SlideShare uma empresa Scribd logo
1 de 39
Baixar para ler offline
Access Control: Principles
and Practice
Reference: Access Control: Principles and
Practice, Ravi S. Sandhu and Pierangela
Samarati, IEEE Communications Magazine,
1994
Prepared by: Nabeel Mohamed
Access Control
   The purpose is to limit that the
    operations or actions that a legitimate
    user of a computer system can perform
   Constrains
    ◦ What a user can do directly, and
    ◦ What programs executing on behalf of users
      are allowed to do
   Thus, tries to prevent activities that could
    lead to a breach of security
   Is required to achieve confidentiality,
    integrity and availability objectives
The Big Picture
The Big Picture
 Shows a logical picture of security
  services and their interactions
 Authentication service should correctly
  establish the identity of the user
 Authentication, and then Access
  Control
 Access control is not a complete
  solution for securing a system. What is
  the missing service?
    ◦ Auditing
The Big Picture
   Auditing
    ◦ Performs a posteriori analysis of all the
      requests and activities of users in the system
    ◦ Requires logging all requests and activities
    ◦ How can auditing help?
        Acting as a deterrent
        Identifying attempted or actual violations
        Identifying flaws in the security system
        Preventing authorized users from misusing their
         privileges (accountability)
Policies vs. Mechanisms
   Policies
    ◦ High-level guidelines that determine how
      accesses are controlled and access
      decisions determined
   Mechanisms
    ◦ Low-level software and hardware functions
      that can be configured to implement a policy
   It is desirable to develop access control
    mechanisms that are largely
    independent of the policy for which they
    could be used
The Access Matrix
   All resources controlled by a computer
    system can be represented by data
    stored in objects
   Subjects, which initiate activities in the
    system, are typically users or programs
    executing on behalf of users
   Subjects can themselves be objects
   Subjects initiate actions on objects
    ◦ Actions are allowed or denied in accordance
      with the authorization established
The Access Matrix
   Example access rights/modes:
    ◦ For files, the typical access rights are
      read, write, execute and own
      OS implements them
    ◦ For bank accounts, the typical access
      rights are inquiry, credit and debit
      Application programs implement them
The Access Matrix
 A conceptual model that specifies the
  rights that each subject possesses for
  each object
 Subjects in rows, objects in columns
The Access Matrix
 The access matrix model clearly
  separates the problem of
  authentication from that of
  authorization
 A reference monitor should ensure
  that only those operations authorized
  by the access matrix actually get
  executed
 Example: Alice is the owner of the file
  2, and she can read and write that file
Implementation Approaches
 Access matrix is usually sparse and
  hence not implemented as a matrix
 Some common approaches to
  implementing the access matrix in
  practice:
    ◦ Access Control Lists (ACLs)
    ◦ Capabilities
    ◦ Authorization Relations
Access Control Lists
 Each object is associated with a an
  ACL
 ACL has an entry of each subject if it
  has some kind of access to that object
 This approach corresponds to storing
  the access matrix by column
Access Control Lists
Access Control Lists
   Advantages
    ◦ By looking at an object’s ACL it is easy to
      determine which modes of access
      subjects are currently authorized for that
      object
    ◦ Easy to revoke all access to an object
   Disadvantages
    ◦ It is difficult to find all accesses a subject
      has
Access Control Lists
 In order to reduce the list length, the
  usual practice is to use groups instead
  of (or in addition to) individual subject
  identifiers
 Example: UNIX getfacl and setfacl
  allows to create ACLs on files and
  folders
Capabilities
 A dual approach to ACLs
 Each subject is associated with a list
  (call the capability list)
 A capability list of a subject has a list
  of objects for which subject has some
  kind of access
Capabilities
Capabilities
   Advantage
    ◦ Easy to find all accesses that a subject is
      authorized to perform
    ◦ Easy to revoke all accesses to a subject
   Disadvantages
    ◦ Difficult to find all subjects who have
      some kind of access to a given object
   Modern operating systems typically
    take the ACL-based approach
Authorization Relations
 Each row or tuple of the authorization
  relation specifies one access right of a
  subject to an object
 For example, John’s accesses to File
  1 require 3 rows
 If the table is sorted by subjects, it
  reflects capabilities
 If the table is sorted by objects, it
  reflects ACLs
 The relation is not normalized
Authorization Relations
Access Control Policies
 Discretionary policies
 Mandatory policies
 Role-based policies
Multiple Access Control Policies
 AC policies are not exclusive; can be
  combined to provide a more suitable
  protection system
 When policies are combined, only the
  intersections of their accesses allowed
Discretionary Policies
 Access control is under the discretion
  of the user
 Flexibility of discretionary policies has
  made them successful in industry
