Session objectives. Access control. Subjects and objects. The request. Information Security



Similar documents
Computer security Lecture 3. Access control

Access Control. ITS335: IT Security. Sirindhorn International Institute of Technology Thammasat University ITS335. Access Control.

Part III. Access Control Fundamentals

Outline. INF3510 Information Security University of Oslo Spring Lecture 9 Identity Management and Access Control. The concept of identity

Introduction to Computer Security

INF3510 Information Security University of Oslo Spring Lecture 9 Identity Management and Access Control

Role Based Access Control: Adoption and Implementation in the Developing World

Best Practices, Procedures and Methods for Access Control Management. Michael Haythorn

Access Control Matrix

Reference Guide for Security in Networks

... Lecture 3 Access Control. Information & Communication Security (WS 14/15) Prof. Dr. Kai Rannenberg

Information Security Policy

Access Control. 1 Overview of Access Control. Lecture Notes (Syracuse University) Access Control: 1. What is Access Control?

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 7 Access Control Fundamentals

Chapter 2 Taxonomy and Classification of Access Control Models for Cloud Environments

CIS433/533 - Computer and Network Security Operating System Security

IDENTITY MANAGEMENT. February The Government of the Hong Kong Special Administrative Region

Identity Management and Access Control

BM482E Introduction to Computer Security

CS377: Database Systems Data Security and Privacy. Li Xiong Department of Mathematics and Computer Science Emory University

CIFS Permissions Best Practices Nasuni Corporation Natick, MA

INF3510 Information Security University of Oslo Spring Lecture 8 Identity and Access Management. Audun Jøsang

CS 665: Computer System Security. Designing Trusted Operating Systems. Trusted? What Makes System Trusted. Information Assurance Module

solutions Biometrics integration

CEN 559 Selected Topics in Computer Engineering. Dr. Mostafa H. Dahshan KSU CCIS

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

Access Control Intro, DAC and MAC. System Security

Advanced Authentication

CIS 551 / TCOM 401 Computer and Network Security. Spring 2005 Lecture 4

An Oracle White Paper December Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance

Chapter 23. Database Security. Security Issues. Database Security

Introduction to Computer Security

Security Enhanced Linux and the Path Forward

Introduction to Computer Security

W.A.R.N. Passive Biometric ID Card Solution

MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory. Chapter 11: Active Directory Certificate Services

Copyright: WhosOnLocation Limited

Access Control. Dr George Danezis

TELSTRA RSS CA Subscriber Agreement (SA)

Security Model and Enforcement for Data-Centric Pub/Sub with High Information Assurance Requirements

Access Control Models Part I. Murat Kantarcioglu UT Dallas

SELinux Policy Management Framework for HIS

A Comparative Study of Security Features in FreeBSD and OpenBSD

CIS 551 / TCOM 401 Computer and Network Security

With Great Power comes Great Responsibility: Managing Privileged Users

Weighted Total Mark. Weighted Exam Mark

SecureDoc Disk Encryption Cryptographic Engine

AUTHENTICATION AND ACCESS CONTROL BEST PRACTICES FOR HEALTHCARE SYSTEMS

An Introduction to Cryptography and Digital Signatures

White Paper Levels of Linux Operating System Security

OB10 - Digital Signing and Verification

SECURITY CHAPTER 24 (6/E) CHAPTER 23 (5/E)

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

THE FIJI GOVERNMENT INFORMATION TECHNOLOGY DATABASE CREDENTIALS POLICY. Version

VNC User Guide. Version 5.0. June 2012

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Database Security Part 7

CS 416: Opera-ng Systems Design

Entrust IdentityGuard

Guidelines Related To Electronic Communication And Use Of Secure Central Information Management Unit Office of the Prime Minister

Module 1: e- Learning

Chapter 14: Access Control Mechanisms

Content Teaching Academy at James Madison University

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES

White Paper. Authentication and Access Control - The Cornerstone of Information Security. Vinay Purohit September Trianz 2008 White Paper Page 1

What security and assurance standards does Trustis use for TMDCS certificate services?

Chapter 23. Database Security. Security Issues. Database Security

Compliance and Industry Regulations

Web. Security Options Comparison

Oracle. NoSQL Database Security Guide. 12c Release 1

Security Digital Certificate Manager

: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT

Security Digital Certificate Manager

CSUS COLLEGE OF ENGINEERING AND COMPUTER SCIENCE Department of Computer Science (RVR 3018; /6834)

Using Microsoft Windows Authentication for Microsoft SQL Server Connections in Data Archive

Information Security Information & Network Security Lecture 2

EMBASSY Remote Administration Server (ERAS) BitLocker Deployment Guide

Framework for Biometric Enabled Unified Core Banking

2: Do not use vendor-supplied defaults for system passwords and other security parameters

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)

Govt. of Karnataka, Department of Technical Education Diploma in Computer Science & Engineering. Sixth Semester

YubiKey PIV Deployment Guide

An Introduction to Entrust PKI. Last updated: September 14, 2004

NetIQ Advanced Authentication Framework - Client. User's Guide. Version 5.1.0

Transcription:

The session Session objectives Access Control Information Security Dr Hans Georg Schaathun Introduce fundamental terminology of access control Understand principles of privilege management and identity management University of Surrey Autumn 2011 Week 9 Dr Hans Georg Schaathun Access Control Autumn 2011 Week 9 1 / 1 Dr Hans Georg Schaathun Access Control Autumn 2011 Week 9 3 / 1 Model Model The request Subjects and objects principal Source Do Operation Request Reference Monitor Guard Authentication Who made the request R? Authorisation Who is trusted to access an object o? Who is trusted to have request R granted? Object ACL Resource A subject is an active entitity within an IT system e.g. user, process An object is a resource that (some) subject may access or use. e.g. files, printers, memory A principal is an entity that can be granted access to objects or can make statements affecting access control decissions. distinction subject/principal is not always necessary a subject (process) may act on behalf of a subject (user) Dr Hans Georg Schaathun Access Control Autumn 2011 Week 9 6 / 1 Dr Hans Georg Schaathun Access Control Autumn 2011 Week 9 7 / 1

Model Model What is an object? Authentication and Authorisation A file very traditional view (read/write/execute) A system access or no access An operation i.e. an action to take A room access or no access Authentication Determine identity. Authorisation Determine privileges. This allows identity based access control. Could you do authorisation without authentication? Dr Hans Georg Schaathun Access Control Autumn 2011 Week 9 8 / 1 Dr Hans Georg Schaathun Access Control Autumn 2011 Week 9 9 / 1 Problem Definition Problem Definition Four subproblems Problem Domain Identification and Authentication establishing the identity of a subject Identity management managing identities and credentials essential data for authentication Authorisation granting privileges to an identified subject managing mapping of subject to privileges necessary data for authorisation l is a general problem... Operating System File System Web Site Locked Doors Paper Archive Records Database Records Documents (PDF, etc.) Dr Hans Georg Schaathun Access Control Autumn 2011 Week 9 11 / 1 Dr Hans Georg Schaathun Access Control Autumn 2011 Week 9 12 / 1

Access modes Access modes Access modes Discretionary or Mandatory Observe i.e. read Limited by confidentiality Alter i.e. append Limited to ensure integrity Execute (running a program) Can you execute without reading? Sometimes; it may be sufficient that the OS reads it. Discretionary Access Control The owner of each resource determines access permissions. Mandatory Access Control A central authority defines a security policy defining access rights This is 4th Design Decision from Gollmann (Ch 2). Centralised or local security control? write = read + append (Bell-LaPadula) Dr Hans Georg Schaathun Access Control Autumn 2011 Week 9 15 / 1 Dr Hans Georg Schaathun Access Control Autumn 2011 Week 9 16 / 1 Access Control Structures Access modes Group-based access control Access Control Matrix: [A s,o ] A s,o is the permissions of Subject s to Object o. A s,o {alter, observe} Subject-wise capabilities For each Subject s, maintain a list of rights. Access Control List: object-wise For each Object o, maintain a list of access permissions. suitable for discretionary access control Access data takes a lot of space. Coarser access control is more common. Access can be organised in groups. roger File 1 paul george vinod chris nina lecturers wmgroup phdstudent Printer 1 File 2 File 3 File 4 daniel PhD Printer Save the effort of considering access for individual users. Dr Hans Georg Schaathun Access Control Autumn 2011 Week 9 17 / 1 Dr Hans Georg Schaathun Access Control Autumn 2011 Week 9 19 / 1

Policy Conflicts A general rule Permission can be positive or negative Access denied or Access permitted or Any security policy has to define precedence. roger paul george vinod chris nina How do you resolve conflicting policy rules? File 1 lecturers Printer 1 wmgroup File 2 File 3 Example User rights takes precedence over group rights. Negative group rights takes precedence over positive group rights. Or the other way around... How do you resolve conflicts? roger has red and green path to File 1. george has red and green path to File 3. Dr Hans Georg Schaathun Access Control Autumn 2011 Week 9 20 / 1 Dr Hans Georg Schaathun Access Control Autumn 2011 Week 9 21 / 1 Abstract Data Types and Procedures Roles Datatype (or class) access restricted to certain methods general programming practice prevents some errors allows access control distinguishes between public and private Procedure is a method accessing a datatype. More fine-grained than alter and observe An ADT can only be accessed via well-defined procedures Use of each procedure can be restricted A role is a collection of procedures A user can hold several roles Many user can hold the same role Roles typically map the organisation structure Research Assistant on Watermarking Research Assistant on Artificial Intelligence Team leader on Watermarking Team leader on Artificial Intelligence Dr Hans Georg Schaathun Access Control Autumn 2011 Week 9 22 / 1 Dr Hans Georg Schaathun Access Control Autumn 2011 Week 9 23 / 1

