no shared accounts in open systems it should rely on
play

= no shared accounts In open systems it should rely on authenticity - PDF document

Dec 25, 2022 •630 likes •1.41k views

Access Control Pierangela Samarati Dipartimento di Tecnologie dellInformazione Universit` a degli Studi di Milano e mail: samarati@dti.unimi.it FOSAD 2008 1 Privacy and Data Protection Pierangela Samarati c Access control It

  1. Access Control Pierangela Samarati Dipartimento di Tecnologie dell’Informazione Universit` a degli Studi di Milano e mail: samarati@dti.unimi.it FOSAD 2008 1 Privacy and Data Protection � Pierangela Samarati c Access control • It evaluates access requests to the resources by the authenticated users and, based on some access rules, it determines whether they must be granted or denied. – It may be limited to control only direct access. – It may be enriched with inference, information flow, and non-interference controls 2 Privacy and Data Protection � Pierangela Samarati c

  2. Access Control vs other services Correctness of access control rests on • Proper user identification/authentication ⇒ No one should be able to acquire the privileges of someone else • Correctness of the authorizations against which access is evaluated (which must be protected from improper modifications) 3 Privacy and Data Protection � Pierangela Samarati c Access Control and Authentication • Authentication also necessary for accountability and establishing responsability. • Each principal (logged subject) should correspond to a single user = ⇒ no shared accounts • In open systems it should rely on authenticity of the information, in contrast to authenticity of the identity (authentication) 4 Privacy and Data Protection � Pierangela Samarati c

  3. Policies, Models, and Mechanisms In studying access control, it is useful to separate • Policy: it defines (high-level) guidelines and rules describing the accesses to be authorized by the system (e.g., closed vs open policies) – often the term policy is abused and used to refer to actual authorizations (e.g., Employees can read bullettin-board) • Model: it formally defines the access control specification and enforcement. • Mechanism: it implements the policies via low level (software and hardware) functions 5 Privacy and Data Protection � Pierangela Samarati c Separation between policies and mechanisms The separation between policies and mechanisms allows us to: • Discuss access requirements independent of their implementation • Compare different access control policies as well as different mechanisms that enforce the same policy • Design mechanisms able to enforce multiple policies 6 Privacy and Data Protection � Pierangela Samarati c

  4. Access control mechanisms – 1 Based on the definition of a reference monitor that must be • tamper-proof: cannot be altered • non-bypassable: mediates all accesses to the system and its resources • security kernel confined in a limited part of the system (scattering security functions all over the system implies all the code must be verified) • small enough to be susceptible of rigorous verification methods 7 Privacy and Data Protection � Pierangela Samarati c Access control mechanisms – 2 The implementation of a correct mechanism is far from being trivial and is complicated by need to cope with • storage channels (residue problem) Storage elements such as memory pages and disk sectors must be cleared before being released to a new subject, to prevent data scavenging • covert channels Channels that are not intended for information transfer (e.g., program’s effect on the system load) that can be exploited to infer information Assurance How well does the mechanism do? 8 Privacy and Data Protection � Pierangela Samarati c

  5. Saltzer and Schroeder design principles – 1 • Economy of mechanism – the protection mechanism should have a simple and small design. • Fail-safe defaults – the protection mechanism should deny access by default, and grant access only when explicit permission exists. • Complete mediation – the protection mechanism should check every access to every object. • Open design – the protection mechanism should not depend on attackers being ignorant of its design to succeed; it may however be based on the attacker’s ignorance of specific information such as passwords or cipher keys. 9 Privacy and Data Protection � Pierangela Samarati c Saltzer and Schroeder design principles – 2 • Separation of privileges – the protection mechanism should grant access based on more than one piece of information. • Least privilege – the protection mechanism should force every process to operate with the minimum privileges needed to perform its task. • Least common mechanism – the protection mechanism should be shared as little as possible among users. • Psychological acceptability – the protection mechanism should be easy to use (at least as easy as not using it). 10 Privacy and Data Protection � Pierangela Samarati c

  6. Access control development process Multi-phase approach from policies ..... to mechanism Passes through the definition of an • Access control model that formally defines the access control specification and enforcement. The model must be – complete: It should encompass all the security requirements that must be represented – consistent: Free of contradictions; e.g., it cannot both deny and grant an access at the same time The definition of a formal model allows the proof of properties on the system. By proving that the model is “secure” and that the mechanism correctly implements the model we can argue that the system is “secure” (according to our definition of secure). 11 Privacy and Data Protection � Pierangela Samarati c Security policies Security policies can be distinguished in Access control policies: define who can (or cannot) access the resources. Three main classes: • Discretionary (DAC) policies • Mandatory (MAC) policies • Role-based (RBAC) policies Administrative policies: define who can specify authorizations/rules governing access control Coupled with DAC and RBAC 12 Privacy and Data Protection � Pierangela Samarati c

