390 likes | 519 Views
Access Control: Part I. Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802 chu@ist.psu.edu. Theory Practice. Learning by Doing. IST 515. Human Body Analogue. Security Planning Security Policy
E N D
Access Control: Part I Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802 chu@ist.psu.edu Theory Practice Learning by Doing IST 515
Human Body Analogue • Security Planning • Security Policy • Security & Risk Management • Laws & Regulations • Business Continuity • Access Control • Cryptography • Security Architecture • Communication Network • Systems Development • Software Security • Database Security • Physical Security • Application Security • Operations Security • Web Security • Computer forensics • Disaster recovery • Vulnerabilities • Threats • Risks
Organizational Security Policy Organizational Design Security Management Asset Classification and Control Access Control Compliance Personnel Security Awareness Education Physical and Environmental Security System Development and Maintenance Communications & Operations Mgmt. Business Continuity Management Operational
Objectives • Describe the access control concepts and methodologies. • Identify access control security technologies, tools and measures. • Know the potential risks, vulnerabilities, and exposures. • Describe the auditing mechanisms for analyzing behavior, use, and contents of the information systems.
Readings • Stallings, W. and Brown, L., Computer Security: Principles and Practice, Prentice-Hall, 2008. Chapter 4. (Required). • Tipton, H. and Henry, K. (Eds.), Official (ISC)2 Guide to the CISSP CBK, Auerbach, 2007. Domain 2 (Required). • Sandhu, R. S. and Samarati, P., “Access Control: Principles and Practice,” IEEE Communication Magazine Sept. 1994, pp. 40-48. • NIST, RBAC Case Studies. http://csrc.nist.gov/groups/SNS/rbac/case_studies.html#health • Schaad, A., Moffett, J. and Jacob, J., “The Role-Based Access Control System of a European Bank: A Case Study and Discussion,” SACMAT 2001: 6th ACM Symposium on Access Control Models and Technologies, Chantilly, VA. • Evered, M. and Bögeholz, S., “A Case Study in Access Control Requirements for a Health Information System,” Australasian Information Security Workshop 2004 (AISW 2004), Dunedin, New Zealand.
Security Principles • Confidentiality prevents unauthorized disclosure of systems and information. • Integrity prevents unauthorized modifications of systems and information. • Availability prevents disruption of service and productivity. • Access Controlsare the security features that control how users and systems communicate and interact with one another.
Context of Access Control Authorization Database Security Administrator System Resources Access Control Authentication Authentication Function Access Control Function User Auditing
Access Controls Overview • Controlling access to facilities, systems, services, resources, and datais critical to any security program. • Access control is the backbone (central element) of information security • Access controls (AC) are a collection of mechanisms that work together to protect the assets of the enterprise. They help protect against threats and vulnerabilities by reducing exposure to unauthorized activities and providing access to information and systems to only those who have been approved.
Access Controls Overview • AC enables management to: - Specify which users can access the system - Specify what resources they can access - Specify what operations they can perform - Provide individual accountability. • Access controls encompass all aspects and levels of an organization: -Facilities - Support systems - Information systems - Personnel – management, users, customers, partners, etc.
Access Control Elements • Subject- entity that can access objects: - A process representing user/application - Often have 3 classes: owner, group, world • Object - access controlled resources: - e.g. files, directories, records, programs etc. - Number/type depend on the environment • Access right - ways in which subject accesses an object: - e.g. read, write, execute, delete, create, search
Access Control Requirements • Reliable input: All inputs to the access control system must be reliable. • Support for fine and coarse specifications, allowing access to be regulated at the level of individual records in files, and individual fields within records. • Least privilege. Access control should be implemented so that each entity is granted the minimum system resources and authorizations that the entity needs to do its work. • Separation of duty. A practice of dividing the process in a system functions among different individuals so as to keep a single individual from subverting the process.
Access Control Requirements • Open and closed policies. The typical class of access control policies are closed policies. However, in some applications, it may also be useful to allow an open policies for some classes of resources. • Policy combinations and conflict resolution. An access control mechanism may apply multiple policies to a given class of resources. In case, if conflict exists, a conflict resolution procedure must be defined. • Administrative policies. Administrative policies are needed to specify who can add, delete, or modify authorization rules. • Dual control. In some cases, a task may require two or more individuals working in tandem.
