Information Security - City College1 Access Control in Collaborative Systems Authors: Emis Simo David Naco.

Slides:



Advertisements
Similar presentations
The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte.
Advertisements

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
Database Systems: Design, Implementation, and Management Tenth Edition
Access Control Methodologies
Microkernels How to build a dependable, modular and secure operating system?
8.2 Discretionary Access Control Models Weiling Li.
Access Control Patterns Fatemeh Imani Mehr Amirkabir university of technology, Department of Computer Engineering & Information Technology.
Access Control Intro, DAC and MAC System Security.
Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.
Protection. Goals of Protection Operating system consists of a collection of objects, hardware or software Each object has a unique name and can be accessed.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.
Bilkent University Department of Computer Engineering
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.
Chapter 14: Protection.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 4: Access Control.
Chapter 5 Database Application Security Models
User Domain Policies.
Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.
Chapter 14: Protection.
Role Based Access Control Models Presented By Ankit Shah 2 nd Year Master’s Student.
Distributed Computer Security 8.2 Discretionary Access Control Models - Liang Zhao.
Lecture 7 Access Control
Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.
WP6: Grid Authorization Service Review meeting in Berlin, March 8 th 2004 Marcin Adamski Michał Chmielewski Sergiusz Fonrobert Jarek Nabrzyski Tomasz Nowocień.
Protection.
Presented by Amlan B Dey.  Access control is the traditional center of gravity of computer security.  It is where security engineering meets computer.
1 A pattern language for security models Eduardo B. Fernandez and Rouyi Pan Presented by Liping Cai 03/15/2006.
Switch off your Mobiles Phones or Change Profile to Silent Mode.
CSCE 201 Introduction to Information Security Fall 2010 Access Control.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
Next-generation databases Active databases: when a particular event occurs and given conditions are satisfied then some actions are executed. An active.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 4 – Access Control.
G53SEC 1 Access Control principals, objects and their operations.
Protection Models Yeong-Tay Timothy Sun September 27, Dennis Kafura – CS5204 – Operating Systems.
Silberschatz, Galvin and Gagne  Operating System Concepts Chapter 18: Protection Goals of Protection Objects and Domains Access Matrix Implementation.
Protection Nadeem Majeed Choudhary
14.1/21 Part 5: protection and security Protection mechanisms control access to a system by limiting the types of file access permitted to users. In addition,
SOME ISSUES OF ROLE- BASED COLLABORATION Haibin Zhu, PhD Member, IEEE, Assistant Professor Dept. of Computer Science, Nipissing University, 100 College.
Access Control in Collaborative Systems William Tolone, Gail-Joon Ahn, Tanusree Pai & Seng-Phil Hong.
Software Security II Karl Lieberherr. What is Security Enforcing a policy that describes rules for accessing resources. Policy may be explicit or implicit.
Access Controls Henry Parks SSAC 2012 Presentation Outline Purpose of Access Controls Access Control Models –Mandatory –Nondiscretionary/Discretionary.
ROLE BASED ACCESS CONTROL 1 Group 4 : Lê Qu ố c Thanh Tr ầ n Vi ệ t Tu ấ n Anh.
Academic Year 2014 Spring Academic Year 2014 Spring.
Access Control Lesson Introduction ●Understand the importance of access control ●Explore ways in which access control can be implemented ●Understand how.
Chapter 14: Protection Silberschatz, Galvin and Gagne ©2005 Operating System Concepts – 7 th Edition, Apr 11, 2005 Chapter 14: Protection Goals.
Discretionary Access Control Models Adith Srinivasan.
Privilege Management Chapter 22.
Computer Security: Principles and Practice
CSC 8320 Advanced Operating System Discretionary Access Control Models Presenter: Ke Gao Instructor: Professor Zhang.
Protection & Security Greg Bilodeau CS 5204 October 13, 2009.
CSE Operating System Principles Protection.
Access Controls Mandatory Access Control by Sean Dalton December 5 th 2008.
Saurav Karmakar. Chapter 14: Protection  Goals of Protection  Principles of Protection  Domain of Protection  Access Matrix  Implementation of Access.
Access Control Model SAM-5.
Access Control CSE 465 – Information Assurance Fall 2017 Adam Doupé
Protection and Security
Operating Systems Protection Alok Kumar Jagadev.
Chapter 14: System Protection
Software Security II Karl Lieberherr.
Chapter 14: Protection.
OS Access Control Mauricio Sifontes.
Chapter 14: Protection.
Chapter 14: Protection.
Access Control What’s New?
Ponder policy toolkit Jovana Balkoski, Rashid Mijumbi
Presentation transcript:

Information Security - City College1 Access Control in Collaborative Systems Authors: Emis Simo David Naco

Information Security - City College2 Overview Introduction Collaborative Access Control Intermediate Access Controls Requirements of Access Control in Collaborative systems Access Control models The Matrix Access Control Space Model Role-Based Access Control (RBAC) Task-Based Access Control (TBAC) Team-Based Access Control (TMAC) Evaluation Criteria Conclusion

Information Security - City College3 Introduction Collaborative systems are becoming used extensively in the last decade The aim of such systems is to achieve communication and collaboration between users concerned with common tasks Need of security emerges in such systems Access control is one the most import aspects of security in collaborative systems Not only authentication, but authorization also Traditional Access Control Models for collaboration, satisfy requirements??

Information Security - City College4 Collaborative Access Control

Information Security - City College5 Intermediate Access Controls Privileges If you are allowed to do something in a system, you usually have a certain level of privilege to be able to use the operating system functions or perform some actions. This introduces a concept called least privilege. It requires that a user be given no more privilege than necessary to perform a job. Protection Rings Protection Rings have been mainly used for integrity protection. The representative examples are system/user protection in operating system design and the machine language protection for microprocessor design.

