Professional Documents
Culture Documents
Security #4
Security #4
Access Control
Objectives
Role-Base
Access Control
AccessControl
ITUTRecommendationX.800definesaccesscontrol
asfollows:
Thepreventionofunauthorizeduseofaresource,
includingthepreventionofuseofaresourceinan
unauthorizedmanner.
AccessControlPolicies
AccessControlPolicies
AccessControlPolicies:
1DiscretionaryAccessControl(DAC)traditionalaccess
controlpolicy:
dependingontheidentityoftherequester
2MandatoryAccessControl(MAC)therequirementofthe
militarysecretinformation
3RoleBasedAccessControl(RBAC)themostpopularone
accordingtotherolesofaccessinthesystem.
AccessControlRequirements
Subject Entitycapableofaccessingobjects:
typicallyheldaccountablefortheactionstheyinitiate
oftenhavethreeclasses:
owner,group,world
Resourcetowhichaccessiscontrolled
Object
entityusedtocontainand/orreceive
information
Suchasrecords,files,databases
describesthewayinwhichasubjectmay
Access
right accessanobject
e.g.read,write,execute,delete,create,
search
DiscretionaryAccessControl(DAC)
schemeinwhichanentitymayenableanotherentity
toaccesssomeresource
oftenprovidedusinganaccessmatrix
AccessMatrix
Consistof2DimensionalMatrix:
onedimensionconsistsofidentifiedsubjectsthatmay
attemptdataaccesstotheresources
theotherdimensionliststheobjectsthatmaybeaccessed
eachentryinthe
matrixindicates
theaccessrightsof Recourses'Dimension
aparticularsubject
foraparticular (Object)
object
UsersDimension
(Subject)
AccessMatrix
AccessMatrixisimplementedinoneoftwoways:
AccessControlListStructure
AccessControlListStructure
ConvenientandInconvenient(Advantage/
Disadvantage):
ACLsareusefultodeterminewhichuserhave
theaccesstoaspecificrecourse.
ACLsareuselessinmatterofdeterminingthe
accessrightsavailableforaspecificuser.
CapabilityListStructure
CapabilityListStructure
ConvenientandInconvenient(Advantage/
Disadvantage):
CapabilityTicketareusefultodeterminethe
recourseavailableforaspecificuser.
CapabilityTicketareuselessinmatterof
determiningthelistofusersofaspecificObject
(recourse)
Authorizationtableforfiles
Inordertocountermeasurethevulnerabilities
ofusingtheACLs&Capabilitylist:
- WemightusetheAuthorizationtable.
- IfwesortitaccordingtotheSubject,wewill
havealistoftherecoursesforeachuser.
- Ifwesortitaccordingtotheresource(Object)
wewillhavealistofusersforeachrecourse.
Sort
Sort
accordingto
accordingto
Object
subject
ExtendedAccessControlMatrix
Aaccessmatrix
X(Object)
S(subject)
A[S1,F1]=Read
AccessControlfunction
Fromthefunctionalpointofview,separate
accesscontrolmodelisassociatedwitheach
typeofobject.
Themodelevaluateeachrequestfroma
subjecttoaccessanobject,todetermineifthe
accesscontrolrightsisexistsornot.
Inthismodeltheaccesscontrolisusingthe
Triggersasfollowing:
AccessControlfunction
1. theSubjectS0willsendarequest(read,write..)
forObjectX
2. Thesystemwillgenerateamessagefortherequest
(S0,,X)totheXObjectcontroller
3. ThecontrollerwillchecktheAaccessmatrixinorder
tocheckifisinA[S0,X]
4. IfitsexistingintheAaccessmatrix,theprocesswill
becompleted,andthepermeationwillbegiven.
Ifnot,theaccesswillbedenied,andthealertwill
triggertheprotectionviolationtodisplayawarning!
ExampleOfRoleHierarchy
TherolesofRBAC:
1upperrolecan
inheritalltheaccess
rightofthelowerrole
ProjectLeadhasallthe
Accessrightsofwho?
ExampleOfRoleHierarchy
2morethantworolescan
Inheritfromasubordinated
Role
ProductionEngineer&
Qualityengineerboth
areinheritedEngineer
Accessrights.
ExampleOfRoleHierarchy
3inadditiontothatasetof
differentrolesmightbe
assigntotheProduction
Engineersand
theQualityEngineer
4thatmeanstworolesare
Nowoverlappingthesame
Accessrights.