SlideShare uma empresa Scribd logo

Access Control: Principles and Practice

N
Nabeel Yoosuf

Slides prepared based on the paper Access Control: Principles and Practice by Ravi S. Sandhu and Pierangela Samarati, IEEE Communications Magazine, 1994

TecnologiaNegócios
1 de 39
Baixar para ler offline
Access Control: Principles and Practice Reference: Access Control: Principles and Practice, Ravi S. Sandhu and Pierangela Samarati, IEEE Communications Magazine, 1994 Prepared by: Nabeel Mohamed
Access Control  The purpose is to limit that the operations or actions that a legitimate user of a computer system can perform  Constrains ◦ What a user can do directly, and ◦ What programs executing on behalf of users are allowed to do  Thus, tries to prevent activities that could lead to a breach of security  Is required to achieve confidentiality, integrity and availability objectives
The Big Picture
The Big Picture  Shows a logical picture of security services and their interactions  Authentication service should correctly establish the identity of the user  Authentication, and then Access Control  Access control is not a complete solution for securing a system. What is the missing service? ◦ Auditing
The Big Picture  Auditing ◦ Performs a posteriori analysis of all the requests and activities of users in the system ◦ Requires logging all requests and activities ◦ How can auditing help?  Acting as a deterrent  Identifying attempted or actual violations  Identifying flaws in the security system  Preventing authorized users from misusing their privileges (accountability)
Policies vs. Mechanisms  Policies ◦ High-level guidelines that determine how accesses are controlled and access decisions determined  Mechanisms ◦ Low-level software and hardware functions that can be configured to implement a policy  It is desirable to develop access control mechanisms that are largely independent of the policy for which they could be used
The Access Matrix  All resources controlled by a computer system can be represented by data stored in objects  Subjects, which initiate activities in the system, are typically users or programs executing on behalf of users  Subjects can themselves be objects  Subjects initiate actions on objects ◦ Actions are allowed or denied in accordance with the authorization established
The Access Matrix  Example access rights/modes: ◦ For files, the typical access rights are read, write, execute and own  OS implements them ◦ For bank accounts, the typical access rights are inquiry, credit and debit  Application programs implement them
The Access Matrix  A conceptual model that specifies the rights that each subject possesses for each object  Subjects in rows, objects in columns
The Access Matrix  The access matrix model clearly separates the problem of authentication from that of authorization  A reference monitor should ensure that only those operations authorized by the access matrix actually get executed  Example: Alice is the owner of the file 2, and she can read and write that file
Implementation Approaches  Access matrix is usually sparse and hence not implemented as a matrix  Some common approaches to implementing the access matrix in practice: ◦ Access Control Lists (ACLs) ◦ Capabilities ◦ Authorization Relations
Access Control Lists  Each object is associated with a an ACL  ACL has an entry of each subject if it has some kind of access to that object  This approach corresponds to storing the access matrix by column
Access Control Lists
Access Control Lists  Advantages ◦ By looking at an object’s ACL it is easy to determine which modes of access subjects are currently authorized for that object ◦ Easy to revoke all access to an object  Disadvantages ◦ It is difficult to find all accesses a subject has
Access Control Lists  In order to reduce the list length, the usual practice is to use groups instead of (or in addition to) individual subject identifiers  Example: UNIX getfacl and setfacl allows to create ACLs on files and folders
Capabilities  A dual approach to ACLs  Each subject is associated with a list (call the capability list)  A capability list of a subject has a list of objects for which subject has some kind of access
Capabilities
Capabilities  Advantage ◦ Easy to find all accesses that a subject is authorized to perform ◦ Easy to revoke all accesses to a subject  Disadvantages ◦ Difficult to find all subjects who have some kind of access to a given object  Modern operating systems typically take the ACL-based approach
Authorization Relations  Each row or tuple of the authorization relation specifies one access right of a subject to an object  For example, John’s accesses to File 1 require 3 rows  If the table is sorted by subjects, it reflects capabilities  If the table is sorted by objects, it reflects ACLs  The relation is not normalized
Authorization Relations
Access Control Policies  Discretionary policies  Mandatory policies  Role-based policies
Multiple Access Control Policies  AC policies are not exclusive; can be combined to provide a more suitable protection system  When policies are combined, only the intersections of their accesses allowed
