access control
play

Access Control Information Security Dr Hans Georg Schaathun - PowerPoint PPT Presentation

Oct 09, 2023 •199 likes •883 views

Access Control Information Security Dr Hans Georg Schaathun University of Surrey Autumn 2011 Week 9 Dr Hans Georg Schaathun Access Control Autumn 2011 Week 9 1 / 1 The session Outline Dr Hans Georg Schaathun Access Control

  1. Access Control Information Security Dr Hans Georg Schaathun University of Surrey Autumn 2011 – Week 9 Dr Hans Georg Schaathun Access Control Autumn 2011 – Week 9 1 / 1

  2. The session Outline Dr Hans Georg Schaathun Access Control Autumn 2011 – Week 9 2 / 1

  3. The session Session objectives Introduce fundamental terminology of access control Understand principles of privilege management and identity management Dr Hans Georg Schaathun Access Control Autumn 2011 – Week 9 3 / 1

  4. Access control Outline Dr Hans Georg Schaathun Access Control Autumn 2011 – Week 9 4 / 1

  5. Access control Model Outline Dr Hans Georg Schaathun Access Control Autumn 2011 – Week 9 5 / 1

  6. � � � Access control Model The request Reference principal Do Operation Object Monitor ACL Request Source Guard Resource Authentication Authorisation Dr Hans Georg Schaathun Access Control Autumn 2011 – Week 9 6 / 1

  7. � � � Access control Model The request Reference principal Do Operation Object Monitor ACL Request Source Guard Resource Authentication Authorisation Dr Hans Georg Schaathun Access Control Autumn 2011 – Week 9 6 / 1

  8. � � � Access control Model The request Reference principal Do Operation Object Monitor ACL Request Source Guard Resource Authentication Who made the request R ? Authorisation Dr Hans Georg Schaathun Access Control Autumn 2011 – Week 9 6 / 1

  9. � � � Access control Model The request Reference principal Do Operation Object Monitor ACL Request Source Guard Resource Authentication Who made the request R ? Authorisation Dr Hans Georg Schaathun Access Control Autumn 2011 – Week 9 6 / 1

  10. � � � Access control Model The request Reference principal Do Operation Object Monitor ACL Request Source Guard Resource Authentication Who made the request R ? Authorisation Who is trusted to access an object o ? Who is trusted to have request R granted? Dr Hans Georg Schaathun Access Control Autumn 2011 – Week 9 6 / 1

  11. Access control Model Subjects and objects A subject is an active entitity within an IT system e.g. user, process An object is a resource that (some) subject may access or use. e.g. files, printers, memory A principal is an entity that can be granted access to objects or can make statements affecting access control decissions. distinction subject/principal is not always necessary a subject (process) may act on behalf of a subject (user) Dr Hans Georg Schaathun Access Control Autumn 2011 – Week 9 7 / 1

  12. Access control Model What is an object? A file — very traditional view (read/write/execute) A system — access or no access An operation — i.e. an action to take A room — access or no access Dr Hans Georg Schaathun Access Control Autumn 2011 – Week 9 8 / 1

  13. Access control Model Authentication and Authorisation Authentication Determine identity. Authorisation Determine privileges. This allows identity based access control. Could you do authorisation without authentication? Dr Hans Georg Schaathun Access Control Autumn 2011 – Week 9 9 / 1

  14. Access control Model Authentication and Authorisation Authentication Determine identity. Authorisation Determine privileges. This allows identity based access control. Could you do authorisation without authentication? Dr Hans Georg Schaathun Access Control Autumn 2011 – Week 9 9 / 1

  15. Access control Model Authentication and Authorisation Authentication Determine identity. Authorisation Determine privileges. This allows identity based access control. Could you do authorisation without authentication? Dr Hans Georg Schaathun Access Control Autumn 2011 – Week 9 9 / 1

  16. Access control Problem Definition Outline Dr Hans Georg Schaathun Access Control Autumn 2011 – Week 9 10 / 1

  17. Access control Problem Definition Four subproblems Identification and Authentication establishing the identity of a subject Identity management managing identities and credentials essential data for authentication Authorisation granting privileges to an identified subject Privilege Management managing mapping of subject to privileges necessary data for authorisation Dr Hans Georg Schaathun Access Control Autumn 2011 – Week 9 11 / 1

