E gov security_tut_session_11


Published on

Published in: Business, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

E gov security_tut_session_11

  1. 1. ‫أكاديمية الحكومة اإللكترونية الفلسطينية‬The Palestinian eGovernment Academy www.egovacademy.psSecurity Tutorial Sessions 11 PalGov © 2011 1
  2. 2. AboutThis tutorial is part of the PalGov project, funded by the TEMPUS IV program of theCommission of the European Communities, grant agreement 511159-TEMPUS-1-2010-1-PS-TEMPUS-JPHES. The project website: www.egovacademy.psProject Consortium: Birzeit University, Palestine University of Trento, Italy (Coordinator ) Palestine Polytechnic University, Palestine Vrije Universiteit Brussel, Belgium Palestine Technical University, Palestine Université de Savoie, France Ministry of Telecom and IT, Palestine University of Namur, Belgium Ministry of Interior, Palestine TrueTrust, UK Ministry of Local Government, PalestineCoordinator:Dr. Mustafa JarrarBirzeit University, P.O.Box 14- Birzeit, PalestineTelfax:+972 2 2982935 mjarrar@birzeit.eduPalGov © 2011 2
  3. 3. © Copyright NotesEveryone is encouraged to use this material, or part of it, but should properlycite the project (logo and website), and the author of that part.No part of this tutorial may be reproduced or modified in any form or by anymeans, without prior written permission from the project, who have the fullcopyrights on the material. Attribution-NonCommercial-ShareAlike CC-BY-NC-SAThis license lets others remix, tweak, and build upon your work non-commercially, as long as they credit you and license their new creationsunder the identical terms. PalGov © 2011 3
  4. 4. Tutorial 5: Information SecuritySession 11: Access ControlSession 9 Outline: • Access Control • Overview of Database Security PalGov © 2011 4
  5. 5. Tutorial 5: Session 11: Access ControlThis session will contribute to the followingILOs:• A: Knowledge and Understanding • a2: Defines security standards and policies.• B: Intellectual Skills • b3: Design end-to-end secure and available systems. • D: General and Transferable Skills • d2: Systems configurations. • d3: Analysis and identification skills. PalGov © 2011 5
  6. 6. Access Control • “The prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner“ [1] • Central element of computer security • Systems have users and groups – Authenticate to system – Assigned access rights to certain resources on system – Logging and auditing is very important (why?)1. Computer Security: Principles and Practice, by William Stallings and Lawrie Brown. Published by Pearson/Prentice Hall, © 2008. ISBN: 0-13-600424-5. PalGov © 2011 6
  7. 7. Access Control Principles PalGov © 2011 7
  8. 8. Different Access Control Policies• Discretionary access control (DAC): – an entity might have access rights that permit another entity to access some resource (done by its own volition).• Mandatory access control (MAC): – may not enable another entity to access that resource.• Role-based access control (RBAC): – based on the roles. – ABAC: Administrative RBACK . (See [2] The ARBAC97 model for role-based administration of roles for more details)• Attribute Based Access Control (ABAC): – Generalisation of RBAC to use any attributes PalGov © 2011 8
  9. 9. Access Control Requirements• Separation of duty between different entities• Reliable input with validation• Fine specifications.• Coarse specifications• Least restrictive privilege• Open /closed policies• Admin policies PalGov © 2011 9
  10. 10. Access Control Elements• A subject is an entity that can access objects – A process representing user/application – Ex. (Owner, group, world in unix/linux systems)• Object - access controlled resource – E.G. Files, directories, records, programs etc – Number/type depend on environment• Access rights are actions in which subjects accesses objects – E.G. Read, write, execute, delete, create, search…etc. PalGov © 2011 10
  11. 11. Discretionary Access Control• Uses access matrix – Rows : lists subjects in one dimension. – Columns: lists objects in anther dimension – Content of cells specifies access rights (actions) of the specified subject to that object PalGov © 2011 11
  12. 12. Access Control Model Access Control Model [1]1. Computer Security: Principles and Practice, by William Stallings and Lawrie Brown. Published by Pearson/Prentice Hall, © 2008. ISBN: 0-13-600424-5. PalGov © 2011 12
  13. 13. Different Functions of Access Control PalGov © 2011 13
  14. 14. Domains of Protection• Each object can be associated with access rights / actions• In access matrix view – Each row defines a protection domain – But not necessarily just a user – May be a limited subset of user’s rights – Applied to a more restricted process PalGov © 2011 14
