SlideShare una empresa de Scribd logo

Access Control: Principles and Practice

N
Nabeel Yoosuf

Slides prepared based on the paper Access Control: Principles and Practice by Ravi S. Sandhu and Pierangela Samarati, IEEE Communications Magazine, 1994

TecnologíaEmpresariales
1 de 39
Descargar para leer sin conexión
Access Control: Principles and Practice Reference: Access Control: Principles and Practice, Ravi S. Sandhu and Pierangela Samarati, IEEE Communications Magazine, 1994 Prepared by: Nabeel Mohamed
Access Control  The purpose is to limit that the operations or actions that a legitimate user of a computer system can perform  Constrains ◦ What a user can do directly, and ◦ What programs executing on behalf of users are allowed to do  Thus, tries to prevent activities that could lead to a breach of security  Is required to achieve confidentiality, integrity and availability objectives
The Big Picture
The Big Picture  Shows a logical picture of security services and their interactions  Authentication service should correctly establish the identity of the user  Authentication, and then Access Control  Access control is not a complete solution for securing a system. What is the missing service? ◦ Auditing
The Big Picture  Auditing ◦ Performs a posteriori analysis of all the requests and activities of users in the system ◦ Requires logging all requests and activities ◦ How can auditing help?  Acting as a deterrent  Identifying attempted or actual violations  Identifying flaws in the security system  Preventing authorized users from misusing their privileges (accountability)
Policies vs. Mechanisms  Policies ◦ High-level guidelines that determine how accesses are controlled and access decisions determined  Mechanisms ◦ Low-level software and hardware functions that can be configured to implement a policy  It is desirable to develop access control mechanisms that are largely independent of the policy for which they could be used
The Access Matrix  All resources controlled by a computer system can be represented by data stored in objects  Subjects, which initiate activities in the system, are typically users or programs executing on behalf of users  Subjects can themselves be objects  Subjects initiate actions on objects ◦ Actions are allowed or denied in accordance with the authorization established
The Access Matrix  Example access rights/modes: ◦ For files, the typical access rights are read, write, execute and own  OS implements them ◦ For bank accounts, the typical access rights are inquiry, credit and debit  Application programs implement them
The Access Matrix  A conceptual model that specifies the rights that each subject possesses for each object  Subjects in rows, objects in columns
The Access Matrix  The access matrix model clearly separates the problem of authentication from that of authorization  A reference monitor should ensure that only those operations authorized by the access matrix actually get executed  Example: Alice is the owner of the file 2, and she can read and write that file
Implementation Approaches  Access matrix is usually sparse and hence not implemented as a matrix  Some common approaches to implementing the access matrix in practice: ◦ Access Control Lists (ACLs) ◦ Capabilities ◦ Authorization Relations
Access Control Lists  Each object is associated with a an ACL  ACL has an entry of each subject if it has some kind of access to that object  This approach corresponds to storing the access matrix by column
Access Control Lists
Access Control Lists  Advantages ◦ By looking at an object’s ACL it is easy to determine which modes of access subjects are currently authorized for that object ◦ Easy to revoke all access to an object  Disadvantages ◦ It is difficult to find all accesses a subject has
Access Control Lists  In order to reduce the list length, the usual practice is to use groups instead of (or in addition to) individual subject identifiers  Example: UNIX getfacl and setfacl allows to create ACLs on files and folders
Capabilities  A dual approach to ACLs  Each subject is associated with a list (call the capability list)  A capability list of a subject has a list of objects for which subject has some kind of access
Capabilities
Capabilities  Advantage ◦ Easy to find all accesses that a subject is authorized to perform ◦ Easy to revoke all accesses to a subject  Disadvantages ◦ Difficult to find all subjects who have some kind of access to a given object  Modern operating systems typically take the ACL-based approach
Authorization Relations  Each row or tuple of the authorization relation specifies one access right of a subject to an object  For example, John’s accesses to File 1 require 3 rows  If the table is sorted by subjects, it reflects capabilities  If the table is sorted by objects, it reflects ACLs  The relation is not normalized
Authorization Relations
Access Control Policies  Discretionary policies  Mandatory policies  Role-based policies
Multiple Access Control Policies  AC policies are not exclusive; can be combined to provide a more suitable protection system  When policies are combined, only the intersections of their accesses allowed
