Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Security Access Control

Similar presentations


Presentation on theme: "Computer Security Access Control"— Presentation transcript:

1 Computer Security Access Control
5/8/2019

2 The Orange Book First published in 1983, the Department of Defense Trusted Computer System Evaluation Criteria, known as the Orange Book is the de facto standard for computer security today. The Orange Book, and others in the Rainbow Series, are still the benchmark for systems produced almost two decades later, and Orange Book classifications such as C2 provide a shorthand for the base level security features of modern operating systems. 5/8/2019

3 Access Control Terminology subject, object, reference monitor
access request Access request Reference monitor Subject Object 5/8/2019

4 Access Control Terminology
Authentication of statement s: answers the question: “who said s ? ” Authorization of object o: answers the question: “who is trusted to access o ?” Access request Reference monitor Subject s Object o 5/8/2019

5 Access Control We can specify What a subject is allowed to do
Way may be done with an object 5/8/2019

6 Access Control Who is a subject? A principal, a user identity
We might say that a subject `speaks for’ a principal 5/8/2019

7 Access Operations Access modes
Observe  look at the contents of an object Alter  change the contents of an object 5/8/2019

8 Access Operations Access rights & attributes observe x x x x alter
Bell-LaPadula security model Access rights execute append read write observe x x x x alter 5/8/2019

9 Access Operations Unix file directory
read read from a file list directory contents write write to a file create or rename a file in a directory execute execute a (program) file search the directory Access rights specific to a file are changed by my modifying the file’s entry in its directory 5/8/2019

10 Access Operations Windows NT
Permissions of Windows New Technology File System (NTFS) read write execute delete change permission change ownership 5/8/2019

11 Ownership The owner of a resource decrees who is allowed to access it.
A system wide policy decrees who has access. 5/8/2019

12 Access Control Structures
Now we must state which access operations are permitted. We do this by studying their structures. Let S be a set of subjects, O a set of objects, A a set of access operations 5/8/2019

13 Access Control Matrix Access rights are determined by a matrix
M = (Mso)seS,oeO with Mso A The Bell-LaPadula model employs access contol matrices to model discretionary access policies of the Orange Book. 5/8/2019

14 Access Control Matrix An example bill.doc edit.exe fun.com
Alice {execute} {execute, read} Bob {read,write} {execute} {execute,read,write} 5/8/2019

15 Access Control Matrix Access rights can be kept with the
subjects or the objects. 5/8/2019

16 Access Control Matrix Capabilities
If the access rights are kept with the subjects then these are the subject’s access rights. Every subject is given a capability. Alice’s capability: edit.exe: execute; fun.com: execute, read Bob’s capability: bill.doc: read, write; edit.exe: execute; fun.com: execute, read, write 5/8/2019

17 Access Control Matrix Access control lists (ACL)
An ACL stores the access rights to an object with the object itself. ACLs are a typical feature of secure operating systems of the Orange Book class C2 ACL for bill.doc: Bob: read write ACL for edit.exe: Alice: execute; Bill: execute ACL for fun.com: Alice: execute, read; Bill: execute, read, write 5/8/2019

18 Access Control Matrix Access control lists (ACL)
Management of access rights can be cumbersome. Therefore users are placed in groups, and derive access from a user’s group. 5/8/2019

19 Intermediate control Managing a security policy defined by an
Access Control Matrix is a complex task in large systems. There are several means of simplifying this task. 5/8/2019

20 Group permissions s1 s2 s3 s4 s5 groups g1 g2 o3 o4 o5 o6 o1 o2
subjects groups g1 g2 o3 o4 o5 o6 o1 o2 objects 5/8/2019

21 Group and negative permissions
subjects x x groups g1 g2 o3 o4 o5 o6 o1 o2 objects 5/8/2019

22 Privileges s1 s2 s3 s4 s5 subjects privileges pr1 pr2 operations op3
5/8/2019

23 Role Based Access Control
Privileges come predefined with the OS Roles: a collection of procedures roles are assigned to users; a user can have many roles Procedures: high-level access control methods. Can only be applied to objects of certain data types. Datatypes: each object has a certain datatype and can only be accessed throuhg procedures defined for this datatype. 5/8/2019

24 Protection rings 0 operating system kernel operating system utilities
user processors Each application is assigned a number 0,1,2,3… depending on its importance. 5/8/2019

25 Protection rings 0 operating system kernel operating system utilities
user processors 5/8/2019

26 Protection rings Protection rings are mainly used for integrity protection An example is the QNX Neutrino microkernel OS * The Neutrino microkernel runs in ring 0 The Neutrino process runs in ring 1 All other programs run in ring 3 * A microkernel OS is structured as a tiny kernel that provides the minimal services used by a team of optional cooperating processes, which in turn provide the higher level OS functionality. 5/8/2019

27 Protection rings Unix employs a similar protection but uses only two
levels 5/8/2019

28 The lattice OS Security levels
The Mandatory Access Control (MAC) policies and the multi-level security policies of the Orange Book refer to security levels. top secret secret confidential unclassified This a linearly ordered set, a special case of a lattice. 5/8/2019

29 A lattice {a,b,c} {a,b} {a,c} {b,c} {a} {b} {c} 5/8/2019

30 A lattice A lattice (L, ) is a set with a partial ordering such that:
For each pair of elements a,b of L there is a lub u in L and a glb v in L. 5/8/2019

31 An example Let H be a set of classifications with hierarchical ordering . Take a set of categories C, e.g. project names, company divisions, etc A compartment H is a set of categories, i.e. a subset of C. A security label (level) is a pair (h,c), where h in H is the security level and c in C is a compartment. 5/8/2019

32 An example The partial ordering is defined by:
(h1,c1) (h2,c2) if and only if h1 h2 and c1 c2 5/8/2019

33 The VSTa operating system
VSTa (Valencia's Simple Tasker) is an operating system with microkernel architecture. Abilities are defined as finite strings of positive integers separated by a dot, e.g.: Abilities are ordered using a partial ordering: .3   but (⌐ .3.1 ≤ 3.2) Access is granted if the ability of a subject is a prefix of the object’s ability. The ability “.” defines a superuser. 5/8/2019


Download ppt "Computer Security Access Control"

Similar presentations


Ads by Google