Discretionary Policies  Access control is under the discretion of the user  Flexibility of discretionary policies has made them successful in industry
Discretionary Policies  However, they do not provide real assurance on the flow of information in the system ◦ It’s easy to bypass the access restrictions stated through the authorizations ◦ Example: a user, able to read an object, can pass it to other users with the knowledge of the owner ◦ The reason is discretionary policies do not impose any restriction on the usage of information by a user once the user received it (dissemination of information is not controlled)
Mandatory Policies  Access control enforcement is under the control of the system  MLS (Multilevel Security) model is the most popular mandatory approach ◦ Access is based on the security levels assigned to objects and subjects  Each user and each object in the system is assigned a security level  MLS provides one-directional information flow in a lattice of security labels
Mandatory Policies  The security level associated with an object reflects ◦ The sensitivity of the information contained in the object  The security level associated with a subject (also called clearance) reflects ◦ The user’s trustworthiness not to disclose sensitive information to users not cleared to see it
Example Security Levels  In a military setting we usually find the following security levels: ◦ Top Secret (TS) ◦ Secret (S) ◦ Confidential (C) ◦ Unclassified (U)  They form the ordered set TS > S > C > U  Each security level is said to dominate itself and all others below it in this hierarchy
Confidentiality Policies  Read down ◦ A subject’s clearance must dominate the security level of the object being read  Write up ◦ A subject’s clearance must be dominated by the security level of the object being written  Prevent information in high-level objects (more sensitive) to flow to objects in lower levels  Information can only flow upwards or within the same security domain
Confidentiality Policies
Confidentiality Policies  In order to write at a lower security level, subject should be allowed to take any clearance level dominated by its original clearance level  The intuition behind write-up rule is to prevent malicious software from leaking secret information downwards  Write-up rule may destroy data in higher security levels – Hence, it is usually controlled to work only at the same security level as the subject
Integrity Policies  Read up ◦ A subject’s integrity level must be dominated by the integrity level of the object being read  Write down ◦ A subject’s integrity level must dominate the integrity level of the object being written  Prevent information stored in low objects (hence less reliable) to flow to high objects  Protect only one aspect of integrity  Information can only flow downwards or within the same security level
Integrity Policies
Role-based Policies  Neither discretionary nor mandatory approaches satisfies the needs of most commercial enterprises ◦ Mandatory policies rise from rigid environments, like those of military ◦ Discretionary policies rise from cooperative yet autonomous requirements, like those of academic researchers  One alternative is role-base policies
Role-based Policies  The flexibility required: ◦ Allow the specification of authorization to be granted to users (or groups) on objects like in the discretionary approach, together with the possibility of specifying restrictions (like in the mandatory approach) on the assignment or on the use of such authorizations
Role-based Policies  A role is a set of actions and responsibilities associated with a particular working activity  Instead of specifying all the accesses each user is allowed to execute, access authorizations are specified for roles  Users are given authorization to adopt roles  A user playing a role is allowed to execute all accesses for which the role is authorized.
Role-based Policies  User may or may not be allowed to play multiple roles at the same time  A user may take on different roles on different occasions
Advantages of Role-based Policies  Simplification of authorization management  Hierarchical roles further simplify by allowing generalization and specialization  Adapting different roles to operate at the least privilege  Promotes separation of duty to prevent misuse of the system  Instead of individual objects, access can be specified for object classes
Administration of Authorization  Administrative policies determine who is authorized to modify the allowed access  In mandatory AC, security administrator determines the access to objects by subjects  In discretionary and role-based AC, there are possibly many types of administrative policies
Administration of Authorization  Example DAC administrative policies ◦ Centralized – a single authorized user like in MAC ◦ Hierarchical – authorizers are ordered in a hierarchy with decreasing power ◦ Cooperative – multiple authorizers to specify each access ◦ Ownership – owner of the object controls accesses ◦ Decentralized – delegate authorization to others to control accesses