  15. 15. Example: UNIX File• UNIX files are administered using inodes – May have several names for same inode – Control structure with key info on file – Have inode table / list for all files on a disk• Directories considered as a hierarchical tree – May contain files or other directories – Are a file of names and inode numbers PalGov © 2011 15
  16. 16. UNIX File Access Control (chmod command)• Chmod 742• r w x r_ _ _ w _ U G O – r : read – w : write – x : execute PalGov © 2011 16
  17. 17. UNIX File Access Control (SetUID) and (SetGID)• Unix super-user – access control restrictions does not apply …• Directory sticky bit – For directories, it limits rename/move/delete to owner PalGov © 2011 17
  18. 18. UNIX Access Control Lists• Can specify any number of additional users / groups and permissions• Modern UNIX systems support Access Control Lists• Group perms also set max ACL perms PalGov © 2011 18
  19. 19. Mandatory Access Control (MAC(• Based on comparing security labels – Depends on resource sensitivity• Needs security clearance• Person with MAC level on a resource may not enable other entities to use or even reach this resource – Example military reasons. – Or for financial data. PalGov © 2011 19
  20. 20. Mac Features and Attributes• Appropriate for extremely secure systems good• For egov. Critical data applications.• Mac attributes. • Security label can be changed by only administrators, not data owners. • Objects are assigned security level that reflects its relative sensitivity, confidentiality, and protection value. • Users can read from a lower classification than the one they are granted. PalGov © 2011 20
  21. 21. Mac Features and Attributes (cont)• All users can write to a higher classification.• All users are given read/write access to objects only of the same classification.• Access is authorized or restricted to objects based on different parameters like: • time of day depending on the labeling on the resource and the users credentials. • security characteristics of the HTTP client (originating IP address or domain, etc.) PalGov © 2011 21
  22. 22. MS Windows Vista Example (MAC)• It is called Mandatory Integrity Control (MIC) in Windows Vista.• Model, which ensures integrity by controlling writes and deletions.• Label on Subjects: When a user logs on, Windows Vista assigns an integrity SID to the users access token. (Included in the SID is an integrity label that determines the level of access the token (and thus the user) can achieve.) PalGov © 2011 22
  23. 23. MS Windows Vista Example (MAC)• Label on Objects: Objects are also assigned an integrity SID, which is stored in the system access control list (SACL) of the objects security descriptor. The label in the SID specifies the integrity level of the object. (such as files, pipes, processes, threads, registry keys, services, etc.)• Access Control Policy: To write to or delete an object, the integrity level of subject must be equal to or greater than the object’s level.• Vista checks MAC first, if passed, it then checks DAC (e.g. access control list). • MAC provides a layer of access control in addition to DAC; it does not replace DAC. PalGov © 2011 23
  24. 24. Windows VISTA Integrity Levels :• Windows Vista defines six integrity levels (IL): Low, Medium, High, and System. • Un-trusted. • Low: everyone (i.e. world). • Medium: standard users, authenticated users. • High: local service, network service, elevated users. • System: system services. • Trusted Installer. Usually, child processes inherit the integrity level of their parents, unless the executable program running in the child process has a lower integrity level. For example, all the downloaded executables will run with Low integrity level because the labels of the executable programs are marked as Low when they are downloaded from the Internet. • Default levels: Objects that lack an integrity label are treated as medium by the operating system. This prevents low integrity code from modifying unlabeled objects PalGov © 2011 24
  25. 25. Role-Based Access Control PalGov © 2011 25
  26. 26. Role-Based Access Control R1 R2 R3 Rn U1 X U2 X U3 X X X U4 X X X Un Objects R1 R2 Rn F1 F2 D1 D2 Pi R1 control owner Owner read control R2 control Write stop Rn seek PalGov © 2011 26
  27. 27. Role-Based Access Control PalGov © 2011 27
  28. 28. NIST RBAC Model PalGov © 2011 28
  29. 29. Case Study: RBACK for your ORG PalGov © 2011 29
  30. 30. ABAC• More general model than RBAC, where permissions are assigned to any attribute, not just a user’s role, e.g – If Age .GT. 18 then grant access to ID WEBSITE – If Level of Assurance .GE.2 then grant read access to database. – If Level of Assurance .GE. 3 then grant update access to database PalGov © 2011 30
  31. 31. Tutorial 5: Information SecuritySession 9: Access ControlSession 9 Outline: • Access Control • Overview of Database Security PalGov © 2011 31