Discretionary Policies
   However, they do not provide real
    assurance on the flow of information in
    the system
    ◦ It’s easy to bypass the access restrictions
      stated through the authorizations
    ◦ Example: a user, able to read an object, can
      pass it to other users with the knowledge of
      the owner
    ◦ The reason is discretionary policies do not
      impose any restriction on the usage of
      information by a user once the user received
      it (dissemination of information is not
      controlled)
Mandatory Policies
   Access control enforcement is under the
    control of the system
   MLS (Multilevel Security) model is the
    most popular mandatory approach
    ◦ Access is based on the security levels
      assigned to objects and subjects
   Each user and each object in the system
    is assigned a security level
   MLS provides one-directional information
    flow in a lattice of security labels
Mandatory Policies
   The security level associated with an
    object reflects
    ◦ The sensitivity of the information
      contained in the object
   The security level associated with a
    subject (also called clearance) reflects
    ◦ The user’s trustworthiness not to disclose
      sensitive information to users not cleared
      to see it
Example Security Levels
   In a military setting we usually find the
    following security levels:
    ◦   Top Secret (TS)
    ◦   Secret (S)
    ◦   Confidential (C)
    ◦   Unclassified (U)
   They form the ordered set TS > S > C >
    U
   Each security level is said to dominate
    itself and all others below it in this
    hierarchy
Confidentiality Policies
   Read down
    ◦ A subject’s clearance must dominate the
      security level of the object being read
   Write up
    ◦ A subject’s clearance must be dominated by
      the security level of the object being written
   Prevent information in high-level objects
    (more sensitive) to flow to objects in
    lower levels
   Information can only flow upwards or
    within the same security domain
Confidentiality Policies
Confidentiality Policies
 In order to write at a lower security level,
  subject should be allowed to take any
  clearance level dominated by its original
  clearance level
 The intuition behind write-up rule is to
  prevent malicious software from leaking
  secret information downwards
 Write-up rule may destroy data in higher
  security levels – Hence, it is usually
  controlled to work only at the same
  security level as the subject
Integrity Policies
   Read up
    ◦ A subject’s integrity level must be dominated
      by the integrity level of the object being read
   Write down
    ◦ A subject’s integrity level must dominate the
      integrity level of the object being written
   Prevent information stored in low objects
    (hence less reliable) to flow to high
    objects
   Protect only one aspect of integrity
   Information can only flow downwards or
    within the same security level
Integrity Policies
Role-based Policies
   Neither discretionary nor mandatory
    approaches satisfies the needs of
    most commercial enterprises
    ◦ Mandatory policies rise from rigid
      environments, like those of military
    ◦ Discretionary policies rise from
      cooperative yet autonomous
      requirements, like those of academic
      researchers
   One alternative is role-base policies
Role-based Policies
   The flexibility required:
    ◦ Allow the specification of authorization to
      be granted to users (or groups) on objects
      like in the discretionary approach,
      together with the possibility of specifying
      restrictions (like in the mandatory
      approach) on the assignment or on the
      use of such authorizations
Role-based Policies
   A role is a set of actions and
    responsibilities associated with a
    particular working activity
   Instead of specifying all the accesses
    each user is allowed to execute, access
    authorizations are specified for roles
   Users are given authorization to adopt
    roles
   A user playing a role is allowed to
    execute all accesses for which the role is
    authorized.
Role-based Policies
 User may or may not be allowed to
  play multiple roles at the same time
 A user may take on different roles on
  different occasions
Advantages of Role-based
Policies
   Simplification of authorization
    management
   Hierarchical roles further simplify by
    allowing generalization and
    specialization
   Adapting different roles to operate at the
    least privilege
   Promotes separation of duty to prevent
    misuse of the system
   Instead of individual objects, access can
    be specified for object classes
Administration of Authorization
 Administrative policies determine who
  is authorized to modify the allowed
  access
 In mandatory AC, security
  administrator determines the access
  to objects by subjects
 In discretionary and role-based AC,
  there are possibly many types of
  administrative policies
Administration of Authorization
   Example DAC administrative policies
    ◦ Centralized – a single authorized user like
      in MAC
    ◦ Hierarchical – authorizers are ordered in a
      hierarchy with decreasing power
    ◦ Cooperative – multiple authorizers to
      specify each access
    ◦ Ownership – owner of the object controls
      accesses
    ◦ Decentralized – delegate authorization to
      others to control accesses

