access control
play

Access Control Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - - PowerPoint PPT Presentation

Apr 03, 2023 •415 likes •784 views

Access Control Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP4631 - L17 1 Agenda of this Lecture The basic concepts of access control, ACLs, capabilities, etc. Two approaches to access control Further reading C. Ding -

  1. Access Control Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP4631 - L17 1

  2. Agenda of this Lecture • The basic concepts of access control, ACLs, capabilities, etc. • Two approaches to access control • Further reading C. Ding - COMP4631 - L17 2

  3. An Example • I, the owner of the cding home directory, have total control over all files in all directories and subdirectories. private Public_html • Everyone else can read all files in “Public_html”, but should not do other operations on the files Question : How do I do in this subdirectory. the access controls? C. Ding - COMP4631 - L17 3

  4. Access Control • Computer security : it deals with the prevention and detection of unauthorized actions. • Computer systems control access to data and shared resources, like memory, printers, etc, primarily for reasons of integrity , not so much for confidentiality . • Access control is at the core of computer security. C. Ding - COMP4631 - L17 4

  5. Subjects and Objects • Terminology for access control: à subject: active entity --- user or process à object: passive entity --- file or resource à access operation: read, write, ... • Subjects and objects provide a different focus of control (first design principle) à What is the subject allowed to do? (1st approach) à What may be done with an object? (2nd approach) C. Ding - COMP4631 - L17 5

  6. The Two Approaches in Practice • Traditionally, multi-user operating systems manage files and resources, i.e. objects. • Access control takes the 2nd approach. • Application-oriented IT systems, like database management systems, offer services directed to the end user and may well control the actions of subjects. • Access control takes the 1st approach. C. Ding - COMP4631 - L17 6

  7. The Fundamental Model of Access Control Security Access reference Subject Object request monitor The security reference monitor will check the access control policy and will grant or reject the request. Real World Examples ? C. Ding - COMP4631 - L17 7

  8. Access Operations and Access Rights C. Ding - COMP4631 - L17 8

  9. Access Operations • Access operations: No uniform definition. They differ from system to system. • Examples: basic memory access, method calls in an object-oriented system. • We will look at a few typical sets of access operations. On the most elementary level, a subject may à observe an object or à alter an object . • Observe and Alter are called access modes . C. Ding - COMP4631 - L17 9

  10. Access Rights • Access rights of the Bell-LaPadula Access control model: • The four Bell LaPadula access rights: à execute à read à append, also called blind write à write • Mapping between access rights and access modes. execute append read write Observe X X Alter X X C. Ding - COMP4631 - L17 10

  11. Rationale • A user has to open a file to get access . Files can be opened for read access or for write access so that the O/S can avoid potential conflicts. • Write access usually includes read access . A user editing a file should not be asked to open it twice. Hence, the write right includes Observe and Alter mode. • Few systems actually implement append . altering an object without observing its content is rarely useful (exception: audit log). • A file can be used without being opened (read). Example: use of a cryptographic key. This motivates the execute right, which includes neither Observe nor Alter mode. C. Ding - COMP4631 - L17 11

  12. Unix • Access control • Applied to a directory , policies are expressed the access operations in terms of three take this meaning: operations: à read : list contents à read : read from a file à write : create or rename à write : write to a file files in the directory à execute : execute a à execute : search the directory file These operations differ from the Bell-LaPadula model. E.G., Unix write access does not imply read access. Creation and deletion of files are governed by access control to the directory. C. Ding - COMP4631 - L17 12

  13. Windows NT Access operations in the NTFS (New Technology File System) file system of Windows NT: à read à delete à write à change permission à execute à change ownership •We no longer rely on operations on directories to handle deletion of files or change of access rights. • Operations for modifying access rights are another ingredient you may want to use when setting security policies. C. Ding - COMP4631 - L17 13

  14. Basic Problems in Access Control • Who should be in charge of defining access control policies in your security system? • How to express and capture your security policies with a data structure correctly? • How to store your access control policies in your security system? • How to retrieve security policies? • How to make your access control system very efficient? C. Ding - COMP4631 - L17 14