  18. Access control Problem Definition Problem Domain Access controll is a general problem ... Operating System File System Web Site Locked Doors Paper Archive Records Database Records Documents (PDF , etc.) Dr Hans Georg Schaathun Access Control Autumn 2011 – Week 9 12 / 1

  19. Privilege Management Outline Dr Hans Georg Schaathun Access Control Autumn 2011 – Week 9 13 / 1

  20. Privilege Management Access modes Outline Dr Hans Georg Schaathun Access Control Autumn 2011 – Week 9 14 / 1

  21. Privilege Management Access modes Access modes Observe i.e. read Limited by confidentiality Alter i.e. append Limited to ensure integrity Execute (running a program) Can you execute without reading? Sometimes; it may be sufficient that the OS reads it. write = read + append (Bell-LaPadula) Dr Hans Georg Schaathun Access Control Autumn 2011 – Week 9 15 / 1

  22. Privilege Management Access modes Access modes Observe i.e. read Limited by confidentiality Alter i.e. append Limited to ensure integrity Execute (running a program) Can you execute without reading? Sometimes; it may be sufficient that the OS reads it. write = read + append (Bell-LaPadula) Dr Hans Georg Schaathun Access Control Autumn 2011 – Week 9 15 / 1

  23. Privilege Management Access modes Access modes Observe i.e. read Limited by confidentiality Alter i.e. append Limited to ensure integrity Execute (running a program) Can you execute without reading? Sometimes; it may be sufficient that the OS reads it. write = read + append (Bell-LaPadula) Dr Hans Georg Schaathun Access Control Autumn 2011 – Week 9 15 / 1

  24. Privilege Management Access modes Discretionary or Mandatory Discretionary Access Control The owner of each resource determines access permissions. Mandatory Access Control A central authority defines a security policy defining access rights This is 4th Design Decision from Gollmann (Ch 2). Centralised or local security control? Dr Hans Georg Schaathun Access Control Autumn 2011 – Week 9 16 / 1

  25. Privilege Management Access modes Access Control Structures Access Control Matrix: [ A s , o ] A s , o is the permissions of Subject s to Object o . A s , o ⊂ { alter , observe } Subject-wise capabilities For each Subject s , maintain a list of rights. Access Control List: object-wise For each Object o , maintain a list of access permissions. suitable for discretionary access control Access data takes a lot of space. Coarser access control is more common. Dr Hans Georg Schaathun Access Control Autumn 2011 – Week 9 17 / 1

  26. Privilege Management Access modes Access Control Structures Access Control Matrix: [ A s , o ] A s , o is the permissions of Subject s to Object o . A s , o ⊂ { alter , observe } Subject-wise capabilities For each Subject s , maintain a list of rights. Access Control List: object-wise For each Object o , maintain a list of access permissions. suitable for discretionary access control Access data takes a lot of space. Coarser access control is more common. Dr Hans Georg Schaathun Access Control Autumn 2011 – Week 9 17 / 1

  27. Privilege Management Access modes Access Control Structures Access Control Matrix: [ A s , o ] A s , o is the permissions of Subject s to Object o . A s , o ⊂ { alter , observe } Subject-wise capabilities For each Subject s , maintain a list of rights. Access Control List: object-wise For each Object o , maintain a list of access permissions. suitable for discretionary access control Access data takes a lot of space. Coarser access control is more common. Dr Hans Georg Schaathun Access Control Autumn 2011 – Week 9 17 / 1

  28. Privilege Management Access modes Access Control Structures Access Control Matrix: [ A s , o ] A s , o is the permissions of Subject s to Object o . A s , o ⊂ { alter , observe } Subject-wise capabilities For each Subject s , maintain a list of rights. Access Control List: object-wise For each Object o , maintain a list of access permissions. suitable for discretionary access control Access data takes a lot of space. Coarser access control is more common. Dr Hans Georg Schaathun Access Control Autumn 2011 – Week 9 17 / 1

  29. Privilege Management Access modes Access Control Structures Access Control Matrix: [ A s , o ] A s , o is the permissions of Subject s to Object o . A s , o ⊂ { alter , observe } Subject-wise capabilities For each Subject s , maintain a list of rights. Access Control List: object-wise For each Object o , maintain a list of access permissions. suitable for discretionary access control Access data takes a lot of space. Coarser access control is more common. Dr Hans Georg Schaathun Access Control Autumn 2011 – Week 9 17 / 1

