Presentation is loading. Please wait.

Presentation is loading. Please wait.

Access Control CS461/ECE422 Fall 2011. Reading Material Chapter 4 through section 4.5 Chapters 23 and 24 – For the access control aspects of Unix and.

Published byDaisy Aborn Modified over 10 years ago

Similar presentations

Presentation on theme: "Access Control CS461/ECE422 Fall 2011. Reading Material Chapter 4 through section 4.5 Chapters 23 and 24 – For the access control aspects of Unix and."— Presentation transcript:

1 Access Control CS461/ECE422 Fall 2011

2 Reading Material Chapter 4 through section 4.5 Chapters 23 and 24 – For the access control aspects of Unix and Windows

3 Outline Access Control Matrix Access Control List Capabilities

4 Access Control in Context

5 AAA Access control part of a broader context Authentication – Discussed last time. Bind external entity to system entity Authorization – Grant a right or permission to the system entity to access a system resource Audit – Independent review of system actions

6 Types of Access Control Policies Discretionary Access Control (DAC) – Decision made based on identity of requestor and access rules – Regular users can adjust the policy Mandatory Access Control (MAC) – Decision made by testing labels associated with processes and resources against system policy rules – Regular user cannot adjust the policy Role Based Access Control (RBAC) – Access decisions defined against roles rather than individual requestors

7 Access Control Requirements or Differentiators Reliable Input - GIGO Fine and course grain specifications Least Privilege Separation of Duty Open and closed policies – What is the default? Policy combination and conflict resolution Administrative policies – How is change to access control managed? Dual Control

8 Access Control Elements Subject – system entity capable of access objects. Generally a process in an OS context Object – a resource in a system – Often a file – Could also be other named resources like mutex, process, network interface, network port Access right – a way that a subject may access an object in the system – Read, Write, Execute, Delete, Create, Search, Change Access, Own

9 9/29/2010Computer Security I9 Access Control Matrix Access Matrix or Access Control Matrix (ACM) and related concepts provides very basic abstraction – Map different systems to a common form for comparison – Enables standard proof techniques – Not directly used in implementation

10 9/29/2010Computer Security I10 Definitions Protection state of system – Describes current settings, values of system relevant to protection Access control matrix – Describes protection state precisely – Matrix describing rights of subjects – State transitions change elements of matrix

11 Access Matrix: File Example File 1File 2File3File4 User AOwn Read Write Own Read Write User BReadOwn Read Write Read User CRead Write ReadOwn Read Write

12 Access Matrix: Broader Example SubjectsFilesProcessesDisks S1S2S3F1F2P1P2D1D2 S1 controlowner control Read*Read owner wakeup seekowner S2 controlWrite*executeownerSeek* S3 controlwritestop

13 Mediation Implementation

14 Rules Governing Access Matrix Change RuleCommand (by S0)AuthorizationOperation R1Transfer α or α* to S,X‘α*’ in A[S0,X]Store α or α* in A[S,X] R2Grant α or α* to S,X‘owner’ in A[S0,X]Store α or α* in A[S,X] R3Delete α from S,X‘control’ in A[S0,S] or ‘owner’ in A[S0,X] Delete α from A[S,X] R4w <- read S,X‘control’ in A[S0,S] or ‘owner’ in A[S0,X] Copy A[S,X] into w R5Create object XNoneAdd column for X to A; store ‘owner’ in A[S0,X] R6Destroy object X‘owner’ in A[S0,X]Delete column X from A R7Create subject SNoneAdd row for S to A; execute create object S; store ‘control’ in A[S,S] R8Destroy subject S‘owner’ in A[S0,S]Delete row for S from A; execute destroy object S

15 Actually Implementing Access Matrix Slice by column – Access control list – Used by Multics and most modern OS Slice by row – Capability list – Many implementations in the ‘80’s – Often associated with object-oriented systems

16 Slice and Dice File example

17 9/29/2010Computer Security I17 Unix Access Control Three permission octets associated with each file and directory – Owner, group, and other – Read, write, execute For each file/directory – Can specify RWX permissions for one owner, one group, and one other

18 9/29/2010Computer Security I18 Windows ACL

19 9/29/2010Computer Security I19 Windows ACL Actually two ACL's per file – System ACL (SACL) – controls auditing and now integrity controls – Discretionary ACL (DACL) – controls object access Windows ACLs apply to all named objects – Files – Pipes – Events

20 9/29/2010Computer Security I20 ACL Distinctions What subjects can modify an object's ACL? If there is a privileged user, do the ACLs apply to that user? Does the ACL support groups or wildcards? How are contradictory access control permissions handled? If a default permission is allowed, do the ACL permissions modify it, or is the default only used when the subject is not mentioned in the ACL?

