�������������� Li Xiong CS573 Data Privacy and Security
����������������������� � Security Engineering by Ross Anderson, 2001 � Its function is to control which principles (persons, processes, machines, )) have access to which resources in the system – access to which resources in the system – which files they can read, which programs they can execute, and how they share data with other principles, and so on. � Access control is pervasive � OS (unix, windows), databases, Java
������������������ � Authentication � ID Check � Access Control � Over 18 2 allowed in � Over 21 2 allowed to drink � On VIP List 2 allowed to access VIP area � Enforcement Mechanism � Walls, Doors, Locks, Bouncers
���������������������������������� �������� � Identification and Authentication – establishing and verifying the identity of the user � ������������������ , such as a password or a personal identification number (PIN). � ������������������ , such as a smart card or � ������������������ , such as a smart card or security token. � ����������������� , such as fingerprint, voice, retina, or iris characteristics. � ������������� , for example on or off campus, inside or outside a company firewall � Access control determines which subject can access what resources after identification and authentication
���������������������������������� �������� � Enforcement mechanisms � Auditing – posteriori analysis of all the requests and activities of users in the system � Deterrent – users may be discouraged from attempting violations attempting violations � Means to analyze users behavior to detect possible violations
���������������������������������� ��������
�������������� � Access control mechanisms – low level software functions that can be used to implement a policy � Access matrix model � Implementation approaches Implementation approaches � Access control policies – high level guidelines that determine how accesses are controlled � Discretionary access control (DAC) � Mandatory access control (MAC) � Role based access control (RBAC) � Attribute based access control (ABAC)
������������������� � A set of subjects S � A set of objects O � A set of rights R � An access control matrix � An access control matrix � One row for each subject � One column for each subject/object � Elements are right of subject on an another subject or object
�������������
������������������������� � Access control lists (ACLs) � Capabilities � Authorization relation or table
�������������������������� � Each object is associated with an ACL � Storing the matrix in columns � Modern OS typically take the ACL approach
������������ � Each subject is associated with a capability list � Storing the matrix in rows
�������!�������������� � Each row, or tuple, specifies one access right of a subject to an object � Relational databases typically use it
�������������� � Access control mechanisms – low level software functions that can be used to implement a policy � Access matrix model � Implementation approaches Implementation approaches � Access control policies – high level guidelines that determine how accesses are controlled � Discretionary access control (DAC) � Mandatory access control (MAC) � Role based access control (RBAC)
"��������������� � Restricts access to objects based solely on the identity of users who are trying to access them � No restrictions on information flow Individuals Resources Application Access List database 1 Name Access Tom Yes database 2 John No Cindy Yes database 3
������������ � Governs access based on the classification of subjects and objects � Assign a security level to all information – sensitivity of information � Assign a security level to each user – security clearance � Assign a security level to each user – security clearance � Military and government: Top secret (TS) > secret (S) > confidential (C) > unclassified (U) � Access principles � Read Down – a subject’s clearance must dominate the security level of the object being read � Write Up – a subject’s clearance must be dominated by the security level of the object being written �
������������������ � Information can only flow upwards or within the same class Individuals Resources/Information Write up TS Database 1 DS S Database 2 S Read down C Database 3 C U
#���$%������� � Governs the access based on roles � Access authorizations on objects are specified for roles � Users are given authorizations to adopt roles � A user has access to an object based on the roles
#���$%������� Individuals Roles Resources Role 1 Database 1 Database 2 Role 2 Database 3 Role 3 User’s change frequently, Roles don’t
#���$��������������������� %���&��� � Authorization management – assigning users to roles and assigning access rights to roles � Hierarchical roles – Inheritance of privileges based on hierarchy of roles � Least privilege – allow a user to sign on with least � Least privilege – allow a user to sign on with least privilege required for a particular task � Separation of duties – no single user should be given enough privileges � Object classes – objects can be grouped based on classifications
#%���#�&��������������'������()* � RBAC0, minimum requirement � RBAC1, RBAC0 + role hierarchies � RBAC2, RBAC0 + constraints � RBAC3, RBAC1 + RBAC2 � RBAC3, RBAC1 + RBAC2 Models Hierarchies Constraints RBAC 0 No No RBAC 1 Yes No RBAC 2 No Yes RBAC 3 Yes Yes
�����#%���'����� (UA) (PA) User Assign2 Permission ment Assignment ����� ����� ��� ��� ����������� ������������� ������������� ��������
+'�#' Process Intelligent Agent Person
#,��' A role is a job function with some associated semantics regarding responsibility and authority (permissions). Director Developer Budget Manager Help Desk MTM relation between Representative USERS & PRMS
-���������� � A permission is an approval of a particular access to one or more objects � Database – Update Insert Append Delete � Locks – Open Close � Locks – Open Close � Reports – Create View Print � Applications 2 Read Write Execute SQL
+������������������ ROLES set USERS set A user can be assigned to one or more roles Developer A role can be assigned to one or more users Help Desk Rep
-������������������������ ROLES set PRMS set A prms can be assigned to one or more roles Create Create Delete Drop Admin.DB1 View Update Append A role can be assigned to one or more prms User.DB1
'�''�,�' Each session is a mapping of one user to possibly many roles USER SESSION FIN1.report1 SQL DB1.table1 APP1.desktop
#����.���������#%�� (RH) Role Hierarchy (UA) (PA) User Assign2 Permission ment Assignment ����� ����� ��� ��� ����������� ������������� ������������� ��������
/����.���������� Production Quality Production Quality Engineer 1 Engineer 1 Engineer 2 Engineer 2 Engineer 1 Engineer 2 Engineering Dept Director Project Lead 1 Project Lead 2 Production Production Quality Quality Engineer 1 Engineer 2 Engineer 1 Engineer 2
��������.�������� Director Project Lead 1 Project Lead 2 Production Quality Production Quality Engineer 1 Engineer 1 Engineer 2 Engineer 2 Engineer 1 Engineer 2 Engineering Dept
������������#%�� ��� (RH) Role Hierarchy (UA) (PA) User Assign2 Permission ment Assignment ����� ����� ��� ��� ����������� ������������� ������������� �������� ���
Recommend
More recommend