  7. Discretionary (DAC) policies: basic approaches 13 Privacy and Data Protection � Pierangela Samarati c Discretionary policies Enforce access control on the basis of • the identity of the requestors (or on properties they have) • and explicit access rules that establish who can or cannot execute which actions on which resources They are called discretionary as users can be given the ability of passing on their rights to other users (granting and revocation of rights regulated by an administrative policy) 14 Privacy and Data Protection � Pierangela Samarati c

  8. Access Matrix Model It provides a framework for describing protection systems. Often reported as HRU model (from later formalization by Harrison, Ruzzo, and Ullmann) Called access matrix since the authorization state (or protection system) is represented as a matrix Abstract representation of protection system found in real systems (many subsequent systems may be classified as access matrix-based) 15 Privacy and Data Protection � Pierangela Samarati c Access Matrix Model – protection state State of the system defined by a triple (S,O,A) where • S set of subjects (who can exercise privileges) • O set of objects (on which privileges can be exercised) subjects may be considered as objects, in which case S ⊆ O • A access matrix, where – rows correspond to subjects – columns correspond to objects – A [ s, o ] reports the privileges of s on o Changes of states via commands calling primitive operations: enter r into A [ s, o ] , delete r from A [ s, o ] , create subject s ′ , destroy subject s ′ , create object o ′ , destroy object o ′ 16 Privacy and Data Protection � Pierangela Samarati c

  9. Access Matrix – Example File 1 File 2 File 3 Program 1 own read execute Ann read write write Bob read read write Carl read execute read 17 Privacy and Data Protection � Pierangela Samarati c Commands Changes to the state of a system modeled by a set of commands of the form command c ( x 1 , . . . , x k ) if r 1 in A [ x s 1 , x o 1 ] and r 2 in A [ x s 2 , x o 2 ] and ........... r m in A [ x s m , x o m ] then op 1 op 2 ........... op n end r 1 , ..., r m are access modes; s 1 , ..., s m and o 1 , ..., o m are integers between 1 and k . If m =0, the command has no conditional part. 18 Privacy and Data Protection � Pierangela Samarati c

  10. Commands – Examples command CREATE(subj,file) create object file enter Own into A [ subj,file ] end. command CONFERread(owner,friend,file) if Own in A [ owner,file ] then enter Read into A [ friend,file ] end. command REVOKEread(subj,exfriend,file) if Own in A [ subj,file ] then delete Read from A [ exfriend,file ] end. 19 Privacy and Data Protection � Pierangela Samarati c Transfer of privileges Delegation of authority can be accomplished by attaching flags to privileges (e.g., ∗ copy flag; + transfer only flag) • copy flag (*): the subject can transfer the privilege to others command TRANSFERread(subj,friend,file) if Read* in A [ subj,file ] then enter Read into A [ friend,file ] end. • transfer-only flag (+): the subject can transfer to other the privilege (and the flag on it); but so doing it loses the authorization. command TRANSFER-ONLYread(subj,friend,file) if Read+ in A [ subj,file ] then delete Read+ from A [ subj,file ] enter Read+ from A [ friend,file ] end. 20 Privacy and Data Protection � Pierangela Samarati c

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

SEEA uses the accounting approach to integrates many data sets SEEA accounts can rely up to

SEEA uses the accounting approach to integrates many data sets SEEA accounts can rely up to

SEEA uses the accounting approach to integrates many data sets SEEA accounts can rely up to numerous data sources, covering such areas as o energy o environment o agriculture o economy o ecosystems These data sources are combined to

643 views • 3 slides
Maintaining Individual Traceability in Shared Project Accounts with CEDPS/VDT Tools Shreyas

Maintaining Individual Traceability in Shared Project Accounts with CEDPS/VDT Tools Shreyas

Maintaining Individual Traceability in Shared Project Accounts with CEDPS/VDT Tools Shreyas Cholia Software Group, NERSC OSG All Hands-Meeting, Baton Rouge LA, March 2009 Motivation for Project Accounts at NERSC Analogous to OSG group

87 views • 4 slides
Restricted Community Accounts Securing Science Gateways at the Account Level Kevin J. Price

Restricted Community Accounts Securing Science Gateways at the Account Level Kevin J. Price

Restricted Community Accounts Securing Science Gateways at the Account Level Kevin J. Price June 14 th , 2006 Background Many Science Gateways use community accounts, a form of shared account Shared accounts are a potential weak

729 views • 26 slides
Distributed Shared Memory Shared memory : difficult to realize vs . easy to program with.