  15. Ownership for Manipulating Access Rights C. Ding - COMP4631 - L17 15

  16. Ownership (1) • Security policies specify how subjects are allowed to access objects . • Who is in charge of setting the policy? – The owner of a resource decrees who is allowed to have access. Such a policy may be called discretionary as access control is at the owner’s discretion. – A system wide policy decrees who is allowed to have access. Such a policy may be called mandatory. C. Ding - COMP4631 - L17 16

  17. Ownership (2) • Most operating systems support the concept of ownership of a resource and consider ownership when making access control decisions. • Operations for manipulating access rights are grant and revoke. C. Ding - COMP4631 - L17 17

  18. How to Capture and Implement Access Control Policies • Access decision is based on a set of access control policies • What data structure should be used to express the set of policies? • How to make an access decision as quickly as possible? C. Ding - COMP4631 - L17 18

  19. Access Control Structures • Several options for defining access control : – The access control structure should allow you to express the access control policy you want to enforce. – You should be able to check that your policy has been captured correctly. • Access rights can be defined individually for each combination of subject and object. • For large numbers of subjects and objects, such structures are cumbersome to manage. Intermediate levels of control are preferable. C. Ding - COMP4631 - L17 19

  20. Access Control Matrix • Notation: – S … set of subjects – O … set of objects – A … set of access operations • Access control matrix : M = (M so ) s Î S,o Î O , M so Í A. • The entry M so specifies the operations subject s may perform on object o . bill.doc edit.exe fun.com Alice - {exec} {exec,read} Bob {read,write} {exec} {exec,read,write} C. Ding - COMP4631 - L17 20

  21. Access Control Matrix ctd. • The access control matrix is – an abstract concept – not very suitable for direct implementation – not very convenient for managing security C. Ding - COMP4631 - L17 21

  22. Capabilities • Focus on the subject – access rights are stored with the subject – capabilities º rows of the access control matrix Alice edit.exe: {exec} fun.com: {exec,read} • Subjects may grant rights to other subjects. Subjects may grant the right to grant rights. • Problems: – How to check who may access a specific object? – How to revoke a capability? • Distributed system security has created renewed interest in capabilities. C. Ding - COMP4631 - L17 22

  23. Access Control with Capability in HKUST Room 001 Computer 111 Printer 1234 …………… TV 999 Yes No Yes ………. No Capability for Cunsheng Ding in HKUST C. Ding - COMP4631 - L17 23

  24. Access Control Lists (ACLs) • Focus on the object – access rights are stored with the object – ACLs º columns of the access control matrix fun.com Alice: {exec} Bill: {exec,read,write} • Access rights are defined for groups of users. – Unix: owner, group, others • Problem: How to check access rights of a specific subject? • ACLs are typical for certain secure operating systems. C. Ding - COMP4631 - L17 24

  25. Access Control with ACL in HKUST Cunsheng Ding Yes John Wong No Paul Wu Yes ………. ……. Alice Fu No ACL for Color Printer 111111 C. Ding - COMP4631 - L17 25

  26. How to Make Access Control Efficiently? C. Ding - COMP4631 - L17 26

  27. Intermediate Controls - Groups • Groups are an intermediate layer between users & objects. users groups objects • To deal with special cases, negative permissions withdraw rights users groups objects C. Ding - COMP4631 - L17 27

  28. Partial orderings • A partial ordering £ (`less or equal’) on a set L is relation on L (i.e., subset of L x L ) that is – reflexive: for all a Î L , a £ a – transitive: for all a,b,c Î L , if a £ b and b £ c , then a £ c – antisymmetric: for all a,b Î L , if a £ b and b £ a , then a=b • An example for a partial ordering is the subset relation Í on a power set P(C). • REMARK: A partial order may be used to define an access control policy. C. Ding - COMP4631 - L17 28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions Protection objects : system resources for which protection is

576 views • 21 slides
Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of Access Control Discretionary acces control Mandatory access control Real systems: Unix Access Control Model Access control Access

