Download Access Control Two - Integrated Computer Security - Lecture Slides and more Slides Computer Security in PDF only on Docsity!
Lecture 8
Access Control (cont)
Mandatory Access Control (MAC)
2
Unclassified
Confidential
Secret
Top Secret
dominance^ can-flow ≥
Labeling Mechanism is used
Military Security
Require a strict classification of subjects and objects in security levels
Drawback of being too rigid
Applicable only to very few environments
Prevent any illegal flow of information through the enforcement of multilevel security
Adopted from : Role-Based Access Control by Prof.Ravi Sandhu
Classification & Clearance
• <rank; compartments>
– class of a piece of information
• Clearance : an indication that a person is
trusted to access information up to a certain
level of sensitivity
• <rank; compartments>
– clearance of a subject
Dominance Relation
• We say that s dominates o (or o is dominated
by s) if o <= s
For a subject s and an object o,
o <= s if and only if
rank(o) <= rank(s) and
compartments(o) is subset of compartments(s)
• A subject can read an object if the subject
dominates the object.
Role-Based
Access
Control
(RBAC)
Access
Control
Matrix
Role-Based Access Control
Scope RBAC Models
Constraints - RBAC
• provide a means of adapting RBAC to the
specifics of administrative and security
policies of an organization
• a defined relationship among roles or a
condition related to roles
mutually exclusive roles
- a user can only be assigned to one role in the set (during a session or statically)
- any permission can be granted to only one role in the set
cardinality
- setting a maximum number with respect to roles
prerequisite roles
- dictates that a user can only be assigned to a particular role if it is already assigned to some other specified role
RBAC System
administrative
functions
capability to
create, delete, and
maintain RBAC
elements and
relations
supporting
system
functions
for session
management and
for making access
control decisions
review
functions
capability to
perform query
operations on
RBAC elements
and relations
NIST RBAC Model
Core RBAC
administrative
functions
- add and delete users from the set of users
- add and delete roles from the set of roles
- create and delete instances of user- to-role assignment
- create and delete instances of permission-to-role assignment
supporting
system functions
- create a user session with a default set of active roles
- add an active role to a session
- delete a role from a session
- check if the session subject has permission to perform a request operation on an object
review functions
- enable an administrator to view but not modify all the elements of the model and their relations
Static Separation of Duty
• enables the definition of a set of mutually exclusive
roles,
- if a user is assigned to one role in the set, the user may not be
assigned to any other role in the set
• can place a cardinality constraint on a set of roles
- defined as a pair (role set, n) where no user is assigned to n or
more roles from the role set
• includes administrative functions for creating and
deleting role sets and adding and deleting role members
• includes review functions for viewing the properties of
existing SSD sets
Dynamic Separation of Duty
• limit the permissions available to a user
- places constraints on the roles that can be activated within
or across a user’s sessions
• define constraints as a pair (role set, n) with the
property that no user session may activate n or more
roles from the role set
- where n is a natural number n ≤ 2
• enables the administrator to specify certain
capabilities for a user at different, time spans
• includes administrative and review functions for
defining and viewing DSD relations