Access Control MAC - PowerPoint PPT Presentation

1 / 20
About This Presentation
Title:

Access Control MAC

Description:

Tranquility ... Tranquility. Tranquility: changing security labels. Strong tranquility: security labels of subjects and objects never change during an operation ... – PowerPoint PPT presentation

Number of Views:55
Avg rating:3.0/5.0
Slides: 21
Provided by: far1
Category:

less

Transcript and Presenter's Notes

Title: Access Control MAC


1
Access ControlMAC
  • Lecture 15

2
Reading assignments
  • Required for access control classes
  • Ravi Sandhu and P. Samarati, Access Control
    Principles and Practice, IEEE Communications,
    Volume 32, Number 9, September 1994
    http//citeseerx.ist.psu.edu/viewdoc/summary?doi1
    0.1.1.30.5029
  • Ravi Sandhu, Lattice-Based Access Control Models,
    IEEE Computer, Volume 26, Number 11 (Cover
    Article), November 1993 http//citeseerx.ist.psu.
    edu/viewdoc/summary?doi10.1.1.54.8395

3
Mandatory Access Control
  • Objects security classification
  • e.g., grades(confidential, student-info)
  • Subjects security clearances
  • e.g., Joe(confidential, student-info)
  • Access rules defined by comparing the security
    classification of the requested objects with the
    security clearance of the subject
  • e.g., subject can read object only if
    label(subject) dominates label(object)

4
Mandatory Access Control
  • If access control rules are satisfied, access is
    permitted
  • e.g., Joe wants to read grades.
  • label(Joe)(confidential,student-info)
  • label(grades)(confidential,student-info)
  • Joe is permitted to read grades
  • Granularity of access rights!

5
Mandatory Access Control
Security Classes (labels) (A,C) A total order
authority level C set of categories e.g., A
confidential gt public , C student-info,
dept-info
(confidential,student-info,dept-info)
(confidential,dept-info)
(confidential,student-info)
(confidential, )
(public,student-info,dept-info)
(public,student-info)
(public,,dept-info)
(public, )
6
Mandatory Access Control
  • Dominance (?) label l(A,C) dominates l(A,C)
    iff A ? A and C ? C
  • e.g., (confidential,student-info) ?
    (public,student-info)
  • BUT
  • (confidential, student-info) ?
    (public,student-info, department-info)

7
Bell- LaPadula (BLP) Model
  • Confidentiality protection
  • Lattice-based access control
  • Subjects
  • Objects
  • Security labels
  • Supports decentralized administration

8
BLP Reference Monitor
  • All accesses are controlled by the reference
    monitor
  • Cannot be bypassed
  • Access is allowed iff the resulting system state
    satisfies all security properties
  • Trusted subjects subjects trusted not to
    compromise security

9
BLP Axioms 1.
  • Simple-security property a subject s is allowed
    to read an object o only if the security label
    of s dominates the security label of o
  • No read up
  • Applies to all subjects

10
BLP Axioms 2.
  • -property a subject s is allowed to write an
    object o only if the security label of o
    dominates the security label of s
  • No write down
  • Applies to un-trusted subjects only

11
Blind Writes
  • Improper modification of data
  • Most implementations disallow blind writes

12
Tranquility
  • Read and write accesses mediated based on the
    security labels of objects and subjects
  • Read and write accesses are not atomic, i.e.,
    sequences of operations that may or may not be
    interrupted
  • Example secret subject requests a read to a
    secret object. While the request is being
    processed, the subjects lowers its level to
    unclassified gt unclassified subject gained read
    access to secret object

13
Tranquility
  • Tranquility changing security labels
  • Strong tranquility security labels of subjects
    and objects never change during an operation
  • Advantage system state always satisfies security
    requirements
  • Disadvantage not flexible

14
Tranquility
  • Weak tranquility security labels of subjects and
    objects never change such a way as to violate the
    security policy
  • High watermark on subject during read a subject
    may upgrade its security clearance
  • High watermark on objects during write an
    objects security classification may be upgraded.


15
Discretionary Security Property
  • Every current access must be in the access matrix

16
Trojan Horse and BLP
Brown read, write
Employee
Reference Monitor
Word Processor
Secret
Use shared program
Read Employee
Brown
Black, Brown read, write
Secret
Blacks Employee
TH
Copy Employee To Blacks Employee
Public
Insert Trojan Horse Into shared program
Black
Secret ? Public
Public
17
Biba Model Integrity Protection
  • Integrity protection
  • Lattice-based access control
  • Subjects
  • Objects
  • Integrity labels
  • Access Control List

18
Integrity Labels
  • Hierarchical integrity levels e.g.,
  • Crucial gt Very important gt Important
  • Non-hierarchical categories e.g.,
  • medical, personal, administrative

19
Strict Integrity Policy
  • Integrity -property a subject s can modify an
    object o only if the integrity level of the
    subject dominates the integrity level of the
    object (no write up)
  • Simple integrity property a subject s can
    observe an object o only if the integrity label
    of s is dominated by the integrity label of o (no
    read down)
  • Invocation property a subject s1 can invoke a
    subject s2 only if the integrity label of s1
    dominates the integrity label of s2

20
Next Class Role-Based Access Control
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Access Control MAC" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!