Professional Documents
Culture Documents
Control de Acceso
Control de Acceso
Access Control
Access Control Principles
RFC 4949 defines computer security as:
Security administrator
Access
Authentication
control
function
function
User
System resources
Auditing
Figure 4.1 Relationship Among Access Control and Other Security Functions
Access Control Policies
• Discretionary access • Role-based access
control (DAC) control (RBAC)
o Controls access based on the o Controls access based on the
identity of the requestor and on roles that users have within the
access rules (authorizations) system and on rules stating
stating what requestors are (or what accesses are allowed to
are not) allowed to do users in given roles
Read Own
User C Read Read
Write Write
(a) Access matrix
File 4 B C
Own (c) Capability lists for files of part (a)
R R
W
•
Memory
Segments
addressing
& pages
hardware
Terminal
& device Terminal
manager & devices
Instruction
decoding Instructions
hardware
grant a to Sn, X (Sk, grant, a, Sn, X)
Sk
delete b from Sp, Y (Sm, delete, b, Sp, Y) Access
Sm matrix
monitor
Access
write matrix read
Access
Control
System
Commands
Protection Domains
• Set of objects together with access rights to those objects
• More flexibility when associating capabilities with
protection domains
• In terms of the access matrix, a row defines a protection
domain
• User can spawn processes with a subset of the access
rights of the user
• Association between a process and a domain can be
static or dynamic
• In user mode certain areas of memory are protected
from use and certain instructions may not be executed
• In kernel mode privileged instructions may be executed
and protected areas of memory may be accessed
UNIX File Access Control
UNIX files are administered using inodes (index
nodes)
• Control structures with key information needed for a particular file
• Several file names may be associated with a single inode
• An active inode is associated with exactly one file
• File attributes, permissions and control information are sorted in the
inode
• On the disk there is an inode table, or inode list, that contains the
inodes of all the files in the file system
• When a file is opened its inode is brought into main memory and
stored in a memory resident inode table
Directories are structured in a hierarchical tree
ss
as
s
as
a
cl
cl
Unique user identification
cl
er
ne
u
number (user ID)
ro
th
w
O
O
Member of a primary group rw- r-- ---
identified by a group ID
user: :rw-
Belongs to a specific group group::r--
12 protection bits other::---
Specify read, write, and
execute permission for the (a) Traditional UNIX approach (minimal access control list)
owner of the file, members
of the group and all other
users
s
The owner ID, group ID, and
as
s
as
as
cl
cl
cl
protection bits are part of the
er
ne
u
file’s inode
ro
th
w
O
O
rw- rw- ---
user: :rw-
masked user:joe:rw-
Traditional UNIX
File Access Control
“Set user ID”(SetUID)
“Set group ID”(SetGID)
System temporarily uses rights of the file owner/group in
addition to the real user’s rights when making access
control decisions
Enables privileged programs to access files/resources not
generally accessible
Sticky bit
When applied to a directory it specifies that only the owner
of any file in the directory can rename, move, or delete
that file
Superuser
Is exempt from usual access control restrictions
Has system-wide access
Access Control Lists (ACLs)
in UNIX
Modern UNIX systems support ACLs
FreeBSD
s
as
ss
as
a
cl
cl
cl
r
er
ne
u
ro
th
w
O
O
rw- rw- ---
user: :rw-
masked user:joe:rw-
entries group::r--
mask::rw-
other::---
(b) Extended access control list
Role 1
Role 2
Role 3
U1
U2
U3
U4
U5
U6
Um
OBJECTS
R1 R2 Rn F1 F1 P1 P2 D1 D2
RBAC1 RBAC2
Role hierarchies Constraints
RBAC0
Base model
(RH) Role
Hierarchy Oper-
ations
user_sessions session_roles
Objects
Sessions
Engineer 1 Engineer 2
Engineering Dept
Allows an unlimited
Systems are capable of
number of attributes to be
enforcing DAC, RBAC,
combined to satisfy any
and MAC concepts
access control rule
Access Control
Policy
Environmental
Conditions
2a
2d
Rules
1
Enforce
Decision
3
Object
Access Control
2b Mechanism
Subject
2c
Clearance
Name Owner
Type
Affiliation
Etc. Classification
Etc.
Subject Attributes
ObjectAttributes
Strength of
Credential Protection
Background
Sponsorship Enrollment Investigation On-boarding
Credential
Issuance Production Authoritative Attribute Sources
Provisioning/Deprovisioning
External
Agency
Citizen
Access Management
Identity Federation
A credential is produced
•Depending on the credential type, production may involve
encryption, the use of a digital signature, the production of a
smart card or other functions
• Concerned with defining rules for a resource that requires access control
• Rules would include credential requirements and what user attributes,
resource attributes, and environmental conditions are required for access
of a given resource for a given function
Privilege management
Policy management
Te OS
en e
em ic
rm ) a
(T
t
re rv
a g Se
s o gr
S) o f
f S eem
O s
er en
(T erm
vi t
ce
T
Identity (Possible contract)
Service Relying
Provider Party
Users
e
Te OS ic t
(a) Traditional triangle of parties involved in an exchange of identity information
v
rm ) a er men
(T
S
s o gr f ee
f S eem s o gr
rm S) a
Trust Framework
er en Providers
e
vi t T O
ce (T
Attribute Providers
Identity
Service Attribute Exchange
Network Relying
Providers
Parties
Assessors Dispute
& Auditors Resolvers
Users
Attribute Providers
Identity
Service Attribute Exchange
Network Relying
Providers
Parties
Assessors Dispute
& Auditors Resolvers
Users
Roles
User
IDs Functions
1 1-4 N M Access
Application
Right
Assigns
Positions
Authorization Administration
N M
Role Application