1 / 12

Access Control What’s New?

Access Control What’s New?. Security Controls. Access Control Inference Control Flow control. Access Control. Protection objects : system resources for which protection is desirable Memory, file, directory, hardware resource, software resources, etc.

heatherdixon
Download Presentation

Access Control What’s New?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Access ControlWhat’s New?

  2. Security Controls Access Control Inference Control Flow control CSCE 824 - Farkas

  3. Access Control • Protection objects: system resources for which protection is desirable • Memory, file, directory, hardware resource, software resources, etc. • Subjects: active entities requesting accesses to resources • User, owner, program, etc. • Access mode: type of access • Read, write, execute CSCE 824 - Farkas

  4. Access Control Requirement • Cannot be bypassed • Enforce least-privilege and need-to-know restrictions • Enforce organizational policy • Theoretical Properties: • Consistent • Complete CSCE 824 - Farkas

  5. Access Control • Access control: ensures that all direct accesses to object are authorized • Protects against accidental and malicious threats by regulating the reading, writing and execution of data and programs • Need: • Proper user identification and authentication • Information specifying the access rights is protected form modification CSCE 824 - Farkas

  6. Access Control Overview • Access control components: • Access control policy: specifies the authorized accesses of a system • Access control mechanism: implements and enforces the policy • Separation of components allows to: • Define access requirements independently from implementation • Compare different policies • Implement mechanisms that can enforce a wide range of policies CSCE 824 - Farkas

  7. Closed v.s. Open Systems Closed system Open System (minimum privilege) (maximum privilege) Access requ. Access requ. Allowed accesses Disallowed accesses Exists Rule? Exists Rule? yes no no yes Access permitted Access denied Access permitted Access denied CSCE 824 - Farkas

  8. Access Control Models Discretionary Access Control Mandatory Access Control Role-Based Access Control Attribute-based Access Control Usage-based Access Control Context-based Access Control … CSCE 824 - Farkas

  9. Policy Compliance • How can we model both high-level and low-level security policies in one framework? • How can we determine whether the low-level policy and current system configuration is compliant to the high-level policy?

  10. Compliance Checking Framework High-level policy 1 Detect Conflicts and Violations 4 Report 6 Refinement 2 3 5 5 KB – Ontology and Refinement Patterns (Concept-level): • Common to all • Domain-specific Domain-data (Instance): System configuration, Low-level security policies Domain-data (Instance): Role-assignment, Organization structure

  11. What else? • Go from binary decision to …maybe? • Provisional Access Control • Obligation • Delegation • ??? CSCE 824 - Farkas

  12. Next Class Inference Control CSCE 824 - Farkas

More Related