COEN 350: Network Security Authorization. Fundamental Mechanisms: Access Matrix Subjects Objects (Subjects can be objects, too.) Access Rights Example:

Slides:



Advertisements
Similar presentations
1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
Advertisements

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Jan. 2014Dr. Yangjun Chen ACS Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )
Access Control Chapter 3 Part 3 Pages 209 to 227.
Lakshmi Narayana Gupta Kollepara 10/26/2009 CSC-8320.
Access Control Methodologies
Access Control Patterns Fatemeh Imani Mehr Amirkabir university of technology, Department of Computer Engineering & Information Technology.
Database Management System
COEN 150: Intro to IA Authorization.
Access Control Intro, DAC and MAC System Security.
Bilkent University Department of Computer Engineering
Security Fall 2006McFadyen ACS How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.
User Domain Policies.
Lecture 7 Access Control
Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
Authentication and authorization Access control consists of two steps, authentication and authorization. Subject Do operation Reference monitor Object.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
Li Xiong CS573 Data Privacy and Security Access Control.
CS426Fall 2010/Lecture 191 Computer Security CS 426 Lecture 19 Discretionary Access Control.
CH14 – Protection / Security. Basics Potential Violations – Unauthorized release, modification, DoS External vs Internal Security Policy vs Mechanism.
© G. Dhillon, IS Department Virginia Commonwealth University Principles of IS Security Formal Models.
Session 2 - Security Models and Architecture. 2 Overview Basic concepts The Models –Bell-LaPadula (BLP) –Biba –Clark-Wilson –Chinese Wall Systems Evaluation.
Security+ All-In-One Edition Chapter 19 – Privilege Management Brian E. Brzezicki.
CSCE 201 Introduction to Information Security Fall 2010 Access Control.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
Chapter 11 Database Security: An Introduction Copyright © 2004 Pearson Education, Inc.
D ISCRETIONARY A CCESS C ONTROLS Truong Quynh Chi Faculty of Computer Science & Engineering HCMC University of Technology
G53SEC 1 Access Control principals, objects and their operations.
Li Xiong CS573 Data Privacy and Security Access Control.
Access Control. What is Access Control? The ability to allow only authorized users, programs or processes system or resource access The ability to disallow.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Protection (Chapter 14)
Access Controls Henry Parks SSAC 2012 Presentation Outline Purpose of Access Controls Access Control Models –Mandatory –Nondiscretionary/Discretionary.
Chapter 11 Database Security: An Introduction Copyright © 2004 Pearson Education, Inc.
Trusted Operating Systems
Access Control Lesson Introduction ●Understand the importance of access control ●Explore ways in which access control can be implemented ●Understand how.
Chapter 14: Protection Silberschatz, Galvin and Gagne ©2005 Operating System Concepts – 7 th Edition, Apr 11, 2005 Chapter 14: Protection Goals.
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Protection.
Discretionary Access Control Models Adith Srinivasan.
Privilege Management Chapter 22.
Chapter 9 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Computer Security: Principles and Practice
Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke1 Security Lecture 17.
CS426Fall 2010/Lecture 211 Computer Security CS 426 Lecture 21 The Bell LaPadula Model.
Database Security. Introduction to Database Security Issues (1) Threats to databases Loss of integrity Loss of availability Loss of confidentiality To.
Database Security Database System Implementation CSE 507 Some slides adapted from Navathe et. Al.
Access Controls Mandatory Access Control by Sean Dalton December 5 th 2008.
22 feb What is Access Control? Access control is the heart of security Definitions: * The ability to allow only authorized users, programs or.
Database System Implementation CSE 507
Access Control Model SAM-5.
Access Control CSE 465 – Information Assurance Fall 2017 Adam Doupé
Protection and Security
Operating Systems Protection Alok Kumar Jagadev.
Chapter 14: System Protection
Database Security and Authorization
Computer Data Security & Privacy
Chapter 14: Protection.
Chapter 14: Protection.
Executive Director and Endowed Chair
Chapter 14: Protection.
Mandatory Access Control (MAC)
Discretionary Access Control (DAC)
Chapter 14: Protection.
Chapter 14: Protection.
OS Access Control Mauricio Sifontes.
Chapter 14: Protection.
Access Control.
Chapter 14: Protection.
Chapter 14: Protection.
Computer Security Access Control
Presentation transcript:

