Presentation is loading. Please wait.

Presentation is loading. Please wait.

Discretionary Access Control Models Adith Srinivasan.

Published byTyler Ferguson Modified over 9 years ago

Similar presentations

Presentation on theme: "Discretionary Access Control Models Adith Srinivasan."— Presentation transcript:

1 Discretionary Access Control Models Adith Srinivasan

2 Outline Introduction Access Control Matrix Distributed Compartments Implementations of ACM Comparison of ACL & CL

3 Access Control Discretionary access control (DAC) is a kind of access control ' which restricts access to objects based on the identity of subjects and/or groups to which they belong'. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject Discretionary security models provide access control on an individual basis. Access Control matrix is a fundamental and widely used Disc Access control Model for enforcing security policies A security policy is a statement that specifies what privileges and limitations a certain subject has on an object Ex: subject s can access object x if it has not accessed object y.

4 Access Control An access control is a function that given a subject and object pair(s,o) and a requested operation r, from s to o, returns a true value if requested is permitted The process of access validation is performed by a ‘reference monitor’ with a ACM for all subjects and objects Practically it is preferable to have separate reference monitors for different categories of subjects and objects.

5 Access Control Model General model of controlling access to objects.

6 Access Control Matrix

7 Reducing the Size of Access Control Matrix Subject rows in the ACM that have identical entries i.e subjects that have similar access rights on common objects, could be merged into groups. If a user belongs to more than one group, its access rights is the union of all access rights of all the groups it belongs to. Similarly Object columns with same entries could be merged into ‘categories’

8 Distributed Compartment A distributed application with collaborating processes may consists of subject users and object resources crossing the physical boundaries of physical resources. Here, a logical ACM called a ‘distributed compartment’ that regulates access among the collaborating users would serve a better purpose. Access to the distributed compartments are based on ‘distributed handles’. These handles are application oriented and they provide a protective wall around an application and are authenticated by the application

9 A Distributed Compartment Model Local Subjects & Objects Local Subjects & Objects Collaborating Subjects & Objects across nodes boundaries with application oriented ACM Distributed Compartment Compartment Access using Distributed Handles

10 Distributed Compartment Model The distributed compartment model has a number of advantages The grouping of subjects and objects is logical and application specific. The accesses are more transparent since they do not depend on the operating systems and administrative units. Since the application manages the distributed handles, it allows different security policies to be implemented

11 Implementations OF ACM For efficiency and organizational purposes, access control matrices need to be partitioned The Linked list structure that contains all entries in a column for a particular object is called a Access control List (ACL) for the object. Likewise all entries in a row for a subject is called a Capability List (CL) for the subject the ACL resides in the object server and contains the pairs(s i,R si ) While the CL is a part of the subject (client process) containing the pairs (o i,R oi )

12 Comparison of ACL & CL Comparison between ACLs and capabilities for protecting objects. a) Using an ACL b) Using capabilities.

13 Comparison of ACL & CL Comparison in terms of management functions Authentication ACL Authenticates subjects, which is performed by the system While in CL, authentication is performed on capabilities of objects, by the object server. Objects have knowledge of the capabilities,but do not know the users or processors. This is one of the reasons why many Distributed implementations favor the CL approach

14 Review Of Access Rights To know which subjects are authorized to use a certain objects. Easier to review ACL, because ACL contains exactly this information. For storage efficiency subject grouping, wildcards,prohibitive rights could also be used. It is difficult to review for a CL unless some type of activity log is kept for all subjects that are given the capability

15 Propagation Of Access Rights Access rights must be replicatable to facilitate sharing. Propagation is Duplication of some or all the privileges from one subject to the others. Propagation is not transfer of rights, it is only duplication. In ACL, propagation of rights is explicitly initiated by a request to the object server, which modifies or adds an entry to its ACL.

16 Propagation Of Access Rights… Propagation of rights must adhere to the principle of least principles. i.e. Only the minimum privileges required to perform the tasks are given when propagating the rights In CL, theoretically it is propagate rights between subjects without intervention of object server. This could result in an uncontrollable system and hence is avoided.

17 Revocation Of Access Rights Revocation is trivial in ACL because it is easy to delete subject entries from the ACL. It is difficult for CL’s to revoke access selectively.

18 Conversion Between ACL & CL Interactions among processes involving different Access control models would require gateways for conversions. Conversion to ACL is straightforward. Consider example of processes in a CL requiring to access remote objects in ACL Gateway Authenticates the process identifier. It Then verifies the operation in the capability list. The request is then converted to ACL and is presented to the remote host

19 Conversion Between ACL & CL Converting a ACL request to CL is slightly more complex Requires a database with resource capabilities for the interacting processes Gateway validates the ACL request obtains the resource capability from the database server Capability is then presented to capability based object server. A system utilizing both ACL and CL suffers the drawback of both approaches Furthermore the conversions causes additional security hazards

20 QUESTIONS ?

Download ppt "Discretionary Access Control Models Adith Srinivasan."

Similar presentations

Operating System Security

Operating System Security
Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Lakshmi Narayana Gupta Kollepara 10/26/2009 CSC-8320.

Lakshmi Narayana Gupta Kollepara 10/26/2009 CSC-8320.
Access Control Methodologies

Access Control Methodologies
8.2 Discretionary Access Control Models Weiling Li.

8.2 Discretionary Access Control Models Weiling Li.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
Database Management System

Database Management System
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
—On War, Carl Von Clausewitz

—On War, Carl Von Clausewitz
Chapter 11 Firewalls.

Chapter 11 Firewalls.
19: Protection1 PROTECTION Protection is the mechanism for controlling access to computer resources. Security concerns the physical integrity of the system.

19: Protection1 PROTECTION Protection is the mechanism for controlling access to computer resources. Security concerns the physical integrity of the system.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
CMSC 414 Computer and Network Security Lecture 10 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 10 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
G22.3250-001 Robert Grimm New York University Protection and the Control of Information Sharing in Multics.

G Robert Grimm New York University Protection and the Control of Information Sharing in Multics.
Distributed Computer Security 8.2 Discretionary Access Control Models - Liang Zhao.

Distributed Computer Security 8.2 Discretionary Access Control Models - Liang Zhao.
Lecture 7 Access Control

Lecture 7 Access Control
Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.

Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.

Similar presentations

Ads by Google