Access Control - PowerPoint PPT Presentation

1 / 36
About This Presentation
Title:

Access Control

Description:

Disallowed access: Automobile. CSCE 522 - Farkas. 3. Lecture 16. Access Control Example ... Disallowed. accesses. yes. no. yes. no (minimum privilege) (maximum ... – PowerPoint PPT presentation

Number of Views:43
Avg rating:3.0/5.0
Slides: 37
Provided by: far1
Category:

less

Transcript and Presenter's Notes

Title: Access Control


1
Access Control
  • Lecture 16

2
Access Control Example
  • ?
  • Access Control Policy for son Edward
  • Allowed access
  • House
  • Disallowed access
  • Automobile

3
Access Control Example
  • Access Control Policy for son Edward
  • Allowed access
  • House
  • Disallowed access
  • Automobile

4
Access Control Example
  • Access Control policy
  • Allowed access
  • House
  • Disallowed access
  • Automobile
  • Problem!
  • Unauthorized access
  • ?

5
Access Control Example
  • Access Control Policy for son Edward
  • Allowed access
  • House
  • Kitchen
  • Disallowed access
  • Automobile
  • Car key

6
Access Control Example
  • ?
  • Correct Access Control Policy for son Edward
  • Allowed access
  • House
  • Kitchen
  • Disallowed access
  • Automobile
  • Car key

7
Access Control
  • Protection objects system resources for which
    protection is desirable
  • Memory, file, directory, hardware resource,
    software resources, etc.
  • Subjects active entities requesting accesses to
    resources
  • User, owner, program, etc.
  • Access mode type of access
  • Read, write, execute

8
Access Control Requirement
  • Cannot be bypassed
  • Enforce least-privilege and need-to-know
    restrictions
  • Enforce organizational policy

9
Access Control
  • Access control ensures that all direct accesses
    to object are authorized
  • Protects against accidental and malicious threats
    by regulating the reading, writing and execution
    of data and programs
  • Need
  • Proper user identification and authentication
  • Information specifying the access rights is
    protected form modification

10
Access Control
  • Access control components
  • Access control policy specifies the authorized
    accesses of a system
  • Access control mechanism implements and enforces
    the policy
  • Separation of components allows to
  • Define access requirements independently from
    implementation
  • Compare different policies
  • Implement mechanisms that can enforce a wide
    range of policies

11
Closed v.s. Open Systems
Closed system
Open System
(minimum privilege)
(maximum privilege)
Access requ.
Access requ.
Allowed accesses
Disallowed accesses
Exists Rule?
Exists Rule?
yes
no
yes
no
Access denied
Access permitted
Access permitted
Access denied
12
Authorization Management
  • Who can grant and revoke access rights?
  • Centralized administration security officer
  • Decentralized administration locally autonomous
    systems
  • Hierarchical decentralization security officer gt
    departmental system administrator gt Windows NT
    administrator
  • Ownership based owner of data may grant access
    to other to his/her data (possibly with grant
    option)
  • Cooperative authorization predefined groups of
    users or predefined number of users may access
    data

13
Access Control Models
All accesses
Discretionary AC
Mandatory AC
Role-Based AC
14
Discretionary Access Control
  • Access control is based on
  • Users identity and
  • Access control rules
  • Most common administration owner based
  • Users can protect what they own
  • Owner may grant access to others
  • Owner may define the type of access given to
    others

15
Access Matrix Model
OBJECTS AND SUBJECTS
File 1
File 2
S U B J E C T S
Joe
Sam
16
Implementation
File 1 File 2 JoeRead JoeRead JoeWrite SamRea
d JoeOwn SamWrite SamOwn
Access Control List (column)
(ACL)
Capability List (row)
Joe File 1/Read, File 1/Write, File 1/Own, File
2/Read Sam File 2/Read, File 2/Write, File 2/Own
Subject Access Object Joe Read File
1 Joe Write File 1 Joe Own File
1 Joe Read File 2 Sam Read File 2 Sam Write
File 2 Sam Own File 2
Access Control Triples
17
ACL v.s. Capabilities
  • ACL
  • Per object based
  • Good for file systems
  • Capabilities
  • Per subject based
  • Good for environment with dynamic, short-lived
    subjects

