ACCESS CONTROL pdf
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (175.15 KB, 32 trang )
ACCESS CONTROL
William Newton
May 2, 2007
University of Maryland, Baltimore County
What is access control?
“Access control includes authentication,
authorization and audit. It also includes measures
such as physical devices, including biometric scans
and metal locks, hidden paths, digital signatures,
encryption, social barriers, and monitoring by
humans and automated systems.”
Wikipedia
What is access control?
Something you know
Passwords
“Perfect Passwords” by M. Burnett & D.
Kleiman
Something you are
Fingerprint, Iris, Face
Something you have
Token, RFID, Key
Something you know
Passwords
Most passwords can be guessed or cracked
Password policies frustrate users.
Administrators give users a default password
U2n*9kh!
Passwords that follow company procedures are
hard to remember….or are they? Be creative!
Categorize your passwords
Consider a policy that requires a 15 character
password with a character from each character
set:
Something you are
Biometrics
False positives – bad
guy positively
identified as a good
guy
False negatives –
good guy is not
recognized at all
Fingerprint technology
becoming a standard
feature.
Something you have
Physical
Token
Radio Frequency Identification (RFID)
RFID Implants
Problem: Physical security and Replay
Attacks
Shmoocon 2006 – Adam Laurie:
“RFIDiots”
Access Control Approaches
Discretionary Access Control (DAC)
Mandatory Access Control (MAC)
Context-Based Access Control (CBAC)
Role-Based Access Control (RBAC)
Lattice-Based Access Control (LBAC)
Discretionary Access Control
Restrict access to objects based on
the owner of the objects
Bob owner of money.txt
Bob can grant read privileges to Alice to
money.txt.
Security Concern – Buffer Overflow
attack to spawn a shell with root
privileges
Mandatory Access Control
Restrict access to an object based on
the classification of the object.
Policy restricts access
Various levels of control
Disallow programs to open sockets
Render “root” useless
Associate a role to every subject
Buffer Overflow attack for root (or any
other user)
Context-Based Access Control
Filters traffic through a network interface
(Firewall)
Analyze information at the network,
transport, and application layers.
Ex: TCP use multiple channels to handle
connection setup and communications.
Provides: DoS, alerts, auditing, blocking
Role Based Access Control
Roles created for specific functions
Permissions are associated to each
role
Not concerned with object context
Subjects may have access to several
roles [many-to-many relationship]
System management becomes easier
Four RBAC Models
Role Based Access Control
Four models
Core – minimum collection of RBAC elements,
element sets, and relations
Hierarchical – mathematical partial ordering
which defines a hierarchical relationship
between roles
Static Separation of Duty Relations (SSDR) –
Exclusivity relations among roles
Dynamic Separation of Duty Relations (DSDR) –
Multiple roles, but one at a time
RBAC – Core Model
minimum collection of RBAC elements,
element sets, and relations
Image Borrowed From: “Proposal for Fast-Tracking NIST Role-Based Access Control
Standard” by Ferraiolo, Kuhn, and Sandhu
RBAC – Hierarchical Model
mathematical partial ordering which defines a
hierarchical relationship between roles
Image Borrowed From: “Proposal for Fast-Tracking NIST Role-Based Access Control
Standard” by Ferraiolo, Kuhn, and Sandhu
RBAC - SSDR
Static Separation of Duty Relations
Exclusivity relations among roles
Image Borrowed From: “Proposal for Fast-Tracking NIST Role-Based Access Control
Standard” by Ferraiolo, Kuhn, and Sandhu
RBAC - DSDR
Dynamic Separation of Duty Relations
Image Borrowed From: “Proposal for Fast-Tracking NIST Role-Based Access Control
Standard” by Ferraiolo, Kuhn, and Sandhu
Lattice-Based Access Control
Information flow is
controlled from one
security class to
another.
Based around a
security model (Bell
LaPadula Model,
Biba Model)
Lattice-Based Access Control
Partial ordering over a set of element
Notation:
b dominates a
System High – One element dominates all the
elements in the set
System Low – One element that is dominated by all
the elements in the set
Lattice-Based Access Control
Image borrowed from “Computer Security” by Dieter Gollmann
Lattice-Based Access Control
Image borrowed from “Computer Security” by Dieter Gollmann
Bell LaPadula Model
Simple Security property (SS) – (No read up): The
classification of the object must be no higher than
the classification of the subject for reading
operations.
*-property – (No write down): The classification of
the object must be no lower than the classification
of the subject for writing operations.
Discretionary Security property (DS) – An access
matrix is used for DAC
A state is secure if all three properties are satisfied.
Biba (Integrity) Model
Simple integrity property – (No write up):
The classification of the subject must be at
most the classification of the object for
writing operations.
*-property – (No read down): The
classification of the subject must be at least
the classification of the object for read
operations.
Other Security Models
Harrison-Ruzzo-Ullman Model
Authorization system that allows changing of access
rights in a matrix and the creation/deletion of
subjects/objects.
Chinese Wall Model
Used in consulting firms
Restricts information across channels that causes a
conflict of interest
Clark-Wilson Model
Models data integrity and concurrency control in
commercial applications.
Access Control Structures
Definitions:
S set of subjects
O set of objects
A set of access operations
Access Control Matrix (ACM)
M = (M
so
)
s in S, o in O
with M
so
Capabilities
By Subject
Access Control List (ACL)
By Object
Intermediate Controls
Used to implement the ACM in large
complex systems
Groups & Negative Permissions
Protections Rings
Abilities (Partial Ordering)
Data structure that starts with a “.” followed
by a list of integers separated by “.”s.
Ex: .5.4.3, .4.3.2.1, .2.1
Privileges