Discretionary Policies  Access control is under the discretion of the user  Flexibility of discretionary policies has made them successful in industry
Discretionary Policies  However, they do not provide real assurance on the flow of information in the system ◦ It’s easy to bypass the access restrictions stated through the authorizations ◦ Example: a user, able to read an object, can pass it to other users with the knowledge of the owner ◦ The reason is discretionary policies do not impose any restriction on the usage of information by a user once the user received it (dissemination of information is not controlled)
Mandatory Policies  Access control enforcement is under the control of the system  MLS (Multilevel Security) model is the most popular mandatory approach ◦ Access is based on the security levels assigned to objects and subjects  Each user and each object in the system is assigned a security level  MLS provides one-directional information flow in a lattice of security labels
Mandatory Policies  The security level associated with an object reflects ◦ The sensitivity of the information contained in the object  The security level associated with a subject (also called clearance) reflects ◦ The user’s trustworthiness not to disclose sensitive information to users not cleared to see it
Example Security Levels  In a military setting we usually find the following security levels: ◦ Top Secret (TS) ◦ Secret (S) ◦ Confidential (C) ◦ Unclassified (U)  They form the ordered set TS > S > C > U  Each security level is said to dominate itself and all others below it in this hierarchy
Confidentiality Policies  Read down ◦ A subject’s clearance must dominate the security level of the object being read  Write up ◦ A subject’s clearance must be dominated by the security level of the object being written  Prevent information in high-level objects (more sensitive) to flow to objects in lower levels  Information can only flow upwards or within the same security domain
Confidentiality Policies
Confidentiality Policies  In order to write at a lower security level, subject should be allowed to take any clearance level dominated by its original clearance level  The intuition behind write-up rule is to prevent malicious software from leaking secret information downwards  Write-up rule may destroy data in higher security levels – Hence, it is usually controlled to work only at the same security level as the subject
Integrity Policies  Read up ◦ A subject’s integrity level must be dominated by the integrity level of the object being read  Write down ◦ A subject’s integrity level must dominate the integrity level of the object being written  Prevent information stored in low objects (hence less reliable) to flow to high objects  Protect only one aspect of integrity  Information can only flow downwards or within the same security level
Integrity Policies
Role-based Policies  Neither discretionary nor mandatory approaches satisfies the needs of most commercial enterprises ◦ Mandatory policies rise from rigid environments, like those of military ◦ Discretionary policies rise from cooperative yet autonomous requirements, like those of academic researchers  One alternative is role-base policies
Role-based Policies  The flexibility required: ◦ Allow the specification of authorization to be granted to users (or groups) on objects like in the discretionary approach, together with the possibility of specifying restrictions (like in the mandatory approach) on the assignment or on the use of such authorizations
Role-based Policies  A role is a set of actions and responsibilities associated with a particular working activity  Instead of specifying all the accesses each user is allowed to execute, access authorizations are specified for roles  Users are given authorization to adopt roles  A user playing a role is allowed to execute all accesses for which the role is authorized.
Role-based Policies  User may or may not be allowed to play multiple roles at the same time  A user may take on different roles on different occasions
Advantages of Role-based Policies  Simplification of authorization management  Hierarchical roles further simplify by allowing generalization and specialization  Adapting different roles to operate at the least privilege  Promotes separation of duty to prevent misuse of the system  Instead of individual objects, access can be specified for object classes
Administration of Authorization  Administrative policies determine who is authorized to modify the allowed access  In mandatory AC, security administrator determines the access to objects by subjects  In discretionary and role-based AC, there are possibly many types of administrative policies
Administration of Authorization  Example DAC administrative policies ◦ Centralized – a single authorized user like in MAC ◦ Hierarchical – authorizers are ordered in a hierarchy with decreasing power ◦ Cooperative – multiple authorizers to specify each access ◦ Ownership – owner of the object controls accesses ◦ Decentralized – delegate authorization to others to control accesses

