Access Control for Windows

6,452 views

Published on

0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
6,452
On SlideShare
0
From Embeds
0
Number of Embeds
11
Actions
Shares
0
Downloads
178
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

Access Control for Windows

  1. 1. Access Control for Windows Operating System M.S. in Information Security Capella University TS5520 – Operating System Theory and Practice Instructor – Kris Jamsa By Amar Yousif, CISSP amaryousif@yahoo.com June 2005
  2. 2. Access Control for Windows Operating System TS5520 Abstract Why do we lock the office building at night? Who has the key to the front door and why? Who has the key to your office and why? Who has the master key and why? Is the building monitored via security CCTV systems and why? The answers to the above questions can be summed up in two words (Access Control), physical Access Control in this case. In the digital age, our valuable data no longer reside only in file cabinets behind locked doors; computers and digital storage facilities nowadays contain our most valuable data as well. Thus, Access Control in the digital context is as important as physical Access Control. Access Control is an integral part of the system security and it directly affects the three tenets of Information Security; Confidentiality, Integrity, and Availability. In this paper, we will attempt to explore the Access Control implementation in the Windows Operating System. Amar Yousif Page 2 6/20/2005
  3. 3. Access Control for Windows Operating System TS5520 Table of Contents Abstract ............................................................................................................................... 2 Table of Contents................................................................................................................ 3 The Concept of Access Control .......................................................................................... 4 What is Access Control?................................................................................................. 4 Why is Access Control needed? ..................................................................................... 6 Access Control Models ................................................................................................... 7 Mandatory Access Control (MAC)............................................................................. 7 Discretionary Access Control (DAC) ......................................................................... 7 Role-Based Access Control (RBAC).......................................................................... 8 Windows Access Control Model ........................................................................................ 9 Active Directory.............................................................................................................. 9 Identification and Authentication ................................................................................... 9 Authorization and Accounting...................................................................................... 10 How it works................................................................................................................. 11 Conclusion ........................................................................................................................ 13 References......................................................................................................................... 14 Amar Yousif Page 3 6/20/2005
  4. 4. Access Control for Windows Operating System TS5520 The Concept of Access Control What is Access Control? Microsoft’s TechNet uses the travel analogy to explain some of the concepts of Access Control. I will attempt to use the same analogy to relate the three tenets of Access Control; Authentication, Authorization, and Accounting. Authentication: When traveling, you show your passport to airport security personnel for identification purposes. Security personnel will then inspect your passport to verify authenticity. This is the process of Identification and Authentication, often referred to as Authentication only. In the digital security context, Authentication is accomplished via the use of passwords (something you know), smart cards (something you have), biometrics (something you are), or a combination of any two (two-factor authentication). Authorization: Let us go back to the travel analogy; once security personnel authenticate your passport, they will deny, allow, or limit entrance to the country based on your passport type, nationality, and visa status. This is the process of Authorization. One way to accomplish this process in the digital security context is via user privileges and object access control lists. Amar Yousif Page 4 6/20/2005