Information Security - City College6 Intermediate Access Controls Intermediate Abilities More flexible and have more internal structure, convenient for mathematical analysis, experimental stage Group and Negative Permissions Define group forbiddance of accessing objects RBAC Fundamental way of implementing intermediate layer of various access control policies

Information Security - City College7 Requirements for Access Control in Collaborative Systems Multiple, dynamic user roles The model should allow users access rights to be inferred from their roles. Moreover, it should allow users to take multiple roles simultaneously and change these roles dynamically during different phases of collaboration Collaboration rights operations whose results can affect multiple users should be protected by collaboration rights Flexibility The system should support fine - grained subjects, objects, and access rights

Information Security - City College8 Requirements for Access Control in Collaborative Systems Easy specification Access control models must allow high-level specification of access rights Efficient storage and evaluation The storage of access definitions and evaluation of the access checking rule should be efficient Automation Easy to implement access control in multi-user applications. Performance and resource costs should be kept within acceptable bounds Meta-access control Support for fine-grained protection, assignment of administrators, joint and multiple ownership issues, and the delegation and revocation of access rights

Information Security - City College9 Collaborative Access Control Models

Information Security - City College10 Matrix Access Control Object The basic resource entity controlled by the computer. Subject Entity initiating an activity to objects. The access matrix is a basic model specifying the rights that subjects have to objects. Each subject and object correspond to a row and column, respectively. Each cell in the matrix denotes the access authorized for the object in the column by the subject in the row. The main objective of the access control system is to strictly execute the operations imposed by the access matrix.

Information Security - City College11 Implementations of Matrix Access Control Implementations of Matrix Access Control involve splitting the matrix in more manageable parts in order to obtain acceptable performance for the authorization operations. Access Control Lists (ACL) Stores the matrix by columns Provides convenient access review with respect to the object Capability Lists (C-Lists) Stores the matrix by rows Provides convenient access review with respect to the subject

Information Security - City College12 Implementation (Matrix Access Control) cont

Information Security - City College13 Shortcomings (Matrix Access Control) A collaborative organization ownership might not be at the discretion of the user: The system might own resources. Change of Responsibilities ACL and C-List lack the ability to support dynamic changes of access rights. More sophisticated access policies are difficult to be provided without access rights that are associated with a subject's credentials. Least Privilege Conflict-of-Interest Rules

Information Security - City College14 SPACE Model The basic idea behind this model consists of two concepts: Boundaries and Access Graph. Environment is divided into small manageable regions by boundaries. In each region, a certain level access control policy is applied. Within a region, access control is granted as the same level. An access graph is built to summarize the constrains on movement among regions Two matrices called adjacency and classification matrices are created by using standard mathematical means The two matrices are the kernel of the SPACE model

Information Security - City College15 SPACE Model

Information Security - City College16 Shortcomings (SPACE) Provides navigational access requirements in collaborative environments and does not provide for fine-grained control It is not provably secure users can create insecure regions SPACE model lacks the complexity needed for systems where the level of security provided is important Application domain is restricted to systems that can be represented in terms of regions and boundaries

Information Security - City College17 Role-Base Access Control (RBAC) The fundamental principal of RBAC is that the decision to allow access to objects is based on the role of the user A role can represent specific task competency RBAC offers a new way of assigning access rights to individuals in an enterprise First a role is established and least privileges are assigned to it. Then an individual derive their access rights of a role by being assigned to membership of that role which describes his job or responsibility in that enterprise The determination of the role membership is determined by the organization's security policy RBAC is flexible and easy to manage

Information Security - City College18 RBAC

Information Security - City College19 Shortcomings (RBAC) In early implementations of RBAC, the set of roles and the membership functions as well, were defined early in the life-time of a session Supports the notion of role activation within sessions, but it does not go far enough in encompassing the overall context associated with any collaborative activity Traditional RBAC lacks the ability to specify a fine- grained control on individual users in certain roles and on individual object instances.

Information Security - City College20 Task-Based Access Control (TBAC) Extend the traditional access models, by introducing domains that include task-based contextual information. Two basic fundamental abstractions: Authorization Step Task Templates The protection state of each authorization step is unique and disjoint from the protection states of other steps. TBAC recognizes the notion of a life-cycle and associated processing steps for authorizations. Dynamically manages permissions as authorizations progress to completion.

Information Security - City College21 Shortcomings (TBAC) Permissions are activated and deactivated in a just-in-time manner. Problem: across workflows and race conditions Collaborative systems require much broader definition of context Nature of collaboration cannot always be easily partitioned into tasks with usage counts

Information Security - City College22 Team Based Access Control (TMAC) The model defines the team components as a set of users in various roles Team permission is a set of permissions that are defined across team roles and objects. Context-Based TMAC (C-TMAC) Variation of TMAC Consists of five sets: role, user, context, permission, and session Team is used as a context to group users in various roles to access other contexts that have some resources or environmental factors such as time and location.

Information Security - City College23 Shortcomings (TMAC and C- TMAC) The models lack the self administration of assignment relations between entities Need to reflect multidimensional definitions of rich collaborative contexts: such as: organizational entities, workflow tasks, groupware's environmental components Both models have not yet been fully developed

Information Security - City College24 Requirements Satisfaction

Information Security - City College25 Evaluation Criteria Simple Mechanism (Expressability) Groups of Users Easy of Use Policy Specifications Policy Enforcement Fine-Grained Control Contextual Information Active/Passive

Information Security - City College26 Summary The traditional Access Models The Matrix Access Control Space Model Role-Based Access Control (RBAC) Task-Based Access Control (TBAC) Team-Based Access Control (TMAC) Not all requirements for Collaborative Access Control are satisfied by traditional models Need for new Access Control Models

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.