Garantía y Seguridad en Sistemas y Redes. Tema 4. Access ... · Tema%4.% AccessControl Garant ... Internet Auth Password Token Biometric 5. Access Control Policies Mandatory Discretionary

Tema 4. Access Control

Garantía y Seguridad en Sistemas y Redes

Esteban Stafford

Departamento de Ingeniería Informá2ca y Electrónica

Este tema se publica bajo Licencia:

Crea2ve Commons BY-‐NC-‐SA 4.0

http://creativecommons.org/licenses/by-nc-sa/4.0/

Grupo deIngeniería deComputadores

4. Access ControlG678: Garantía y Seguridad en Sistemas y RedesEsteban StaffordSantander, October 14, 2015

Contents

Access Control Principles

Subjects, Objects, and Access Rights

Discretionary Access Control

Mandatory Access Control

Role-Based Access Control


1

Access Control

jsmith1234

Auth

Authentication

Authz

Authorization Resources

SecurityAdmin.

Auditing


2

Access Control Requirements

Reliable input.Support for fine and coarse specifications.Least privilege.Separation of duty.Open and closed policies.Policy combinations and conflict resolution.Right relinquishing.


3

Access Control

jsmith1234

Auth

Authentication

Authz

Authorization Resources

SecurityAdmin.

Auditing


2

Access Control Requirements

Reliable input.Support for fine and coarse specifications.Least privilege.Separation of duty.Open and closed policies.Policy combinations and conflict resolution.Right relinquishing.


3

Access Control Policies

Mandatory

Discretionary

Role-basedMandatory

Discretionary

Role-based


4

Subjects, Objects and Access Rights

SubjectsUserGroupRoleWorld

RightsReadWriteExecuteDeleteCreateSearchAuthorise

ObjectsDeviceFilesystemDirectoryFileApplicationDatabaseTableColumnRow

LocationKernelUser spaceLocalhostIntranetWirelessVPNInternet

AuthPasswordTokenBiometric


5

Access Control Policies

Mandatory

Discretionary

Role-basedMandatory

Discretionary

Role-based


4

Subjects, Objects and Access Rights

SubjectsUserGroupRoleWorld

RightsReadWriteExecuteDeleteCreateSearchAuthorise

ObjectsDeviceFilesystemDirectoryFileApplicationDatabaseTableColumnRow

LocationKernelUser spaceLocalhostIntranetWirelessVPNInternet

AuthPasswordTokenBiometric


5

Discretionary Access ControlSubject with a certain Right can Pass it to any othersubject. (Unix filesystem, SQL)Rights are organised in an Access Matrix

File 1 File 2 File 3 File 4

User A Own, Read,Write

Own, Read,Write

User B Read Own, Read,Write Write Read

User C Read, Write Read Own, Read,Write

Access Control Lists(ACL) = columns of Access MatrixCapability Lists = rows of Access Matrix


6


Centrally controlled by a security policy administrator.Subjects do not have the ability to override the policy.SELinux, PolicyKit, Mandatory Integrity Control.


7

Discretionary Access ControlSubject with a certain Right can Pass it to any othersubject. (Unix filesystem, SQL)Rights are organised in an Access Matrix

File 1 File 2 File 3 File 4

User A Own, Read,Write

Own, Read,Write

User B Read Own, Read,Write Write Read

User C Read, Write Read Own, Read,Write

Access Control Lists(ACL) = columns of Access MatrixCapability Lists = rows of Access Matrix


6


Centrally controlled by a security policy administrator.Subjects do not have the ability to override the policy.SELinux, PolicyKit, Mandatory Integrity Control.


7

Linux DAC + MAC (SELinux)


8


UUser

RRole

PPermission

Userassignment

Permissionassignment

SSession

1

Activesessions Role

subset

Role hierarchy

CConstraints


9




UUser

RRole

PPermission

Userassignment


SSession

1

Activesessions Role

subset

Role hierarchy

CConstraints


9

9



8


UUser

RRole

PPermission

Userassignment


SSession

1

Activesessions Role

subset

Role hierarchy

CConstraints


10

Role hierarchy

ProductionEngineer 1

QualityEngineer 1


QualityEngineer 2

Engineer 1 Engineer 2

EngineeringDept.

Leader 1 Leader 2

Director


Role constraints

Mutual exclusivity forces a user to belong to only one roleof a set. Useful to implement separation of duty.Maximum cardinality

Number of roles for a user or session.Number of users with a given role.Number of roles with a given permission.

Prerequisites can establish requirements for belonging tospecial roles. Useful to implement least privilegestructures.


11

11

Role hierarchy


QualityEngineer 1


QualityEngineer 2

Engineer 1 Engineer 2

EngineeringDept.

Leader 1 Leader 2

Director


10

Role constraints

Mutual exclusivity forces a user to belong to only one roleof a set. Useful to implement separation of duty.Maximum cardinality

Number of roles for a user or session.Number of users with a given role.Number of roles with a given permission.

Prerequisites can establish requirements for belonging tospecial roles. Useful to implement least privilegestructures.


12

Documents

Garantía y Seguridad en Sistemas y Redes. Tema 4. Access ... · Tema%4.% AccessControl Garant ... Internet Auth Password Token Biometric 5. Access Control Policies Mandatory Discretionary