  30. Privilege Management Intermediate Controls Outline Dr Hans Georg Schaathun Access Control Autumn 2011 – Week 9 18 / 1

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions Protection objects : system resources for which protection is

576 views • 21 slides
Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of Access Control Discretionary acces control Mandatory access control Real systems: Unix Access Control Model Access control Access

817 views • 47 slides
Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control? How Is Access Determined? Who Determines Access? Forms of Access Control SELinux Booleans iptables File Access Control Lists Apache Access Control

711 views • 36 slides
1 General Access Control General Access Control Control of access to memory relatively easy:

1 General Access Control General Access Control Control of access to memory relatively easy:

Role of Access Control Before closing back doors we need to close front doors Access control: determines access to files & processes in OS Fall 2008 We will return to these themes throughout the course Fall 2008 CS

512 views • 6 slides
SYSTEM DIAGRAMS Door Entry & Access Control ACCESS CONTROL ACCESS CONTROL Allowing

SYSTEM DIAGRAMS Door Entry & Access Control ACCESS CONTROL ACCESS CONTROL Allowing

SYSTEM DIAGRAMS Door Entry & Access Control ACCESS CONTROL ACCESS CONTROL Allowing residents / staff access to site areas Main entrance Vehicle entrances Pedestrian entrances Gate / Barrier entrance Bin / Bike / Refuge

336 views • 14 slides
Overview Basic Principles Access Control Methodologies Controls Access Control Designs

Overview Basic Principles Access Control Methodologies Controls Access Control Designs

Overview Basic Principles Access Control Methodologies Controls Access Control Designs Access Control Administration Accountability Chapter 2 Access Control Models Identification and Authentication Methods Lecturer:

708 views • 9 slides
Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control

Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control

Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control Introduction to Computer Security Access control, contd Announcements intermission Stephen McCamant Capability-based access control University

380 views • 7 slides
D2: Access Control #2: Access cess Contr trol ol Similar to OWASP Top 10 Insufficient

D2: Access Control #2: Access cess Contr trol ol Similar to OWASP Top 10 Insufficient

D2: Access Control #2: Access cess Contr trol ol Similar to OWASP Top 10 Insufficient access control and authentication checks Insecure access control methods Private, internal functions and data are accessible through a

547 views • 11 slides
Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP is a

Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP is a

Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP is a simple, modular approach to networked access control with scalability in mind. Easy management from a central location PC from anywhere with an

196 views • 9 slides
Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of

Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of

Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of achieving confiden5ality and integrity) Who can access What Objects : Subjects : Files/ Programs/ Sockets/ User/ process/ applica5on Hardware/

985 views • 46 slides
Outline Basics of access control Unix-style access control CSci 5271 Introduction to Computer

Outline Basics of access control Unix-style access control CSci 5271 Introduction to Computer

Outline Basics of access control Unix-style access control CSci 5271 Introduction to Computer Security Announcements intermission Day 10: OS security: access control Multilevel and mandatory access control Stephen McCamant University of

324 views • 10 slides
Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of

Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of

Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of achieving confidentiality and integrity) Who can access What Objects : Subjects : Files/ Programs/ Sockets/ User/ process/ application

1.31k views • 50 slides
Access Control Mechanisms Week 6 1 CEN-5079: 7.March.2019 Why Access Control Following

Access Control Mechanisms Week 6 1 CEN-5079: 7.March.2019 Why Access Control Following

Access Control Mechanisms Week 6 1 CEN-5079: 7.March.2019 Why Access Control Following authentication, we need to decide what the subject can access 1 Read F 1 OK 2 Bob Write to F Alice 2 F NO ! 3 Execute G G 3 OK

596 views • 56 slides
Insecure Direct Object Reference IDOR ( Broken Access Control ) IDOR ( Broken Access Control ) ~#

Insecure Direct Object Reference IDOR ( Broken Access Control ) IDOR ( Broken Access Control ) ~#

Insecure Direct Object Reference IDOR ( Broken Access Control ) IDOR ( Broken Access Control ) ~# whoami Eric Biako Bsc. IT, CEH v9 Information security officer @ E-connecta Moderator @ https://legalhackmen.com IDOR ( Broken Access Control )

517 views • 12 slides
Access Control SecAppDev 2016 Maarten Decat maarten.decat@kuleuven.be @maartendecat What is

Access Control SecAppDev 2016 Maarten Decat maarten.decat@kuleuven.be @maartendecat What is

Access Control SecAppDev 2016 Maarten Decat maarten.decat@kuleuven.be @maartendecat What is access control? Access control is the part of security that constrains the actions that are performed in a system based on access control rules .