  32. 32. Overview of Database Security PalGov © 2011 32
  33. 33. Relational Databases• Have multiple tables linked by identifiers/keys• Constructed from tables of data• Use a query language (PL/SQL) to access data items meeting specified criteria, add, delete, change… PalGov © 2011 33
  34. 34. A Relational Database Example PalGov © 2011 34
  35. 35. Elements of Relational Databases• Primary key• Foreign key• Tuple / row / record• Relation / table / file• Attribute / column / field• View / virtual table PalGov © 2011 35
  36. 36. Structured Query Language (SQL)• Structure query language (SQL) – Standardized language to define, manipulate, and query data in a relational database – Originally developed by IBM in the mid-1970s PalGov © 2011 36
  37. 37. Database Access Control• DBMS provide access control for database• Assume have authenticated user• DBMS provides specific access rights to portions of the database• Can support a range of policies: – centralized / decentralized administration – ownership-based administration PalGov © 2011 37
  38. 38. SQL Access Controls• Two commands: – GRANT { privileges | role } [ON table] TO { user | role | PUBLIC } [IDENTIFIED BY password] [WITH GRANT OPTION] • e.g. GRANT SELECT ON ANY TABLE TO ricflair – REVOKE { privileges | role } [ON table] FROM { user | role | PUBLIC } • e.g. REVOKE SELECT ON ANY TABLE FROM ricflair• Typical access rights are: – SELECT, INSERT, UPDATE, DELETE, REFERENCES PalGov © 2011 38
  39. 39. Role-Based Access Control• Role-based access control works well for DBMS• Categories of database users: – Administrator – Application owner – End user• DB RBAC must manage roles and their users (RBAC on Microsofts SQL server) PalGov © 2011 39
  40. 40. Inference Case PalGov © 2011 40
  41. 41. Statistical Databases• Provides statistical data like averages and counts.• Two types: – Pure statistical database – Ordinary database with statistical access • Some users have normal access, others statistical• We should allow statistical results without accessing individual entries.• Inference is a security problem PalGov © 2011 41
  42. 42. Statistical Database Security• A statistical query is a query that produces a value calculated over a query set• One can Use A logical formula over the values of attributes – E.G. (Sex=male) AND ((major=cs) OR (major=ee))• Query set X(C) of characteristic formula C, is the set of records matching C PalGov © 2011 42
  43. 43. Statistical Database Example [1]1. Computer Security: Principles and Practice, by William Stallings and Lawrie Brown. Published by Pearson/Prentice Hall, © 2008. ISBN: 0-13-600424-5. PalGov © 2011 43
  44. 44. Solving Inference Problems PalGov © 2011 44
  45. 45. Database Encryption• Databases are valuable resources and can be protected by multiple layers of security: – firewalls, – authentication, – O/S access control systems, – DB access control systems, – and database encryption• Can encrypt – Entire database - – Individual fields - – Records (rows) or columns (attributes) PalGov © 2011 45
  46. 46. Database Encryption PalGov © 2011 46
  47. 47. Homomorphic Encryption (1)• With normal Database encryption transfer – Servers that power a cloud cant do any work on it that way.• With homomorphic encryption, a company could encrypt its entire database of e-mails and upload it to a cloud. – It is possible to analyze data without decrypting it. – The key is to encrypt the data in such a way that performing a mathematical operation on the encrypted information and then decrypting the result produces the same answer as performing an analogous operation on the unencrypted data. PalGov © 2011 47
  48. 48. Homomorphic Encryption (2) • The correspondence between the operations on unencrypted data and the operations to be performed on encrypted data is known as a homomorphism. – "In principle," says Gentry, an IBM researcher, "something like this could be used to secure operations over the Internet.“ [2][2] (http://www.technologyreview.com/computing/37197/) PalGov © 2011 48
  49. 49. Bibliography1. Computer Security: Principles and Practice, by William Stallings and Lawrie Brown. Published by Pearson/Prentice Hall, © 2008. ISBN: 0-13-600424-5.2. Homomorphic Encryption Making cloud computing more secure (http://www.technologyreview.com/computing/37197/), accessed 20/1/2012. PalGov © 2011 49
  50. 50. Summary• In this session we discussed the following: – Introduced access control principles • subjects, objects, access rights – Discretionary access controls • access matrix, access control lists (ACLs), capability tickets • UNIX traditional and ACL mechanisms – Role-based access control and ABACK – Overview of Database Security/Control PalGov © 2011 50
  51. 51. Thanks Radwan Tahboub PalGov © 2011 51