computer security and access control, Slides of Computer science

about computer security and access control

Typology: Slides

2020/2021

Uploaded on 10/11/2023

noory-1
noory-1 ๐Ÿ‡พ๐Ÿ‡ช

1 document

1 / 44

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Information Security
Chapter 2
Toolbox: Authentication, Access
Control, and Cryptography
Charles P. Pfleeger
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c

Partial preview of the text

Download computer security and access control and more Slides Computer science in PDF only on Docsity!

Information Security

Chapter 2

Toolbox: Authentication, Access

Control, and Cryptography

Charles P. Pfleeger

Information Security

Chapter 2 :

Access Control

Charles P. Pfleeger

Access Control

  • the details of basic access control paradigm;

โœ“ Subjects are human users,

๏† often represented by surrogate programs running on behalf of the users.

โœ“ Objects are things on which an action can be

performed, for examples:

๏† Files, tables, programs, memory objects, HW devices, strings, data fields, network connections, and processors. ๏† So too are users, or rather programs or processes representing users, because; โˆ’ the OS (representing the system administrator) can act on a user, for example, โˆ’ allowing a user to execute a program, halting a user, or assigning privileges to a user.

โœ“ Access modes are any controllable actions of

subjects on objects, including, but not limited to;

๏† read, write, modify, delete, execute, create, destroy, copy, export, import, and so forth.

Access Control

Access Policies;

  • Access control is a mechanical process,

easily implemented by a table and computer

process;

โœ“ A given subject either can or cannot access a

particular object in a specified way ;

๏† Underlying the straightforward decision is a complex and nuanced decision of which accesses should be allowed, ๏† these decisions are based on a formal or informal security policy.

โœ“ A policy also simplifies establishing access

control rules, because;

๏† they just reflect the existing policy.

๏† Access control rules are derived from higher-

level security policy.

Tracking

  • Sometimes administrators need to revisit

the access policy to determine whether it is

working as it should;

โœ“ Has someone been around for a long time and so has

acquired a large number of no-longer-needed rights?

โœ“ Do so many users have access to one object that it

no longer needs to be controlled? Or;

โœ“ should it be split into several objects so that

individuals can be allowed access to only the pieces

they need?

  • Administrators need to consider these kinds of questions on occasion;

โœ“ to determine whether the policy and implementation

are doing what they should;

  • For more, See Chapter 10 ;

Granularity

  • By granularity we mean the fineness or specificity of access control;

โœ“ At one end you can control access to;

๏† each individual bit or byte, each word in a document, ๏† each number on a spreadsheet, ๏† each photograph in a collection; ๏‰ That level of specificity is generally excessive and cumbersome to implement.

โœ“ The finer the granularity;

๏† the larger number of access control decisions that must be made, ๏€ฟ so there is a performance penalty.

โœ“ Typically a file , a program , or a data space is the

smallest unit to which access is controlled;

๏† So, note that applications can implement their own access control, for example; ๏‰ a DBMS can have access to a complete DB , ๏‰ but it then, carves the DB into smaller units and parcels out access.

Access Log

๏† If a user misuses objects, โˆ’ the access log shows exactly which objects the user did access. ๏† In the event of an external compromise , โˆ’the audit log may help identify how the attacker gained access and which data items were accessed , ๏€ These data for after-the-fact forensic analysis have been extremely helpful in handling major incidents.

Limited Privilege

  • Limited privilege is the act of restraining

users and processes so that any harm they

can do is not catastrophic;

โœ“ is a way to constrain that exposure,

๏† we seek a midpoint that balances the need for some access against the risk of harmful, inappropriate access.

  • Limited privilege is a management concept ,

not a technical control;

โœ“ The process of analyzing users and determining

the privileges they require is a necessary first

step to authorizing within those limits ;

โœ“ After establishing the limits,

๏†we turn to access control technology to enforce those limits.

Implementing Access Control

Reference Monitor

  • Reference monitor : access control that is always

invoked , tamperproof , and verifiable ;

  • In Andersonโ€™s formulation for computers; โœ“ access control depends on a combination of HW and SW that is; โˆ’ always invoked, โˆ’ validates every access attempt; โˆ’ immune from tampering; โˆ’ assuredly correct. โœ“ Anderson called this construct a reference monitor ; โˆ’ A reference monitor is a notion, not a tool you can buy to plug into a port; ๏† It could be embedded in an application to control the applicationโ€™s objects, ๏† part of the OS for system-managed objects, or ๏† part of an appliance.

Implementing Access Control

Reference Monitor

  • There are several models of how access

rights can be maintained and implemented

by the reference monitor;

โœ“ Access Control Directory, โœ“ Access Control Matrix and its substructures;

๏† Access Control List,

๏† Privilege List,

โœ“ Capability, โœ“ Procedure-Oriented Access Control, โœ“ Role-Based Access Control. The basis of access control systems implemented today.

  • Quite apart from the mechanical implementation of the access control matrix or its substructures.
  • related more specifically to the objective of access control: โœ“ relating access to a subjectโ€™s role or โœ“ the context of the access.
  • The OS must maintain all file directories , under commands from the owners of files;
  • The obvious rights to files are the common; โœ“ read, write, โœ“ execute familiar on many shared systems, and โœ“ permitting that user to grant and revoke access rights.
  • Figure 2 - 9 shows an example of a file directory;

Access Control Directory

Figure 2 - 9 : Directory Access Rights

Access Control Directory

  • This approach is easy to implement

because;

โœ“ it uses one list per user,

โœ“ naming all the objects that user is allowed to

access.

  • However, several difficulties can arise;

โœ“ First , the list becomes too large if many

shared objects, such as;

โ”€ libraries of subprograms or โ”€ a common table of users, are accessible to all users, โ”€ The directory of each user must have one entry for each such shared object, even if the user has no intention of accessing the object, โ”€ Deletion must be reflected in all directories.

Access Control Directory

  • A third difficulty involves pseudonyms ; ๏ Owners A and B may have two different files named F, and they may both want to allow access by S; โ”€ Clearly, the directory for S cannot contain two entries under the same name for different files, โ”€ S has to be able to uniquely identify the F for A or B; o One approach is to include the original owner's designation as if it were part of the file name, with a notation such as A:F (or B:F). โˆ’ Another approach is to allow S to name F with any name unique to the directory of S; ๏ F from A could be called Q to S. ๏ This action opens up the possibility that one subject, S, may have two distinct sets of access rights to F, ๏ Lead to a problem of revoke access.

Access Control Directory

๏† In this way, allowing pseudonyms leads to multiple permissions that are not necessarily consistent ; ๏† Thus, the directory approach is probably too simple for most object protection situations.

  • Figure 2 - 10 illustrates an ambiguous access rights in

the access control directory;

Figure 2 - 10 : Ambiguous Access Rights