Mais conteúdo relacionado

Mais procurados

Operating System Security
Operating System SecurityOperating System Security
Operating System SecurityRamesh Upadhaya
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
CISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 -  Asset SecurityCISSP - Chapter 2 -  Asset Security
CISSP - Chapter 2 - Asset SecurityKarthikeyan Dhayalan
 
An overview of access control
An overview of access controlAn overview of access control
An overview of access controlElimity
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsLearningwithRayYT
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
 
2. access control
2. access control2. access control
2. access control7wounders
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute forcevishalgohel12195
 
Web Security Attacks
Web Security AttacksWeb Security Attacks
Web Security AttacksSajid Hasan
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
User authentication
User authenticationUser authentication
User authenticationCAS
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKumawat Dharmpal
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)mmubashirkhan
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 

Mais procurados (20)

Operating System Security
Operating System SecurityOperating System Security
Operating System Security
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
 
intruders types ,detection & prevention
intruders types ,detection & preventionintruders types ,detection & prevention
intruders types ,detection & prevention
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
CISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 -  Asset SecurityCISSP - Chapter 2 -  Asset Security
CISSP - Chapter 2 - Asset Security
 
An overview of access control
An overview of access controlAn overview of access control
An overview of access control
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack Vectors
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
 
Malware Analysis
Malware AnalysisMalware Analysis
Malware Analysis
 
2. access control
2. access control2. access control
2. access control
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute force
 
Web Security Attacks
Web Security AttacksWeb Security Attacks
Web Security Attacks
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
System security
System securitySystem security
System security
 
Cia security model
Cia security modelCia security model
Cia security model
 
User authentication
User authenticationUser authentication
User authentication
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
 

Semelhante a Access Control: Principles and Practice

Week No 13 Access Control Part 1.pptx
Week No 13 Access Control Part 1.pptxWeek No 13 Access Control Part 1.pptx
Week No 13 Access Control Part 1.pptxXhamiiiCH
 
Least privilege, access control, operating system security
Least privilege, access control, operating system securityLeast privilege, access control, operating system security
Least privilege, access control, operating system securityG Prachi
 
Survey of file protection techniques
Survey of file protection techniquesSurvey of file protection techniques
Survey of file protection techniquesG Prachi
 
Protection in general purpose operating system
Protection in general purpose operating systemProtection in general purpose operating system
Protection in general purpose operating systemG Prachi
 
Access Control Fundamentals
Access Control FundamentalsAccess Control Fundamentals
Access Control FundamentalsSetiya Nugroho
 
Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
Application Security -- Authorization Models
Application Security -- Authorization ModelsApplication Security -- Authorization Models
Application Security -- Authorization Modelsadinath7
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxdotco
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxTechnocracy2
 
access-control-basics-murat-kantarcioglu.pdf
access-control-basics-murat-kantarcioglu.pdfaccess-control-basics-murat-kantarcioglu.pdf
access-control-basics-murat-kantarcioglu.pdfNohaNagy5
 
information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...Zara Nawaz
 
Management Access Control At Lan Essay
Management Access Control At Lan EssayManagement Access Control At Lan Essay
Management Access Control At Lan EssayApril Blount
 
INFORMATION SECURITY STUDY GUIDE for STUDENTS
INFORMATION SECURITY STUDY GUIDE for STUDENTSINFORMATION SECURITY STUDY GUIDE for STUDENTS
INFORMATION SECURITY STUDY GUIDE for STUDENTShenlydailymotion
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochQA or the Highway
 

Semelhante a Access Control: Principles and Practice (20)

Isys20261 lecture 12
Isys20261 lecture 12Isys20261 lecture 12
Isys20261 lecture 12
 
4_5949547032388570388.ppt
4_5949547032388570388.ppt4_5949547032388570388.ppt
4_5949547032388570388.ppt
 
AccessControl.ppt
AccessControl.pptAccessControl.ppt
AccessControl.ppt
 
Week No 13 Access Control Part 1.pptx
Week No 13 Access Control Part 1.pptxWeek No 13 Access Control Part 1.pptx
Week No 13 Access Control Part 1.pptx
 
Least privilege, access control, operating system security
Least privilege, access control, operating system securityLeast privilege, access control, operating system security
Least privilege, access control, operating system security
 
Survey of file protection techniques
Survey of file protection techniquesSurvey of file protection techniques
Survey of file protection techniques
 