Distributed Shared Memory Shared memory : difficult to realize vs . easy to program with.

CSCE 613 : Operating Systems Memory Models CSCE 613: Interlude: Distributed Shared Memory Shared Memory Systems Consistency Models Distributed Shared Memory Systems page based shared-variable based Reading (old!):

679 views • 21 slides
The 3 phases of successful open software companies More than 78% of enterprises run on open

The 3 phases of successful open software companies More than 78% of enterprises run on open

DrupalCon Dublin - September 28th, 2016 by Taco The 3 phases of successful open software companies More than 78% of enterprises run on open source Fewer than 3% indicate they dont rely on open software in any way Market survey by Black

883 views • 55 slides
Student Accounts Presentation Student Accounts Student Accounts Our mission: Operate

Student Accounts Presentation Student Accounts Student Accounts Our mission: Operate

Student Accounts Presentation Student Accounts Student Accounts Our mission: Operate efficiently to provide excellent Bouillon Hall 110 customer service for students, parents, (509) 963-3546 university departments, and third parties.

676 views • 33 slides
Distributed Shared Memory Distributed Shared Memory Systems Page based

Distributed Shared Memory Distributed Shared Memory Systems Page based

Operating Systems DSM Distributed Shared Memory Distributed Shared Memory Systems Page based Shared-variable based Consistency Models Strict consistency Sequential consistency Release consistency

320 views • 11 slides
Divide and conquer Shared disk cluster file systems shipped with the Linux kernel Udo Seidel

Divide and conquer Shared disk cluster file systems shipped with the Linux kernel Udo Seidel

Divide and conquer Shared disk cluster file systems shipped with the Linux kernel Udo Seidel Shared file systems Multiple server access same data Different approaches Network based, e.g. NFS, CIFS Clustered Shared disk,

768 views • 40 slides
Windows Not just for houses Everyone Uses Windows! Users - Accounts to separate people on a

Windows Not just for houses Everyone Uses Windows! Users - Accounts to separate people on a

Windows Not just for houses Everyone Uses Windows! Users - Accounts to separate people on a computer - Multiple user accounts on a computer - Ex) shared family computer - Access level can be set differently for each user - Ex) parent

1.09k views • 66 slides
Windows Not just for houses Everyone Uses Windows! (sorry James!) Users - Accounts to separate

Windows Not just for houses Everyone Uses Windows! (sorry James!) Users - Accounts to separate

Windows Not just for houses Everyone Uses Windows! (sorry James!) Users - Accounts to separate people on a computer - Multiple user accounts on a computer - Ex) shared family computer - Access level can be set differently for each user

1.2k views • 51 slides
Windows Not just for houses Everyone Uses Windows! Users - Accounts to separate people on a

Windows Not just for houses Everyone Uses Windows! Users - Accounts to separate people on a

Windows Not just for houses Everyone Uses Windows! Users - Accounts to separate people on a computer - Multiple user accounts on a computer - Ex) shared family computer - Access level can be set differently for each user - Ex) parent

689 views • 51 slides
Shared Memory Programming Introduction to OpenMP Overview Shared memory systems Basic

Shared Memory Programming Introduction to OpenMP Overview Shared memory systems Basic

Shared Memory Programming Introduction to OpenMP Overview Shared memory systems Basic Concepts in OpenMP Brief history of OpenMP Compiling and running OpenMP programs Shared memory systems OpenMP is designed for programming

473 views • 26 slides
Open Standards and Open Architecture in Global Health:

Open Standards and Open Architecture in Global Health:

Open Standards and Open Architecture in Global Health: Improving Lives with Open Source Paul Biondich, Ed Jezierski, Dykki SeFle, Derek Ritz Shared

160 views • 13 slides
MI MI and Shared MI MI and Shared and Shared Decision Making and Shared Decision Making

MI MI and Shared MI MI and Shared and Shared Decision Making and Shared Decision Making

The project PRECIOUS has received funding from the European Union s Seventh Framework Programme under Grant Agreement n 611366" MI MI and Shared MI MI and Shared and Shared Decision Making and Shared Decision Making Decision Making

412 views • 20 slides
Interprocess Communication Mechanisms shared storage shared virtual memory shared files

Interprocess Communication Mechanisms shared storage shared virtual memory shared files