Recomendados

Access Controls
Access ControlsAccess Controls
Access Controlsprimeteacher32
 
Ch07 Access Control Fundamentals
Ch07 Access Control FundamentalsCh07 Access Control Fundamentals
Ch07 Access Control FundamentalsInformation Technology
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating systemAbou Bakr Ashraf
 
Security models
Security models Security models
Security models LJ PROJECTS
 
Types of access control systems
Types of access control systemsTypes of access control systems
Types of access control systemsSecurePass
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to securityDhani Ahmad
 
2 secure systems design
2 secure systems design2 secure systems design
2 secure systems designdrewz lin
 
OPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITYOPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITYRohitK71
 

Recomendados

Access Controls
Access ControlsAccess Controls
Access Controlsprimeteacher32
 
Ch07 Access Control Fundamentals
Ch07 Access Control FundamentalsCh07 Access Control Fundamentals
Ch07 Access Control FundamentalsInformation Technology
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating systemAbou Bakr Ashraf
 
Security models
Security models Security models
Security models LJ PROJECTS
 
Types of access control systems
Types of access control systemsTypes of access control systems
Types of access control systemsSecurePass
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to securityDhani Ahmad
 
2 secure systems design
2 secure systems design2 secure systems design
2 secure systems designdrewz lin
 
OPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITYOPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITYRohitK71
 
File system.
File system.File system.
File system.elyza12
 
Ipsec
IpsecIpsec
IpsecRupesh Mishra
 
Database security
Database securityDatabase security
Database securityBirju Tank
 
Linux process management
Linux process managementLinux process management
Linux process managementRaghu nath
 
CCNP Security-Secure
CCNP Security-SecureCCNP Security-Secure
CCNP Security-Securemohannadalhanahnah
 
CS6601 DISTRIBUTED SYSTEMS
CS6601 DISTRIBUTED SYSTEMSCS6601 DISTRIBUTED SYSTEMS
CS6601 DISTRIBUTED SYSTEMSKathirvel Ayyaswamy
 
Deadlock
DeadlockDeadlock
DeadlockRajandeep Gill
 
An overview of access control
An overview of access controlAn overview of access control
An overview of access controlElimity
 
IP Security and its Components
IP Security and its ComponentsIP Security and its Components
IP Security and its ComponentsMohibullah Saail
 
03 cia
03 cia03 cia
03 ciaJadavsejal
 
DB security
DB security DB security
DB securityERSHUBHAM TIWARI
 
Firewalls
FirewallsFirewalls
Firewallsvaishnavi
 
Security in Windows operating system
Security in Windows operating systemSecurity in Windows operating system
Security in Windows operating systemabdullah roomi
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architectureamiable_indian
 
The need for security
The need for securityThe need for security
The need for securityDhani Ahmad
 
Chapter 13 - I/O Systems
Chapter 13 - I/O SystemsChapter 13 - I/O Systems
Chapter 13 - I/O SystemsWayne Jones Jnr
 
Computer security overview
Computer security overviewComputer security overview
Computer security overviewCAS
 
Operating system vulnerability and control
Operating system vulnerability and control Operating system vulnerability and control
Operating system vulnerability and control أحلام انصارى
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security PresentationAllan Pratt MBA
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityDr. Loganathan R
 
Isys20261 lecture 12
Isys20261 lecture 12Isys20261 lecture 12
Isys20261 lecture 12Wiliam Ferraciolli
 
4_5949547032388570388.ppt
4_5949547032388570388.ppt4_5949547032388570388.ppt
4_5949547032388570388.pptMohammedMohammed578197
 

Más contenido relacionado

La actualidad más candente

File system.
File system.File system.
File system.elyza12
 
Database security
Database securityDatabase security
Database securityBirju Tank
 
Linux process management
Linux process managementLinux process management
Linux process managementRaghu nath
 
An overview of access control
An overview of access controlAn overview of access control
An overview of access controlElimity
 
IP Security and its Components
IP Security and its ComponentsIP Security and its Components
IP Security and its ComponentsMohibullah Saail
 
Security in Windows operating system
Security in Windows operating systemSecurity in Windows operating system
Security in Windows operating systemabdullah roomi
 
The need for security
The need for securityThe need for security
The need for securityDhani Ahmad
 
Chapter 13 - I/O Systems
Chapter 13 - I/O SystemsChapter 13 - I/O Systems
Chapter 13 - I/O SystemsWayne Jones Jnr
 
Computer security overview
Computer security overviewComputer security overview
Computer security overviewCAS
 
Operating system vulnerability and control
Operating system vulnerability and control Operating system vulnerability and control
Operating system vulnerability and control أحلام انصارى
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security PresentationAllan Pratt MBA
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityDr. Loganathan R
 

La actualidad más candente (20)

File system.
File system.File system.
File system.
 
