Access Control Management
Upcoming SlideShare
Loading in...5

Access Control Management






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Adobe PDF

Usage Rights

CC Attribution-NoDerivs LicenseCC Attribution-NoDerivs License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Access Control Management Access Control Management Presentation Transcript

  • Conferencia FIST Mayo/Madrid 2008 @ Sponsored by:Access Control Management Vicente Aceituno, 2008
  • About meVice president of the ISSA Spain chapter. www.issa-spain.orgVice president of the FIST Conferencesassociation. www.fistconference.orgAuthor of a number of articles: Google: vaceituno wikipediaDirector of the ISM3 Consortium The consortium promotes ISM3, an ISMS standard 2
  • The other side 3
  • Access ControlAuthenticationAuthorizationAuditingEnough? 4
  • Yes…questionsUser Account vs UserCredential ID. Information about the user. Proof of: Ownership: Password vs Criptographic Key Personality: Human? Older than 18? A Woman? From Barcelona? 5
  • AuthenticationProofs of identity, personality andownership: What I know: Passwords What I have: Tokens What I am: Eyes, Fingerprints, etc What I like: What I can do: Maths in German anyone? What I think: (values) 6
  • AuthorizationPermission of access to resourcesCredential x Resources x Actions 7
  • The hidden sideAuthentication: Real Time Authenticationof Credentials vs Granting and Delivery ofCredentials to People. Proof of Identity, or Are you who you were? Proof of Personality.Authorization: Real Time Access Grant vsGranting Access Rights to Credentials. 8
  • SessionWork session between user andapplication Session between processes TCP Transmission session Frame transmission session su (nested session) Software agent session WAP2 session etc… 9
  • Session – User AccountH H 10
  • Session - CertificateH H H X Y 11
  • Access Control Management 12
  • Access Control Management H H 13
  • AuditingLogsCheck ELML 14
  • ELML MarkupEvery event can have an eventID.If the event is not logged by the agent of theevent, the logger can be identified using aloggerID.The agent of the event can be identified using asourceID.The agent of the event can stay in differentlocations, identified using a addressID.The credential used by the source to perform arequest can be identified using a credentialID.The resource (subject) of the event is identifiedusing a resourceID. 15
  • ELML MarkupThe request (access attempt) performed has aRequestType and a Result. The reason for theResult is stated in the ResultText.The payload contains the information necessaryto perform the request.dateTime is the date and time when the request isperformed.signature is the digital signature of the event usingthe credentialID.hash is the digital summary of the event. It isrecommended that the hash of the previous eventin the Record is used to calculate it. 16
  • ELML VocabularyComponent Initiate Finalize Freeze Unfreeze Query Change State StateCredential create delete block unblock read writeSession login logout suspend resume read writeMessage send listen retain forward read writeRepository create delete block unblock read writeInterface connect disconnect interrupt continue read writeChannel open close hold release read writeService start stop pause resume read write 17
  • Multiple Credentials 18
  • ChallengeseDNIWeak Passwords / AuthenticationIdentification vs AnonimityPrivacy vs MarketingDRMPhysical AccessSSOPassword SynchronizationLogs StandarizationExpiryMinimum PrivilegeWork Role – Access Rights SynchronizationIdentifiying Systems -> Phising 19
  • Access Control 20
  • Access ControlIdentificationAuthenticationAccess GrantingAuthorizationAuditing 21
  • Access Control 22
  • Creative Commons Attribution-NoDerivs 2.0You are free:•to copy, distribute, display, and perform this workUnder the following conditions: Attribution. You must give the original author credit. No Derivative Works. You may not alter, transform, or build upon this work.For any reuse or distribution, you must make clear to others the license terms of this work.Any of these conditions can be waived if you get permission from the author.Your fair use and other rights are in no way affected by the above.This work is licensed under the Creative Commons Attribution-NoDerivs License. To view a copy ofthis license, visit or send a letter to CreativeCommons, 559 Nathan Abbott Way, Stanford, California 94305, USA. 23
  • @ with the sponsorship of: THANK YOU