817 views • 47 slides
Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control? How Is Access Determined? Who Determines Access? Forms of Access Control SELinux Booleans iptables File Access Control Lists Apache Access Control

711 views • 36 slides
1 General Access Control General Access Control Control of access to memory relatively easy:

1 General Access Control General Access Control Control of access to memory relatively easy:

Role of Access Control Before closing back doors we need to close front doors Access control: determines access to files & processes in OS Fall 2008 We will return to these themes throughout the course Fall 2008 CS

512 views • 6 slides
SYSTEM DIAGRAMS Door Entry & Access Control ACCESS CONTROL ACCESS CONTROL Allowing

SYSTEM DIAGRAMS Door Entry & Access Control ACCESS CONTROL ACCESS CONTROL Allowing

SYSTEM DIAGRAMS Door Entry & Access Control ACCESS CONTROL ACCESS CONTROL Allowing residents / staff access to site areas Main entrance Vehicle entrances Pedestrian entrances Gate / Barrier entrance Bin / Bike / Refuge

336 views • 14 slides
Overview Basic Principles Access Control Methodologies Controls Access Control Designs

Overview Basic Principles Access Control Methodologies Controls Access Control Designs

Overview Basic Principles Access Control Methodologies Controls Access Control Designs Access Control Administration Accountability Chapter 2 Access Control Models Identification and Authentication Methods Lecturer:

708 views • 9 slides
Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control

Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control

Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control Introduction to Computer Security Access control, contd Announcements intermission Stephen McCamant Capability-based access control University

380 views • 7 slides
D2: Access Control #2: Access cess Contr trol ol Similar to OWASP Top 10 Insufficient

D2: Access Control #2: Access cess Contr trol ol Similar to OWASP Top 10 Insufficient

D2: Access Control #2: Access cess Contr trol ol Similar to OWASP Top 10 Insufficient access control and authentication checks Insecure access control methods Private, internal functions and data are accessible through a

547 views • 11 slides
Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP is a

Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP is a

Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP is a simple, modular approach to networked access control with scalability in mind. Easy management from a central location PC from anywhere with an

196 views • 9 slides
Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of

Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of

Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of achieving confiden5ality and integrity) Who can access What Objects : Subjects : Files/ Programs/ Sockets/ User/ process/ applica5on Hardware/

985 views • 46 slides
Outline Basics of access control Unix-style access control CSci 5271 Introduction to Computer

Outline Basics of access control Unix-style access control CSci 5271 Introduction to Computer

Outline Basics of access control Unix-style access control CSci 5271 Introduction to Computer Security Announcements intermission Day 10: OS security: access control Multilevel and mandatory access control Stephen McCamant University of

324 views • 10 slides
Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of

Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of

Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of achieving confidentiality and integrity) Who can access What Objects : Subjects : Files/ Programs/ Sockets/ User/ process/ application

1.31k views • 50 slides
Access Control Mechanisms Week 6 1 CEN-5079: 7.March.2019 Why Access Control Following

Access Control Mechanisms Week 6 1 CEN-5079: 7.March.2019 Why Access Control Following

Access Control Mechanisms Week 6 1 CEN-5079: 7.March.2019 Why Access Control Following authentication, we need to decide what the subject can access 1 Read F 1 OK 2 Bob Write to F Alice 2 F NO ! 3 Execute G G 3 OK

596 views • 56 slides
Insecure Direct Object Reference IDOR ( Broken Access Control ) IDOR ( Broken Access Control ) ~#

Insecure Direct Object Reference IDOR ( Broken Access Control ) IDOR ( Broken Access Control ) ~#

Insecure Direct Object Reference IDOR ( Broken Access Control ) IDOR ( Broken Access Control ) ~# whoami Eric Biako Bsc. IT, CEH v9 Information security officer @ E-connecta Moderator @ https://legalhackmen.com IDOR ( Broken Access Control )

517 views • 12 slides
Access Control SecAppDev 2016 Maarten Decat maarten.decat@kuleuven.be @maartendecat What is

Access Control SecAppDev 2016 Maarten Decat maarten.decat@kuleuven.be @maartendecat What is

Access Control SecAppDev 2016 Maarten Decat maarten.decat@kuleuven.be @maartendecat What is access control? Access control is the part of security that constrains the actions that are performed in a system based on access control rules .

