Part02 access control authentication

2/21/2012

Access Control, Authentication
IT Faculty – Dalat University
February - 2012

LOGO

Access Control

 The mechanism by which users are
granted or denied the ability to
interact with and use resources
 Access control is often referred to
using the term authorization
 With proper authorization or access
control, a system will properly control
access to resources in order to
prevent unauthorized access.

2 Phan Thi Thanh Nga - IT Faculty

Access Control Methods

Discretionary Access Control (DAC)
 bases access decisions on users’ identity

Mandatory Access Control (MAC)
 bases access decisions on mandated
regulations deﬁned by a central authority

Role-Based Access Control (RBAC)
 bases access decisions on the roles played
by users in the models

1

2/21/2012

Discretionary Access Control

 based on the identity of the user
requesting access and on a set of
rules, called authorizations
 stating which user can perform which
action on which resource


Basic elements


User - Principals

 user and principals: 1
to n mapping
 System authenticates
user in the context of
principals
 Shared principals
(account ) are not
good for auditing and
accountability


2

2/21/2012

Principal - Subjects

 1 to n mapping
between
principal and
subject
A subject is a
program or
application run
on behalf of
principal


Objects

 Object is an anything on which a
subject can perform allowed
operations (i.e. with grant rights)
Usually objects are passive: files,
directories, processes, tables, …


Rights

 A right specifies what kind of access
a subject can perform on an object
 Own
 Read
 Write
 Execute
 Create
 Delete
 …


3

2/21/2012

Discretionary Access Control

 In the most basic form, an
authorization is a triple (s, o, a),
stating that user s can execute action
a on object o
 The ﬁrst discretionary access control
model proposed in the literature is
the access matrix model


Access Matrix Model

Let S, O,and A be
a set of subjects,
objects, and
actions,
respectively.
The access matrix
model represents
the set of
authorizations
through a |S|×|O|
matrix A.


Access Matrix Model

 Each entry A[s, o] contains the list of
actions that subject s can execute over
object o
 Ex: user Ann can read and write
Document1


4

2/21/2012

Access Matrix Model

 The access matrix model can be
implemented through diﬀerent
mechanisms.
 The mechanisms typically adopted
are:
 Authorization table. The non empty entries
of A are stored in a table with three attributes:
user, action,and object.


Authorization table


Access Matrix Model

 Access control list (ACL).
 The access matrix is stored by column, that is,
each object is associated with a list of
subjects together with a set of actions they
can perform on the object.
 O  {(S,A)}: ACL


5

2/21/2012

Access Control List


 Capability
 The access matrix is stored by row, that is, each
subject is associated with a list indicating, for each
object, the set of actions the subject can perform on it.
S  {(O,A)}


Capability List


6

2/21/2012

Disadvantages

 List some disadvantages of access
matrix ?????????
 Possible conditions:
• data-dependent (sal<1000)
• timedependent (8:00am-5:00pm)
• Context dependent (“name-salary” pair is
prohibited)
• History dependent, …


DAC

DAC systems have evolved and they
include support for the following
features:
 Conditions: support conditions associated
with authorizations
 Abstractions: supports user groups and
classes of objects
 Exceptions: support exceptions in
authorization deﬁnition


DAC vulnerabilities

 Trojan horses
 does not distinguish between users and
subjects


7

2/21/2012

Mandatory Access Control

The most common form of mandatory
policy is the multilevel security policy,
based on the classifications of
subjects and objects in the system
Each subject and object in the system
is associated with an access class
 a security level
 a set of categories.



 Given two access classes c1 and c2,
c1 dominates c2, denoted c1 ≥ c2,iff
 The security level of c1 is greater than or
equal to the security level of c2 and
 the set of categories of c1 includes the set of
categories of c2.



Mandatory policies can be classified
as secrecy-based and integrity-based,
operating in a dual manner.
Secrecy-Based Mandatory Policy
 The main goal is to protect data confidentiality
 applying the following two principles
• No-Read-Up. A subject s can read an object o if
and only if the access class of the subject
dominates the access class of the object.
• No-Write-Down. A subject s can write an object o
if and only if the access class of the object
dominates the access class of the subject.