Protection in general purpose operating system
Protection in general purpose operating systemProtection in general purpose operating system
Protection in general purpose operating system
 
Access Control Fundamentals
Access Control FundamentalsAccess Control Fundamentals
Access Control Fundamentals
 
Security risk management
Security risk managementSecurity risk management
Security risk management
 
Application Security -- Authorization Models
Application Security -- Authorization ModelsApplication Security -- Authorization Models
Application Security -- Authorization Models
 
Chapter 7
Chapter 7Chapter 7
Chapter 7
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptx
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptx
 
access-control-basics-murat-kantarcioglu.pdf
access-control-basics-murat-kantarcioglu.pdfaccess-control-basics-murat-kantarcioglu.pdf
access-control-basics-murat-kantarcioglu.pdf
 
002.itsecurity bcp v1
002.itsecurity bcp v1002.itsecurity bcp v1
002.itsecurity bcp v1
 
information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...
 
S5-Authorization
S5-AuthorizationS5-Authorization
S5-Authorization
 
Management Access Control At Lan Essay
Management Access Control At Lan EssayManagement Access Control At Lan Essay
Management Access Control At Lan Essay
 
INFORMATION SECURITY STUDY GUIDE for STUDENTS
INFORMATION SECURITY STUDY GUIDE for STUDENTSINFORMATION SECURITY STUDY GUIDE for STUDENTS
INFORMATION SECURITY STUDY GUIDE for STUDENTS
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 

Mais de Nabeel Yoosuf

Building RESTful Applications
Building RESTful ApplicationsBuilding RESTful Applications
Building RESTful ApplicationsNabeel Yoosuf
 
Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2Nabeel Yoosuf
 
Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1Nabeel Yoosuf
 
Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0  - Part 1Introduction to OAuth 2.0  - Part 1
Introduction to OAuth 2.0 - Part 1Nabeel Yoosuf
 
Oracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12cOracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12cNabeel Yoosuf
 
Introduction to Tokenization
Introduction to TokenizationIntroduction to Tokenization
Introduction to TokenizationNabeel Yoosuf
 
Privacy Preserving Access Control for Third Party Data Management Systems
Privacy Preserving Access Control for Third Party Data Management SystemsPrivacy Preserving Access Control for Third Party Data Management Systems
Privacy Preserving Access Control for Third Party Data Management SystemsNabeel Yoosuf
 
Efficient privacy preserving publish subscribe systems
Efficient privacy preserving publish subscribe systemsEfficient privacy preserving publish subscribe systems
Efficient privacy preserving publish subscribe systemsNabeel Yoosuf
 
Efficient Filtering in Pub-Sub Systems using BDD
Efficient Filtering in Pub-Sub Systems using BDDEfficient Filtering in Pub-Sub Systems using BDD
Efficient Filtering in Pub-Sub Systems using BDDNabeel Yoosuf
 
Pub-Sub Systems and Confidentiality/Privacy
Pub-Sub Systems and Confidentiality/PrivacyPub-Sub Systems and Confidentiality/Privacy
Pub-Sub Systems and Confidentiality/PrivacyNabeel Yoosuf
 
A Structure Preserving Approach for Securing XML Documents
A Structure Preserving Approach for Securing XML DocumentsA Structure Preserving Approach for Securing XML Documents
A Structure Preserving Approach for Securing XML DocumentsNabeel Yoosuf
 

Mais de Nabeel Yoosuf (12)

Building RESTful Applications
Building RESTful ApplicationsBuilding RESTful Applications
Building RESTful Applications
 
Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2
 
Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1
 
Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0  - Part 1Introduction to OAuth 2.0  - Part 1
Introduction to OAuth 2.0 - Part 1
 
API Façade Pattern
API Façade PatternAPI Façade Pattern
API Façade Pattern
 
Oracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12cOracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12c
 
Introduction to Tokenization
Introduction to TokenizationIntroduction to Tokenization
Introduction to Tokenization
 
Privacy Preserving Access Control for Third Party Data Management Systems
Privacy Preserving Access Control for Third Party Data Management SystemsPrivacy Preserving Access Control for Third Party Data Management Systems
Privacy Preserving Access Control for Third Party Data Management Systems
 
Efficient privacy preserving publish subscribe systems
Efficient privacy preserving publish subscribe systemsEfficient privacy preserving publish subscribe systems
Efficient privacy preserving publish subscribe systems
 