1.4k views • 113 slides
1 Types of Power-Saving MACs The Sensor MAC (S-MAC) Three distinct classes of power-saving

1 Types of Power-Saving MACs The Sensor MAC (S-MAC) Three distinct classes of power-saving

What Is Media Access Control? Media Access Control (MAC) determines who gets access to the shared medium, and when Media Access Control In wired settings, usually just tries to avoid Greg Hackmann contention In wireless settings, can

399 views • 7 slides
Network Verification Using Atomic Network Verification Using Atomic Predicates Predicates Ne

Network Verification Using Atomic Network Verification Using Atomic Predicates Predicates Ne

Network Verification Using Atomic Network Verification Using Atomic Predicates Predicates Ne two rk Ve rific atio n U sing Ato mic Pre dic ate s (S. S. L am) 1 3/ 28/ 2017 Difficulty in Managing Large Networks Difficulty in Managing Large

760 views • 44 slides
access control 1 last time two phase commit and delayed messages simplifjcations in assignment

access control 1 last time two phase commit and delayed messages simplifjcations in assignment

access control 1 last time two phase commit and delayed messages simplifjcations in assignment quorum consensus: not requiring unanimity goal: use nodes for redundancy, but keep them consistent keep operating when suffjciently many nodes are

1k views • 62 slides
Access Control CS461/ECE422 Spring 2012 Reading Material

Access Control CS461/ECE422 Spring 2012 Reading Material

Access Control CS461/ECE422 Spring 2012 Reading Material Chapter 4 through sec=on 4.5 Chapters 25 and 26 For the access control aspects of

967 views • 40 slides
Security Concepts (cont) Deian Stefan Slides adopted from Kirill Levchenko and Stefan Savage

Security Concepts (cont) Deian Stefan Slides adopted from Kirill Levchenko and Stefan Savage

CSE 127: Computer Security Security Concepts (cont) Deian Stefan Slides adopted from Kirill Levchenko and Stefan Savage Incentives and Deterrents Attackers equation: (expected gain) > (cost of attack) Defenders equation:

301 views • 28 slides
SDSI -- A S imple D istributed S ecurity I nfrastructure by Ronald L. Rivest MIT Lab for Computer

SDSI -- A S imple D istributed S ecurity I nfrastructure by Ronald L. Rivest MIT Lab for Computer

SDSI -- A S imple D istributed S ecurity I nfrastructure by Ronald L. Rivest MIT Lab for Computer Science (joint work with Butler Lampson) Outline Context and history Motivation and goals SDSI: syntax public keys (principals)

717 views • 32 slides
0117401: Operating System Chapter 11: File system

0117401: Operating System Chapter 11: File system

0117401: Operating System Chapter 11: File system interface() xlanchen@ustc.edu.cn http://staff.ustc.edu.cn/~xlanchen Computer Application Laboratory, CS, USTC @ Hefei Embedded System

1.21k views • 62 slides
CS 134: Operating Systems File System Design Choices 1 / 23 Overview CS34 Overview

CS 134: Operating Systems File System Design Choices 1 / 23 Overview CS34 Overview

CS34 2012-12-06 CS 134: Operating Systems File System Design Choices CS 134: Operating Systems File System Design Choices 1 / 23 Overview CS34 Overview 2012-12-06 Allocation Overall Organization Overview What to Store Metadata

596 views • 23 slides
Security Security as term, Possible Security violations Authentication Criteria for

Security Security as term, Possible Security violations Authentication Criteria for

BS1 WS19/20 topic-based slides Security Security as term, Possible Security violations Authentication Criteria for Trust in Computer Systems Three hearts of Windows Security DACLs A Look at Security System is secure if

988 views • 20 slides

More recommend