Professional Documents
Culture Documents
net/publication/282219117
CITATIONS READS
14 34,942
3 authors, including:
All content following this page was uploaded by Tawfik Mudarri on 27 September 2015.
Abstract:. This paper deals with Access control constrains what a user can do directly, as well as what programs executing on
behalf of the users are allowed to do. In this way access control seeks to prevent activity that could lead to a breach of
security. This article explains access control and its relationship to other security services such as authentication,
auditing. And administration. It then reviews the access matrix model, and follows with a discussion of access control
policies characterize and describe what should be protected and how.
Keywords: Access control , Mandatory Access Control , Discretionary Access Control , Bell-LaPadula , Role Based ,
Clark and Wilson model
1 INTRODUCTION
259
defined individually for each combination of subject x 3.3 Discretionary Access Control Model
object. Rows of the matrix are assigned subject and
object columns. [6] Discretionary Access Control (DAC) Model
Each element of the matrix (ACM) expresses restricts the accessibility to objects based on the
the access rights of the subject with the object O. This identity of subjects and/or groups to which they belong.
method is an early concept for practical Each request of a user to access an object is checked
implementation is not used, because a large number of against the specified authorizations in the access
subjects and objects in the system is the matrix of large control matrix. If there exists an authorization stating
sparse matrix becomes a standard, the majority of that the user can access the object in the specific mode,
subjects does not have access to some object the access is granted, otherwise it is denied. As the
Access matrix can be represented as a list of name implies, the controls are discretionary in the
triples (subject, object, access rights), for example sense that a user or process given discretionary access
(USER_1, test.txt, R), searching a large number of to information is capable of passing that information
such triples is not sufficiently effective. along to another subject. To provide this discretionary
control, DAC policies usually include a concept of
3.2 Access Control List object ownership, where the object owner has control
permission to grant access permission to the object for
In Access Control List (ACL) implementation, other subjects.
each object is associated with an ACL, DAC policies are very flexible and widely
indicating for each subject in the system the used in the industry. However, they do not provide a
accesses the subject is authorized to execute on high security assurance for two reasons: First, the
the object. This approach corresponds to granting access is transitive.[4]
storing the matrix by columns. For example, a user who is able to read data
According to the previous access control can pass his read privilege to other users not authorized
matrix lists for individual objects is: to read it unbeknownst to the object owner. Second,
DAC policies are vulnerable to Trojan Horse attacks. A
• File: user_1:ORW, user_2:R Trojan Horse program is the one that appears to be
• Test.txt: user_1:R, user_2:R, admin:ORW doing one thing on the surface but actually does
• c_comp: user_1:X, user_2:X , admin:OX something more underneath without the cognizance of
• sys_clk: user_1:R, user_2:R , admin:ORW the user. Because programs inherit the identity of the
• printer: user_1:W, user_2:W , admin. invoking user, the intruder can bypass the Access
control policies by giving the authorized user the
Management of access rights based on Trojan Horse program, which on the surface performs
individual entities can be difficult. Therefore, the users the desirable function for that user, while at the same
associate into groups and users access rights are time reads the contents of user’s files and writes them
derived from the access rights groups.[2] to the reachable location for both the authorized user
Access control model in Unix provides a and the intruder. In this manner, the intruder can now
simple ACL, each of which has three items that grant access the information which was supposed to be
access rights entities under access rights user, group, protected from him. [5]
and others.
260
the object, i.e., the potential damage which could result 2. 2. Integrity * -Property. If the subject has a
from unauthorized disclosure of the information. The right to read the object (o) the level of
security level associated with a subject, also called integrity I (o) then s can have write access
security clearance, reflects the subject’s trustworthiness to the object p only in the case that I(o)≥I(p)
not to disclose sensitive information to subjects not [1]
cleared to see it .Security levels may related with each
other through the dominance relationship. The
dominance relationship is defined as follow : 3.7 Clark and Wilson model
261
distribution of resources to achieve security objectives. AUTHORS ADDRESSES
Defines how security organization as a whole (the
1
physical security over privacy to the protection of Ing. Tawfik Mudarri
human rights). Automated security policy - a set of Faculty of Electrical Engineering and Informatics, Letná 9,
constraints and properties that specify how computer 042 00 Košice,
systems prevents information and computing resources Department of Computers and Informatics
to violate security policies of the organization.[9] E-mail: tawfik.mudarri@tuke.sk
2
Ing. Samer Abdo AL-RABEEI, PhD.
5 CONCLUSION E-mail: Samir.abdo@gmail.com
REFERENCES
262