Interprocess Communication 1 Interprocess Communication Mechanisms shared storage shared virtual memory shared files message-based signals sockets pipes . . . CS350 Operating Systems Winter 2015 Interprocess

669 views • 18 slides
Accounts & Audit Books of accounts to be kept by a company Definition: Books of Accounts

Accounts & Audit Books of accounts to be kept by a company Definition: Books of Accounts

Section 9 Accounts & Audit Books of accounts to be kept by a company Definition: Books of Accounts [Section 2(11)] Include records maintained in respect of all sums of money received and expended by a company and matters in relation to

462 views • 20 slides
Portfolio Management Financial Markets, Day 4, Class 1 Jun Pan Shanghai Advanced Institute of

Portfolio Management Financial Markets, Day 4, Class 1 Jun Pan Shanghai Advanced Institute of

Portfolio Management Financial Markets, Day 4, Class 1 Jun Pan Shanghai Advanced Institute of Finance (SAIF) Shanghai Jiao Tong University April 21, 2019 Financial Markets, Day 4, Class 1 Portfolio Management Jun Pan 1 / 52 Outline for Day

803 views • 52 slides
Charmonium decays at the BESIII experiment Hu Jifeng for BESIII Collaboration Graduate

Charmonium decays at the BESIII experiment Hu Jifeng for BESIII Collaboration Graduate

Charmonium decays at the BESIII experiment Hu Jifeng for BESIII Collaboration Graduate University of Chinese Academy of Science Beijing, China Jun. 13-17, 2011, Hadron2011, Muchen, Germany 6/13/2011 HU Jifeng 1 Outline BEPCII/BESIII

791 views • 33 slides
Limited English Proficiency (LEP) 2018 CDBG-DR Problem Solving Clinic Atlanta, GA | D e c e m b

Limited English Proficiency (LEP) 2018 CDBG-DR Problem Solving Clinic Atlanta, GA | D e c e m b

Limited English Proficiency (LEP) 2018 CDBG-DR Problem Solving Clinic Atlanta, GA | D e c e m b e r 1 2 - 1 4 , 2 0 1 8 2018 CDBG-DR PROGRAM Welcome & Speakers Session Objectives To help grantees understand the limited English

550 views • 25 slides
Mathematical Background Chester Rebeiro January 22, 2018 Modular Arithmetic Division Theorem

Mathematical Background Chester Rebeiro January 22, 2018 Modular Arithmetic Division Theorem

Mathematical Background Chester Rebeiro January 22, 2018 Modular Arithmetic Division Theorem Let n be a positive integer Let a be any integer a / n leaves a quotient q and remainder r such that a = qn + r 0 r < n ; q = a /

1.11k views • 79 slides
On the Algorithmic Power of Spiking Neural Networks Chi-Ning Chou Kai-Min Chung Chi-Jen Lu

On the Algorithmic Power of Spiking Neural Networks Chi-Ning Chou Kai-Min Chung Chi-Jen Lu

On the Algorithmic Power of Spiking Neural Networks Chi-Ning Chou Kai-Min Chung Chi-Jen Lu Harvard University Academia Sinica Academia Sinica ITCS 2019 Chi-Ning Chou (Harvard University) On the Algorithmic Power of Spiking Neural Networks

1.37k views • 83 slides
Announcements: - Thank you for participating in our mid-quarter evaluation Thank you for

Announcements: - Thank you for participating in our mid-quarter evaluation Thank you for

Announcements: - Thank you for participating in our mid-quarter evaluation Thank you for participating in our homework feedback polls! - - Course project - Average was ~80% Dont worry about grade but take feedback seriously - -

423 views • 41 slides
PREVENTING THE THREATS OF TOMORROW AND BEYOND Jonathan Kaftzan VP Product marketing &

PREVENTING THE THREATS OF TOMORROW AND BEYOND Jonathan Kaftzan VP Product marketing &

PREVENTING THE THREATS OF TOMORROW AND BEYOND Jonathan Kaftzan VP Product marketing & innovation Is Prevention Possible? 2 Private and confidential FROM PREVENTION TO DETECTIONAND BACK Prevention An Antivir virus us: Polymor

735 views • 29 slides
Classification Problems From Regression to Classification x } Suppose we have two classes of

Classification Problems From Regression to Classification x } Suppose we have two classes of

Review: The General Learning Problem } We want to learn functions from inputs to outputs, where each input has n features: Inputs h x 1 , x 2 , . . . , x n i , with each feature x i from domain X i . Outputs y from domain Y . Function to learn: f :

689 views • 7 slides

More recommend