30 terms

CS356 Chapter 4

Access Control

Terms in this set (...)

Access Control
The prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner
Discretionary access control (DAC)
Control access based on the identity of the requestor and on access rules (authorizations) stating what requestors are (or are not) allowed to do. This policy is termed discretionary because an entity might have access rights that permit the entity, by its own violation, to enable another entity to access some resource
Mandatory Access Control (MAC)
Controls access based on comparing security labels (which indicate how sensitive or critical system resources are) with security clearances (which indicate system entities are eligible to access certain resources). This policy is termed mandatory because an entity has clearance to access a resource may not, just by its own violation, enable another entity to access that resource
Role-Based access control (RBAC)
Controls access based on the roles that users have within the system and on rules stating what accesses are allowed to users in given roles
Verification that the credentials of a user or other system entity are valid
The granting of a right or permission to a system entity to access a system resource. This function determines who is trusted for a given purpose
An independent review and examination of system records and activities in order to test for adequacy of system controls, to ensure compliance with established policy and operational procedures, to detect breaches in security and to recommend any indicated changes in control, policy, and procedures.
Access control requirements
Reliable input, support for fine and coarse specifications, least privilege, separation of duty, open and closed policies, policy combinations and conflict resolution, administrative policies, dual control
Least Privilege
Access control should be implemented so that each system entity is granted the minimum system resources and authorizations that the entity needs to do its work. The principle tends to limit damage that can be caused by an accident, error, or fraudulent or unauthorized act
Open and closed policies
The most useful and most typical, class of access control policies are closed policies. In a closed policy, only accesses that are specifically authorized are allowed. In some applications, it may also be desirable to allow an open policy for some classes of resources. Open means some accesses are prohibited while all others are allowed
Basic elements of access control
subject, object, and access right
entity capable of accessing objects
Classes of Subject
Owner, Group, World
a resource to which access is controlled (records, blocks, pages, segments, and programs)
access right
the way in which a subject may access an object
Types of access rights
read, write, execute, delete, create, search
access matrix
An internally maintained table specifying which portions of the system users are permitted to access and what actions they can perform.
Access Matrix Entry Indicates
the access rights of a particular subject for a particular object
Access Matrix can be decomposed
by columns (access control lists), by rows (capability tickets)
Access Control List
when the access matrix is decomposed by column; list users and thier permitted access rights; good for determining access for a particular resource but not use
Capability Ticket
when the access matrix is decomposed by rows; specifies authorized objects and operations for a particular user.
Are Access Control Lists or Capability Tickets More Secure?
Access control lists. Capability tickets may be dispersed around the system. The integrity of the ticket must be protected and guaranteed
Access Control Matrix Objects that Represent the Protection State
Processes (delete, stop, wake), devices (read/write control, block/unblock), Memory location or regions (read/write), subjects (grant delete access rights)
User mode and kernel mode is a form of
protection domain
Is RBAC least privilege or most privilege
least privilege
RBAC Base Model
no role hierarchy and constraints. four types of entities [user, role, permission, session (mapping between user and activated subset of the set of roles to which the user is assigned)]
RBAC Role Hierarchies
provide means of reflecting the hierarchical structure of roles in an organization
RBAC Constraints
provide a means of adapting RBAC to the specifics of administrative and security policies in an organization
Mutually exclusive roles
roles such that a user can be assigned to only one role in the set; a user can only be assigned to one role in the set and any permission (access right) can be granted to only one role in the set
setting a maximum number with respect to roles