Recomendados

Ch07 Access Control Fundamentals
Ch07 Access Control FundamentalsCh07 Access Control Fundamentals
Ch07 Access Control FundamentalsInformation Technology
 
Information Security Principles - Access Control
Information Security Principles - Access ControlInformation Security Principles - Access Control
Information Security Principles - Access Controlidingolay
 
Chapter 3 Presentation
Chapter 3 PresentationChapter 3 Presentation
Chapter 3 PresentationAmy McMullin
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.pptZaheer720515
 
INTRUSION DETECTION TECHNIQUES
INTRUSION DETECTION TECHNIQUESINTRUSION DETECTION TECHNIQUES
INTRUSION DETECTION TECHNIQUESTrinity Dwarka
 
Intruders
IntrudersIntruders
IntrudersALOK KUMAR
 
Cyber Security Introduction.pptx
Cyber Security Introduction.pptxCyber Security Introduction.pptx
Cyber Security Introduction.pptxANIKETKUMARSHARMA3
 

Recomendados

Ch07 Access Control Fundamentals
Ch07 Access Control FundamentalsCh07 Access Control Fundamentals
Ch07 Access Control FundamentalsInformation Technology
 
Information Security Principles - Access Control
Information Security Principles - Access ControlInformation Security Principles - Access Control
Information Security Principles - Access Controlidingolay
 
Chapter 3 Presentation
Chapter 3 PresentationChapter 3 Presentation
Chapter 3 PresentationAmy McMullin
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.pptZaheer720515
 
INTRUSION DETECTION TECHNIQUES
INTRUSION DETECTION TECHNIQUESINTRUSION DETECTION TECHNIQUES
INTRUSION DETECTION TECHNIQUESTrinity Dwarka
 
Intruders
IntrudersIntruders
IntrudersALOK KUMAR
 
Cyber Security Introduction.pptx
Cyber Security Introduction.pptxCyber Security Introduction.pptx
Cyber Security Introduction.pptxANIKETKUMARSHARMA3
 
System security
System securitySystem security
System securitysommerville-videos
 
CSSLP Course
CSSLP CourseCSSLP Course
CSSLP CourseMasoud Ostad
 
CISSP - Chapter 3 - System security architecture
CISSP - Chapter 3 - System security architectureCISSP - Chapter 3 - System security architecture
CISSP - Chapter 3 - System security architectureKarthikeyan Dhayalan
 
Trusted systems
Trusted systemsTrusted systems
Trusted systemsahmad abdelhafeez
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and AttacksSachin Darekar
 
CISSP Prep: Ch 4. Security Engineering (Part 1)
CISSP Prep: Ch 4. Security Engineering (Part 1)CISSP Prep: Ch 4. Security Engineering (Part 1)
CISSP Prep: Ch 4. Security Engineering (Part 1)Sam Bowne
 
Types of attacks
Types of attacksTypes of attacks
Types of attacksVivek Gandhi
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Dr. Kapil Gupta
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
Security Mechanisms
Security MechanismsSecurity Mechanisms
Security Mechanismspriya_trehan
 
OPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITYOPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITYRohitK71
 
Security models
Security models Security models
Security models LJ PROJECTS
 
Chapter 1 Security Framework
Chapter 1 Security FrameworkChapter 1 Security Framework
Chapter 1 Security FrameworkKarthikeyan Dhayalan
 
Security attacks
Security attacksSecurity attacks
Security attacksTejaswi Potluri
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1Vamsee Krishna Kiran
 
Threat Modeling Everything
Threat Modeling EverythingThreat Modeling Everything
Threat Modeling EverythingAnne Oikarinen
 
CompTIA Security+.pptx
CompTIA Security+.pptxCompTIA Security+.pptx
CompTIA Security+.pptxKiranKumar24546
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementMaganathin Veeraragaloo
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modellingn|u - The Open Security Community
 
Isys20261 lecture 12
Isys20261 lecture 12Isys20261 lecture 12
Isys20261 lecture 12Wiliam Ferraciolli
 
4_5949547032388570388.ppt
4_5949547032388570388.ppt4_5949547032388570388.ppt
4_5949547032388570388.pptMohammedMohammed578197
 

Mais conteúdo relacionado

Mais procurados

CISSP - Chapter 3 - System security architecture
CISSP - Chapter 3 - System security architectureCISSP - Chapter 3 - System security architecture
CISSP - Chapter 3 - System security architectureKarthikeyan Dhayalan
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and AttacksSachin Darekar
 
CISSP Prep: Ch 4. Security Engineering (Part 1)
CISSP Prep: Ch 4. Security Engineering (Part 1)CISSP Prep: Ch 4. Security Engineering (Part 1)
CISSP Prep: Ch 4. Security Engineering (Part 1)Sam Bowne
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Dr. Kapil Gupta
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
Security Mechanisms
Security MechanismsSecurity Mechanisms
Security Mechanismspriya_trehan
 
OPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITYOPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITYRohitK71
 
Security models
Security models Security models
Security models LJ PROJECTS
 
Threat Modeling Everything
Threat Modeling EverythingThreat Modeling Everything
Threat Modeling EverythingAnne Oikarinen
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 

Mais procurados (20)

System security
System securitySystem security
System security
 
CSSLP Course
CSSLP CourseCSSLP Course
CSSLP Course
 
CISSP - Chapter 3 - System security architecture
CISSP - Chapter 3 - System security architectureCISSP - Chapter 3 - System security architecture
CISSP - Chapter 3 - System security architecture
 
Trusted systems
Trusted systemsTrusted systems
Trusted systems
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and Attacks
 
CISSP Prep: Ch 4. Security Engineering (Part 1)
CISSP Prep: Ch 4. Security Engineering (Part 1)CISSP Prep: Ch 4. Security Engineering (Part 1)
CISSP Prep: Ch 4. Security Engineering (Part 1)
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
 
Security Mechanisms
Security MechanismsSecurity Mechanisms
Security Mechanisms
 
OPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITYOPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITY
 
Security models
Security models Security models
Security models
 
Chapter 1 Security Framework
Chapter 1 Security FrameworkChapter 1 Security Framework
Chapter 1 Security Framework
 
Security attacks
Security attacksSecurity attacks
Security attacks
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1
 
Threat Modeling Everything
Threat Modeling EverythingThreat Modeling Everything
Threat Modeling Everything
 
CompTIA Security+.pptx
CompTIA Security+.pptxCompTIA Security+.pptx
CompTIA Security+.pptx
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk Management
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modelling
 

Semelhante a Access Control: Principles and Practice

Week No 13 Access Control Part 1.pptx
Week No 13 Access Control Part 1.pptxWeek No 13 Access Control Part 1.pptx
Week No 13 Access Control Part 1.pptxXhamiiiCH
 
Least privilege, access control, operating system security
Least privilege, access control, operating system securityLeast privilege, access control, operating system security
Least privilege, access control, operating system securityG Prachi
 
Survey of file protection techniques
Survey of file protection techniquesSurvey of file protection techniques
Survey of file protection techniquesG Prachi
 
Protection in general purpose operating system
Protection in general purpose operating systemProtection in general purpose operating system
Protection in general purpose operating systemG Prachi
 
Access Control Fundamentals
Access Control FundamentalsAccess Control Fundamentals
Access Control FundamentalsSetiya Nugroho
 
Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
Application Security -- Authorization Models
Application Security -- Authorization ModelsApplication Security -- Authorization Models
Application Security -- Authorization Modelsadinath7
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxdotco
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxTechnocracy2
 
access-control-basics-murat-kantarcioglu.pdf
access-control-basics-murat-kantarcioglu.pdfaccess-control-basics-murat-kantarcioglu.pdf
access-control-basics-murat-kantarcioglu.pdfNohaNagy5
 
information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...Zara Nawaz
 
INFORMATION SECURITY STUDY GUIDE for STUDENTS
INFORMATION SECURITY STUDY GUIDE for STUDENTSINFORMATION SECURITY STUDY GUIDE for STUDENTS
INFORMATION SECURITY STUDY GUIDE for STUDENTShenlydailymotion
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochQA or the Highway
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochQA or the Highway
 

Semelhante a Access Control: Principles and Practice (20)

Isys20261 lecture 12
Isys20261 lecture 12Isys20261 lecture 12
Isys20261 lecture 12
 
4_5949547032388570388.ppt
4_5949547032388570388.ppt4_5949547032388570388.ppt
4_5949547032388570388.ppt
 
AccessControl.ppt
AccessControl.pptAccessControl.ppt
AccessControl.ppt
 
Week No 13 Access Control Part 1.pptx
Week No 13 Access Control Part 1.pptxWeek No 13 Access Control Part 1.pptx
Week No 13 Access Control Part 1.pptx
 
Least privilege, access control, operating system security
Least privilege, access control, operating system securityLeast privilege, access control, operating system security
Least privilege, access control, operating system security
 
Survey of file protection techniques
Survey of file protection techniquesSurvey of file protection techniques
Survey of file protection techniques
 
