Access Control Models - Introduction to Computer Security - Lecture Slides, Slides of Computer Security

The major points which are very useful in understanding the concept of the computer security are:Access Control Models, Accesses, Discretionary, Mandatory, Role-Based, Trojan Horse, Employee, Brown, Write, Shared Program

Typology: Slides

2012/2013

Uploaded on 04/22/2013

satheesh
satheesh 🇮🇳

4.5

(11)

85 documents

1 / 36

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Introduction to Information
Security
Fall 2010
Access Control Models
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24

Partial preview of the text

Download Access Control Models - Introduction to Computer Security - Lecture Slides and more Slides Computer Security in PDF only on Docsity!

Introduction to Information

Security

Fall 2010

Access Control Models

Access Control Models

CSCE 201 - Farkas 2

All accesses

Discretionary AC

Mandatory AC (^) Role-Based AC

CSCE 201 - Farkas 4

DAC and Trojan Horse

Employee

Black’s Employee

Brown: read, write

Brown Black, Brown: read, write

Black

Word Processor

TH Inserts Trojan Horse Into shared program

Uses shared program ReadsEmployee

Copies Employee To Black’s Employee

DAC Overview

  • Advantages:
    • Intuitive
    • Easy to implement
  • Disadvantages:
    • Inherent vulnerability (look TH example)
    • Maintenance of ACL or Capability lists
    • Maintenance of Grant/Revoke
    • Limited power of negative authorization

CSCE 201 - Farkas (^) Docsity.com 5

Mandatory Access Control

Objects: security classification

e.g., grades=(confidential, {student-info})

Subjects: security clearances

e.g., Joe=(confidential, {student-info})

Access rules: defined by comparing the security classification of the requested objects with the security clearance of the subject

e.g., subject can read object only if label(subject) dominates label(object)

Mandatory Access Control

Security Classes (labels): (A,C) A – total order authority level C – set of categories e.g., A = confidential > public , C = {student-info, dept-info}

(confidential,{ })

(confidential,{dept-info})

(confidential,{student-info,dept-info})

(confidential,{student-info})

(public,{student-info,dept-info}) (public,{,dept-info}) (public,{ })

(public,{student-info})

Bell- LaPadula (BLP) Model

 Confidentiality protection

 Lattice-based access control

  • Subjects
  • Objects
  • Security labels

 Supports decentralized administration

BLP Reference Monitor

 All accesses are controlled by the reference

monitor

 Cannot be bypassed

 Access is allowed iff the resulting system

state satisfies all security properties

 Trusted subjects : subjects trusted not to

compromise security

*-property : a subject s is allowed to write an object o only if the security label of o dominates the security label of s

No write down Applies to un-trusted subjects only

BLP Axioms 2.

Trojan Horse and BLP

Employee

Black’s Employee

Brown: read, write

Brown^ Black, Brown: read, write

Black

Word Processor

TH Insert Trojan Horse Into shared program

Use shared program (^) Read Employee

Copy Employee To Black’s Employee

Secret

Public

Public^ Secret^ ≥^ Public

Secret

Reference Monitor

RBAC Motivation

  • Multi-user systems
  • Multi-application systems
  • Permissions are associated with roles
  • Role-permission assignments are persistent v.s. user- permission assignments
  • Intuitive: competency, authority and responsibility

Motivation

  • Express organizational policies
    • Separation of duties
    • Delegation of authority
  • Flexible: easy to modify to meet new security requirements
  • Supports
    • Least-privilege
    • Separation of duties
    • Data abstraction

Roles

  • User group: collection of user with possibly different permissions
  • Role: mediator between collection of users and collection of permissions
  • RBAC independent from DAC and MAC (they may coexist)
  • RBAC is policy neutral: configuration of RBAC determines the policy to be enforced

RBAC

RBAC 3 consolidated model

RBAC (^1) role hierarchy

RBAC (^2) constraints

RBAC 0 base model