access control
play

Access Control CSE497b - Spring 2007 Introduction Computer and - PowerPoint PPT Presentation

Sep 17, 2022 •348 likes •592 views

Access Control CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Access Control

  1. Access Control CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

  2. Access Control • Describe the permissions available to computing processes – Originally, all permissions were available • Clearly, some controls are necessary – Prevent bugs in one process from breaking another • But, what should determine access? CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 2

  3. Permissions for Processes • What permissions should be granted to... – An editor process? – An editor process that you run? – An editor process that someone else runs? – An editor process that contains malware? – An editor process used to edit a password file? • Q: How do we determine/describe the permissions available to processes? • Q: How are they enforced? • Q: How might they change over time? CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 3

  4. Protection System • Any “system” that provides resources to multiple subjects needs to control access among them – Operating system – Servers • Consists of: – Protection state • Description of permission assignments (i.e., policy) • Determines how security goals are met – Enforcement mechanism • Enforce protection state on “system” CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 4

  5. Protection State • Describes the conditions under which the system is secure – Secrecy – Integrity – Availability • Described in terms of – Subjects: Users and processes – Objects: Files and sockets – Operations: Read and write CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 5

  6. Secure Protection State • Set of all protection states P • Set of secure protection states Q – Subjects access to objects to perform operations – Meets secrecy, integrity, availability goal • Example: Protect access to your private key file – Only protection states in which only you can read the private key file are secure – Protection states in which only you may write the public key file are secure • Not all processes are necessarily secure – Recall programs running on your behalf • Hey, even some programs running on your behalf are not to be trusted with the private key! CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 6

  7. Access Matrix • Subjects • Objects • Operations O 1 O 2 O 3 • Can determine – Who can access an object S 1 Y Y N – What objects can be accessed by a subject – What operations a subject can S 2 N Y N perform on an object S 3 N Y Y CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 7

  8. Access Control • Suppose the private key file for J is object O 1 – Only J can read • Suppose the public key file for J is object O 2 O 1 O 2 O 3 – All can read, only J can modify • Suppose all can read and write from J ? ? ? object O 3 • What ’ s the access matrix? S 2 ? ? ? S 3 ? ? ? CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 8

  9. Secrecy • Does the following protection state ensure the secrecy of J ’ s private key in O 1 ? O 1 O 2 O 3 J R R R W W S 2 N R R W S 3 N R R W CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 9

  10. Integrity • Does the following access matrix protect the integrity of J ’ s public key file O 2 ? O 1 O 2 O 3 J R R R W W S 2 N R R W S 3 N R R W CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 10

  11. Trusted Processes • Does it matter if we do not trust some of J ’ s processes? O 1 O 2 O 3 J R R R W W S 2 N R R W S 3 N R R W CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 11

  12. Protection vs Security • Protection – Security goals met under trusted processes – Protects against an error by a non-malicious entity • Security – Security goals met under potentially malicious processes – Protects against any malicious entity • For J: – Non-malicious process shouldn ’ t leak the private key by writing it to O 3 – A potentially malicious process may contain a Trojan horse that can write the private key to O 3 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 12

  13. Least Privilege • Limit permissions to those required and no more • Consider three processes for user J – Restrict privilege of the process J 1 to prevent leaks O 1 O 2 O 3 J 1 R R N W J 2 N R R W J 3 N R R W CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 13

  14. Options for Subjects • Possible subjects CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 14

  15. Role-Based Access Control • Associate permissions with job functions – Each job defines a set of tasks – The tasks need permissions – The permissions define a role • Bank Teller – Read/Write to client accounts – Cannot create new accounts – Cannot create a loan – Role defines only the permissions allowed for the job • What kind of jobs can we define permission sets for? CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 15

  16. Role-based Access Control • Model consists of two relationships – Role-permission assignments – User-role assignments • Assign permissions to roles – These are largely fixed • Assign a user to the roles they can assume – These change with each user – Administrators must manage this relationship CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 16

  17. Enforcement Mechanism • Every system needs to enforce its protection state • Q: What is required of such an enforcement mechanism? CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 17

  18. Reference Monitor • Properties – Complete Mediation of all security-sensitive operations – Tamperproof – Simple enough for verification of correctness • Reference Monitor Structure – Interface • Where is it called to mediate (authorize)? – Mechanism • How are authorization queries processed? – Policy • How are authorization decisions expressed? CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 18

  19. Reference Monitor Loadable Authorization Module Authorization Policy Mechanism Server User Trap Kernel CSE497c Introduction to Computer and Network Security - Spring 2006 - Professors Jaeger and McDaniel Page