1.4k views • 113 slides
1 Types of Power-Saving MACs The Sensor MAC (S-MAC) Three distinct classes of power-saving

1 Types of Power-Saving MACs The Sensor MAC (S-MAC) Three distinct classes of power-saving

What Is Media Access Control? Media Access Control (MAC) determines who gets access to the shared medium, and when Media Access Control In wired settings, usually just tries to avoid Greg Hackmann contention In wireless settings, can

399 views • 7 slides
COURSE IN INTRODUCT CTION Dr. Benjamin Livshits High-Level Course Logistics 2 https:/

COURSE IN INTRODUCT CTION Dr. Benjamin Livshits High-Level Course Logistics 2 https:/

CSE484/CSE584 COURSE IN INTRODUCT CTION Dr. Benjamin Livshits High-Level Course Logistics 2 https:/ ://courses.c .cs.washin ington.e .edu/courses/cse484/14au Course Logistics 3 Office hours: Tuesday after class Office hours: Mon

826 views • 59 slides
OS Security Basics CS642: Computer Security Professor

OS Security Basics CS642: Computer Security Professor

OS Security Basics CS642: Computer Security Professor Ristenpart h9p://www.cs.wisc.edu/~rist/ rist at cs dot wisc dot edu University of Wisconsin CS 642

985 views • 53 slides
COURSE IN INTRODUCT CTION SECURITY PROPERTIES SECURE DESIG IGN Dr. Ben Livshits High-Level

COURSE IN INTRODUCT CTION SECURITY PROPERTIES SECURE DESIG IGN Dr. Ben Livshits High-Level

CO 445H COURSE IN INTRODUCT CTION SECURITY PROPERTIES SECURE DESIG IGN Dr. Ben Livshits High-Level Course Logistics 2 https:/ ://www.doc.ic ic.ac.uk/~liv livshit its/cla lasses/CO445H/ / Course Logistics 3 Monday: 2-hour time

874 views • 53 slides
Security Security as term, Possible Security violations Authentication Criteria for

Security Security as term, Possible Security violations Authentication Criteria for

BS1 WS19/20 topic-based slides Security Security as term, Possible Security violations Authentication Criteria for Trust in Computer Systems Three hearts of Windows Security DACLs A Look at Security System is secure if

988 views • 20 slides
Secure Architecture Principles Isolation and Least Privilege Access Control Concepts

Secure Architecture Principles Isolation and Least Privilege Access Control Concepts

Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Original slides were created by Prof. John Mitchel and Suman Janna Some slides are from

1.03k views • 58 slides
Lecture 5a: case Study DAC DAC in UNIX Access control policy by Unix: Authorizing

Lecture 5a: case Study DAC DAC in UNIX Access control policy by Unix: Authorizing

Lecture 5a: case Study DAC DAC in UNIX Access control policy by Unix: Authorizing requests that processes make to perform operations on files. File names are used in Unix to name most other system resources, too. All operations

878 views • 40 slides
Security in an Operating System Operating systems need to protect against two types of security

Security in an Operating System Operating systems need to protect against two types of security

H Security Security in an Operating System Operating systems need to protect against two types of security violations: Accidental security violations, e.g.: a program accidentally overwrites a file; a user issues rm -rf *,

6.18k views • 28 slides
Security Overview Different aspects of security User authentication Protection mechanisms

Security Overview Different aspects of security User authentication Protection mechanisms

CS399 New Beginnings Jonathan Walpole Security Overview Different aspects of security User authentication Protection mechanisms Attacks: - trojan horses, spoofing, logic bombs, trap doors, buffer overflow attacks, viruses, worms, mobile

825 views • 59 slides

More recommend