18
Access Control Conditions
  • Data-dependent conditions access constraints
    based on the value of the accessed data
  • Time-dependent access constraints based on the
    time of the data access
  • Context-dependent access constraints based on
    combinations on data which can be accessed
  • History-dependent access constraints based on
    previously accessed data

19
Access Control Mechanisms
  • Security through Views
  • Stored Procedures
  • Grant and Revoke
  • Query modification

20
Security Through Views
  • Assign rights to access predefined views
  • CREATE VIEW Outstanding-Student
  • AS SELECT NAME, COURSE, GRADE
  • FROM Student
  • WHERE GRADE gt B
  • Problem
  • Difficult to maintain updates.

21
Security Through Views
Student relation
22
Security Through Views
CREATE VIEW Outstanding-Student AS SELECT NAME,
COURSE, GRADE FROM Student WHERE GRADE gt B
Outstanding-Student
23
Security Through Views
CREATE VIEW Fall-Student AS SELECT NAME,
COURSE FROM Student WHERE SEMESTERFall 2000
Fall-Student
24
Stored Procedures
  • Assign rights to execute compiled programs
  • GRANT RUN ON ltprogramgt TO ltusergt
  • Problem
  • Programs may access resources for which the user
    who runs the program does not have permission.

25
Grant and Revoke
  • GRANT ltprivilegegt ON ltrelationgt
  • To ltusergt
  • WITH GRANT OPTION
  • --------------------------------------------------
    --------------------------------------------------
    --------------------------------
  • GRANT SELECT ON Student TO Matthews
  • GRANT SELECT , UPDATE(GRADE) ON Student TO
    FARKAS
  • GRANT SELECT(NAME) ON Student TO Brown
  • GRANT command applies to base relations as well
    as views

26
Grant and Revoke
  • REVOKE ltprivilegesgt ON ltrelationgt
  • FROM ltusergt
  • --------------------------------------------------
    --------------------------------------------------
    ---------------------
  • REVOKE SELECT ON Student FROM Blue
  • REVOKE UPDATE ON Student FROM Black
  • REVOKE SELECT(NAME) ON Student FROM Brown

27
Non-cascading Revoke
A revokes Ds privileges
E
B
A
F
C
28
Cascading Revoke
A revokes Ds privileges
B
A
C
29
Positive and Negative Authorization
  • Problem
  • Contradictory authorizations
  • GRANT ltprivilegegt ON X TO ltusergt
  • DENY ltprivilegegt ON X TO ltusergt

30
Negative Authorization
-
Positive authorization granted By A to D becomes
blocked but NOT deleted.
31
Negative Authorization
-

F
What should happen with the privilege given by
D To F? (Blocked but not deleted)
32
Query Modification
  • GRANT SELECT(NAME) ON Student TO Blue WHERE
    COURSECSCE 590
  • Blues query
  • SELECT
  • FROM Student
  • Modified query
  • SELECT NAME
  • FROM Student
  • WHERE COURSECSCE 580

33
Current Research
  • Make cascading optional
  • Permit negative authorization
  • Flexible policies for resolving conflicts
  • Extend to groups and views

34
DAC and Trojan Horse
Brown read, write
Employee
Brown
Black, Brown read, write
Blacks Employee
Black
35
DAC and Trojan Horse
Brown read, write
Employee
Word Processor
Uses shared program
Brown
Black, Brown read, write
Blacks Employee
Black
36
DAC Overview
  • Advantages
  • Intuitive
  • Easy to implement
  • Disadvantages
  • Inherent vulnerability (look TH example)
  • Maintenance of ACL or Capability lists
  • Maintenance of Grant/Revoke
  • Limited power of negative authorization
Write a Comment
User Comments (0)
About PowerShow.com