COMPUTER SECURITY

(CSE 4105)

Access Control
 Introduction
 Access Control: The prevention of unauthorized
use of a resource, including the prevention of use
of a resource in an unauthorized manner

[Link] Anupam Kumar Bairagi, PhD

 Access Control Principles

[Link] Anupam Kumar Bairagi, PhD

 Access Control Principles
 Authentication: Verification that the credentials of
a user or other system entity are valid.
 Authorization: The granting of a right or permission
to a system entity to access a system resource. This
function determines who is trusted for a given
purpose.
 Audit: An independent review and examination of
system records and activities in order to test for
adequacy of system controls, to ensure compliance
with established policy and operational procedures,
to detect breaches in security, and to recommend
any indicated changes in control, policy and
procedures.

[Link] Anupam Kumar Bairagi, PhD

 Access Control Policies
 An access control policy, which can be embodied in
an authorization database, dictates what types of
access are permitted, under what circumstances,
and by whom. Access control policies are generally
grouped into the following categories:

 Discretionary access control (DAC): Controls

access based on the identity of the requestor and
on access rules (authorizations) stating what
requestors are (or are not) allowed to do. This
policy is termed discretionary because an entity
might have access rights that permit the entity,
by its own volition, to enable another entity to
access some resource.

[Link] Anupam Kumar Bairagi, PhD

 Access Control Policies
 Mandatory access control (MAC): Controls
access based on comparing security labels (which
indicate how sensitive or critical system
resources are) with security clearances (which
indicate system entities are eligible to access
certain resources). This policy is termed
mandatory because an entity that has clearance
to access a resource may not, just by its own
volition, enable another entity to access that
resource.

 Role-based access control (RBAC): Controls

access based on the roles that users have within
the system and on rules stating what accesses
are allowed to users in given roles.
[Link] Anupam Kumar Bairagi, PhD
 Subjects, Objects and Access Rights
 A subject is an entity capable of accessing
objects.
– Generally, the concept of subject equates with
that of process.
– Any user or application actually gains access to
an object by means of a process that
represents that user or application.
 Basic access control systems typically define
three classes of subject, with different access
rights for each class:
– Owner: This may be the creator of a resource,
such as a file. For system resources, ownership
may belong to a system administrator.

[Link] Anupam Kumar Bairagi, PhD

 Subjects, Objects and Access Rights
– Group: In addition to the privileges assigned to an
owner, a named group of users may also be granted
access rights, such that membership in the group is
sufficient to exercise these access rights. In most
schemes, a user may belong to multiple groups.
– World: The least amount of access is granted to
users who are able to access the system but are
not included in the categories owner and group for
this resource.
 An object is a resource to which access is
controlled.
– In general, an object is an entity used to contain
and/or receive information.
– Examples include records, blocks, pages, segments,
files, portions of files, directories, directory trees,
mailboxes, messages, and programs.
[Link] Anupam Kumar Bairagi, PhD
 Subjects, Objects and Access Rights
 An access right describes the way in which a
subject may access an object. Access rights
could include the following:
– Read: User may view information in a system
resource (e.g., a file). Read access includes the
ability to copy or print.
– Write: User may add, modify, or delete data in
system resource (e.g., files, records, programs).
Write access includes read access.
– Execute: User may execute specified programs.
– Delete: User may delete certain system resources,
such as files or records.
– Create: User may create new files, records, or
fields.
– Search: User may list the files in a directory or
otherwise search the directory.
[Link] Anupam Kumar Bairagi, PhD
 Discretionary Access Control
 A discretionary access control scheme is one in
which an entity may be granted access rights that
permit the entity, by its own volition, to enable
another entity to access some resource.
 A general approach to DAC is that of an access
matrix.
 The access matrix concept was formulated by
Lampson [LAMP69, LAMP71], and subsequently
refined by Graham and Denning [GRAH72,
DENN71] and by Harrison et al. [HARR76].
 One dimension of the matrix consists of
identified subjects that may attempt data access
to the resources.
 The other dimension lists the objects that may be
accessed.
[Link] Anupam Kumar Bairagi, PhD
 Discretionary Access Control
 Each entry in the matrix indicates the access
rights of a particular subject for a particular
object.

[Link] Anupam Kumar Bairagi, PhD

 Discretionary Access Control
 In practice, an
access matrix is
usually sparse and is
implemented by
decomposition in
one of two ways.
 The matrix may be
decomposed by
columns, yielding
access control lists
(ACLs)

[Link] Anupam Kumar Bairagi, PhD

 Discretionary Access Control
 For each object, an ACL lists users and their permitted
access rights.
 The ACL may contain a default, or public, entry.
 This allows users that are not explicitly listed as
having special rights to have a default set of rights.
 The default set of rights should always follow the rule
of least privilege or read-only access, whichever is
applicable.
 Elements of the list may include individual users as well
as groups of users.
 When it is desired to determine which subjects have
which access rights to a particular resource, ACLs are
convenient, because each ACL provides the information
for a given resource.
 However, this data structure is not convenient for
determining the access rights available to a specific
user.
[Link] Anupam Kumar Bairagi, PhD
 Discretionary Access Control
 Decomposition by rows yields capability tickets.
 A capability ticket specifies authorized objects and
operations for a particular user.
 Each user has a number of tickets and may be authorized to
loan or give them to others
 It is easy to determine the set of access rights that a given
user has, but more difficult to determine the list of users
with specific access rights for a specific resource.

[Link] Anupam Kumar Bairagi, PhD

 Role Based Access Control
 Traditional DAC systems define the access rights
of individual users and groups of users.
 In contrast, RBAC is based on the roles that users
assume in a system rather than the user’s identity.
 Typically, RBAC models define a role as a job
function within an organization.
 RBAC systems assign access rights to roles
instead of individual users.
 In turn, users are assigned to different roles,
either statically or dynamically, according to their
responsibilities.

[Link] Anupam Kumar Bairagi, PhD

 Role Based Access Control
 The relationship of users to roles is many to many,
as is the relationship of roles to resources, or
system objects
 The set of users changes, in some environments
frequently, and the assignment of a user to one or
more roles may also be dynamic.
 The set of roles in the system in most environments
is relatively static, with only occasional additions or
deletions.
 Each role will have specific access rights to one or
more resources.
 The set of resources and the specific access rights
associated with a particular role are also likely to
change infrequently.

[Link] Anupam Kumar Bairagi, PhD

 Role Based Access Control

[Link] Anupam Kumar Bairagi, PhD

 Role Based Access Control
 We can use the access matrix representation to
depict the key elements of an RBAC system in
simple terms

[Link] Anupam Kumar Bairagi, PhD

 Role Based Access Control
 The upper matrix relates individual users to roles.
 Typically there are many more users than roles.
 Each matrix entry is either blank or marked, the latter
indicating that this user is assigned to this role.
 Note that a single user may be assigned multiple roles
(more than one mark in a row) and that multiple users
may be assigned to a single role (more than one mark in a
column).
 The lower matrix has the same structure as the DAC
access control matrix, with roles as subjects.
 Typically, there are few roles and many objects, or
resources.
 In this matrix the entries are the specific access rights
enjoyed by the roles.
 Note that a role can be treated as an object, allowing
the definition of role hierarchies.
[Link] Anupam Kumar Bairagi, PhD
Thanks for your Attention