Types of Access Controls Discretionary AC Policy Mandatory AC Policy Role-based AC Policy
Types of Access Controls • Discretionary access control (DAC): A system that uses discretionary access control allows the owner of the resource to determine who has access and what privileges they have. Access control is at the discretion of the owner. • Mandatory access control (MAC): The system applies controls based on privilege (or clearance) of a subject (or user) and the sensitivity (or classification) of an object (or data). This model is used in environments where information classification and confidentiality is very important. • Role-based access control (RBAC): Control access based on the roles (functions) that users have within the system and on rules stating what accesses are allowed to users in given roles.
Access Control Techniques • Access Control Matrix • Access Control List (ACL) • Capability Table • Content Dependent Access Control • Context Dependent Access Control • Constrained User Interfaces • Rule Based Access Control • Temporal (Time-based) Isolation
Access Control Matrix • Is a table of subjects and objects indicating what access right each individual subject has to objects. • A matrix is a data structure that programmers implement as table lookups that will be used and enforced by the operating system. Objects Subjects
C C B A B B A B C R W Own R W R Own R W R R Own R W Own R W W Access Control List • ACL is a list of subjects that are authorized to access a specific object and it define what levels of authorization is granted. • It was decomposed by column from an access control matrix. File 1 File 2 File 3 File 4
File1 File2 File3 File1 File1 File4 File4 File2 File3 W Own R W Own R W R W R R Own R W Own R W R Capability Lists • A capability table specifies the access rights a certain subject processes pertaining to specific objects. A capacity can be in the form of a token, ticket or key. • It was decomposed by row from access control matrix. User A User C User B
Mary: UserMary Directory: Full control UserBob Directory: Write UserBruce Directory: Write Printer 001: Execute Bob: UserMary Directory: Read UserBob Directory: Full control UserBruce Directory: Write Printer 001: Execute Bruce: UserMary Directory: Null UserBob Directory: Write UserBruce Directory: Full control Printer 001: Execute Sally: UserMary Directory: Null UserBob Directory: Null UserBruce Directory: Null Printer 001: Null Access Control List ACL specifies a list of users who are allowed access to each object.
Authorization Table Sorting Subjects = Capacity Tables Sorting Objects = ACLs
Extended Access Control Matrix Objects Subjects *: Copy flag set
Content Dependent Access Control • Access to an object is determined by the content within the object that related to that subject. • For example, a manager has access to a payroll database, but it will only be allow to access to the records that pertain to his/her own employees, not others. A B
Context -based Access Control • Context-based access control differs from content-based access control in that it makes access decision based on the context of a collection of information rather than the content (sensitivity of data) within an object. • Firewalls make context-based access decisions when they collect state information on a packet before allowing it into the network. • For example, if no SYN packet has been received, firewalls will not allow the SYN/ACK packet to correlate the connection.
Constrained User Interfaces • Restrict user’s access abilities by not allowing them to request certain types of access, functions, information or specific system resources. • Three major types of restricted interfaces are: • Menus and Shells. The screen only displays the menu options that the subject is allowed to access. • Database Views. The system only allows the subject to view the database view s/he is allowed to see. • Physically Constrained Interfaces. The system only provides certain key on a keypad or certain touch buttons on a screen that the subject is allowed to access.
Rule Based Access Control • Uses specific rules that indicate what can and cannot happen between a subject and an object. Before a subject can access an object, it must meet a set of predefined rules. • For example, “if the user is accessing the system between Monday and Friday and between 8 AM and 5 PM, and if the user’s security clearance equals or dominates the object’s classification, then the user can access the object.” • Not necessarily identity based. • Traditionally, rule based access control has been used in MAC systems as an enforcement mechanism. • Many routers and firewalls use rules to determine which types of packets are allowed into a network or rejected.
Temporal (Time-based) Isolation • Time based access controls are those mechanisms employed at a given time for a predetermined duration. • If a request is made for access or privileged use of information or services not in the defined time window, the process is denied. • For example, if the access control specified only process confidential data in the morning, then any request of processing confidential data in other times is denied, although it was requested by an authorized person.
UNIX File Concepts • UNIX files administered using inodes • control structure with key info on file • attributes, permissions of a single file • may have several names for same inode • have inode table / list for all files on a disk • copied to memory when disk mounted • directories form a hierarchical tree • may contain files or other directories • are a file of names and inode numbers
UNIX File Access Control Owner Group Other
Role-Based Access Control User Role Object Many to one Many to one One to many One to many
Define Users to Roles Relationship (Many to Many) … Users …
Define Roles to Resources Relationship (Many to Many) Roles … *: Copy flag set
To be Continued This is the end of part I of the lecture. Please continue to review part II.