Access Control UNICAM
UNICAM AC Partial 2
UNICAM AC Partial 2
Kartei Details
| Karten | 71 |
|---|---|
| Sprache | English |
| Kategorie | Informatik |
| Stufe | Universität |
| Erstellt / Aktualisiert | 04.12.2021 / 04.12.2021 |
| Weblink |
https://card2brain.ch/box/20211204_access_control_unicam
|
| Einbinden |
<iframe src="https://card2brain.ch/box/20211204_access_control_unicam/embed" width="780" height="150" scrolling="no" frameborder="0"></iframe>
|
Why do we need Access Control - whats is the purpose?
We need a language for expressing our intended access control policies together wit a mechanism to enforce this access control behavior.We need a language for expressing our intended access control policies together wit a mechanism to enforce this access control behavior.
What do we need to consider for shared data in terms of security?
- Integrity is the maintenance of, and the assurance of, data accuracy and consistency over its entire life cycle.
- Confidentiality deals with protecting against the disclosure of information by ensuring that the data is limited to those authorized
Basic Terminology for AC
How do we call the active entity?
Subject or Principal
Basic Terminology for AC
How do we call the passive entity?
Object
Basic Terminology for AC
How do we call the process?
Access Operation
Basic Terminology for AC
How do we call logic behind AC?
Reference Monitor
What does the subject do in AC?
Performs an operation - wants to access something
What are Object examples?
Files, folders, printers, memory
What does the reference monitor do?
Acts as a guard and grants or denies access
What is Identity-based access Cotnrol?
Traditional Security - Policy refers to human users ->most common in OS
Is there a difference between subject and principial?
Principals are the real users identity
Subjects operate on behalf of human users we call princiapls -> subjects are bound to principals
To identify a Subject in identiy based access control - A subject name must be?
Globally Unique
Readable
Meamorable
Do Subjects have to be bound to principals?
Do Prinicpals need to represent human users or attributes of human users?
What is the reference monitor doing?
Checks whether the principal that is bound to the subject has the right to access the object
Make an example in an operating system for a principal and a subject
Prinicpal = User Identity
Subject = process running under a user identity
Prinicipals and objects present two options for focusing control
A) what a principal is allowed to do = e.g. DB User -> Access Rights
B) what may be done with an object = e.g. OS files : infrastrcturure to manage files and resources
Access control consists of two steps
1) Authentication : who sad this statement
2) Authorization : who is trusted to access the object
Do Access Operation vary on different systems ?
Make some examples for access operations:
Read and write physical memory
methods calling in OO system
Access Modes:
What are the two most basic level of Access Modes
Obser - look at the contents of an objects
Alter . change the contents of an object
Draw theh Bell - LaPadula Model
Execute | Append | read | write
Observe x x
Alter x x
Why does it make sense to add a read to the write access mode in the lapadula model
In terms of efficiency - it makes senste to combine both as otherwise a user may open a file twice - once for reading once for writing
In the LaPadula Access Model - Append has no Ovserver rights - does this make sense and where ?
- Logs or a Process who is writing to a log but has no need to read it.
In the LaPadula Access Mode Execute none - Observe and Alter are selecter - for what is it then useful?
- Neither observe or alter -> rarely the case
- Tamper-resistant register (Key cannot be read but access control rules access to execute encrypton)
What is different in terms of Access Mode for example in the Multics OS?
It differs access attributes for files and for directories
R / W and Execute are different to the basic Lapdaula Model
Multics OS Access Modes - show us the File Modes along with the LaPadula notations
Files:
Read - r
execute - e,r
read and write - w
write a
Multics OS Access Modes - show us the Directories Modes along with the LaPadula notations
Status - r
status and modify - w
append - a
search e
IN the unix operatin system access control policies are expressed in term of 3 operations:
Read - reading from a file
Write - writing to a file
Execute: executing a program file
As with multics, Linux does not imply read access to write operations.
If those operations are applied to directories – they have the following meaning:
- Read: list directory contents
- Write: create or rename a file in the directory
- Execute: search the directory
Unix controls who can create and delete files by controlling write access to the file’s directory
- Access can be changed by modifying a files entry in its directory
- Defines access rights to file and dirs. Via access rights to the parent directory
- Grant and Revoke -> manipulating a subject’s access rights by some other party
- Assert and deny when the subject changes its own access rights.
- Delegation policies -> subject invokes another subjects and the rights of invoked subject have to be established
Administrative access rights - how do we call the definition if the AR get modified by some other party ?
Administrative access rights - how do we call the definition if the AR get modified by its own ?
Access Control Structure - why ?
we know the operations but we need to somehow which access operations are permitted
What are the requierements of Access Control Structures?
- Access control Structures help to express your desired access control policy
- We need some way to check if our intended policy has been capture correctly
What is a tool fr Access Control Structures? And how is it modeled?
Access Controll Matrix
Subject | Object Object Object
Alice r r w
Bob rw w r
What are some disadvantegs of an access control matrix and what should we use in such scenarios?
Disadvantage: not suitable if number of subjects and objects is large or if they change frequently -> in such scenarios intermediate levels of control are preferred
Where can an access control matrix be implemented ?
At both - subject or object
Capabilites -> what is it ?
If we store the access control matrix with the subject -> we give them capability - a unforgeable toke that specifies this subjects accds rights. It corresponds to the subjects row in the access control matrix
E.G
Alice: capability: edite.exe: execute etc...
What are the downsides of capabilites?
- Disadvantage: difficult to get an overview of who has permission to access given objects.
- It is difficult to revoke a capability – either OS has to be given the task or the user who passed those to keep everything up-to-date -> it gets even more awkward if 3rd parties are involved.
- Where to store capabilities -> if over network exchange-> cryptography is required.