Protection in general purpose operating system
Protection in general purpose operating systemProtection in general purpose operating system
Protection in general purpose operating system
 
Access Control Fundamentals
Access Control FundamentalsAccess Control Fundamentals
Access Control Fundamentals
 
Security risk management
Security risk managementSecurity risk management
Security risk management
 
Application Security -- Authorization Models
Application Security -- Authorization ModelsApplication Security -- Authorization Models
Application Security -- Authorization Models
 
Chapter 7
Chapter 7Chapter 7
Chapter 7
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptx
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptx
 
access-control-basics-murat-kantarcioglu.pdf
access-control-basics-murat-kantarcioglu.pdfaccess-control-basics-murat-kantarcioglu.pdf
access-control-basics-murat-kantarcioglu.pdf
 
002.itsecurity bcp v1
002.itsecurity bcp v1002.itsecurity bcp v1
002.itsecurity bcp v1
 
information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...
 
S5-Authorization
S5-AuthorizationS5-Authorization
S5-Authorization
 
INFORMATION SECURITY STUDY GUIDE for STUDENTS
INFORMATION SECURITY STUDY GUIDE for STUDENTSINFORMATION SECURITY STUDY GUIDE for STUDENTS
INFORMATION SECURITY STUDY GUIDE for STUDENTS
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 

Mais de Nabeel Yoosuf

Building RESTful Applications
Building RESTful ApplicationsBuilding RESTful Applications
Building RESTful ApplicationsNabeel Yoosuf
 
Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2Nabeel Yoosuf
 
Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1Nabeel Yoosuf
 
Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1Nabeel Yoosuf
 
Oracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12cOracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12cNabeel Yoosuf
 
Introduction to Tokenization
Introduction to TokenizationIntroduction to Tokenization
Introduction to TokenizationNabeel Yoosuf
 
Privacy Preserving Access Control for Third Party Data Management Systems
Privacy Preserving Access Control for Third Party Data Management SystemsPrivacy Preserving Access Control for Third Party Data Management Systems
Privacy Preserving Access Control for Third Party Data Management SystemsNabeel Yoosuf
 
Efficient privacy preserving publish subscribe systems
Efficient privacy preserving publish subscribe systemsEfficient privacy preserving publish subscribe systems
Efficient privacy preserving publish subscribe systemsNabeel Yoosuf
 
Efficient Filtering in Pub-Sub Systems using BDD
Efficient Filtering in Pub-Sub Systems using BDDEfficient Filtering in Pub-Sub Systems using BDD
Efficient Filtering in Pub-Sub Systems using BDDNabeel Yoosuf
 
Pub-Sub Systems and Confidentiality/Privacy
Pub-Sub Systems and Confidentiality/PrivacyPub-Sub Systems and Confidentiality/Privacy
Pub-Sub Systems and Confidentiality/PrivacyNabeel Yoosuf
 
A Structure Preserving Approach for Securing XML Documents
A Structure Preserving Approach for Securing XML DocumentsA Structure Preserving Approach for Securing XML Documents
A Structure Preserving Approach for Securing XML DocumentsNabeel Yoosuf
 

Mais de Nabeel Yoosuf (12)

Building RESTful Applications
Building RESTful ApplicationsBuilding RESTful Applications
Building RESTful Applications
 
Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2
 
Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1
 
Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1
 
API Façade Pattern
API Façade PatternAPI Façade Pattern
API Façade Pattern
 
Oracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12cOracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12c
 
Introduction to Tokenization
Introduction to TokenizationIntroduction to Tokenization
Introduction to Tokenization
 
Privacy Preserving Access Control for Third Party Data Management Systems
Privacy Preserving Access Control for Third Party Data Management SystemsPrivacy Preserving Access Control for Third Party Data Management Systems
Privacy Preserving Access Control for Third Party Data Management Systems
 
Efficient privacy preserving publish subscribe systems
Efficient privacy preserving publish subscribe systemsEfficient privacy preserving publish subscribe systems
Efficient privacy preserving publish subscribe systems
 
Efficient Filtering in Pub-Sub Systems using BDD
Efficient Filtering in Pub-Sub Systems using BDDEfficient Filtering in Pub-Sub Systems using BDD
Efficient Filtering in Pub-Sub Systems using BDD
 
