COMPUTER SYSTEM SECURITY

LECTURE_03
ACCESS CONTROL
 INTRODUCTION
 Access control involves the process and mechanisms used to
restrict access to computing resources. The ability to allow only
authorized users, programs or processes system or resource
access.

 It is a combination of Authentication [proving who you claim to

be] and Authorization [what are you allowed to see, presuming
you are whom you claim you are].

 Access control is enforced by the OS and cannot be bypassed

using legitimate OS functionality. Access control is the heart of
data security.

 Within the topic of Access Control, we can look at three

specific types of access control: mandatory, discretionary, and
role-based. a
 Two level of Access Control
Physical level
Limit access to offices, room and physical assets

Logical level
Limit connection to computer network, digital
infrastructure, systems files, data and services.

There are several logical access control models:

mandatory, discretionary, role-based, attribute-based,
 SUBJECT & OBJECT
Subject is an entity that initiates an access request.
Object is an entity an access to which is requested.
Authentication & Authorization
ACCESS CONTROL

For the rest of this lecture

 Access control overview
Given a subject, which objects can it access and how?
Given an object, which subjects can access it and how?
 Reference monitor
A Reference monitor is an abstract notion of a
mechanism for controlling access requests.
A reference monitor is an abstract device that
mediates all accesses to objects by subjects.
 Example of Access control
• Social Networks: In most social networks, such as Face book and MySpace,
some of your personal information can only be accessed by yourself, some can
be accessed by your friends, and some can be accessed by everybody. The
part of system that implements such kind of control is doing access control.

• Web Browsers: When you browse a web site, and run JavaScript code from
that web site, the browser has to control what such JavaScript code can
access, and what it cannot access. For example, a code from one web site
cannot access the cookies from another web site, and it cannot modify the
contents from another web site either. These controls are conducted by the
browser’s access control.

• Operating Systems: In an operating system, one user cannot arbitrarily access

another user’s files; a normal user cannot kill another user’s processes. These
are done by operating system access control.

• Firewalls: Firewalls inspect every incoming (sometimes outgoing) packet, if a

packet matches with certain conditions, it will be dropped by the firewalls,
preventing it from accessing the protected networks. This is also access
control.
ACCESS REQUEST FLOW
ACCESS REQUEST FLOW
 ACCESS REQUEST FLOW
Authentication
You are who you say you are
Verify identity

Subject
Also known as requestor
Human or non-person entity (NPE)
Making request to access resource
ACCESS REQUEST FLOW
ACCESS REQUEST FLOW
 ACCESS REQUEST FLOW
Resource
Also known as object
Protected from unauthorized use
Something the system has or does
– Data
– Functionality
– Hardware
ACCESS REQUEST FLOW
ACCESS REQUEST FLOW
 ACCESS REQUEST FLOW
Authorization
Allow an authenticated subject
Access to a resource
Allow or deny
Subject action on object (CRUD)
 ACCESS REQUEST FLOW

ACCESS CONTROL MODEL

 ACCESS REQUEST FLOW
Definitions
Questions?
– Subject
– Resource
– Authentication
– Authorization
 ACCESS CONTROL MODEL
Dictates who gets to do what
 ACCESS CONTROL MODEL
Framework for making authorization decisions
 ACCESS CONTROL MODEL
Deciding subject access to resources
 ACCESS CONTROL MODEL

Primary Access Control Models

Mandatory : MAC
Discretionary :DAC
Role Based : RBAC
MANDATORY ACCESS CONTROL: MAC

MAC: is military-strength access control.

MANDATORY ACCESS CONTROL: MAC

MAC: is military-strength access control.

Classified documents
MANDATORY ACCESS CONTROL: MAC

Every thing in the system is an object and every

object gets a classification label where information is
categorized as unclassified (U), confidential (C),
secret (S), top secret (TS), or beyond. ”.
MANDATORY ACCESS CONTROL: MAC

• Individual users, called subjects, are also assigned a privilege

level, called a clearance.

• To determine whether or not a given individual can access a

certain object, the object’s classification level and the user’s
clearance level are compared.

• There is an established hierarchy to the labels (or levels), such

that anyone authorized to see “top secret” information can
also view “secret” and “general access” information since
those are less sensitive, but someone authorized only to view
“general access” information can’t necessarily see the more
sensitive “top secret” information.
 MANDATORY ACCESS CONTROL: MAC

• Examples 1: The law allows a court to access driving

records without the owners’ permission.
• Example 2: Search engine rules
MANDATORY ACCESS CONTROL: MAC

Two key elements to MAC

 Labels - every entity is an object [laptops, files,

projects, and so on] and assigned classification
label [confidential, secret, and top secret] while
subjects assigned privilege label [a clearance].

 Levels - hierarchy based on labels is also used,

both for objects and subjects [top secret higher
level than secret]
MANDATORY ACCESS CONTROL: MAC
MANDATORY ACCESS CONTROL: MAC

Object sensitivity
Subject security level or clearance

Owner sets object label

– Write up, read down
System sets subject security level
MANDATORY ACCESS CONTROL: MAC
MANDATORY ACCESS CONTROL: MAC
MANDATORY ACCESS CONTROL: MAC
MANDATORY ACCESS CONTROL: MAC
 DISCRETIONARY ACCESS CONTROL: DAC

 Least restrictive model

 identity-based access control model
 Object owner grants permission based on subject
identity
 Every object has owner, who has total control over that
object
 Owners can create and access their objects freely
 DAC used on operating systems like unix and microsoft
windows
DISCRETIONARY ACCESS CONTROL: DAC

• Data owners decide who

[subject] should have access
to what resource [object].

• Owner can give permissions

to other subjects over these
objects
 DISCRETIONARY ACCESS CONTROL: DAC

• Access permissions for each piece of data are stored in

an access-control list (ACL).
• This list can be generated automatically when a user grants
access to somebody or can be created by an administrator.
DISCRETIONARY ACCESS CONTROL: DAC
DISCRETIONARY ACCESS CONTROL: DAC
ROLE BASED ACCESS CONTROL: RBAC
• Subject assigned to role
• Role granted access to resource.

• Allows you to define permissions and

privileges based on a user’s functional role
within the organization or community.

• One of the most challenging problems in

managing large networked systems is the
complexity of security administration.
ROLE BASED ACCESS CONTROL: RBAC
ROLE BASED ACCESS CONTROL: RBAC
ROLE BASED ACCESS CONTROL: RBAC

• Today, security administration is costly and prone

to error because administrators usually specify
access control lists for each user on the system
individually.

• Role-based access control (RBAC) is a technology

that is attracting increasing attention, particularly
for commercial applications, because of its
potential for reducing the complexity and cost of
security administration in large networked
applications. E.g. Amazon
ROLE BASED ACCESS CONTROL: RBAC

• With RBAC, security is managed at a level that

corresponds closely to the organization's
structure.

• Each user is assigned one or more roles, such as

“human resources rep” or “accounts payable data
entry clerk”, and each role is assigned one or
more privileges that are permitted to users in
that role, such as the right to access certain
applications.
ROLE BASED ACCESS CONTROL: RBAC
ROLE BASED ACCESS CONTROL: RBAC

• Access control methods implement policies that control which

subjects can access which objects in which way.

• Most common practical access control instruments are ACLs,

capabilities and their abstractions.

• From the design point of view, access control systems can be

classified into discretionary [DAC], mandatory [MAC] and role-
based [RBAC].

• Reference monitors are instruments for realization of access

control policies. They can be deployed at all levels of system
hierarchy.
 End of LECTURE_03

Questions?

Next class: CRYPTOSYSTEM

Thank You!