Presentation is loading. Please wait.

Presentation is loading. Please wait.

Authorization and Policy. Is principal P permitted to perform action A on object O? – Authorization system will provide yes/no answer Authorization.

Published byJared Ellis Modified over 9 years ago

Similar presentations

Presentation on theme: "Authorization and Policy. Is principal P permitted to perform action A on object O? – Authorization system will provide yes/no answer Authorization."— Presentation transcript:

1 Authorization and Policy

2 Is principal P permitted to perform action A on object O? – Authorization system will provide yes/no answer Authorization

3 Who is permitted to perform which actions on what objects? Access Control Matrix (ACM) – Columns indexed by principal – Rows indexed by objects – Elements are arrays of permissions indexed by action In practice, ACMs are abstract objects – Huge and sparse – Possibly distributed Access Control

4 Example ACM File/UserTomDickHarry Readme.txtread read, write passwordswrite Term.exeread, write, execute

5 Access Control Lists (ACLs) – For each object, list principals and actions permitted on that object – Corresponds to rows of ACM Instantiations of ACMs File Readme.txtTom: read, Dick: read, Harry: read, write passwordsHarry: write Term.exeTom: read, write, execute

6 Capabilities – For each principal, list objects and actions permitted for that principal – Corresponds to columns of ACM The Unix file system is an example of…? Instantiations of ACMs User TomReadme.txt: read, Term.exe: read, write, execute DickReadme.txt: read HarryReadme.txt: read, write; passwords: write

7 Discretionary Mandatory Rule-based Role-based Originator-controlled Types of Access Control

8 Owners control access to objects Access permissions based on identity of subject/object E.g., access to health information Discretionary Access Control

9 Rules set by the system, cannot be overriden by owners Each object has a classification and each subject has a clearance (unclassified, classified, secret, top-secret) Rules speak about how to match categories and classifications – Access is granted on a match Mandatory Access Control

10 Ability to access objects depends on one’s role in the organization Roles of a user can change – Restrictions may limit holding multiple roles simultaneously or within a session, or over longer periods. – Supports separation of roles Maps to organization structure Role-Based Access Control

11 Final goal of security – Determine whether to allow an operation Depends upon – Policy – Authentication Authorization

12 Policy defines what is allowed and how the system and security mechanisms should act Policy is enforced by mechanism which interprets it, e.g. – Firewalls – IDS – Access control lists Implemented as – Software (which must be implemented correctly and without vulnerabilities) Policy

13 Focuses on controlled access to classified information and on confidentiality – No concern about integrity The model is a formal state transition model of computer security policy – Describes a set of access control rules which use security classification on objects and clearances for subjects To determine if a subject can access an object – Combine mandatory and discretionary AC (ACM) – Compare object’s classification with subject’s clearance (Top Secret, Secret, Confid., Unclass.) – Allow access if ACM and level check say it’s OK Policy models: Bell-LaPadula

14 Mandatory access control rules: – a subject at a given clearance may not read an object at a higher classification (no read-up) – a subject at a given clearance must not write to any object at a lower classification (no write-down). Trusted subjects – the “no write-down” rule does not apply to them – Transfer info from high clearance to low clearance Policy models: Bell-LaPadula

15 Intrusions

16 Disclaimer Some techniques and tools mentioned in this class could be: – Illegal to use – Dangerous for others – they can crash machines and clog the network – Dangerous for you – downloading the attack code you provide attacker with info about your machine Don’t use any such tools in real networks – Especially not on USC network – You can only use them in a controlled environment, e.g. DeterLab testbed Dangerous

17 Intrusions Why do people break into computers? – Fame, profit, politics What type of people usually breaks into computers? – Used to be young hackers – Today mostly organized criminal I thought that this was a security course. Why are we learning about attacks?