Pub-Sub Systems and Confidentiality/Privacy
Pub-Sub Systems and Confidentiality/PrivacyPub-Sub Systems and Confidentiality/Privacy
Pub-Sub Systems and Confidentiality/Privacy
 
A Structure Preserving Approach for Securing XML Documents
A Structure Preserving Approach for Securing XML DocumentsA Structure Preserving Approach for Securing XML Documents
A Structure Preserving Approach for Securing XML Documents
 

Último

SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 

Último (20)

SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 

Access Control: Principles and Practice

  • 1. Access Control: Principles and Practice Reference: Access Control: Principles and Practice, Ravi S. Sandhu and Pierangela Samarati, IEEE Communications Magazine, 1994 Prepared by: Nabeel Mohamed
  • 2. Access Control  The purpose is to limit that the operations or actions that a legitimate user of a computer system can perform  Constrains ◦ What a user can do directly, and ◦ What programs executing on behalf of users are allowed to do  Thus, tries to prevent activities that could lead to a breach of security  Is required to achieve confidentiality, integrity and availability objectives
  • 4. The Big Picture  Shows a logical picture of security services and their interactions  Authentication service should correctly establish the identity of the user  Authentication, and then Access Control  Access control is not a complete solution for securing a system. What is the missing service? ◦ Auditing
  • 5. The Big Picture  Auditing ◦ Performs a posteriori analysis of all the requests and activities of users in the system ◦ Requires logging all requests and activities ◦ How can auditing help?  Acting as a deterrent  Identifying attempted or actual violations  Identifying flaws in the security system  Preventing authorized users from misusing their privileges (accountability)
  • 6. Policies vs. Mechanisms  Policies ◦ High-level guidelines that determine how accesses are controlled and access decisions determined  Mechanisms ◦ Low-level software and hardware functions that can be configured to implement a policy  It is desirable to develop access control mechanisms that are largely independent of the policy for which they could be used
  • 7. The Access Matrix  All resources controlled by a computer system can be represented by data stored in objects  Subjects, which initiate activities in the system, are typically users or programs executing on behalf of users  Subjects can themselves be objects  Subjects initiate actions on objects ◦ Actions are allowed or denied in accordance with the authorization established
  • 8. The Access Matrix  Example access rights/modes: ◦ For files, the typical access rights are read, write, execute and own  OS implements them ◦ For bank accounts, the typical access rights are inquiry, credit and debit  Application programs implement them
  • 9. The Access Matrix  A conceptual model that specifies the rights that each subject possesses for each object  Subjects in rows, objects in columns
  • 10. The Access Matrix  The access matrix model clearly separates the problem of authentication from that of authorization  A reference monitor should ensure that only those operations authorized by the access matrix actually get executed  Example: Alice is the owner of the file 2, and she can read and write that file
  • 11. Implementation Approaches  Access matrix is usually sparse and hence not implemented as a matrix  Some common approaches to implementing the access matrix in practice: ◦ Access Control Lists (ACLs) ◦ Capabilities ◦ Authorization Relations
  • 12. Access Control Lists  Each object is associated with a an ACL  ACL has an entry of each subject if it has some kind of access to that object  This approach corresponds to storing the access matrix by column
  • 14. Access Control Lists  Advantages ◦ By looking at an object’s ACL it is easy to determine which modes of access subjects are currently authorized for that object ◦ Easy to revoke all access to an object  Disadvantages ◦ It is difficult to find all accesses a subject has
  • 15. Access Control Lists  In order to reduce the list length, the usual practice is to use groups instead of (or in addition to) individual subject identifiers  Example: UNIX getfacl and setfacl allows to create ACLs on files and folders
  • 16. Capabilities  A dual approach to ACLs  Each subject is associated with a list (call the capability list)  A capability list of a subject has a list of objects for which subject has some kind of access
  • 18. Capabilities  Advantage ◦ Easy to find all accesses that a subject is authorized to perform ◦ Easy to revoke all accesses to a subject  Disadvantages ◦ Difficult to find all subjects who have some kind of access to a given object  Modern operating systems typically take the ACL-based approach
  • 19. Authorization Relations  Each row or tuple of the authorization relation specifies one access right of a subject to an object  For example, John’s accesses to File 1 require 3 rows  If the table is sorted by subjects, it reflects capabilities  If the table is sorted by objects, it reflects ACLs  The relation is not normalized
  • 21. Access Control Policies  Discretionary policies  Mandatory policies  Role-based policies