COEN 350: Network Security Authorization

Fundamental Mechanisms: Access Matrix Subjects Objects (Subjects can be objects, too.) Access Rights Example: OS Subjects = Processes Objects = System Resources Access Rights: read, write, execute

Fundamental Mechanisms: Access Matrix Example: DBMS Subjects = Users Objects = Relations Access Rights: retrieve, update, insert, delete

Fundamental Mechanisms: Access Matrix Access Matrix: Row for each object Column for each subject Entry is a set of access rights. Later Security Models: Allow for administrative operations that change the access matrix. Example: Owner of file can give permissions to others.

Fundamental Mechanisms: Access Matrix Access Control Lists ACL for each object. Lists all the subjects and their rights. Capabilities Capability list for each subject. Contains all the objects and the rights of the subject.

Fundamental Mechanisms: Access Matrix Authorization Relation Database table with fields owner, access mode, object. SubjectAccess ModeObject BobOwnerFile 1 BobReadFile 1 BobWriteFile 1 AliceReadFile 1 AliceOwnerFile 2 AliceReadFile 2 AliceWriteFile 2 BobReadFile 2 BobWriteFile 2

Fundamental Mechanisms: Intermediate Controls Access matrix too storage intensive Access matrices make it hard to change policies. Mechanism 1: Groups Ideally, all access privileges mediated through group membership. Negative permissions implement exceptions

Fundamental Mechanisms: Intermediate Control Protection Rings Example: Group processes and system resources into four categories Operating System Kernel Operating System Utilities User Processes Access to an object is only granted to a subject of lower level. Unix only has two levels. Sometimes protection rings have hardware support.

Fundamental Mechanisms: Security Classes Each object has a Security class (Security Label) Denning: Information Control Policy consists of Security Classes “Can flow” relationship Join operation Join A  B combines rights and restrictions of both. US DoD Security Levels Top Secret Secret Confidential Unclassified

Fundamental Mechanisms Access Control Policies Discretionary Access Control (DAC) Specifies authorization solely based on object and subject identity. Flexible and simple. Difficult to control information flow. (Classical) Mandatory Access Control (MAC) Each user and object has a security level. Security level reflects trust that user will not pass information to users with lower level clearance. Access to an object based on security level.

Fundamental Mechanisms Access Control Policies (Refined) Mandatory Access Control (MAC) Security Levels and Compartments. Example: CRYPTO for cryptographic algorithms. COMSEC for communication security. Possible to have top secret clearance in CRYPTO and unclassified clearance in COMSEC Discretionary policies typical in low security (academic) environments. Mandatory policies typical in high security (military) environments. Neither policy adequate for commercial systems.

Fundamental Mechanisms Access Control Policies Role Based Access Control (RBAC) Regulate user’s access to information based on the activities the users execute in the system. “Role” is a set of actions and responsibilities associated with a particular working activity. Access based on role, not identity of user.

Fundamental Mechanisms Access Control Policies Role Based Access Control (RBAC) User authorization is broken into two tasks: Granting roles to users Granting rights to roles Roles can be hierarchical Engineers inherent employee rights. User can login with the least privilege for a set of particular tasks. Roles make it easier to enforce separation of duties: “No single user can subvert the system by herself/himself.”

Covert Channels A mechanism to circumvent automatic confinement within a security perimeter. Example: Person with TOP SECRET clearance runs (inadvertently) Trojan horse. Trojan horse has free access to files in the compartment. Trojan horse cannot write down to an unclassified file. But: Trojan horse can do things that are visible from the outside and thus send contents of TOP SECRET files through a covert channel. T.H. either runs or waits. System load will vary. Small bandwidth channel. T.H. can or cannot use shared resources. To send a bit, T.H. fills up the printer line to send 1 bit, or empties it for a 0 bit.

UNIX Woes: SUID programs Programs can execute the setuid system call. Executable runs as if executed by user. Sendmail uses setuid to implement . User can cause programs to run as root with input they provide. Favorite targets of buffer overflow attacks.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.