Ipsec
IpsecIpsec
Ipsec
 
Database security
Database securityDatabase security
Database security
 
Linux process management
Linux process managementLinux process management
Linux process management
 
CCNP Security-Secure
CCNP Security-SecureCCNP Security-Secure
CCNP Security-Secure
 
CS6601 DISTRIBUTED SYSTEMS
CS6601 DISTRIBUTED SYSTEMSCS6601 DISTRIBUTED SYSTEMS
CS6601 DISTRIBUTED SYSTEMS
 
Deadlock
DeadlockDeadlock
Deadlock
 
An overview of access control
An overview of access controlAn overview of access control
An overview of access control
 
IP Security and its Components
IP Security and its ComponentsIP Security and its Components
IP Security and its Components
 
03 cia
03 cia03 cia
03 cia
 
DB security
DB security DB security
DB security
 
Firewalls
FirewallsFirewalls
Firewalls
 
Security in Windows operating system
Security in Windows operating systemSecurity in Windows operating system
Security in Windows operating system
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architecture
 
The need for security
The need for securityThe need for security
The need for security
 
Chapter 13 - I/O Systems
Chapter 13 - I/O SystemsChapter 13 - I/O Systems
Chapter 13 - I/O Systems
 
Computer security overview
Computer security overviewComputer security overview
Computer security overview
 
Operating system vulnerability and control
Operating system vulnerability and control Operating system vulnerability and control
Operating system vulnerability and control
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
 

Similar a Access Control: Principles and Practice

Week No 13 Access Control Part 1.pptx
Week No 13 Access Control Part 1.pptxWeek No 13 Access Control Part 1.pptx
Week No 13 Access Control Part 1.pptxXhamiiiCH
 
Least privilege, access control, operating system security
Least privilege, access control, operating system securityLeast privilege, access control, operating system security
Least privilege, access control, operating system securityG Prachi
 
Survey of file protection techniques
Survey of file protection techniquesSurvey of file protection techniques
Survey of file protection techniquesG Prachi
 
Protection in general purpose operating system
Protection in general purpose operating systemProtection in general purpose operating system
Protection in general purpose operating systemG Prachi
 
Access Control Fundamentals
Access Control FundamentalsAccess Control Fundamentals
Access Control FundamentalsSetiya Nugroho
 
Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
Application Security -- Authorization Models
Application Security -- Authorization ModelsApplication Security -- Authorization Models
Application Security -- Authorization Modelsadinath7
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxdotco
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxTechnocracy2
 
access-control-basics-murat-kantarcioglu.pdf
access-control-basics-murat-kantarcioglu.pdfaccess-control-basics-murat-kantarcioglu.pdf
access-control-basics-murat-kantarcioglu.pdfNohaNagy5
 
information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...Zara Nawaz
 
INFORMATION SECURITY STUDY GUIDE for STUDENTS
INFORMATION SECURITY STUDY GUIDE for STUDENTSINFORMATION SECURITY STUDY GUIDE for STUDENTS
INFORMATION SECURITY STUDY GUIDE for STUDENTShenlydailymotion
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochQA or the Highway
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochQA or the Highway
 

Similar a Access Control: Principles and Practice (20)

Isys20261 lecture 12
Isys20261 lecture 12Isys20261 lecture 12
Isys20261 lecture 12
 
4_5949547032388570388.ppt
4_5949547032388570388.ppt4_5949547032388570388.ppt
4_5949547032388570388.ppt
 
AccessControl.ppt
AccessControl.pptAccessControl.ppt
AccessControl.ppt
 
Week No 13 Access Control Part 1.pptx
Week No 13 Access Control Part 1.pptxWeek No 13 Access Control Part 1.pptx
Week No 13 Access Control Part 1.pptx
 
Least privilege, access control, operating system security
Least privilege, access control, operating system securityLeast privilege, access control, operating system security
Least privilege, access control, operating system security
 
Survey of file protection techniques
Survey of file protection techniquesSurvey of file protection techniques
Survey of file protection techniques
 
Protection in general purpose operating system
Protection in general purpose operating systemProtection in general purpose operating system
Protection in general purpose operating system
 
