Eng. Hector M Lugo-Cordero, MSEng. Hector M Lugo-Cordero, MS

April, 2012April, 2012

Access ControlAccess ControlCIS 4361CIS 4361

Most Slides from:Most Slides from:

Computer Security: Computer Security: Principles and PracticePrinciples and Practice

First EditionFirst Edition

by William Stallings and Lawrie Brownby William Stallings and Lawrie Brown

Lecture slides by Lawrie BrownLecture slides by Lawrie Brown

Chapter 4 – Chapter 4 – Access ControlAccess Control

Access ControlAccess Control

““The prevention of unauthorized use of a The prevention of unauthorized use of a resource, including the prevention of use resource, including the prevention of use of a resource in an unauthorized manner“of a resource in an unauthorized manner“

central element of computer securitycentral element of computer security assume have users and groupsassume have users and groups

authenticate to systemauthenticate to system assigned access rights to certain resources assigned access rights to certain resources

on systemon system

Access Control PrinciplesAccess Control Principles

Access Control PoliciesAccess Control Policies

Access Control RequirementsAccess Control Requirements

reliable inputreliable input fine and coarse specificationsfine and coarse specifications least privilegeleast privilege separation of dutyseparation of duty open and closed policiesopen and closed policies policy combinations, conflict resolutionpolicy combinations, conflict resolution administrative policiesadministrative policies

Access Control ElementsAccess Control Elements

subject - entity that can access objectssubject - entity that can access objects a process representing user/applicationa process representing user/application often have 3 classes: owner, group, worldoften have 3 classes: owner, group, world

object - access controlled resourceobject - access controlled resource e.g. files, directories, records, programs etce.g. files, directories, records, programs etc number/type depend on environmentnumber/type depend on environment

access right - way in which subject access right - way in which subject accesses an objectaccesses an object e.g. read, write, execute, delete, create, searche.g. read, write, execute, delete, create, search

Discretionary Discretionary Access Control Access Control

often provided using an access matrixoften provided using an access matrix lists subjects in one dimension (rows)lists subjects in one dimension (rows) lists objects in the other dimension (columns)lists objects in the other dimension (columns) each entry specifies access rights of the each entry specifies access rights of the

specified subject to that objectspecified subject to that object access matrix is often sparseaccess matrix is often sparse can decompose by either row or columncan decompose by either row or column

Access Control StructuresAccess Control Structures

Access Control ModelAccess Control Model

Access Access Control Control

FunctionFunction

Protection DomainsProtection Domains

set of objects with associated access rightsset of objects with associated access rights in access matrix view, each row defines a in access matrix view, each row defines a

protection domainprotection domain but not necessarily just a userbut not necessarily just a user may be a limited subset of user’s rightsmay be a limited subset of user’s rights applied to a more restricted processapplied to a more restricted process

may be static or dynamicmay be static or dynamic

UNIX File UNIX File ConceptsConcepts

UNIX files administered using inodesUNIX files administered using inodes control structure with key info on filecontrol structure with key info on file

• attributes, permissions of a single fileattributes, permissions of a single file may have several names for same inodemay have several names for same inode have inode table / list for all files on a diskhave inode table / list for all files on a disk

• copied to memory when disk mountedcopied to memory when disk mounted

directories form a hierarchical treedirectories form a hierarchical tree may contain files or other directoriesmay contain files or other directories are a file of names and inode numbersare a file of names and inode numbers

UNIX File UNIX File Access ControlAccess Control

UNIX File UNIX File Access ControlAccess Control

““set user ID”(SetUID) or “set group ID”(SetGID)set user ID”(SetUID) or “set group ID”(SetGID) system temporarily uses rights of the file owner / system temporarily uses rights of the file owner /

group in addition to the real user’s rights when making group in addition to the real user’s rights when making access control decisionsaccess control decisions

enables privileged programs to access files / enables privileged programs to access files / resources not generally accessibleresources not generally accessible

sticky bit sticky bit on directory limits rename/move/delete to owner on directory limits rename/move/delete to owner

superuser superuser is exempt from usual access control restrictionsis exempt from usual access control restrictions

UNIX UNIX Access Control ListsAccess Control Lists modern UNIX systems support ACLsmodern UNIX systems support ACLs can specify any number of additional users / can specify any number of additional users /

groups and associated rwx permissionsgroups and associated rwx permissions ACLs are optional extensions to std permsACLs are optional extensions to std perms group perms also set max ACL permsgroup perms also set max ACL perms when access is requiredwhen access is required

select most appropriate ACLselect most appropriate ACL• owner, named users, owning / named groups, othersowner, named users, owning / named groups, others

check if have sufficient permissions for accesscheck if have sufficient permissions for access

Role-Role-Based Based Access Access ControlControl

Role-Role-Based Based Access Access ControlControl

Role-Role-Based Based Access Access ControlControl

NIST RBAC ModelNIST RBAC Model

RBAC For a BankRBAC For a Bank

SummarySummary

introduced access control principlesintroduced access control principles subjects, objects, access rightssubjects, objects, access rights

discretionary access controlsdiscretionary access controls access matrix, access control lists (ACLs), access matrix, access control lists (ACLs),

capability ticketscapability tickets UNIX traditional and ACL mechanismsUNIX traditional and ACL mechanisms

role-based access controlrole-based access control case studycase study