Download presentation
Presentation is loading. Please wait.
Published byJack Moran Modified over 11 years ago
1
ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University
2
2 © Ravi Sandhu SECURITY OBJECTIVES INTEGRITY less studied AVAILABILITY least studied CONFIDENTIALITY most studied USAGE newest
3
3 © Ravi Sandhu SECURITY TECHNOLOGIES u Access Control u Cryptography u Audit and Intrusion Detection u Authentication u Assurance u Risk Analysis u.......................
4
4 © Ravi Sandhu CRYPTOGRAPHY LIMITATIONS u Cryptography cannot protect confidentiality and integrity of l data, keys, software in end systems u Prevent or detect use of covert channels
5
5 © Ravi Sandhu AUDIT AND INTRUSION DETECTION LIMITATIONS u Intrusion detection cannot by itself l protect audit data and audit collection and analysis software l prevent security breaches l protect against covert channels
6
6 © Ravi Sandhu ACCESS CONTROL LIMITATIONS u Access control cannot by itself l protect data in transit or storage on an insecure medium l safeguard against misuse by authorized users l protect against covert channels
7
7 © Ravi Sandhu AUTHENTICATION LIMITATIONS u By itself authentication does very little but what it does is critical u pre-requisite for effective l cryptography l access control l intrusion detection
8
8 © Ravi Sandhu A MIX OF MUTUALLY SUPPORTIVE TECHNOLOGIES AUTHENTICATION INTRUSION DETECTION CRYPTOGRAPHY ACCESS CONTROL ASSURANCE RISK ANALYSIS SECURITY ENGINEERING & MANAGEMENT
9
9 © Ravi Sandhu CLASSICAL ACCESS CONTROL DOCTRINE u Lattice-based mandatory access control (MAC) l strong l too strong l not strong enough u Owner-based discretionary access control (DAC) l too weak l too confused
10
10 © Ravi Sandhu ISSUES IN LATTICE-BASED MAC u MAC enforces one-directional information flow in a lattice of security labels u can be used for aspects of l confidentiality l integrity l aggregation (Chinese Walls)
11
11 © Ravi Sandhu PROBLEMS WITH LATTICE- BASED MAC u does not protect against covert channels and inference l not strong enough u inappropriate l too strong
12
12 © Ravi Sandhu ISSUES IN OWNER-BASED DAC u negative rights u inheritance of rights l interaction between positive and negative rights u grant flag u delegation of identity u temporal and conditional authorization
13
13 © Ravi Sandhu PROBLEMS WITH OWNER- BASED DAC u does not control information flow l too weak u inappropriate in many situations l too weak l too confused
14
14 © Ravi Sandhu BEYOND OWNER-BASED DAC u separation between ability l to use a right l to grant a right u non-discretionary elements l user who can use a right should not be able to grant it and vice versa
15
15 © Ravi Sandhu NON-DISCRETIONARY (BEYOND LATTICE-BASED MAC) u control of administrative scope l rights that can be granted l to whom rights can be granted u rights that cannot be simultaneously granted to same user u rights that cannot be granted to too many users
16
16 © Ravi Sandhu WHAT IS THE POLICY IN NON- DISCRETIONARY ACCESS CONTROL? u Non-discretionary access control is a means to articulate policy u does not incorporate policy but does support security principles l least privilege l abstract operations l separation of duties
17
17 © Ravi Sandhu ISSUES IN NON-DISCRETIONARY ACCESS CONTROL u models for non-discretionary propagation of access rights u role-based access control (RBAC) u task-based authorization (TBA)
18
18 © Ravi Sandhu u HRU, 1976 u TAKE-GRANT, 1976-82 u SPM/ESPM, 1985-92 u TAM/ATAM, 1992 onwards NON-DISCRETIONARY PROPAGATION MODELS
19
19 © Ravi Sandhu NON-DISCRETIONARY PROPAGATION MODELS u type-based non-discretionary controls u rights that authorize propagation can be separate or closely related to right being propagated u testing for absence of rights is essential for dynamic separation policies
20
20 © Ravi Sandhu ROLE-BASED ACCESS CONTROL: RBAC 0 ROLES USER-ROLE ASSIGNMENT PERMISSION-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS
21
21 © Ravi Sandhu ROLE-BASED ACCESS CONTROL: RBAC 1 ROLES USER-ROLE ASSIGNMENT PERMISSION-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS ROLE HIERARCHIES
22
22 © Ravi Sandhu HIERARCHICAL ROLES Health-Care Provider Physician Primary-Care Physician Specialist Physician
23
23 © Ravi Sandhu HIERARCHICAL ROLES Engineer Hardware Engineer Software Engineer Supervising Engineer
24
24 © Ravi Sandhu ROLE-BASED ACCESS CONTROL: RBAC 3 ROLES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERSPERMISSIONS... SESSIONS ROLE HIERARCHIES CONSTRAINTS
25
25 © Ravi Sandhu RBAC MANAGEMENT ROLES USERS PERMISSIONS... ADMIN ROLES ADMIN PERMISSIONS CAN- MANAGE
26
26 © Ravi Sandhu RBAC MANAGEMENT S T1 T2 S3 T4 T5 P3 P ADMINISTRATIVE ROLE HIERARCHY CSO SO1SO2SO3 ROLE HIERARCHY
27
27 © Ravi Sandhu ROLES AND LATTICES u RBAC can enforce classical lattice- based MAC H L HR LR LW HW LATTICE ROLES
28
28 © Ravi Sandhu ROLES AND LATTICES u RBAC can accommodate variations of classical lattice-based MAC H L HR LR LW HW LATTICE ROLES
29
29 © Ravi Sandhu TASK-BASED AUTHORIZATION (TBA) u beyond subjects and objects u authorization is in context of some task u transient use-once permissions instead of long-lived use-many-times permissions
30
30 © Ravi Sandhu TRANSACTION CONTROL EXPRESSIONS (TCEs) u TCEs are an example of TBA prepare clerk; approve supervisor; issue clerk;
31
31 © Ravi Sandhu CONCLUSION u access control is important u there are many open issues
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.