  5. 5. Access Control for Windows Operating System TS5520 Accounting: Upon determining your level of Authorization, security personnel may log your passport data, take your fingerprints, or both for tracking purposes. This is the process of Accounting. Most modern operating systems implement comprehensive auditing capabilities to allow for user activities accounting. Krutz and Vines (2003) define Access Control as “The process of limiting access to the resources of a system only to authorized programs, processes, or other systems (on a network).” (p. 882). Although Accounting is not a part of the above definition, I believe it to be an inseparable part of Access Control for modern systems. Thus, my modified definition of Access Control (The process of limiting access to the resources of a system only to authenticated and authorized principals and the mechanisms with which the principal’s actions are tracked and logged). Amar Yousif Page 5 6/20/2005
  6. 6. Access Control for Windows Operating System TS5520 Why is Access Control needed? Simply put, Access Control is needed to preserve the three tenets of information security; Confidentiality, Integrity, and Availability. Kurtz and Vines (2001) indicate that proper Access Control assures the following: 1. The information is not disclosed to unauthorized persons or processes thus preserving Confidentiality. 2. Integrity is preserved through: a. The prevention of the modification of information by unauthorized personnel. b. The prevention of unauthorized or unintentional modification of information by authorized personnel. c. Preservation of internal and external consistency. 3. The system’s authorized users have timely and uninterrupted access to the information in the system thus preserving Availability. (p. 43-44). Amar Yousif Page 6 6/20/2005
  7. 7. Access Control for Windows Operating System TS5520 Access Control Models Chiefly, Access Control Models can be categorized as Mandatory, Discretionary, or Role-based Access Controls depending on the methodology with which permissions and privileges are granted and controlled. Mandatory Access Control (MAC) In MAC, the Authorization of an object to access a subject depends on the object’s clearance and the subject’s classification. Krutz and Vines (2003) cite a military MAC system as an example. In such system, the documents are classified as unclassified, confidential, secret, and top secret. In order for a user to access a secret level document, the user’s clearance must be equal to, or higher of, the documents classification level, secret in this case. (p. 45). Discretionary Access Control (DAC) As the name implies, the Authorization of an object to access a subject is determined by the subject’s owner discretion. DAC is often used to limit access to files using Access Control Lists (ACL). The file owner determines who can access the file. Amar Yousif Page 7 6/20/2005
  8. 8. Access Control for Windows Operating System TS5520 Role-Based Access Control (RBAC) In 2004 Reynaldo J. de la Fuente published a review for David Ferraiolo, D. Richard Kuhn and Ramaswamy Chandramouli book titled (Role-Based Access Control) in which he explained “In 1992, US National Institute of Standards and Technology (NIST) initiated a study of commercial and government organizations, and found that access control needs were not being met by products on the market at the time. Discretionary access control (DAC) was too flexible and allowed wrong behaviors in badly managed organizations. Mandatory access control (MAC) was suitable only for organizations connected with extremely high security or US Department of Defense requirements. A process was needed to support subject-based security policies, such as access based on competency, conflict-of-interest rules, or access based on a strict concept of least privilege. Supporting such policies without disregarding the organizational structure requires the ability to restrict access based on a user function or role within the enterprise. A solution to meet these needs was proposed in 1992 by Ferraiolo and Kuhn, integrating features of existing application-specific approaches in a generalized role-based access control (RBAC) model”. As Fuente explained, it is that proposed solution that gave birth to the RBAC as we know it today. In RBAC, roles, as opposed to users, are granted access and permissions over objects by the system administrator and then the appropriate users are assigned to these roles. Amar Yousif Page 8 6/20/2005
  9. 9. Access Control for Windows Operating System TS5520 Windows Access Control Model Active Directory Microsoft first introduced Active Directory in Windows 2000 operating system as a central repository of system objects. William and Watts (2000) explain that each object within Active Directory has a set of attributes associated with it; these attributes are used to describe the object and make it unique (p. 25). Objects within Active Directory include users, groups, computers, servers, domains, sites, OUs, etc. Users within Active Directory can be organized in groups to allow for better management of privileges and permissions. Identification and Authentication Microsoft’s TechNet (2003) explains that modern Windows Server operating systems provide a method for applications and users to authenticate by using the Security Support Provider Interface (SSPI). SSPI is Windows implementation of IETF’s Generic Security Services Application Programming Interface (GSSAPI) and it is the foundation of Authentication in Windows 2003. Windows support two methods for selecting authentication protocols; (Single Protocol) where the client must use the protocol predetermined by Windows, and (Negotiate Protocol) where the client can choose to use Kerberos, NTLM, Secure Channel, or Digest as its communication protocol. Amar Yousif Page 9 6/20/2005
