Presentation is loading. Please wait.

Presentation is loading. Please wait.

Protection & Security Greg Bilodeau CS 5204 October 13, 2009.

Published byBrittany Weaver Modified over 9 years ago

Similar presentations

Presentation on theme: "Protection & Security Greg Bilodeau CS 5204 October 13, 2009."— Presentation transcript:

1 Protection & Security Greg Bilodeau CS 5204 October 13, 2009

2 Protection and Security Protection from: Malicious users  Modifying data  Accessing confidential data  Misuse of resources Collaborative efforts  Controlling access to data  Allowing the right users the right privileges CS 5204 – Fall, 2009

3 Protection and Security How to secure a system Authenticate Authorize Audit changes, prepare for recovery Close the system to un-trusted users  Isolation  Exclusion (firewalls) Restrict un-trusted users to sandbox File security system Best approach is combination of tactics CS 5204 – Fall, 2009

4 Protection and Security Principles of Security Assign only the rights needed (least privilege) Partition rights by duty or role (separation of duties) Enforce rights in simplest manner (economy of mechanism) Acceptable to user community (acceptability) Universal enforcement of policies (complete mediation) “Security through obscurity” not required (open design) CS 5204 – Fall, 2009

5 Protection and Security Goals for Security Only modified by authorized entities Only accessed by authorized entities (confidentiality) Cannot disclaim ownership (non-repudiation) Source can be verified (authenticity) Accessible to authorized entities CS 5204 – Fall, 2009

6 Protection and Security Goals for Collaborative Systems Applied and enforced at distributed platform level Generic and useful for variety of tasks Be scalable to large numbers of potential shared operations Protect data at various levels of granularity Transparent access for authorized, strong exclusion for unauthorized that doesn’t hamper collaboration Allow high-level access rights Dynamic, specify and change policies at run time Not hamper performance CS 5204 – Fall, 2009

7 Protection and Security Access Matrix Abstract reference model to associate subjects with objects (and other subjects), used by security monitor querying reference monitor CS 5204 – Fall, 2009 S1S1 S2S2 S3S3 *O R RW W O1O1 O2O2 O3O3 R *R R W W O4O4 O5O5 O6O6 S x = Subject O x = object O = Owner R = read access W = write access *X = copy bit set

8 Protection and Security Access Matrix May change over time  Users added or removed  Files created or deleted Commands manipulate the matrix  First test if conditions for command are true, ex: check if subject attempting to give write access to another subject for an object has *W access right  If it does, update the entry for the target subject with the new access right CS 5204 – Fall, 2009

9 Protection and Security Implementing the access matrix Matrix can be implemented in various ways Subject perspective  Subjects  Roles  Teams Object perspective  Objects  Domains System perspective  Tasks  Clearance  Context  Lock and key  Memory mapping CS 5204 – Fall, 2009

10 Protection and Security Capability Lists CS 5204 – Fall, 2009 S1S1 S2S2 S3S3 {*O,O 1 } {R,O 1 } {R,O 2 } {W,O 3 } O1O1 O2O2 O3O3 {R,O 4 } {*R,O 5 } {R,O 5 } O4O4 O5O5 O6O6 {W,O 6 }

11 Protection and Security Capability Lists Defined as a list of {permission, object} pairs Gives entire access rights profile of each subject Easier to store in memory than entire matrix Subject incapable of starting action without permission CS 5204 – Fall, 2009

12 Protection and Security Access-control Lists CS 5204 – Fall, 2009 S1S1 S2S2 S3S3 {*O,S 1 } {R,S 2 } {R,S 1 } {W,S 1 } {W,S 2 } O1O1 O2O2 O3O3 {R,S 1 } {*R,S 2 } {R,S 3 } O4O4 O5O5 O6O6 {W,S 1 } {W,S 2 }

13 Protection and Security Access-control Lists CS 5204 – Fall, 2009 Defined as a list of {permission, subject} pairs Gives entire access rights profile of each object Easier to store in memory than entire matrix

14 Protection and Security Capability List and Access-control List Difficult to dynamically change access rights:  Capability list: difficult to determine how many and which subjects have rights for a given object  Access-control list: difficult to tell all accesses a subject has across objects Do not account for contextual information  Context: environmental variables, dynamism and unpredictability  Context can define access when in a given role CS 5204 – Fall, 2009

15 Protection and Security Role-Based Access Control (RBAC) CS 5204 – Fall, 2009 S1S1 S2S2 S3S3 R 3,R 1 R2R2 R2R2 R1R1 R2R2 {*O,O 1 } {R,O 2 } {W,O 3 } {R,O 5 } R3R3 {R,O 6 } Assigning access rights to roles Assigning roles to subjects

16 Protection and Security Role-Based Access Control (RBAC) Roles created for various combinations of {object, rights} pairs, subject assigned one or more roles Assignment of rights to roles and roles to subjects can be done at different times Allows updating of multiple subject’s access rights automatically through inheritance Allows cardinality and conflict of interest rules to be enforced However, cannot allow specific subject access to specific object CS 5204 – Fall, 2009

17 Protection and Security Domain-Based Access Control CS 5204 – Fall, 2009 S1S1 S2S2 S3S3 {*O,S 1 } {R,S 2 } {R,S 1 } {W,S 1 } {W,S 2 } O1O1 O2O2 O3O3 {R,S 1 } {*R,S 2 } {R,S 3 } O4O4 O5O5 O6O6 {W,S 1 } {W,S 2 } {R,S 1 } O2O2 O4O4 {W,S 1 }{W,S 2 } O3O3 O6O6