  20. Protection State Transitions • Transition – From one access matrix state to another – Add/delete subject, object, operation assignment • Transition semantics – Owner-driven – Delegation – Administrator-driven – Administrative permissions • Attenuation of Rights Principle – Can ’ t grant a right that you do not possess CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 20

  21. Protection State Transitions • Owner – Implicitly has all rights to owned objects – Grants at will – Reader can copy object to self-owned object and distribute • Delegation – Copy flag • Presence of copy flag permits granting of one ’ s rights to that object • Administrators – Implicitly have all rights – Grant to subjects as necessary (w/i security goals) • Administrative permissions – Permissions to perform administrative operations on objects – Distinction between active and administrative rights CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 21

  22. Safety Problem • Is there a general algorithm that enables us to determine whether a permission may be leaked to an unauthorized user from any future protection state ? • Intuition: – From a protection state, users can administer permissions for the objects that they own – Enable other subjects to access those objects • For typical access control models (UNIX) – Problem is Undecidable – Can also extend representation (new users, objects) • Practice: – Check current protection state for “safety” CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 22

  23. Take Away • Access Control is expressed in terms of – Protection Systems • Protection Systems consist of – Protection State representation (e.g., access matrix) – Enforcement Mechanisms (e.g., reference monitor) • Protection States – Challenge to choose subjects (RBAC) – Must to ensure security goals in spite of state transitions • Enforcement Mechanism – Reference Monitor – Ensures protection state is enforced • Transitions – Cannot prove safety for future protection states CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions Protection objects : system resources for which protection is

576 views • 21 slides
Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of Access Control Discretionary acces control Mandatory access control Real systems: Unix Access Control Model Access control Access

817 views • 47 slides
Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control? How Is Access Determined? Who Determines Access? Forms of Access Control SELinux Booleans iptables File Access Control Lists Apache Access Control

711 views • 36 slides
1 General Access Control General Access Control Control of access to memory relatively easy:

1 General Access Control General Access Control Control of access to memory relatively easy:

Role of Access Control Before closing back doors we need to close front doors Access control: determines access to files & processes in OS Fall 2008 We will return to these themes throughout the course Fall 2008 CS

512 views • 6 slides
SYSTEM DIAGRAMS Door Entry & Access Control ACCESS CONTROL ACCESS CONTROL Allowing

SYSTEM DIAGRAMS Door Entry & Access Control ACCESS CONTROL ACCESS CONTROL Allowing

SYSTEM DIAGRAMS Door Entry & Access Control ACCESS CONTROL ACCESS CONTROL Allowing residents / staff access to site areas Main entrance Vehicle entrances Pedestrian entrances Gate / Barrier entrance Bin / Bike / Refuge

336 views • 14 slides
Overview Basic Principles Access Control Methodologies Controls Access Control Designs

Overview Basic Principles Access Control Methodologies Controls Access Control Designs

Overview Basic Principles Access Control Methodologies Controls Access Control Designs Access Control Administration Accountability Chapter 2 Access Control Models Identification and Authentication Methods Lecturer:

708 views • 9 slides
Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control

Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control

Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control Introduction to Computer Security Access control, contd Announcements intermission Stephen McCamant Capability-based access control University

380 views • 7 slides
D2: Access Control #2: Access cess Contr trol ol Similar to OWASP Top 10 Insufficient

D2: Access Control #2: Access cess Contr trol ol Similar to OWASP Top 10 Insufficient

D2: Access Control #2: Access cess Contr trol ol Similar to OWASP Top 10 Insufficient access control and authentication checks Insecure access control methods Private, internal functions and data are accessible through a

547 views • 11 slides
Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP is a

Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP is a

Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP is a simple, modular approach to networked access control with scalability in mind. Easy management from a central location PC from anywhere with an

196 views • 9 slides
Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of

Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of

Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of achieving confiden5ality and integrity) Who can access What Objects : Subjects : Files/ Programs/ Sockets/ User/ process/ applica5on Hardware/

985 views • 46 slides
Outline Basics of access control Unix-style access control CSci 5271 Introduction to Computer

Outline Basics of access control Unix-style access control CSci 5271 Introduction to Computer

Outline Basics of access control Unix-style access control CSci 5271 Introduction to Computer Security Announcements intermission Day 10: OS security: access control Multilevel and mandatory access control Stephen McCamant University of

324 views • 10 slides
Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of

Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of

Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of achieving confidentiality and integrity) Who can access What Objects : Subjects : Files/ Programs/ Sockets/ User/ process/ application

1.31k views • 50 slides
Access Control Mechanisms Week 6 1 CEN-5079: 7.March.2019 Why Access Control Following

Access Control Mechanisms Week 6 1 CEN-5079: 7.March.2019 Why Access Control Following

