing labels associated with processes and resources against system policy rules – Regular user cannot adjust the policy Role Based Access Control (RBAC) – Access decisions defined against roles rather than individual requestors

Access Control Requirements or Differentiators Reliable Input - GIGO Fine and course grain specifications Least Privilege Separation of Duty Open and closed policies – What is the default? Policy combination and conflict resolution Administrative policies – How is change to access control managed? Dual Control

Access Control Elements Subject – system entity capable of access objects. Generally a process in an OS context Object – a resource in a system – Often a file – Could also be other named resources like mutex, process, network interface, network port Access right – a way that a subject may access an object in the system – Read, Write, Execute, Delete, Create, Search, Change Access, Own

9/29/2010Computer Security I9 Access Control Matrix Access Matrix or Access Control Matrix (ACM) and related concepts provides very basic abstraction – Map different systems to a common form for comparison – Enables standard proof techniques – Not directly used in implementation

9/29/2010Computer Security I10 Definitions Protection state of system – Describes current settings, values of system relevant to protection Access control matrix – Describes protection state precisely – Matrix describing rights of subjects – State transitions change elements of matrix

Access Matrix: File Example File 1File 2File3File4 User AOwn Read Write Own Read Write User BReadOwn Read Write Read User CRead Write ReadOwn Read Write

Access Matrix: Broader Example SubjectsFilesProcessesDisks S1S2S3F1F2P1P2D1D2 S1 controlowner control Read*Read owner wakeup seekowner S2 controlWrite*executeownerSeek* S3 controlwritestop

Mediation Implementation

Rules Governing Access Matrix Change RuleCommand (by S0)AuthorizationOperation R1Transfer α or α* to S,X‘α*’ in A[S0,X]Store α or α* in A[S,X] R2Grant α or α* to S,X‘owner’ in A[S0,X]Store α or α* in A[S,X] R3Delete α from S,X‘control’ in A[S0,S] or ‘owner’ in A[S0,X] Delete α from A[S,X] R4w <- read S,X‘control’ in A[S0,S] or ‘owner’ in A[S0,X] Copy A[S,X] into w R5Create object XNoneAdd column for X to A; store ‘owner’ in A[S0,X] R6Destroy object X‘owner’ in A[S0,X]Delete column X from A R7Create subject SNoneAdd row for S to A; execute create object S; store ‘control’ in A[S,S] R8Destroy subject S‘owner’ in A[S0,S]Delete row for S from A; execute destroy object S

Actually Implementing Access Matrix Slice by column – Access control list – Used by Multics and most modern OS Slice by row – Capability list – Many implementations in the ‘80’s – Often associated with object-oriented systems

Slice and Dice File example

9/29/2010Computer Security I17 Unix Access Control Three permission octets associated with each file and directory – Owner, group, and other – Read, write, execute For each file/directory – Can specify RWX permissions for one owner, one group, and one other

9/29/2010Computer Security I18 Windows ACL

9/29/2010Computer Security I19 Windows ACL Actually two ACL's per file – System ACL (SACL) – controls auditing and now integrity controls – Discretionary ACL (DACL) – controls object access Windows ACLs apply to all named objects – Files – Pipes – Events

9/29/2010Computer Security I20 ACL Distinctions What subjects can modify an object's ACL? If there is a privileged user, do the ACLs apply to that user? Does the ACL support groups or wildcards? How are contradictory access control permissions handled? If a default permission is allowed, do the ACL permissions modify it, or is the default only used when the subject is not mentioned in the ACL?

9/29/2010Computer Security I21 ACL Scaling Groups of users Role Base Access Control – Users can take on role at a time Directory inheritance Negative rights

9/29/2010Computer Security I22 Revoking rights with ACLs Revoking rights for subject s to a particular object o straightforward – Remove s from ACL(o) – Make sure s has a negative entry in the ACL(o) Example: Alice removes all of Bob's rights to file f – What if Bob had given Carol read rights to f? – Should Carol still have those rights?

Capabilities Slice Access matrix by row Capabilities associated with the subjects

9/29/2010Computer Security I24 Capability Integrity Subject presents capability to access object – Capability encapsulates object ID with allowed rights. Unlike ACLs, capabilities are not completely contained by the OS Capability integrity is a big concern – Tagged memory – Segmented memory – Cryptographic hashs

9/29/2010Computer Security I25 Capabilities and propagation Copy rights – Separate version of the base right, e.g read-copy – Some systems had explicit copy bit Right amplification – May need to temporarily amplify rights to object – Perhaps just within particular method or module – Combine abstract class rights with object rights – Counter module example In generally user only has right to invoke counter module on variable of counter type In counter code, process must perform additional operations.

9/29/2010Computer Security I26 Revoking capabilities Easy to revoke all rights to a given subject What about revoking everyone's rights to a particular object?

9/29/2010Computer Security I27 Capabilities HW Intel iAPX 432 (mid ’70s) – Tried to put even more security enforcement in hardware – Capabilities and object-oriented – Implementation too complex and compiler technology not sufficiently smart – IBM System/38 – From about the same time period – Also had hardware capabilities support Capability-Based Computer Systems by Henry N. Levy –

Protection Domains In Access Matrix – Replace user with “Protection Domain” At run time the process representing user may run under different protection domains In extreme case – User mode vs kernel mode

Key Points Access control part of broader system Access Control Matrix or Access Matrix – Means to model access control systems Real implementations – Access control lists – Capability lists

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.