Secure Operating Systems Lesson 4: Access Control.

Slides:

Advertisements

Similar presentations

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.

Advertisements

Vinay Kumar Madhadi 10/28/2009 CSC Outline  Part 1 : Mandatory Flow Control Models? MAC vs. DAC Information Flow Control  Part 2 : Different Models-Lattice.

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 12 Jonathan Katz.

Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality model Bell-LaPadula Model –General idea –Informal description of rules.

Access Control Intro, DAC and MAC System Security.

Secure Operating Systems Lesson 0x11h: Systems Assurance.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality.

CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.

User Domain Policies.

Mandatory Flow Control Bismita Srichandan. Outline Mandatory Flow Control Models Information Flow Control Lattice Model Multilevel Models –The Bell-LaPadula.

Lecture 7 Access Control

Dr. Kalpakis CMSC 621, Advanced Operating Systems. Fall 2003 URL: Security & Protection.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

Dr. Kalpakis CMSC 621, Advanced Operating Systems. Security & Protection.

Computer Security An overview of terms and key concepts.

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

CS426Fall 2010/Lecture 191 Computer Security CS 426 Lecture 19 Discretionary Access Control.

CH14 – Protection / Security. Basics Potential Violations – Unauthorized release, modification, DoS External vs Internal Security Policy vs Mechanism.

Microsoft ® Office Access ™ 2007 Training Choose between Access and Excel ICT Staff Development presents:

Security Policy What is a security policy? –Defines what it means for a system to be secure Formally: Partition system into –Secure (authorized) states.

Lecture 18 Page 1 CS 111 Online Access Control Security could be easy – If we didn’t want anyone to get access to anything The trick is giving access to.

© G. Dhillon, IS Department Virginia Commonwealth University Principles of IS Security Formal Models.

3/16/2004Biba Model1 Biba Integrity Model Presented by: Nathan Balon Ishraq Thabet.

1 A pattern language for security models Eduardo B. Fernandez and Rouyi Pan Presented by Liping Cai 03/15/2006.

Secure Operating Systems Lesson E: Windows Security - Overview.

CMSC 414 Computer (and Network) Security Lecture 14 Jonathan Katz.

Session 2 - Security Models and Architecture. 2 Overview Basic concepts The Models –Bell-LaPadula (BLP) –Biba –Clark-Wilson –Chinese Wall Systems Evaluation.

Security+ All-In-One Edition Chapter 19 – Privilege Management Brian E. Brzezicki.

CSCE 201 Introduction to Information Security Fall 2010 Access Control.

Lattice-Based Access Control Models Ravi S. Sandhu Colorado State University CS 681 Spring 2005 John Tesch.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 4 – Access Control.

G53SEC 1 Access Control principals, objects and their operations.

Access Control. What is Access Control? The ability to allow only authorized users, programs or processes system or resource access The ability to disallow.

Linux Security. Authors:- Advanced Linux Programming by Mark Mitchell, Jeffrey Oldham, and Alex Samuel, of CodeSourcery LLC published by New Riders Publishing.

Access Control MAC. CSCE Farkas 2 Lecture 17 Reading assignments Required for access control classes:  Ravi Sandhu and P. Samarati, Access Control:

Lecture 18 Page 1 CS 111 Online OS Use of Access Control Operating systems often use both ACLs and capabilities – Sometimes for the same resource E.g.,

Access Controls Henry Parks SSAC 2012 Presentation Outline Purpose of Access Controls Access Control Models –Mandatory –Nondiscretionary/Discretionary.

Information Security CS 526 Topic 17

COEN 350: Network Security Authorization. Fundamental Mechanisms: Access Matrix Subjects Objects (Subjects can be objects, too.) Access Rights Example:

Secure Operating Systems Lesson F: Capability Based Systems.

Access Control: Policies and Mechanisms Vinod Ganapathy.

Privilege Management Chapter 22.

Computer Security: Principles and Practice

CS426Fall 2010/Lecture 211 Computer Security CS 426 Lecture 21 The Bell LaPadula Model.

Lecture 14 Page 1 CS 111 Summer 2013 Security in Operating Systems: Basics CS 111 Operating Systems Peter Reiher.