Access Control Fundamentals
Access Control FundamentalsAccess Control Fundamentals
Access Control Fundamentals
 
Security risk management
Security risk managementSecurity risk management
Security risk management
 
Application Security -- Authorization Models
Application Security -- Authorization ModelsApplication Security -- Authorization Models
Application Security -- Authorization Models
 
Chapter 7
Chapter 7Chapter 7
Chapter 7
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptx
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptx
 
access-control-basics-murat-kantarcioglu.pdf
access-control-basics-murat-kantarcioglu.pdfaccess-control-basics-murat-kantarcioglu.pdf
access-control-basics-murat-kantarcioglu.pdf
 
002.itsecurity bcp v1
002.itsecurity bcp v1002.itsecurity bcp v1
002.itsecurity bcp v1
 
information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...
 
S5-Authorization
S5-AuthorizationS5-Authorization
S5-Authorization
 
INFORMATION SECURITY STUDY GUIDE for STUDENTS
INFORMATION SECURITY STUDY GUIDE for STUDENTSINFORMATION SECURITY STUDY GUIDE for STUDENTS
INFORMATION SECURITY STUDY GUIDE for STUDENTS
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 

Más de Nabeel Yoosuf

Building RESTful Applications
Building RESTful ApplicationsBuilding RESTful Applications
Building RESTful ApplicationsNabeel Yoosuf
 
Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2Nabeel Yoosuf
 
Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1Nabeel Yoosuf
 
Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1Nabeel Yoosuf
 
Oracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12cOracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12cNabeel Yoosuf
 
Introduction to Tokenization
Introduction to TokenizationIntroduction to Tokenization
Introduction to TokenizationNabeel Yoosuf
 
Privacy Preserving Access Control for Third Party Data Management Systems
Privacy Preserving Access Control for Third Party Data Management SystemsPrivacy Preserving Access Control for Third Party Data Management Systems
Privacy Preserving Access Control for Third Party Data Management SystemsNabeel Yoosuf
 
Efficient privacy preserving publish subscribe systems
Efficient privacy preserving publish subscribe systemsEfficient privacy preserving publish subscribe systems
Efficient privacy preserving publish subscribe systemsNabeel Yoosuf
 
Efficient Filtering in Pub-Sub Systems using BDD
Efficient Filtering in Pub-Sub Systems using BDDEfficient Filtering in Pub-Sub Systems using BDD
Efficient Filtering in Pub-Sub Systems using BDDNabeel Yoosuf
 
Pub-Sub Systems and Confidentiality/Privacy
Pub-Sub Systems and Confidentiality/PrivacyPub-Sub Systems and Confidentiality/Privacy
Pub-Sub Systems and Confidentiality/PrivacyNabeel Yoosuf
 
A Structure Preserving Approach for Securing XML Documents
A Structure Preserving Approach for Securing XML DocumentsA Structure Preserving Approach for Securing XML Documents
A Structure Preserving Approach for Securing XML DocumentsNabeel Yoosuf
 

Más de Nabeel Yoosuf (12)

Building RESTful Applications
Building RESTful ApplicationsBuilding RESTful Applications
Building RESTful Applications
 
Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2
 
Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1
 
Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1
 
API Façade Pattern
API Façade PatternAPI Façade Pattern
API Façade Pattern
 
Oracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12cOracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12c
 
Introduction to Tokenization
Introduction to TokenizationIntroduction to Tokenization
Introduction to Tokenization
 
Privacy Preserving Access Control for Third Party Data Management Systems
Privacy Preserving Access Control for Third Party Data Management SystemsPrivacy Preserving Access Control for Third Party Data Management Systems
Privacy Preserving Access Control for Third Party Data Management Systems
 
Efficient privacy preserving publish subscribe systems
Efficient privacy preserving publish subscribe systemsEfficient privacy preserving publish subscribe systems
Efficient privacy preserving publish subscribe systems
 
Efficient Filtering in Pub-Sub Systems using BDD
Efficient Filtering in Pub-Sub Systems using BDDEfficient Filtering in Pub-Sub Systems using BDD
Efficient Filtering in Pub-Sub Systems using BDD
 
