Access Control UNICAM

Ownership

• Define an owner for each resource and let him decide who has access -> policies defined by the owner are called discreationary -> cause access control is at the discretion of the owner
• A System-wide policy decrees who is allowed to have access. Policies imposed by the system are called mandatory

Identity based access control - incurs an identity management overhead and does not scale well

Duscretuibary -> at the discretion of the owner -> he must take care of it (e.g. IBAC)

Mandatory -> security labels for classified objects ->

By implementing intermediate layers between users and object

• Means of simplifying the definition of access control policies
• Users with similar access rights are collected in groups
• This groups are given permission to access Objects.

• Policy exceptions exist
  • Some users should get a permission for an object directly
  • Or denied a permission that normally follows a group

• This may result in a POLICY Conflict as Group rules an direct rules interfere with each other
• We must consider such conflict by the reference monitor
  • Possible Solution: First entry is valid – the later ones will be ignored

A policy refers to the operations a user is allowed to execute. A Privilege stands for the right to execute certain operations.

• Are associated with OS functions – Sys Ad for e.g., can perform functions such as backup, mail access or network access
• Are an intermediate Layer between subjects and operations.

A role can be defined as a collection of application specific operations (Procedures). Subjects derive their access rights from the role they are performing. (RBAC) introduces roles, procedures and possible data types as intermediate layers between subjects and objects

• A collection of procedures.
• A user assigned to a role can execute the procedures defined for that role
• A user can have multiple role and more than one user can have the same role

• High-level access control methods with a more complex semantic than read or write
• Can only be applied to objects of certain data types -> consider a funds transport between two bank accounts

• Each object is of a certain data type
• Can only be accessed through procedures which are defined for this kind of data type

Controlling access to an object by restricting the procedures that may access this object is a general programming practice. It is a fundamental concept in the theory of abstract data types

Inheritance of Child Roles Permissions in Parent -> Teacher can do what a student can do + extra power

RBAC - The least privilege principle suggests that only roles necessary for the current task should be activated

By hirarchy

Seperation of Duties

• The roles may be assigned to a user are fixed and have to take into account separation of duties requirement
• A user can either issue an order or approve a payment

• Roles may be assigned to a user depend on the current task
• A user who has issued a particular purchase may not approve payment for that specific order but for other order he did not issue the purchase

user are assigned to roles,

permissions to role,

users get permissions via role

Add support for role hierarchies. Teacher Role can be defined as senior to teaching assistant

adds support for seperation of duties

a rule that sutdents cannot be teaching assistand on a course they are taking

PR’s are simple example of an intermediate layer of hardware based access control for subjects and objects

• Unix uses two levels with root and operating system running in ring 0 and user processes running in 3

When developing software, you rarely will be in position to know your eventual users. This means policies cannot refer to specific user identities but can perhaps refer to generic placeholder principals such as Teach and Student.