  10. 10. Access Control for Windows Operating System TS5520 Authorization and Accounting Once the user in authenticated, the system must determine its proper Authorization level over system objects and track its actions. TechNet (2003) indicates that Authorization and Accounting in Windows is based on the following principles: User-based Authorization: Every application that a user starts runs in the security context of that user. Discretionary Access Control (DAC): The user who owns a securable object can control who has permission to use it and in what way. Inheritance of Permissions: Objects inherent the security attributes of their parent folder. Administrative Privileges: Special users within the system can be granted security administrative privileges (e.g. give permissions to other users, assign users to security groups, run backup jobs, set system wide security policies, etc.) Auditing of System Events: The system is capable of capturing users and administrator actions in an audit trail. Amar Yousif Page 10 6/20/2005
  11. 11. Access Control for Windows Operating System TS5520 How it works Cooke (2004) states that Access Control is geared to answer a question as simple as (can Bob open the file?); (Bob) being the subject, (open) being the action, and (file) being the object. For the system to make a decision in this case, the system must: 1. Authenticate Bob and issue an Access Token (remember Identification and Authentication). A unique Access Token is issued to every authenticated user, it holds the security attributes of the user and it is passed to all processes and threads acting on the user’s behalf (remember User-Based Authorization). 2. The process or the thread acting on the user behalf will call the system API associated with the (open) action. In windows, all user actions are accomplished by calling an Application Programming Interface. The object (file) is passed as a parameter to the API. 3. At this point all needed parameters are identified for the system to make a decision. The subject (Bob) is identify through the Access Token associated with the process requesting the API, the action (open) is identified by calling the respective API, and the object is identified as a parameter that is passed to the API by the requesting process. 4. The part of the system that makes the decision is called the Reference Monitor (RM). 5. The RM will inspect the object’s Security Descriptor (which is associated with the object and holds the Access Control List that defines who is authorized to access the object and in what way) and look for the subject authorization. See figure 1. 6. Based on the information stored in the Security Descriptor, the RM may allow or deny access to the object. Amar Yousif Page 11 6/20/2005
  12. 12. Access Control for Windows Operating System TS5520 Figure 1 Amar Yousif Page 12 6/20/2005
  13. 13. Access Control for Windows Operating System TS5520 Conclusion Access Control in Windows is designed as a Discretionary Access Control model that is fitted to act as a Role-Based Access Control model due to its groups and administrative privileges’ capabilities. Groups can be regarded as roles, permissions and privileges can be assigned to these groups/roles, and finally users can be joined to the said groups/roles. Amar Yousif Page 13 6/20/2005
  14. 14. Access Control for Windows Operating System TS5520 References Cooke, P. (2004). How Access Control Works. Retrieved June 18, 2005, from http://searchwindowssecurity.techtarget.com/originalContent/0,289142,sid45_gci1025647,00.htm l De la Fuente, R. (2004). Role-based Access Control (RBAC): By David Ferraiolo, D. Richard Kuhn and Ramaswamy Chandramouli. Retrieved June 18, 2005, from http://www.isaca.org/Template.cfm?Section=Home&CONTENTID=15068&TEMPLATE=/Cont entManagement/ContentDisplay.cfm Krutz, R.L., & Vines, R.D. (2003). The CISSP Prep Guide: Gold Edition. Indianapolis, Indiana: Wiley Publishing, Inc. Microsoft TechNet. (2003). logon and Authentication Technologies. Retrieved June 18, 2005, from http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/78cb5d3c- d0b2-4d20-a693-fa66bde1a63b.mspx Microsoft TechNet. (2003). Authorization and Access Control Technologies. Retrieved June 18, 2005, from http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/addc004e- a1ad-4fba-8caa-1c9c3eb0fa86.mspx Willis, W., Watts, D.V., & Bruzzese, J.P. (2000). Windows 2000: Directory Services. Scottsdale, AZ: The Coriolis Group. Amar Yousif Page 14 6/20/2005

×