Efficient Filtering in Pub-Sub Systems using BDD
Efficient Filtering in Pub-Sub Systems using BDDEfficient Filtering in Pub-Sub Systems using BDD
Efficient Filtering in Pub-Sub Systems using BDD
 
Pub-Sub Systems and Confidentiality/Privacy
Pub-Sub Systems and Confidentiality/PrivacyPub-Sub Systems and Confidentiality/Privacy
Pub-Sub Systems and Confidentiality/Privacy
 
A Structure Preserving Approach for Securing XML Documents
A Structure Preserving Approach for Securing XML DocumentsA Structure Preserving Approach for Securing XML Documents
A Structure Preserving Approach for Securing XML Documents
 

Último

Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?SANGHEE SHIN
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.francesco barbera
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxYounusS2
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum ComputingGDSC PJATK
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 

Último (20)

Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptx
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum Computing
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 

Access Control: Principles and Practice

  • 1. Access Control: Principles and Practice Reference: Access Control: Principles and Practice, Ravi S. Sandhu and Pierangela Samarati, IEEE Communications Magazine, 1994 Prepared by: Nabeel Mohamed
  • 2. Access Control  The purpose is to limit that the operations or actions that a legitimate user of a computer system can perform  Constrains ◦ What a user can do directly, and ◦ What programs executing on behalf of users are allowed to do  Thus, tries to prevent activities that could lead to a breach of security  Is required to achieve confidentiality, integrity and availability objectives
  • 4. The Big Picture  Shows a logical picture of security services and their interactions  Authentication service should correctly establish the identity of the user  Authentication, and then Access Control  Access control is not a complete solution for securing a system. What is the missing service? ◦ Auditing
  • 5. The Big Picture  Auditing ◦ Performs a posteriori analysis of all the requests and activities of users in the system ◦ Requires logging all requests and activities ◦ How can auditing help?  Acting as a deterrent  Identifying attempted or actual violations  Identifying flaws in the security system  Preventing authorized users from misusing their privileges (accountability)
  • 6. Policies vs. Mechanisms  Policies ◦ High-level guidelines that determine how accesses are controlled and access decisions determined  Mechanisms ◦ Low-level software and hardware functions that can be configured to implement a policy  It is desirable to develop access control mechanisms that are largely independent of the policy for which they could be used
  • 7. The Access Matrix  All resources controlled by a computer system can be represented by data stored in objects  Subjects, which initiate activities in the system, are typically users or programs executing on behalf of users  Subjects can themselves be objects  Subjects initiate actions on objects ◦ Actions are allowed or denied in accordance with the authorization established
  • 8. The Access Matrix  Example access rights/modes: ◦ For files, the typical access rights are read, write, execute and own  OS implements them ◦ For bank accounts, the typical access rights are inquiry, credit and debit  Application programs implement them
  • 9. The Access Matrix  A conceptual model that specifies the rights that each subject possesses for each object  Subjects in rows, objects in columns
  • 10. The Access Matrix  The access matrix model clearly separates the problem of authentication from that of authorization  A reference monitor should ensure that only those operations authorized by the access matrix actually get executed  Example: Alice is the owner of the file 2, and she can read and write that file
  • 11. Implementation Approaches  Access matrix is usually sparse and hence not implemented as a matrix  Some common approaches to implementing the access matrix in practice: ◦ Access Control Lists (ACLs) ◦ Capabilities ◦ Authorization Relations
  • 12. Access Control Lists  Each object is associated with a an ACL  ACL has an entry of each subject if it has some kind of access to that object  This approach corresponds to storing the access matrix by column
  • 14. Access Control Lists  Advantages ◦ By looking at an object’s ACL it is easy to determine which modes of access subjects are currently authorized for that object ◦ Easy to revoke all access to an object  Disadvantages ◦ It is difficult to find all accesses a subject has
  • 15. Access Control Lists  In order to reduce the list length, the usual practice is to use groups instead of (or in addition to) individual subject identifiers  Example: UNIX getfacl and setfacl allows to create ACLs on files and folders
  • 16. Capabilities  A dual approach to ACLs  Each subject is associated with a list (call the capability list)  A capability list of a subject has a list of objects for which subject has some kind of access
  • 18. Capabilities  Advantage ◦ Easy to find all accesses that a subject is authorized to perform ◦ Easy to revoke all accesses to a subject  Disadvantages ◦ Difficult to find all subjects who have some kind of access to a given object  Modern operating systems typically take the ACL-based approach
  • 19. Authorization Relations  Each row or tuple of the authorization relation specifies one access right of a subject to an object  For example, John’s accesses to File 1 require 3 rows  If the table is sorted by subjects, it reflects capabilities  If the table is sorted by objects, it reflects ACLs  The relation is not normalized