Role-Based Access Control (RBAC) Security levels Hierarchical: The team leader may appoint research assistants The lecturer may appoint (enroll) students Hierarchical means semi-centralised Policy can be made at every level. The central chief can make organisation-wide policies. Team leaders can define mandatory access control for small teams. RBAC is common in database management systems Classic classification Linear ordering of security levels Sounds rather military... Top Secret Secret Confidential Unclassified Dr Hans Georg Schaathun Access Control Autumn 2011 Week 9 24 / 1 Dr Hans Georg Schaathun Access Control Autumn 2011 Week 9 25 / 1 Protection Rings Hardware Security Policy Security level are used in hardware called Protection Rings E.g. for Intel 80x86 1 Operating system kernel 2 Operating system 3 Utilities 4 User processes Protection rings had to be implemented to run Multics. Unix uses only ring 0 (root) and ring 3 (user). The following Security Policy is implemented: Procedures can only access objects in their own ring and outer rings. Procedures can invoke subroutines in their own ring only. Question for you: Why is a procedure not allowed to invoke subroutines in an outer ring? Subroutines in outer rings can be modified by procedures in outer rings. If such a modified subroutine were invoked in an inner ring, it would run with more privileges. The modifying procedure could then make code to be executed with privileges it should not have. Cf. Bell-LaPadula model Dr Hans Georg Schaathun Access Control Autumn 2011 Week 9 26 / 1 Dr Hans Georg Schaathun Access Control Autumn 2011 Week 9 27 / 1

Discussion Exercise Multilevel Security [Gollmann 4.3] Discuss: What are the differences between groups and roles, if there are any differences at all? One set of classifications with a linear (hierarchical) ordering H public H confidential H secret One set of categories E.g. {EE, Comp, Math} A Compartment is a set of categories Subset ordering A security level is a pair (category,classification) (h 1, c 1 ) (h 2, c 2 ) (h 1 H h 2 c 1 c 2 ) Access is granted if (h object, c object ) (h subject, c subject ) We say that (h subject, c subject ) dominates (h object, c object ) Dr Hans Georg Schaathun Access Control Autumn 2011 Week 9 28 / 1 Dr Hans Georg Schaathun Access Control Autumn 2011 Week 9 29 / 1 Need-to-know policy What is? Multilevel security can restrict access to members of a project or department while maintaining mandatory access control Computing staff with highest clearing (secret,{comp}) has no rights to objects from EE or Maths (public, {comp}) (secret, {comp}) (1) (secret, {comp}) (secret, {comp, EE}) (2) (public, {EE}) (secret, {comp}) (3) Someone, somewhere needs to store identity (personal information) credentials (to allow authentication) e.g. picture, password, biometric data, etc. Staff do not need to know about other departments No need No access Dr Hans Georg Schaathun Access Control Autumn 2011 Week 9 30 / 1 Dr Hans Georg Schaathun Access Control Autumn 2011 Week 9 32 / 1

The user problem The server problem How can you manage all your credentials? How do you establish identities the first time? How do you collect credentials? One user name per service One password per service One smart card per service Boot-strap problem initial identification and authentication to create account Storage of identity information Security problems and the lot Dr Hans Georg Schaathun Access Control Autumn 2011 Week 9 33 / 1 Dr Hans Georg Schaathun Access Control Autumn 2011 Week 9 34 / 1 Third-Party The Identity Server external to Access Control Service Provider prompts an Identity Server authorisation based on identification but identification is completely out-sourced The Identity Server does identification and authorisation issues a certificate of identity for the access control mechanism For example: OpenID Same credentials for many services Configurability personal information managed on a per service basis For example, commenting on http://www.bt.no identitification required different identity providers accepted facebook, OpenID, etc. Dr Hans Georg Schaathun Access Control Autumn 2011 Week 9 35 / 1 Dr Hans Georg Schaathun Access Control Autumn 2011 Week 9 36 / 1

Client-Side Identity Information Open access web sites Could the user store all his identity information and credentials? Smart-Cards or small hardware devices storage for identity trusted device for the service provider The device issues a certificate public key cryptography Why do you require identification for open access (free of charge) web sites? Dr Hans Georg Schaathun Access Control Autumn 2011 Week 9 37 / 1 Dr Hans Georg Schaathun Access Control Autumn 2011 Week 9 38 / 1 Identification and Authentication Methods of identification Criteria Identification and Authentication Biometrics Something you know (password) Something you carry (smartcard) Something you are (fingerprint) Something you do (signature) Universal everybody has it Particular one-to-one mapping for individual Lasting not subject to change Important natural characteristic of individual Readable anyone can read it Storable we can store it Sufficient no need for other identifiers Precise significant difference between individuals Simple reliable identification few errors Cheap cost-efficient for the task Convenient no nuisance to the user Acceptable to society and most individuals Dr Hans Georg Schaathun Access Control Autumn 2011 Week 9 40 / 1 Dr Hans Georg Schaathun Access Control Autumn 2011 Week 9 42 / 1

Identification and Authentication Storing biometric data Biometrics Conclusion Conclusion Storage of biometric data is a privacy concern Different options complete data to reproduce the biometric object hashed storage, allowing validation and not reproduction smart-card storage only the user has access Two separate management problems Must be handled separately Two operational problems Identification and Authentication Authorisation May or may not be handled separately Dr Hans Georg Schaathun Access Control Autumn 2011 Week 9 43 / 1 Dr Hans Georg Schaathun Access Control Autumn 2011 Week 9 45 / 1

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information