Presentation is loading. Please wait.

Presentation is loading. Please wait.

ACCESS CONTROL & SECURITY MODELS Center of gravity of computer security.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "ACCESS CONTROL & SECURITY MODELS Center of gravity of computer security."— Presentation transcript:

1 ACCESS CONTROL & SECURITY MODELS Center of gravity of computer security

2 CSE2500 System Security & Privacy Access Control Srini & Nandita 2 Fundamental Model of Access Control subjectAccess request Reference Monitors object

3 CSE2500 System Security & Privacy Access Control Srini & Nandita 3 Controlling Access  Access control policy: what can be used to indicate who is allowed to do what to/with whom on the system.  Who is who ?  Subject is what we call active entities (processes, users, other computers) that want to “do something”  The what the subject does with the object can be just about anything, and it may be multi-part.  Typical manipulations include READ, MODIFY, CREATE, CHANGE, DELETE

4 CSE2500 System Security & Privacy Access Control Srini & Nandita 4 Access Control Policy  Access right or privilege: –An indication that a SUBJECT may legitimately use a specific type of ACCESS or MANIPULATION with respect to a particular OBJECT or set of OBJECTS.  The underlying system itself determines which primitive (or bottom level) access rights are available for which user/object combinations

5 CSE2500 System Security & Privacy Access Control Srini & Nandita 5 Levels of Access Control  Application  Middleware  Operating system  Hardware

6 CSE2500 System Security & Privacy Access Control Srini & Nandita 6 Operating System Access Controls  Authenticate prinicipals/users –Passwords –Kerberos  Mediate access –Files –Communication ports –System resources

7 CSE2500 System Security & Privacy Access Control Srini & Nandita 7 Models of Security  Need for a model –High assurance security system  What a model supposed to do? –Express the security policy in a formal way –Describe the entities governed by the policy –State the rules that decide who gets access to your data  Scope and limitations of models

8 CSE2500 System Security & Privacy Access Control Srini & Nandita 8 Security Models : Bell-LaPadula –The Bell-LaPadula model is about information confidentiality, and this model formally represents the long tradition of attitudes to the flow of information concerning national secrets. – Multi-level security (MLS)

9 CSE2500 System Security & Privacy Access Control Srini & Nandita 9 Security Models: Chinese Wall –Large consultancies can easily find there are conflicts of interest if individual consultants are given access to all information held by the consultancy. Chinese Wall models a particular way of restricting information flow.

10 CSE2500 System Security & Privacy Access Control Srini & Nandita 10 Security Models : Biba  We need models – continued  Based on the Cold War experiences, information integrity is also important, and the Biba model, complementary to Bell-LaPadula, is based on the flow of information where preserving integrity is critical.

11 CSE2500 System Security & Privacy Access Control Srini & Nandita 11 Security Models: Clarke-Wilson  In the commercial sphere, the need is to engage in well-formed transactions which can only be undertaken by authorised personnel, and the Clarke-Wilson model is an attempt to formally model a policy based on well-formed transactions.

12 CSE2500 System Security & Privacy Access Control Srini & Nandita 12 Possible Access Control Mechanisms are  Control Matrix  Control lists  Groups and Roles  Extension to Distributed (+file) Systems

13 CSE2500 System Security & Privacy Access Control Srini & Nandita 13 Access Control Matrix Object Users Operating system Accounts Program Accounting Data Audit Trail Sam rwx rwr Alice xxrw- Bob rxrrr

14 CSE2500 System Security & Privacy Access Control Srini & Nandita 14 Example Access Control Matrix for Bookkeeping Operating system Accounts Program Accounting Data Audit Trail Sam rwx rr Alice rxx-- Accounts program rxrrww Bob rxrrr Srini rxrrr

15 CSE2500 System Security & Privacy Access Control Srini & Nandita 15 Access Control Matrices  2/3 dimensions used to implement protection mechanisms and model them  Do not scale well –A bank with 50,000 staff & 300 objects  15million entries –Update and performance problem –Prone to administrators’ mistakes  A more compact way is required

16 CSE2500 System Security & Privacy Access Control Srini & Nandita 16 Groups and Roles  Group is a list of users/principals-- categories  Role is a fixed set of access permissions that one or more principals may assume  Group manager is a rank while the role of acting manager can be taken up by an assistant accountant standing in while the manager, deputy manager and accountant are all sick

17 CSE2500 System Security & Privacy Access Control Srini & Nandita 17 Let us look at the example once again Operating system Accounts Program Accounting Data Audit Trail Sam rwx rr Alice rxx-- Accounts program rxrww Bob rxrrr Srini rxrrr

18 CSE2500 System Security & Privacy Access Control Srini & Nandita 18 ACLs per subject(Capabilities list) Sam rwx r r Alice rx x - - Acc. pgm rx r rw w Bob rx r r r Srini rx r r r User OS A/C Prgm A/C Data Audit trail

19 CSE2500 System Security & Privacy Access Control Srini & Nandita 19 Access Control Lists UserAccounting Data Samrw Alice rw Bobr Srinir

20 CSE2500 System Security & Privacy Access Control Srini & Nandita 20 Access Control Lists/Capabilities  How do you modify the entries in the lists? – add a new entry – delete an existing entry – modify the access right to an object?

21 CSE2500 System Security & Privacy Access Control Srini & Nandita 21 Access Control Triples  Subject  Object  Access  r, w, x, ?

