2. Last time …
• Protection (defence) against harm:
– Prevent it by blocking attack or closing vulnerabilities
– Deter it by making the attack harder (but not impossible!)
– Deflect it by making another target more attractive
– Detect it either as it happens or some time after
– Recover from effects
– Using any combination of the above
• Using countermeasures (controls)
• Methods of defence
– Software controls
– Encryption
– Physical and hardware controls
Computer Security Management
Page 2
4. Access control
• Permit or deny the use of a particular resource by a particular entity
• Two dimensions: authentication and authorisation
• Authentication
– User to system
– System to user
• Authorisation
– Discretionary access control
– Mandatory access control
– Role-based access control
Computer Security Management
Page 4
5. User to system authentication
• Something you know
– Password, PIN, challenge-response
• Something you have
– Key, smart card, code book, etc.
• Something you are
– Biometrics: fingerprints, retina scan, etc.
• Somewhere you are
– Secure terminals, subnets, etc.
• Any combination of the above (Two-factor authentication)
Computer Security Management
Page 5
6. System to user authentication
• Secure paths
– Mechanism that ensures that user communicates with the system he intents to
communicate with
– Cannot be intercepted by attacker
– Example: Windows ctrl+alt+del
• Browser clues
• Etc.
Computer Security Management
Page 6
7. Authorisation
• Discretionary access control
– Based on identity of user
– Sometimes organised in groups
• Mandatory access control
– Based on security clearance of user
• Role-based access control
– Based on user’s function, authority and responsibilities
Computer Security Management
Page 7
8. Discretionary access control (DAC)
• Restricting access to objects based on the identity of users and/or
groups to which they belong
• Access: read, write, execute, etc.
• Often every object has an owner that controls the permissions to
access the object
• Discretionary: a subject with a certain access permission is capable
of passing that permission on to other subjects
• Permissions are stored in Access Control Lists (ACLs)
• System first checks the list for an applicable entry in order to decide
whether to proceed with the operation
Computer Security Management
Page 8
9. Access control lists (ACLs)
• Specifies who is allowed to access the object and what operations
are allowed to be performed on the object
• List of users and associated permissions attached to an object
• Usually implemented as a table
• Every user needs to have an entry:
– ACL can grow easily
– Maintaining ACLs can be cumbersome
Computer Security Management
Page 9
10. Mandatory access control (MAC)
• Assigns security labels (classifications) to system resources
– Examples: RESTRICTED, CLASSIFIED, SECRET, TOP SECRET, …
• Ordered (not necessarily in linear order!)
• Allows access only to entities (people, processes, devices) with
appropriate levels of authorisation (clearance)
• Only administrators, not owners, make changes to a resource's
security label
• Assigned security level reflects the relative sensitivity,
confidentiality, and protection value, of data
Computer Security Management
Page 10
11. Bell and La Padula
• Model that focuses on data confidentiality and access to classified
information
• Information must not flow from high to low classification:
– No read up: lowly classified entities may not read more highly classified data
– No write down: highly classified entities may not write to more lowly classified
files
• Limitations
– Restricted to confidentiality
– intended for systems with static security levels - no policies for changing access
rights
– Sometimes, it is not sufficient to hide only the contents of objects. Their
existence may have to be hidden as well, BUT a low subject can detect the
existence of high objects when it is denied access
Computer Security Management
Page 11
12. Role-based access control (RBAC)
• Approach to restricting system access to authorised users that
reduces the costs
• User has access to an object based on his or her assigned role
– Users change frequently, roles don’t
• Operations on an object are invoked based on permissions
• An object is concerned with the user’s role and not the user
• Roles are
– a collection of users and a collection of permissions
– Arranged in hierarchies
user-role assignment role-permission
assignment
Roles Permissions
users
Computer Security Management
Page 12
13. Summary
Today we learned:
• Access control permits or denies the use of a particular resource by
a particular entity
• To dimensions: authentication and authorisation
• Authentication
– User to system
– System to user
• Authorisation
– Discretional access control
– Mandatory access control
– Role-based access control
Computer Security Management
Page 13