























Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
These are the Lecture Slides of Computer and Network Security which includes Authorization, Social Security Number, Trouble with Passwords, Cryptographic Keys, Dictionary Attack, Bad Passwords, Password Experiment, Random Characters etc. Key important points are: Authorization, Authentication, Form of Access Control, Access Control Lists, Capabilities, Actions of Authenticated Users, Lampson’s Access Control Matrix, Confused Deputy, Separation of Authority
Typology: Slides
1 / 31
This page cannot be seen from the preview
Don't miss anything!
























Part 2 Access Control 1
Part 2 Access Control 2
Authentication Who goes there?
o Restrictions on who (or what) can access system
Authorization Are you allowed to do that?
o Restrictions on actions of authenticated users
Authorization is a form of access control
Authorization enforced by
o Access Control Lists o Capabilities
Part 2 Access Control 4
Access control matrix has all relevant info
But how to manage a large access control (AC) matrix?
Could be 1000’s of users, 1000’s of resources
Then AC matrix with 1,000,000’s of entries
Need to check this matrix before access to any resource is allowed
Hopelessly inefficient
Part 2 Access Control 5
ACL: store access control matrix by column Example: ACL for insurance data is in blue
rx rx r --- ---
rx rx r rw rw
rwx rwx r rw rw
rx rx rw rw rw
OS
Accounting program
Accounting data
Insurance data
Payroll data
Bob
Alice
Sam
Accounting program
Part 2 Access Control 7
Access Control List Capability
Note that arrows point in opposite directions! With ACLs, still need to associate users to filess
file
file
file
file
file
file
Alice r
Bob
Fred
w r
rw r r
Alice
Bob
Fred
r w rw
r r r
r
Part 2 Access Control 8
Two resources
o Compiler and BILL file (billing info)
Compiler can write file BILL
Alice can invoke compiler with a debug filename
Alice not allowed to write to BILL
Access control matrix
x ---
rx rw
Compiler (^) BILL
Alice
Compiler
Part 2 Access Control 10
Compiler acting for Alice is confused
There has been a separation of authority from the purpose for which it is used
With ACLs, difficult to avoid this problem
With Capabilities, easier to prevent problem o Must maintain association between authority and intended purpose o Capabilities make it easy to delegate authority
Part 2 Access Control 11
ACLs o Good when users manage their own files o Protection is data-oriented o Easy to change rights to a resource Capabilities o Easy to delegate o Easy to add/delete users o Easier to avoid the confused deputy o More difficult to implement o The “Zen of information security” Capabilities loved by academics o Capability Myths Demolished
Part 2 Access Control 13
Part 2 Access Control 14
To obtain a SECRET clearance requires a routine background check
A TOP SECRET clearance requires extensive background check
Practical classification problems
o Proper classification not always clear o Level of granularity to apply classifications o Aggregation flipside of granularity
Part 2 Access Control 16
MLS needed when subjects/objects at different levels use same system
MLS is a form of Access Control
Military/government interest in MLS for many decades o Lots of funded research into MLS o Strengths and weaknesses of MLS relatively well understood (theoretical and practical) o Many possible uses of MLS outside military
Part 2 Access Control 17
Classified government/military information
Business example: info restricted to
o Senior management only o All management o Everyone in company o General public
Network firewall
o Keep intruders at low level to limit damage
Confidential medical info, databases, etc.
Part 2 Access Control 19
BLP security model designed to express essential requirements for MLS
BLP deals with confidentiality
o To prevent unauthorized reading
Recall that O is an object, S a subject
o Object O has a classification o Subject S has a clearance o Security level denoted L(O) and L(S)
Part 2 Access Control 20
Simple Security Condition : S can read O if and only if L(O) L(S) *-Property ( Star Property ): S can write O if and only if L(S) L(O)