22 CSE2500 System Security & Privacy Access Control Srini & Nandita 22 Capabilities  While ACLs are kept by the O/S,capabilities are kept by the subject.  Capabilities give the possessor (of the token) certain rights to an object  Capabilities do not require authentication of subjects, but do require that the token be unforgeable (encrypted or in inaccessible storage) and that the propagation of capabilities be controlled.

23 CSE2500 System Security & Privacy Access Control Srini & Nandita 23 Access Control lists (cont.)  Users manage their own file security, Unix  Data-oriented protection, for centrally set access control policy  OS checks the ACL at each file access  Not efficient security checking at runtime, though simple to implement  Tedious to find all files to which a user has access or perform system-wide checks

24 CSE2500 System Security & Privacy Access Control Srini & Nandita 24 Let us look at an example of ACL implementations  UNIX  NT

25 CSE2500 System Security & Privacy Access Control Srini & Nandita 25 Unix Operating System Security  Superuser account on Unix is root –UID (user identifier) equal to ‘0’  The superuser can effectively do anything within the system  Superuser password is the most valuable password in the system  Don’t share the superuser password outside the administrative group.

26 CSE2500 System Security & Privacy Access Control Srini & Nandita 26 Basic file security -rw-rw-r-- 1 root sys 1344 Jul 2 22:57 /etc/vfstab Owner Group -rwxrwxrwxOwner permissions -rwxrwxrwxGroup permissions -rwxrwxrwxOther permissions Others

27 CSE2500 System Security & Privacy Access Control Srini & Nandita 27 Basic file security  Important system files must have appropriate file permissions  e.g: -r--r--r-- 1 root other /etc/passwd -r-------- 1 root sys /etc/shadow -rw-r--r-- 1 root sys /etc/profile drwxr-xr-x 18 root sys /usr  A finer granularity of file permissions can be achieved with access control lists (ACLs), e.g. AIX, HP-UX.

28 CSE2500 System Security & Privacy Access Control Srini & Nandita 28 Unix Operating System Security(cont.)  A common defense against root compromise by hackers -- is system log to a printer in a locked room or to another machine/server, eg. Berkeley, FreeBSD  ACLs have only names of users, not of programs  Indirect method => suid and sgid file attributes

29 CSE2500 System Security & Privacy Access Control Srini & Nandita 29 SUID and SGID Security  Owner of a program can mark it as suid, enabling a user, special privileges of access control attributes  sgid for groups  What is the security issue here?

30 CSE2500 System Security & Privacy Access Control Srini & Nandita 30 SUID and SGID Security(cont.)  SUID root programs are particularly vulnerable to attack.  If it is possible to subvert the program in some way, then root access can be gained.  A very well known method of such subversion is the buffer overflow.  Buffer overflow vulnerability results from bad coding practices on the part of the original programmer of the SUID root program!

Download ppt "ACCESS CONTROL & SECURITY MODELS Center of gravity of computer security."

Similar presentations

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Access Control Methodologies

Access Control Methodologies
CSC 405 Introduction to Computer Security

CSC 405 Introduction to Computer Security
CMSC 414 Computer (and Network) Security Lecture 12 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 12 Jonathan Katz.
8.2 Discretionary Access Control Models Weiling Li.

8.2 Discretionary Access Control Models Weiling Li.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
Database Management System

Database Management System
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
Authentication James Walden Northern Kentucky University.

Authentication James Walden Northern Kentucky University.
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
ACCESS CONTROL & SECURITY MODELS Center of gravity of computer security.

ACCESS CONTROL & SECURITY MODELS Center of gravity of computer security.
Security in Databases. 2 Srini & Nandita (CSE2500)DB Security Outline review of databases reliability & integrity protection of sensitive data protection.

Security in Databases. 2 Srini & Nandita (CSE2500)DB Security Outline review of databases reliability & integrity protection of sensitive data protection.
REVISION CSE2500 SYSTEM SECURITY & PRIVACY. RevisionSrini & Nandita2 Introduction to security Security attack - action that compromises the security of.

REVISION CSE2500 SYSTEM SECURITY & PRIVACY. RevisionSrini & Nandita2 Introduction to security Security attack - action that compromises the security of.
Summary of Lecture 4 Authentication (Review). CSE2500 System Security & Privacy Access Control Srini & Nandita 2 Authentication means  to establish the.

Summary of Lecture 4 Authentication (Review). CSE2500 System Security & Privacy Access Control Srini & Nandita 2 Authentication means  to establish the.
CMSC 414 Computer and Network Security Lecture 10 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 10 Jonathan Katz.
21 June 2006Copyright 2006 University of Kent1 Delegation of Authority (DyVOSE project) David Chadwick University of Kent.

21 June 2006Copyright 2006 University of Kent1 Delegation of Authority (DyVOSE project) David Chadwick University of Kent.
1 CSE 380 Computer Operating Systems Instructor: Insup Lee and Dianna Xu University of Pennsylvania Fall 2003 Lecture Note: Protection Mechanisms.

1 CSE 380 Computer Operating Systems Instructor: Insup Lee and Dianna Xu University of Pennsylvania Fall 2003 Lecture Note: Protection Mechanisms.
CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
SE571 Security in Computing

SE571 Security in Computing

Similar presentations

Ads by Google