  • 21. Access Control Policies  Discretionary policies  Mandatory policies  Role-based policies
  • 22. Multiple Access Control Policies  AC policies are not exclusive; can be combined to provide a more suitable protection system  When policies are combined, only the intersections of their accesses allowed
  • 23. Discretionary Policies  Access control is under the discretion of the user  Flexibility of discretionary policies has made them successful in industry
  • 24. Discretionary Policies  However, they do not provide real assurance on the flow of information in the system ◦ It’s easy to bypass the access restrictions stated through the authorizations ◦ Example: a user, able to read an object, can pass it to other users with the knowledge of the owner ◦ The reason is discretionary policies do not impose any restriction on the usage of information by a user once the user received it (dissemination of information is not controlled)
  • 25. Mandatory Policies  Access control enforcement is under the control of the system  MLS (Multilevel Security) model is the most popular mandatory approach ◦ Access is based on the security levels assigned to objects and subjects  Each user and each object in the system is assigned a security level  MLS provides one-directional information flow in a lattice of security labels
  • 26. Mandatory Policies  The security level associated with an object reflects ◦ The sensitivity of the information contained in the object  The security level associated with a subject (also called clearance) reflects ◦ The user’s trustworthiness not to disclose sensitive information to users not cleared to see it
  • 27. Example Security Levels  In a military setting we usually find the following security levels: ◦ Top Secret (TS) ◦ Secret (S) ◦ Confidential (C) ◦ Unclassified (U)  They form the ordered set TS > S > C > U  Each security level is said to dominate itself and all others below it in this hierarchy
  • 28. Confidentiality Policies  Read down ◦ A subject’s clearance must dominate the security level of the object being read  Write up ◦ A subject’s clearance must be dominated by the security level of the object being written  Prevent information in high-level objects (more sensitive) to flow to objects in lower levels  Information can only flow upwards or within the same security domain
  • 30. Confidentiality Policies  In order to write at a lower security level, subject should be allowed to take any clearance level dominated by its original clearance level  The intuition behind write-up rule is to prevent malicious software from leaking secret information downwards  Write-up rule may destroy data in higher security levels – Hence, it is usually controlled to work only at the same security level as the subject
  • 31. Integrity Policies  Read up ◦ A subject’s integrity level must be dominated by the integrity level of the object being read  Write down ◦ A subject’s integrity level must dominate the integrity level of the object being written  Prevent information stored in low objects (hence less reliable) to flow to high objects  Protect only one aspect of integrity  Information can only flow downwards or within the same security level
  • 33. Role-based Policies  Neither discretionary nor mandatory approaches satisfies the needs of most commercial enterprises ◦ Mandatory policies rise from rigid environments, like those of military ◦ Discretionary policies rise from cooperative yet autonomous requirements, like those of academic researchers  One alternative is role-base policies
  • 34. Role-based Policies  The flexibility required: ◦ Allow the specification of authorization to be granted to users (or groups) on objects like in the discretionary approach, together with the possibility of specifying restrictions (like in the mandatory approach) on the assignment or on the use of such authorizations
  • 35. Role-based Policies  A role is a set of actions and responsibilities associated with a particular working activity  Instead of specifying all the accesses each user is allowed to execute, access authorizations are specified for roles  Users are given authorization to adopt roles  A user playing a role is allowed to execute all accesses for which the role is authorized.
  • 36. Role-based Policies  User may or may not be allowed to play multiple roles at the same time  A user may take on different roles on different occasions
  • 37. Advantages of Role-based Policies  Simplification of authorization management  Hierarchical roles further simplify by allowing generalization and specialization  Adapting different roles to operate at the least privilege  Promotes separation of duty to prevent misuse of the system  Instead of individual objects, access can be specified for object classes
  • 38. Administration of Authorization  Administrative policies determine who is authorized to modify the allowed access  In mandatory AC, security administrator determines the access to objects by subjects  In discretionary and role-based AC, there are possibly many types of administrative policies
  • 39. Administration of Authorization  Example DAC administrative policies ◦ Centralized – a single authorized user like in MAC ◦ Hierarchical – authorizers are ordered in a hierarchy with decreasing power ◦ Cooperative – multiple authorizers to specify each access ◦ Ownership – owner of the object controls accesses ◦ Decentralized – delegate authorization to others to control accesses