18 Protection and Security Domain-Based Access Control Similar to Role-Based Authenticates user when he enters the domain CS 5204 – Fall, 2009

19 Protection and Security Task-Based Access Control (TBAC) CS 5204 – Fall, 2009 Tasks Protection States A1 A2 A3 {*O,O 1 } {R,O 2 } {W,O 3 } {R,O 5 } {R,O 6 } A3 A2 A1 Activate Deactivate

20 Protection and Security Task-Based Access Control (TBAC) Task-based access control (TBAC) changes subject’s rights as it moves through stages of a given task Steps associated with protection state, with specific rights Each step has disjoint protection state Limited in context to activities, tasks and workflow progress CS 5204 – Fall, 2009

21 Protection and Security Team-Based Access Control (TMAC) CS 5204 – Fall, 2009

22 Protection and Security Team-Based Access Control (TMAC) Assigns permissions based on team designations Both user and object contexts (similar in concept to a combination of RBAC and Domain) Can be modified depending on environment context, i.e. what other subjects/teams are present Allows fine-grained control over individual users and objects Context-Based TMAC (C-TMAC) Incorporates context as an entity in the architecture CS 5204 – Fall, 2009

23 Protection and Security Spatial Access Control CS 5204 – Fall, 2009 Boundary Region 1Region 2Region 3 “Collaborative Environment” S1S1 {Reg1} *W S2S2 {Reg2, Reg3} R Access Graph

24 Protection and Security Spatial Access Control Boundaries create regions Access graph gives credentials  Governs movement within and between regions  Specifies access rights within each region No support for fine-grained control Insecure region creation possible CS 5204 – Fall, 2009

25 Protection and Security Context-Aware Access Control (Context-AW) Extends RBAC with environment roles Capture environment state Roles activated based on environment conditions at time of request CS 5204 – Fall, 2009 S1S1 S2S2 S3S3 E 3,E 1 E2E2 E2E2 E1E1 E2E2 {*O,O 1 }{R,O 2 }{W,O 3 } {R,O 5 } E3E3 {R,O 6 } Assigning access rights to environment roles Assigning roles to subjects based on context S1S1 S2S2 S3S3 E3E3 E2E2 E2E2

26 Protection and Security Comparison of access control methods CS 5204 – Fall, 2009

27 Protection and Security CS 5204 – Operating Systems 27 Bell­LaPadula Model i level 1 level i level n *-property objects classification clearance subject w r,w r

28 Protection and Security Lock-and-Key Access Control CS 5204 – Fall, 2009 S1S1 S2S2 S3S3 O 1,K 1 O 1,K 2 O 2,K 1 O1O1 O2O2 K 1,R K 2,W Subjects associated with set of keys for objects O 2,K 1 Each object associated with a {key, rights} pair

29 Protection and Security Lock-and-Key Access Control Like capability list Key values are meaningless to the subject Key values have no inherent rights CS 5204 – Fall, 2009

30 Protection and Security Memory Protection Hardware based on mapping Memory not in range of map protected Each subject/domain has own address space CS 5204 – Fall, 2009

31 Protection and Security Conclusion Propagation of rights between users  Simple in subject and system* perspectives  Difficult for data perspective Discovery of rights to a resource  Simple in object perspective  Difficult in subject and system* perspectives Revocation  Simple in object and system* perspectives  Difficult in subject perspective Reclamation  Simple in object and system* perspective  Difficult in subject perspective CS 5204 – Fall, 2009

32 Protection and Security Questions ? CS 5204 – Fall, 2009

Download ppt "Protection & Security Greg Bilodeau CS 5204 October 13, 2009."

Similar presentations

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Lakshmi Narayana Gupta Kollepara 10/26/2009 CSC-8320.

Lakshmi Narayana Gupta Kollepara 10/26/2009 CSC-8320.
Access Control Methodologies

Access Control Methodologies
Protection. Goals of Protection Operating system consists of a collection of objects, hardware or software Each object has a unique name and can be accessed.

Protection. Goals of Protection Operating system consists of a collection of objects, hardware or software Each object has a unique name and can be accessed.
Bilkent University Department of Computer Engineering

Bilkent University Department of Computer Engineering
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
1 CSE 380 Computer Operating Systems Instructor: Insup Lee and Dianna Xu University of Pennsylvania Fall 2003 Lecture Note: Protection Mechanisms.

1 CSE 380 Computer Operating Systems Instructor: Insup Lee and Dianna Xu University of Pennsylvania Fall 2003 Lecture Note: Protection Mechanisms.
Chapter 14: Protection.

Chapter 14: Protection.
Chapter 14: Protection.

Chapter 14: Protection.
Role Based Access Control Models Presented By Ankit Shah 2 nd Year Master’s Student.

Role Based Access Control Models Presented By Ankit Shah 2 nd Year Master’s Student.
Lecture 7 Access Control

Lecture 7 Access Control
Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.

Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.
Protection and Security An overview of basic principles CS5204 – Operating Systems1.

Protection and Security An overview of basic principles CS5204 – Operating Systems1.
Dr. Kalpakis CMSC 621, Advanced Operating Systems. Fall 2003 URL: Security & Protection.

Dr. Kalpakis CMSC 621, Advanced Operating Systems. Fall 2003 URL: Security & Protection.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
CS-550 (M.Soneru): Protection and Security - 2 [SaS] 1 Protection and Security - 2.

CS-550 (M.Soneru): Protection and Security - 2 [SaS] 1 Protection and Security - 2.
Li Xiong CS573 Data Privacy and Security Access Control.

Li Xiong CS573 Data Privacy and Security Access Control.

Similar presentations

Ads by Google