Chapter 8: Principles of Security Models, Design, and Capabilities

Chap5: Designing Trusted Operating Systems.  What makes an operating system “secure”? Or “trustworthy”?  How are trusted systems designed, and which.

EN Lecture Notes Spring 2016 ACCESS CONTROL MODELS.

Lecture 2 Page 1 CS 236 Online Security Policies Security policies describe how a secure system should behave Policy says what should happen, not how you.

Access Control. Assignment Review  Current  Next 6/23/2016 Access Control 2.

Access Control. Assignment Review  Current –You decide what categories you want to include. Just provide the required justification.  Next  Detailed.

IST 210 Security. IST 210 Introduction to DB Security Secrecy: Users should not be able to see things they are not supposed to. E.g., A student can’t.

9- 1 Last time ● User Authentication ● Beyond passwords ● Biometrics ● Security Policies and Models ● Trusted Operating Systems and Software ● Military.

Access Control Model SAM-5.

Access Control CSE 465 – Information Assurance Fall 2017 Adam Doupé

Capabilities Each subject keeps a set of data items that specify his allowable accesses Essentially, a set of tickets Possession of the capability for.

Security Models and Designing a Trusted Operating System

Past, Present and Future

Executive Director and Endowed Chair

Information Security CS 526 Topic 17

OS Access Control Mauricio Sifontes.

Chapter 5: Confidentiality Policies

Computer Security Access Control

Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Presentation transcript:

Secure Operating Systems Lesson 4: Access Control

Where are we?  Now that we have a model of the OS in our heads, it’s time to layer in really the most important part of security: the access control model  Key Points: how access control works (Lampson) and the “Safety Problem”  Look at OSC Ch 14… we’ll be here a lot over the next few weeks

The OS doesn’t HAVE TO…  First, there’s the DOS model… anything can do anything  All well and good, but has a lot of problems too

Access Control  We think of it as a security thing, but it’s also a stability thing  Protection schemes help protect from accidents too

Formally  Decide if a principal can perform a requested operation on a target (object)  Typically: Principal = user, process, … Operation = read, write, execute, … Object = file, memory, process, …  The theory for this is by Lampson – it’s old, but the conclusions are solid

Why does this matter?  In many ways, exploitation of a system is about elevating our rights – gaining access to objects we should not have access to  Two ways: faulty access control rules, faulty access control implementation (sort of)  Example: incorrect privileges on /dev/swap used to be exploitable

Policy  The policy is the idealization for how the system makes access decisions  Can’t be too restrictive (availability)  Must be restrictive enough (confidentiality, integrity)  Ideally, the policy should be easy to understand (but see later…)

Why is Access Control Hard?  Things change – I need access to today Example: look at the rules on a firewall sometime Continuing with our firewall example, defaults really matter (ip-directed-broadcast)  Worst of all: the safety problem

Safety Problem  In the general case, it’s impossible to determine the properties of protection for all possible access control lists  This is all about undecidability – given a system and permissions,

Access Control Models  Basic Models – ACLs etc.  Aggregate Models – RBAC  Lattice – Bell-LaPadula

Basic Models  Basic models are more common than we tend to think  Lots of examples in the “real world”  Limited by complexity, flexibility, ease of maintenance

RBAC  Evan is a student – he gets student rights to the course  Mark is a student and a grader… he has more than one role  Richard has full admin access to everything What principle does this violate?  Exists in the real world, and quite powerful

Administering this…  Discretionary – object owner (usually) picks access  Mandatory – no choice on the part of the owner, the policy decides

Bell-LaPadula  What does our access control model tell us about protection from a Trojan Horse? What’s the risk?  Cannot write to data which has lower classification – that his, it protects against information leaking out (exfiltration, if you like) Can’t read up, can’t write down…

Biba  Biba for integrity – can’t write up, can’t read down… protects contamination of data from lower levels  Note how this is the reverse of Bell- LaPadula… Are you starting to see how gnarly this is yet?

Quick Example: UAC  UAC covers a few different things – but let’s talk about the part which prevents admin access from normal processes  Here’s the problem: the matrix for protection still isn’t good enough due to whitelisting of certain programs…

Things to Do  Read the Harrison “Protection in Operating Systems” paper and make sure you understand the safety problem and its implications for this class!  This will likely feature in an exam…

Questions & Comments  What do you want to know?