Pub-Sub Systems and Confidentiality/Privacy
Pub-Sub Systems and Confidentiality/PrivacyPub-Sub Systems and Confidentiality/Privacy
Pub-Sub Systems and Confidentiality/Privacy
 
A Structure Preserving Approach for Securing XML Documents
A Structure Preserving Approach for Securing XML DocumentsA Structure Preserving Approach for Securing XML Documents
A Structure Preserving Approach for Securing XML Documents
 

Último

What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 

Último (20)

What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 

Access Control: Principles and Practice

  • 1. Access Control: Principles and Practice Reference: Access Control: Principles and Practice, Ravi S. Sandhu and Pierangela Samarati, IEEE Communications Magazine, 1994 Prepared by: Nabeel Mohamed
  • 2. Access Control  The purpose is to limit that the operations or actions that a legitimate user of a computer system can perform  Constrains ◦ What a user can do directly, and ◦ What programs executing on behalf of users are allowed to do  Thus, tries to prevent activities that could lead to a breach of security  Is required to achieve confidentiality, integrity and availability objectives
  • 4. The Big Picture  Shows a logical picture of security services and their interactions  Authentication service should correctly establish the identity of the user  Authentication, and then Access Control  Access control is not a complete solution for securing a system. What is the missing service? ◦ Auditing
  • 5. The Big Picture  Auditing ◦ Performs a posteriori analysis of all the requests and activities of users in the system ◦ Requires logging all requests and activities ◦ How can auditing help?  Acting as a deterrent  Identifying attempted or actual violations  Identifying flaws in the security system  Preventing authorized users from misusing their privileges (accountability)
  • 6. Policies vs. Mechanisms  Policies ◦ High-level guidelines that determine how accesses are controlled and access decisions determined  Mechanisms ◦ Low-level software and hardware functions that can be configured to implement a policy  It is desirable to develop access control mechanisms that are largely independent of the policy for which they could be used
  • 7. The Access Matrix  All resources controlled by a computer system can be represented by data stored in objects  Subjects, which initiate activities in the system, are typically users or programs executing on behalf of users  Subjects can themselves be objects  Subjects initiate actions on objects ◦ Actions are allowed or denied in accordance with the authorization established
  • 8. The Access Matrix  Example access rights/modes: ◦ For files, the typical access rights are read, write, execute and own  OS implements them ◦ For bank accounts, the typical access rights are inquiry, credit and debit  Application programs implement them
  • 9. The Access Matrix  A conceptual model that specifies the rights that each subject possesses for each object  Subjects in rows, objects in columns
  • 10. The Access Matrix  The access matrix model clearly separates the problem of authentication from that of authorization  A reference monitor should ensure that only those operations authorized by the access matrix actually get executed  Example: Alice is the owner of the file 2, and she can read and write that file
  • 11. Implementation Approaches  Access matrix is usually sparse and hence not implemented as a matrix  Some common approaches to implementing the access matrix in practice: ◦ Access Control Lists (ACLs) ◦ Capabilities ◦ Authorization Relations
  • 12. Access Control Lists  Each object is associated with a an ACL  ACL has an entry of each subject if it has some kind of access to that object  This approach corresponds to storing the access matrix by column
  • 14. Access Control Lists  Advantages ◦ By looking at an object’s ACL it is easy to determine which modes of access subjects are currently authorized for that object ◦ Easy to revoke all access to an object  Disadvantages ◦ It is difficult to find all accesses a subject has
  • 15. Access Control Lists  In order to reduce the list length, the usual practice is to use groups instead of (or in addition to) individual subject identifiers  Example: UNIX getfacl and setfacl allows to create ACLs on files and folders
  • 16. Capabilities  A dual approach to ACLs  Each subject is associated with a list (call the capability list)  A capability list of a subject has a list of objects for which subject has some kind of access
  • 18. Capabilities  Advantage ◦ Easy to find all accesses that a subject is authorized to perform ◦ Easy to revoke all accesses to a subject  Disadvantages ◦ Difficult to find all subjects who have some kind of access to a given object  Modern operating systems typically take the ACL-based approach
  • 19. Authorization Relations  Each row or tuple of the authorization relation specifies one access right of a subject to an object  For example, John’s accesses to File 1 require 3 rows  If the table is sorted by subjects, it reflects capabilities  If the table is sorted by objects, it reflects ACLs  The relation is not normalized
  • 21. Access Control Policies  Discretionary policies  Mandatory policies  Role-based policies
