Access Control Intro, DAC and MAC System Security
System Security It is concerned with regulating how entities use resources in a system It consists of two main phases: Authentication: uniquely identifying entities Authorisation: assigning access rights to entities
Authentication Phase It is only concerned with identifying an entity against a known set Assigning a unique identifier to the entity (i.e., user name) Using a secret (supposedly) known only to the specific entity Alternatively, using a unique feature that characterizes the entity
Authorisation Phase Known also as Access Control The prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner It assumes users have been authenticated to the system assigned access rights to certain resources on the system (for instance, by an admin)
Access Control Requirements Reliable Input Authenticated entities Genuine information Least Privilege Entities granted minimum set of access rights Administrative Duties Only a special entity should be able to manage access rights for other entities
Access Control Refinements Separation of Duty Fine Vs. Coarse Specifications Open and Closed policies (Automated) Conflict Resolution
Access Control Elements Subject entity that can access objects a process representing user/application Object access controlled resource e.g. files, directories, records, programs etc Access right way in which subject accesses an object e.g. read, write, execute, delete, create, search
Security Modules
Access Control Models Discretionary AC (DAC) Mandatory AC (MAC) Role based AC (RBAC) Usage Control (UCON) Policy based Access Control
Discretionary Access Control A means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission on to any other subject Subjects are able to assign rights to other subjects on the objects they control Model used in operating systems and DB management systems Often provided using an access matrix
Access Control Matrix
Access Control List
Capability List Capability Myths Demolished: http://srl.cs.jhu.edu/pubs/srl2003 02.pdf
Access Matrix Details
UNIX Access Control Lists Modern UNIX systems support ACLs Can specify any number of additional users / groups and associated rwxpermissions ACLs are optional extensions to std perms
Mandatory Access Control Entities cannot enable other entities to access their resources It enforces a lattice between labels assigned to subjects and object security labels: how sensitive or critical a system resource is security clearances: which entities are eligible to access certain resources
MAC: The Bell LaPadula Model The main goal is to control the confidentiality of information
MAC Confidentiality Rules Simple Security Property: No Read Up Read
MAC Confidentiality Rules *(Star)property: No Write Down Write
MAC Confidentiality Rules Strong *(Star) property: No Write Down & No Write up Write
MAC: Biba Integrity Model The main goal is to control the integrity of information
MAC Integrity Rules Simple Integrity Axiom: No Read Down Read
MAC Integrity Rules *(Star) Integrity Axiom: No Write Up Write
Where is MAC used BLP: Implemented the multi level security policy for US Department of Defense BIBA: Implemented in the FreeBSD MAC policy A combined versions of BLP and BIBA is used in Android
Summary Introduced access control principles subjects, objects, access rights Discretionary Access Control access matrix, access control lists (ACLs), capability tickets UNIX traditional and ACL mechanisms Mandatory Access Control Bell Lapadula Biba
Resources Chapter 8 in Mark Stamp, Information Security: Principles and Practice, Wiley 2011. Matt Bishop, Computer Security: Art and Science, Addison Wesley 2003.
Questions?