New in this term

Access control in windows Access control in unix (already there) Active directory and authorization Group policy in windows (not sure yet it if fits in here). LDAP

HiLCoE School of Computer Science & Technology

CS687 Information Systems Security

Access Control

HiLCoE School of Computer Science & Technology

Course objectives
Professional carrier Research orientation Certification

Technical security (Main focus) Managerial security

HiLCoE School of Computer Science & Technology

CS687: Information Systems Security Course Outline

1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12.

Introduction Security Threats and Vulnerabilities Malicious Software Hacking Cryptography Access Control Authentication Network Security Application Security Firewalls and Intrusion Detection System Operational Security Topics in Information Systems Security

HiLCoE School of Computer Science & Technology

Text Book
William Stallings & Lawrie Brown, Computer Security: Principles and Practice, Pearson, 2008

HiLCoE School of Computer Science & Technology

References

Bruice Schneier, Applied Cryptography Protocols, Algorithms, [], Second Edition, Wiley Student Edition, 2006
Stuart McClure et al, Hacking Exposed, McGraw Hill, 2009

HiLCoE School of Computer Science & Technology

Access
Access is the ability to do something with a computer resource.

HiLCoE School of Computer Science & Technology

Resources to protect
Files Programs Computers Communication ports Printers and other peripherals Disks etc

HiLCoE School of Computer Science & Technology

Access to Whom
o Individual users or processes on their behalf o Servers, machines o Group of users/entities
o finance department, etc

o Public o Anonymous
HiLCoE School of Computer Science & Technology

Access Roles
o In certain cases, access is defined by functional assignment rather than a specific user:
Eg. Manager, CEO, CIO, Operator, Administrator, etc

o See Role Based Access Control (RBAC) o Auditing, however, is done per the individuals account
HiLCoE School of Computer Science & Technology

Access Restrictions

Locations: Access to particular system resources may also be based upon physical or logical location.
Time of access: Time-of-day or day-of-week restrictions are common limitations on access. Transaction: Access maybe granted for a limited duration to do a very restricted tasks. Eg. Accessing the /etc/passwd to change a password
HiLCoE School of Computer Science & Technology

Common Access Rights

Read access provides users with the capability to view information in a system resource (such as a file, certain records, certain fields, or a combination), but not to alter it . Write access allows users to add to, modify, or delete information in system resources (e.g., files, records, programs). Normally user has read access to anything they have write access to.
HiLCoE School of Computer Science & Technology

Access Rights/Privileges
Execute privilege allows users to run programs. Delete access allows users to erase system resources (e.g., files, records, fields, programs). Note that if users have write access but not delete access, they could overwrite the field or file with any thing effectively deleting the information.

HiLCoE School of Computer Science & Technology

Access Rights/Privileges

Create access allows users to create new files, records, or fields. Search access allows users to list the files in a directory.

HiLCoE School of Computer Science & Technology

Access Rights In DB
Select Insert Update Create Delete

HiLCoE School of Computer Science & Technology

Resources in DB
Database Table Column Field Stored procedure

HiLCoE School of Computer Science & Technology

Access Control
Access control is a mechanisms to enforce access policies on resources.

HiLCoE School of Computer Science & Technology

AC Protects

Confidential information from being disclosed to unauthorized individuals.

Operating systems and other system software from unauthorized modification or manipulation (and thereby help ensure the system's integrity and availability); Availability of information by restricting the number of users and processes

HiLCoE School of Computer Science & Technology

Placement of Access Control

It depends on the resources access to which is to be restricted Operating systems Applications Database systems etc

HiLCoE School of Computer Science & Technology

Discretional Access Control

A DAC is a type of access control whereby the entity (ie. Subject) is allowed to define and change its access rights. Many UNIX varieties use DAC since they allow owners to set and unset access rights on files and directories. Note, however, that some aspects of UNIX access control are set centrally by the super user. Example is x and s access to some program files.
HiLCoE School of Computer Science & Technology

Mandatory Access Control

A mandatory access control (MAC) is a type of access control whereby access is defined based on regulations by a central authority. The philosophy underlying these policies is that information belongs to an organization (rather than individual members of it), and it is that organization which should define the access control. E.g. Unix System V
HiLCoE School of Computer Science & Technology

Representing and Implementing AC

HiLCoE School of Computer Science & Technology

Access Control Matrix

The access control matrix model is the most precise model used which describes the rights of subjects over resources in a matrix.
HiLCoE School of Computer Science & Technology

ACM: Example
File1 File2 File3 File4

User1

Read, Execute read write, execute

execute Read, write read, write, execute

write

User2

read

HiLCoE School of Computer Science & Technology

ACM: Questions

Adding and deleting ACM entries: who has the right to add and delete privileges. Default privileges Undefined entries Inconsistencies Management issues (for the admin)

Re-adjusting access rights, etc

HiLCoE School of Computer Science & Technology

ACL
ACL is a simplified implementation of ACM on column basis. In other words, access privileges are kept by the objects (ie. Column wise in the Matrix). A good example is a file systems in UNIX where the access rights are implemented per file (ie. Object)

HiLCoE School of Computer Science & Technology

Capability
A simplified implementation of ACM on rows basis. Each subject maintains an un-forgeable list of the rights it has to objects.

HiLCoE School of Computer Science & Technology

ACL vs Capability
Both implementations make certain questions easier to answer than others. For example, it is easy in an ACL implementation to find the set of all subjects who may read a file, but it is difficult to find the set of all files that a subject may read.

HiLCoE School of Computer Science & Technology

Constrained User Interface

Often used in conjunction with ACLs are constrained user interfaces, which restrict users' access to specific functions by never allowing them to request the use of information, functions, or other specific system resources for which they do not have access. Three major types exist: (1) menus, (2) database views, and (3) physically constrained user interfaces.

HiLCoE School of Computer Science & Technology

Menus ..
Menus can be used to implement AC by allowing and disallowing certain activities depending on the access rights users.
HiLCoE School of Computer Science & Technology

Database View
Database views is a mechanism for restricting user access to data contained in a database. It may be necessary to allow a user to access a database, but that user may not need access to all the data in the database (e.g., not all fields of a record nor all records in the database).

HiLCoE School of Computer Science & Technology

Physically
Physically constrained user interfaces can also limit a user's abilities. A common example is an ATM machine, which provides only a limited number of physical buttons to select options; no alphabetic keyboard is usually present

HiLCoE School of Computer Science & Technology

AC in Unix
Subjects are processes that execute on behalf of users Objects are all considered as files: files, directories, devices, etc Access rights are: read, write, execute, but also SetUID and SetGID

HiLCoE School of Computer Science & Technology

Reading Assignment
Access Control in Linux.

HiLCoE School of Computer Science & Technology

Reading Assignment
Access Control in MS Windows.

HiLCoE School of Computer Science & Technology

Reading Assignment
Role Based Access Control in MS SQL Server.

HiLCoE School of Computer Science & Technology