  • 22. Multiple Access Control Policies  AC policies are not exclusive; can be combined to provide a more suitable protection system  When policies are combined, only the intersections of their accesses allowed
  • 23. Discretionary Policies  Access control is under the discretion of the user  Flexibility of discretionary policies has made them successful in industry
  • 24. Discretionary Policies  However, they do not provide real assurance on the flow of information in the system ◦ It’s easy to bypass the access restrictions stated through the authorizations ◦ Example: a user, able to read an object, can pass it to other users with the knowledge of the owner ◦ The reason is discretionary policies do not impose any restriction on the usage of information by a user once the user received it (dissemination of information is not controlled)
  • 25. Mandatory Policies  Access control enforcement is under the control of the system  MLS (Multilevel Security) model is the most popular mandatory approach ◦ Access is based on the security levels assigned to objects and subjects  Each user and each object in the system is assigned a security level  MLS provides one-directional information flow in a lattice of security labels
  • 26. Mandatory Policies  The security level associated with an object reflects ◦ The sensitivity of the information contained in the object  The security level associated with a subject (also called clearance) reflects ◦ The user’s trustworthiness not to disclose sensitive information to users not cleared to see it
  • 27. Example Security Levels  In a military setting we usually find the following security levels: ◦ Top Secret (TS) ◦ Secret (S) ◦ Confidential (C) ◦ Unclassified (U)  They form the ordered set TS > S > C > U  Each security level is said to dominate itself and all others below it in this hierarchy
  • 28. Confidentiality Policies  Read down ◦ A subject’s clearance must dominate the security level of the object being read  Write up ◦ A subject’s clearance must be dominated by the security level of the object being written  Prevent information in high-level objects (more sensitive) to flow to objects in lower levels  Information can only flow upwards or within the same security domain
  • 30. Confidentiality Policies  In order to write at a lower security level, subject should be allowed to take any clearance level dominated by its original clearance level  The intuition behind write-up rule is to prevent malicious software from leaking secret information downwards  Write-up rule may destroy data in higher security levels – Hence, it is usually controlled to work only at the same security level as the subject
  • 31. Integrity Policies  Read up ◦ A subject’s integrity level must be dominated by the integrity level of the object being read  Write down ◦ A subject’s integrity level must dominate the integrity level of the object being written  Prevent information stored in low objects (hence less reliable) to flow to high objects  Protect only one aspect of integrity  Information can only flow downwards or within the same security level
  • 33. Role-based Policies  Neither discretionary nor mandatory approaches satisfies the needs of most commercial enterprises ◦ Mandatory policies rise from rigid environments, like those of military ◦ Discretionary policies rise from cooperative yet autonomous requirements, like those of academic researchers  One alternative is role-base policies
  • 34. Role-based Policies  The flexibility required: ◦ Allow the specification of authorization to be granted to users (or groups) on objects like in the discretionary approach, together with the possibility of specifying restrictions (like in the mandatory approach) on the assignment or on the use of such authorizations
  • 35. Role-based Policies  A role is a set of actions and responsibilities associated with a particular working activity  Instead of specifying all the accesses each user is allowed to execute, access authorizations are specified for roles  Users are given authorization to adopt roles  A user playing a role is allowed to execute all accesses for which the role is authorized.
  • 36. Role-based Policies  User may or may not be allowed to play multiple roles at the same time  A user may take on different roles on different occasions
  • 37. Advantages of Role-based Policies  Simplification of authorization management  Hierarchical roles further simplify by allowing generalization and specialization  Adapting different roles to operate at the least privilege  Promotes separation of duty to prevent misuse of the system  Instead of individual objects, access can be specified for object classes
  • 38. Administration of Authorization  Administrative policies determine who is authorized to modify the allowed access  In mandatory AC, security administrator determines the access to objects by subjects  In discretionary and role-based AC, there are possibly many types of administrative policies
  • 39. Administration of Authorization  Example DAC administrative policies ◦ Centralized – a single authorized user like in MAC ◦ Hierarchical – authorizers are ordered in a hierarchy with decreasing power ◦ Cooperative – multiple authorizers to specify each access ◦ Ownership – owner of the object controls accesses ◦ Decentralized – delegate authorization to others to control accesses