Access Control Mechanisms Week 6 1 CEN-5079: 7.March.2019 Why Access Control Following authentication, we need to decide what the subject can access 1 Read F 1 OK 2 Bob Write to F Alice 2 F NO ! 3 Execute G G 3 OK

596 views • 56 slides
Insecure Direct Object Reference IDOR ( Broken Access Control ) IDOR ( Broken Access Control ) ~#

Insecure Direct Object Reference IDOR ( Broken Access Control ) IDOR ( Broken Access Control ) ~#

Insecure Direct Object Reference IDOR ( Broken Access Control ) IDOR ( Broken Access Control ) ~# whoami Eric Biako Bsc. IT, CEH v9 Information security officer @ E-connecta Moderator @ https://legalhackmen.com IDOR ( Broken Access Control )

517 views • 12 slides
Access Control SecAppDev 2016 Maarten Decat maarten.decat@kuleuven.be @maartendecat What is

Access Control SecAppDev 2016 Maarten Decat maarten.decat@kuleuven.be @maartendecat What is

Access Control SecAppDev 2016 Maarten Decat maarten.decat@kuleuven.be @maartendecat What is access control? Access control is the part of security that constrains the actions that are performed in a system based on access control rules .

1.4k views • 113 slides
1 Types of Power-Saving MACs The Sensor MAC (S-MAC) Three distinct classes of power-saving

1 Types of Power-Saving MACs The Sensor MAC (S-MAC) Three distinct classes of power-saving

What Is Media Access Control? Media Access Control (MAC) determines who gets access to the shared medium, and when Media Access Control In wired settings, usually just tries to avoid Greg Hackmann contention In wireless settings, can

399 views • 7 slides
Lecture 15 Access Control Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 15 Access Control Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 15 Access Control Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Baileys ECE 422 Authentication vs Authorization Authentication Who goes there? Restrictions on who (or what)

348 views • 21 slides
Getting Started with DUNE's Software and Computing Thomas R. Junk Young Dune September 16, 2016

Getting Started with DUNE's Software and Computing Thomas R. Junk Young Dune September 16, 2016

Getting Started with DUNE's Software and Computing Thomas R. Junk Young Dune September 16, 2016 Web Documentation I set my web browser's home page to the DUNE at Work page: https://web.fnal.gov/collaboration/DUNE/SitePages/home.aspx It is

543 views • 30 slides
Attack Graphs Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1 Outline Attack

Attack Graphs Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1 Outline Attack

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Attack Graphs Systems and Internet Infrastructure Security (SIIS)

1.06k views • 60 slides
Operationalizing Yarrp: High-Speed Active Network Topology Mapping from AWS

Operationalizing Yarrp: High-Speed Active Network Topology Mapping from AWS

Operationalizing Yarrp: High-Speed Active Network Topology Mapping from AWS https://yarrp.nps.tancad.net/ Justin P. Rohrer (jprohrer@nps.edu) Department of Computer Science US Naval Postgraduate School AIMS-KISMET, February 28, 2020 1

538 views • 16 slides
Access Control and Processes Por$ons courtesy Ellen Liu CSE/ISE

Access Control and Processes Por$ons courtesy Ellen Liu CSE/ISE

CSE/ISE 311: Systems Administra5on Access Control and Processes Por$ons courtesy Ellen Liu CSE/ISE 311: Systems Administra5on Outline Access control

385 views • 20 slides
NETCONF Access Control draft-bierman-netconf-access-control-01 IETF 77, March 2010 Andy Bierman

NETCONF Access Control draft-bierman-netconf-access-control-01 IETF 77, March 2010 Andy Bierman

NETCONF Access Control draft-bierman-netconf-access-control-01 IETF 77, March 2010 Andy Bierman andyb@iwl.com Agenda Why does NETCONF need a standard access control model (ACM)? What are the functional requirements for a standard ACM

842 views • 26 slides
http://xkcd.com/932/ Homework 2 Review CS 166: Information Security Authorization: Part 1 Prof.

http://xkcd.com/932/ Homework 2 Review CS 166: Information Security Authorization: Part 1 Prof.

http://xkcd.com/932/ Homework 2 Review CS 166: Information Security Authorization: Part 1 Prof. Tom Austin San Jos State University Authentication vs Authorization Authentication Are you who you say you are? Restrictions on who

1.14k views • 79 slides
Risk-Aware Role-Based Access Control Liang Chen Jason Crampton Information Security Group, Royal

Risk-Aware Role-Based Access Control Liang Chen Jason Crampton Information Security Group, Royal

Risk-Aware Role-Based Access Control Liang Chen Jason Crampton Information Security Group, Royal Holloway, University of London 7th International Workshop on Security and Trust Management Risk-Aware RBAC Introduction Introduction

604 views • 16 slides

More recommend