21 9/29/2010Computer Security I21 ACL Scaling Groups of users Role Base Access Control – Users can take on role at a time Directory inheritance Negative rights

22 9/29/2010Computer Security I22 Revoking rights with ACLs Revoking rights for subject s to a particular object o straightforward – Remove s from ACL(o) – Make sure s has a negative entry in the ACL(o) Example: Alice removes all of Bob's rights to file f – What if Bob had given Carol read rights to f? – Should Carol still have those rights?

23 Capabilities Slice Access matrix by row Capabilities associated with the subjects

24 9/29/2010Computer Security I24 Capability Integrity Subject presents capability to access object – Capability encapsulates object ID with allowed rights. Unlike ACLs, capabilities are not completely contained by the OS Capability integrity is a big concern – Tagged memory – Segmented memory – Cryptographic hashs

25 9/29/2010Computer Security I25 Capabilities and propagation Copy rights – Separate version of the base right, e.g read-copy – Some systems had explicit copy bit Right amplification – May need to temporarily amplify rights to object – Perhaps just within particular method or module – Combine abstract class rights with object rights – Counter module example In generally user only has right to invoke counter module on variable of counter type In counter code, process must perform additional operations.

26 9/29/2010Computer Security I26 Revoking capabilities Easy to revoke all rights to a given subject What about revoking everyone's rights to a particular object?

27 9/29/2010Computer Security I27 Capabilities HW Intel iAPX 432 (mid ’70s) – Tried to put even more security enforcement in hardware – Capabilities and object-oriented – Implementation too complex and compiler technology not sufficiently smart – http://en.wikipedia.org/wiki/Intel_iAPX_432 http://en.wikipedia.org/wiki/Intel_iAPX_432 IBM System/38 – From about the same time period – Also had hardware capabilities support Capability-Based Computer Systems by Henry N. Levy – http://www.cs.washington.edu/homes/levy/capabook/ http://www.cs.washington.edu/homes/levy/capabook/

28 Protection Domains In Access Matrix – Replace user with “Protection Domain” At run time the process representing user may run under different protection domains In extreme case – User mode vs kernel mode

29 Key Points Access control part of broader system Access Control Matrix or Access Matrix – Means to model access control systems Real implementations – Access control lists – Capability lists

Download ppt "Access Control CS461/ECE422 Fall 2011. Reading Material Chapter 4 through section 4.5 Chapters 23 and 24 – For the access control aspects of Unix and."

Similar presentations

ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University.

ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University.
Future Directions in Role-Based Access Control Models Ravi Sandhu Co-Founder and Chief Scientist SingleSignOn.Net & Professor of Information Technology.

Future Directions in Role-Based Access Control Models Ravi Sandhu Co-Founder and Chief Scientist SingleSignOn.Net & Professor of Information Technology.
RBAC and HIPAA Security Uday O. Ali Pabrai, CHSS, SCNA Chief Executive, HIPAA Academy.

RBAC and HIPAA Security Uday O. Ali Pabrai, CHSS, SCNA Chief Executive, HIPAA Academy.
Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 14 Protection and Security.

Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 14 Protection and Security.
Role-Based Access Control CS461/ECE422 Fall 2011.

Role-Based Access Control CS461/ECE422 Fall 2011.
Operating System Security

Operating System Security
Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5.

Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5.
1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
1 Access Control Matrix CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 9, 2004.

1 Access Control Matrix CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 9, 2004.
Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.

Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.
CMSC 414 Computer and Network Security Lecture 10 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 10 Jonathan Katz.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 4: Access Control.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 4: Access Control.
Role Based Access Control Models Presented By Ankit Shah 2 nd Year Master’s Student.

Role Based Access Control Models Presented By Ankit Shah 2 nd Year Master’s Student.
Access Control CS461/ECE422 Spring 2012. Reading Material Chapter 4 through section 4.5 Chapters 25 and 26 – For the access control aspects of Unix and.

Access Control CS461/ECE422 Spring Reading Material Chapter 4 through section 4.5 Chapters 25 and 26 – For the access control aspects of Unix and.
Lecture 7 Access Control

Lecture 7 Access Control
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

Similar presentations

Ads by Google