  • 22. Multiple Access Control Policies  AC policies are not exclusive; can be combined to provide a more suitable protection system  When policies are combined, only the intersections of their accesses allowed
  • 23. Discretionary Policies  Access control is under the discretion of the user  Flexibility of discretionary policies has made them successful in industry
  • 24. Discretionary Policies  However, they do not provide real assurance on the flow of information in the system ◦ It’s easy to bypass the access restrictions stated through the authorizations ◦ Example: a user, able to read an object, can pass it to other users with the knowledge of the owner ◦ The reason is discretionary policies do not impose any restriction on the usage of information by a user once the user received it (dissemination of information is not controlled)
  • 25. Mandatory Policies  Access control enforcement is under the control of the system  MLS (Multilevel Security) model is the most popular mandatory approach ◦ Access is based on the security levels assigned to objects and subjects  Each user and each object in the system is assigned a security level  MLS provides one-directional information flow in a lattice of security labels
  • 26. Mandatory Policies  The security level associated with an object reflects ◦ The sensitivity of the information contained in the object  The security level associated with a subject (also called clearance) reflects ◦ The user’s trustworthiness not to disclose sensitive information to users not cleared to see it
  • 27. Example Security Levels  In a military setting we usually find the following security levels: ◦ Top Secret (TS) ◦ Secret (S) ◦ Confidential (C) ◦ Unclassified (U)  They form the ordered set TS > S > C > U  Each security level is said to dominate itself and all others below it in this hierarchy
  • 28. Confidentiality Policies  Read down ◦ A subject’s clearance must dominate the security level of the object being read  Write up ◦ A subject’s clearance must be dominated by the security level of the object being written  Prevent information in high-level objects (more sensitive) to flow to objects in lower levels  Information can only flow upwards or within the same security domain
  • 30. Confidentiality Policies  In order to write at a lower security level, subject should be allowed to take any clearance level dominated by its original clearance level  The intuition behind write-up rule is to prevent malicious software from leaking secret information downwards  Write-up rule may destroy data in higher security levels – Hence, it is usually controlled to work only at the same security level as the subject
  • 31. Integrity Policies  Read up ◦ A subject’s integrity level must be dominated by the integrity level of the object being read  Write down ◦ A subject’s integrity level must dominate the integrity level of the object being written  Prevent information stored in low objects (hence less reliable) to flow to high objects  Protect only one aspect of integrity  Information can only flow downwards or within the same security level
  • 33. Role-based Policies  Neither discretionary nor mandatory approaches satisfies the needs of most commercial enterprises ◦ Mandatory policies rise from rigid environments, like those of military ◦ Discretionary policies rise from cooperative yet autonomous requirements, like those of academic researchers  One alternative is role-base policies
  • 34. Role-based Policies  The flexibility required: ◦ Allow the specification of authorization to be granted to users (or groups) on objects like in the discretionary approach, together with the possibility of specifying restrictions (like in the mandatory approach) on the assignment or on the use of such authorizations
  • 35. Role-based Policies  A role is a set of actions and responsibilities associated with a particular working activity  Instead of specifying all the accesses each user is allowed to execute, access authorizations are specified for roles  Users are given authorization to adopt roles  A user playing a role is allowed to execute all accesses for which the role is authorized.
  • 36. Role-based Policies  User may or may not be allowed to play multiple roles at the same time  A user may take on different roles on different occasions
  • 37. Advantages of Role-based Policies  Simplification of authorization management  Hierarchical roles further simplify by allowing generalization and specialization  Adapting different roles to operate at the least privilege  Promotes separation of duty to prevent misuse of the system  Instead of individual objects, access can be specified for object classes
  • 38. Administration of Authorization  Administrative policies determine who is authorized to modify the allowed access  In mandatory AC, security administrator determines the access to objects by subjects  In discretionary and role-based AC, there are possibly many types of administrative policies
  • 39. Administration of Authorization  Example DAC administrative policies ◦ Centralized – a single authorized user like in MAC ◦ Hierarchical – authorizers are ordered in a hierarchy with decreasing power ◦ Cooperative – multiple authorizers to specify each access ◦ Ownership – owner of the object controls accesses ◦ Decentralized – delegate authorization to others to control accesses