Professional Documents
Culture Documents
11/28/2018 2
1
11/28/2018
The process:
o a computer system controls the interaction between
users and system resources
To implement a security policy, which may be
determined by
o organisational requirements
o statutory requirements (ex, medical records)
Policy requirements may include
o confidentiality (restrictions on read access)
o integrity (restrictions on write access)
o availability
11/28/2018 4
2
11/28/2018
11/28/2018 5
3
11/28/2018
App1
Database
App2
4
11/28/2018
5
11/28/2018
6
11/28/2018
7
11/28/2018
8
11/28/2018
9
11/28/2018
Tasks include
o Creation of new objects and subjects
o Deletion of objects and subjects
o Changing entries in access control matrix (changing entries in
ACLs and capability lists)
The administration of access control structures is
extremely time-consuming, complicated and error-prone
To simplify the administrative burden: AC structures that
aggregate subjects and objects are used
Aggregation techniques
o User groups
o Roles
o Procedures
o Data types
User
User Attribute Object
Group
User Group Has
Access To Objects
With the Attribute
User Object
10
11/28/2018
Role:
o Permissions are assigned to roles
o Users are assigned to roles
o Roles are (usually) arranged in a hierarchy
Ex:
Perm-Role Assignment
User-Role Assignment
Role
Perm Object
User
11
11/28/2018
11/28/2018 23
MAC
DAC
RBAC
11/28/2018 24
12
11/28/2018
13
11/28/2018
14
11/28/2018
15
11/28/2018
32
16
11/28/2018
17
11/28/2018
18
11/28/2018
L1 dominates L2
L2 dominates L1
19
11/28/2018
Introduce in 1973
Main Objective:
o Enable one to formally show that a computer system can
securely process classified information
40
20
11/28/2018
Subjects Objects
Current
Accesses
Trusted
Subjects
Access Matrix
41
42
21
11/28/2018
43
Objects
Highest
Can Write
Max Level
Subject
Lowest
44
22
11/28/2018
11/28/2018 45
MLS
o security levels
o security categories: Also known as compartments
o security labels = Levels P (Categories)
Define an ordering relationship among Labels
o (e1, C1) (e2, C2) iff. e1 e2 and C1 C2
23
11/28/2018
Secret, {}
TS
● no read-up
● no write-down
24
11/28/2018
True
False
True
False
25
11/28/2018
Example:
●Integrity level could be high, medium or low
●Compartment could be similar to BLP and captures
topic(s) of document
●Low integrity information should never flow up into
high integrity documents
26
11/28/2018
●Clark-Wilson Policy
Users ➔ Programs
(transactions) ➔ Objects
● Chinese Wall Policy
●Same user cannot
execute two programs ● Deals with conflict of
that require separation- interest
of-duty
The user can access any object as long as he/she has not accessed an
object from another company in the same conflict class.
27
11/28/2018
Trusting Software:
● Functional correctness
● Does what it was designed to do
● Maintains data integrity
● Even for bad input
● Protects disclosure of sensitive data
● Does not pass to untrusted software
● Confidence
● Experts analyze program & assure trust
● Statement giving security we expect system to enforce
● Do this formally when and where possible
28
11/28/2018
29
11/28/2018
30
11/28/2018
RBAC Model:
the system decides
exactly which users are
allowed to access
which resources—but
the system does this in
a special way
11/28/2018 62
31
11/28/2018
11/28/2018 63
32
11/28/2018
Role hierarchy
o Problem: does organizational hierarchy correspond to a permission
inheritance hierarchy?
o Problem: do organizational roles make sense for building hierarchies?
Constraints
o Problem: constraints apply to all states, so they require a predicate
calculus in general
o Problem: Only certain types of constraints can effectively be
administered? Mutual exclusion, separation of duty, cardinality, etc.
Conflicts
o May find other concepts useful for resolving conflicts between
constraints and hierarchies/assignments
- An RBAC system contains the four types of entities (the minimum functionality
for an RBAC system):
• User: An individuals - access to this computer system
• Role: job function - controls this computer system
• Permission: approval of access to one or more objects
• Session: : A mapping between a user and
an activated subset of the set of roles
to which the user is assigned
33
11/28/2018
11/28/2018 67
11/28/2018 68
34
11/28/2018
Roles implemented in
o Window NT (as global and local groups)
o IBM’s OS/400
o Oracle 8 onwards
o .NET framework
There is no generally accepted standard for
RBAC
o Role hierarchies
o Semantics of role hierarchies
35
11/28/2018
36
11/28/2018
37
11/28/2018
11/28/2018 75
An access by a subject to an
object proceeds according to
the following steps:
o 1. A subject requests access to an
object. This request is routed to
an access control mechanism.
o 2. The AC mechanism is
governed by a set of rules:
• (2a) that are defined by a
preconfigured access control policy.
Based on these rules, the AC
mechanism assesses the attributes
of the subject (2b), object (2c), and
current environmental conditions
(2d) to determine authorization.
11/28/2018 76
38
11/28/2018
11/28/2018 77
11/28/2018 78
39
11/28/2018
11/28/2018 79
11/28/2018 80
40
11/28/2018
11/28/2018 81
41
11/28/2018
42
11/28/2018
Commands:
o List: net user, net localgroup
o Change the permisions
43
11/28/2018
LABChapter 6
11/28/2018 87
44