1 / 31

ACCESS CONTROL: THE NEGLECTED FRONTIER

ACCESS CONTROL: THE NEGLECTED FRONTIER. Ravi Sandhu George Mason University. CONFIDENTIALITY most studied. INTEGRITY less studied. AVAILABILITY least studied. USAGE newest. SECURITY OBJECTIVES. SECURITY TECHNOLOGIES. Access Control Cryptography Audit and Intrusion Detection

Download Presentation

ACCESS CONTROL: THE NEGLECTED FRONTIER

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University

  2. CONFIDENTIALITY most studied INTEGRITY less studied AVAILABILITY least studied USAGE newest SECURITY OBJECTIVES

  3. SECURITY TECHNOLOGIES • Access Control • Cryptography • Audit and Intrusion Detection • Authentication • Assurance • Risk Analysis • .......................

  4. CRYPTOGRAPHY LIMITATIONS • Cryptography cannot protect confidentiality and integrity of • data, keys, software in end systems • Prevent or detect use of covert channels

  5. AUDIT AND INTRUSION DETECTION LIMITATIONS • Intrusion detection cannot by itself • protect audit data and audit collection and analysis software • prevent security breaches • protect against covert channels

  6. ACCESS CONTROL LIMITATIONS • Access control cannot by itself • protect data in transit or storage on an insecure medium • safeguard against misuse by authorized users • protect against covert channels

  7. AUTHENTICATION LIMITATIONS • By itself authentication does very little but what it does is critical • pre-requisite for effective • cryptography • access control • intrusion detection

  8. A MIX OF MUTUALLY SUPPORTIVE TECHNOLOGIES AUTHENTICATION RISK ANALYSIS ASSURANCE ACCESS CONTROL CRYPTOGRAPHY INTRUSION DETECTION SECURITY ENGINEERING & MANAGEMENT

  9. CLASSICAL ACCESS CONTROL DOCTRINE • Lattice-based mandatory access control (MAC) • strong • too strong • not strong enough • Owner-based discretionary access control (DAC) • too weak • too confused

  10. ISSUES IN LATTICE-BASED MAC • MAC enforces one-directional information flow in a lattice of security labels • can be used for aspects of • confidentiality • integrity • aggregation (Chinese Walls)

  11. PROBLEMS WITH LATTICE-BASED MAC • does not protect against covert channels and inference • not strong enough • inappropriate • too strong

  12. ISSUES IN OWNER-BASED DAC • negative “rights” • inheritance of rights • interaction between positive and negative rights • grant flag • delegation of identity • temporal and conditional authorization

  13. PROBLEMS WITH OWNER-BASED DAC • does not control information flow • too weak • inappropriate in many situations • too weak • too confused

  14. BEYOND OWNER-BASED DAC • separation between ability • to use a right • to grant a right • non-discretionary elements • user who can use a right should not be able to grant it and vice versa

  15. NON-DISCRETIONARY (BEYOND LATTICE-BASED MAC) • control of administrative scope • rights that can be granted • to whom rights can be granted • rights that cannot be simultaneously granted to same user • rights that cannot be granted to too many users

  16. WHAT IS THE POLICY IN NON-DISCRETIONARY ACCESS CONTROL? • Non-discretionary access control is a means to articulate policy • does not incorporate policy but does support security principles • least privilege • abstract operations • separation of duties

  17. ISSUES IN NON-DISCRETIONARY ACCESS CONTROL • models for non-discretionary propagation of access rights • role-based access control (RBAC) • task-based authorization (TBA)

  18. NON-DISCRETIONARY PROPAGATION MODELS • HRU, 1976 • TAKE-GRANT, 1976-82 • SPM/ESPM, 1985-92 • TAM/ATAM, 1992 onwards

  19. NON-DISCRETIONARY PROPAGATION MODELS • type-based non-discretionary controls • rights that authorize propagation can be separate or closely related to right being propagated • testing for absence of rights is essential for dynamic separation policies

  20. USER-ROLE ASSIGNMENT PERMISSION-ROLE ASSIGNMENT USERS ROLES PERMISSIONS ... SESSIONS ROLE-BASED ACCESS CONTROL: RBAC0

  21. ... ROLE-BASED ACCESS CONTROL: RBAC1 ROLE HIERARCHIES USER-ROLE ASSIGNMENT PERMISSION-ROLE ASSIGNMENT USERS ROLES PERMISSIONS SESSIONS

  22. HIERARCHICAL ROLES Primary-Care Physician Specialist Physician Physician Health-Care Provider

  23. Supervising Engineer Hardware Engineer Software Engineer Engineer HIERARCHICAL ROLES

  24. ... ROLE-BASED ACCESS CONTROL: RBAC3 ROLE HIERARCHIES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERS ROLES PERMISSIONS SESSIONS CONSTRAINTS

  25. ... RBAC MANAGEMENT ROLES PERMISSIONS USERS CAN- MANAGE ADMIN ROLES ADMIN PERMISSIONS

  26. S S3 CSO T5 T2 T4 T1 SO1 SO2 SO3 P3 P ADMINISTRATIVE ROLE HIERARCHY ROLE HIERARCHY RBAC MANAGEMENT

  27. H HR LW LATTICE ROLES L LR HW ROLES AND LATTICES • RBAC can enforce classical lattice-based MAC

  28. H HR LATTICE ROLES HW LW L LR ROLES AND LATTICES • RBAC can accommodate variations of classical lattice-based MAC

  29. TASK-BASED AUTHORIZATION (TBA) • beyond subjects and objects • authorization is in context of some task • transient use-once permissions instead of long-lived use-many-times permissions

  30. TRANSACTION CONTROL EXPRESSIONS (TCEs) • TCEs are an example of TBA • prepare  clerk; approve  supervisor; issue  clerk;

  31. CONCLUSION • access control is important • there are many open issues

More Related