18 Intrusion Scenario Reconnaissance Scanning Gaining access at OS, application or network level Maintaining access Covering tracks

19 Phase 1: Reconnaissance Get a lot of information about intended target: – Learn how its network is organized – Learn any specifics about OS and applications running

20 Low Tech Reconnaissance Social engineering – Instruct the employees not to divulge sensitive information on the phone Physical break-in – Insist on using badges for access, everyone must have a badge, lock sensitive equipment – How about wireless access? Dumpster diving – Shred important documents

21 Web Reconnaissance Search organization’s web site – Make sure not to post anything sensitive Search information on various mailing list archives and interest groups – Instruct your employees what info should not be posted – Find out what is posted about you Search the Web to find all documents mentioning this company – Find out what is posted about you

22 Whois and ARIN Databases When an organization acquires domain name it provides information to a registrar Public registrar files contain: – Registered domain names – Domain name servers – Contact people names, phone numbers, E-mail addresses – http://www.networksolutions.com/whois/ ARIN database – Range of IP addresses – http://whois.arin.net/ui/

23 Domain Name System What does DNS do? How does DNS work? Types of information an attacker can gather: – Range of addresses used – Address of a mail server – Address of a web server – OS information – Comments

24 Domain Name System What does DNS do? How does DNS work? Types of information an attacker can gather: – Range of addresses used – Address of a mail server – Address of a web server – OS information – Comments

25 Interrogating DNS – Zone Transfer $ nslookup Default server:evil.attacker.com Address: 10.11.12.13 server 1.2.3.4 Default server:dns.victimsite.com Address: 1.2.3.4 set type=any ls –d victimsite.com system1 1DINA 1.2.2.1 1DINHINFO “Solaris 2.6 Mailserver” 1DINMX 10 mail1 web1DINA 1.2.11.27 1DINHINFO “NT4www” Dangerous

26 Protecting DNS Provide only necessary information – No OS info and no comments Restrict zone transfers – Allow only a few necessary hosts Use split-horizon DNS

27 Split-horizon DNS Show a different DNS view to external and internal users Internal DNS Employees External DNS External users Web server Mail server Internal DB

Download ppt "Authorization and Policy. Is principal P permitted to perform action A on object O? – Authorization system will provide yes/no answer Authorization."

Similar presentations

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
Intrusions. Disclaimer Some techniques and tools mentioned in this class could be: – Illegal to use – Dangerous for others – they can crash machines and.

Intrusions. Disclaimer Some techniques and tools mentioned in this class could be: – Illegal to use – Dangerous for others – they can crash machines and.
TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.

TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
Key Exchange – Diffie-Hellman – Symmetric crypto (KDC idea, Needham-Shroeder, Kerberos) – Asymmetric crypto – certificates Stolen keys recovery Group keys.

Key Exchange – Diffie-Hellman – Symmetric crypto (KDC idea, Needham-Shroeder, Kerberos) – Asymmetric crypto – certificates Stolen keys recovery Group keys.
Access Control Methodologies

Access Control Methodologies
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
Chapter 2.  CIA Model  Host Security VS Network Security  Least Privileges  Layered Security  Access Controls Prepared by Mohammed Saher2.

Chapter 2.  CIA Model  Host Security VS Network Security  Least Privileges  Layered Security  Access Controls Prepared by Mohammed Saher2.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.

6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.
 Single sign-on o Centralized and federated passport o Federated Liberty Alliance and Shibboleth  Authorization o Who can access which resource o ACM.

 Single sign-on o Centralized and federated passport o Federated Liberty Alliance and Shibboleth  Authorization o Who can access which resource o ACM.
 Authentication o Something you know (password) o Something you have (smartcard) o Something about you (iris scan)  Password authentication o To protect.

 Authentication o Something you know (password) o Something you have (smartcard) o Something about you (iris scan)  Password authentication o To protect.
Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.

Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 5 Phase 1: Reconnaissance. Reconnaissance  Finding as much information about the target as possible before launching the first attack packet.

Chapter 5 Phase 1: Reconnaissance. Reconnaissance  Finding as much information about the target as possible before launching the first attack packet.
CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
Authorization. Authorization: Two Meanings Determining permission Is principal P permitted to perform action A on object U? Adding permission P is now.

Authorization. Authorization: Two Meanings Determining permission Is principal P permitted to perform action A on object U? Adding permission P is now.
Controls for Information Security

Controls for Information Security
User Domain Policies.

User Domain Policies.

Similar presentations

Ads by Google