8

2/21/2012

Secrecy-Based Mandatory Policy



 Integrity-Based Mandatory Policy
 The main goal is to prevent subjects from
indirectly modifying information they cannot
write.
 Applying the following two principles
• No-Read-Down. A subject s can read an object o
if and only if the integrity class of the object
dominates the integrity class of the subject.
• No-Write-Up. A subject s can write an object o if
and only if the integrity class of the subject
dominates the integrity class of the object.


Integrity-Based Mandatory Policy


9

2/21/2012

Role-Based Access Control

 A role is defined as a set of privileges
that any user playing that role is
associated with
The access control policy is then
defined through two different steps:
 the administrator defines roles and the
privileges related to each of them;
 each user is assigned with the set of roles she
can play.


Role-Based Access Control

 A user may be allowed to
simultaneously play more than one
role and
More users may simultaneously play
the same role
The main advantage of RBAC, with
respect to DAC and MAC, is that it
better suits to commercial
environments.


Authentication

The process of proving that a subject
is the valid user of an account
The authentication process requires
that the subject provide an identity
and then proof of that identity.


10

2/21/2012

Authentication

Identity proofing typically takes the
form of one or more of the following
three authentication factors:
 Something you know (such as a password)
 Something you have (such as a smartcard)
 Something you are (such as a fingerprint)


Authentication

 Some protection mechanisms used to
secure the authentication credentials
(identity claim and identity proofs)
while they’re in transit from the client
to the authentication server.
 Kerberos
 CHAP
 Certificates.


Kerberos

A trusted thirdparty authentication
protocol
Kerberos is used to authenticate
network principles (subjects) to other
entities on the network (objects,
resources, and servers)


11

2/21/2012

Kerberos

The core element of a Kerberos
solution is the Key Distribution Center
(KDC)
KDC is responsible for verifying the
identity of principles and granting and
controlling access within a network
environment through the use of
secure cryptographic keys and tickets


Kerberos

Kerberos is a trusted third-party
authentication solution because the
KDC acts as a third party in the
communications between a client and
a server
Kerberos is also a single sign-on
solution


Kerberos

The basic process of Kerberos
authentication is as follows:


12

2/21/2012

Kerberos
1. The subject provides logon credentials.
2. The Kerberos client system encrypts the
password with Data Encryption Standard
(DES) and transmits the protected
credentials to the KDC.
3. The KDC verifies the credentials and then
creates a Ticket Granting Ticket (TGT—a
hashed form of the subject’s password with
the addition of a timestamp that indicates a
valid lifetime). The TGT is encrypted and
sent to the client.


Kerberos
4. The client receives the TGT. At this point,
the subject is an authenticated principle in
the Kerberos realm.
5. The subject requests access to resources on
a network server. This causes the client to
request a Service Ticket (ST) from the KDC.
6. The KDC verifies that the client has a valid
TGT and then issues an ST to the client. The
ST includes a timestamp that indicates its
valid lifetime.


Kerberos
7. The client receives the ST.
8. The client sends the ST to the network
server that hosts the desired resource.
9. The network server verifies the ST. If it’s
verified, it initiates a communication session
with the client. From this point forward,
Kerberos is no longer involved.


13

2/21/2012

Kerberos

The Kerberos authentication method
helps to ensure that logon credentials
aren’t compromised while in transit
from the client to the server.
The inclusion of a timestamp in the
tickets ensures that expired tickets
can’t be reused. This prevents replay
and spoofing attacks against
Kerberos.


Kerberos

Kerberos is used to provide security
and protection for authentication
credentials alone.
It isn’t used in any way to provide
encryption or security for other types
of data transfer.


References

James Michael Stewart, Security+ Fass Pass,
Chapter 1, Sybex, 2004
Micheal Gertz, Sushil Jajodia. Handbook of
Database Security -Application and Trend. Recent
Advances in Access Control, pages 1-9. Springer,
2007


14

Part02 access control authentication

More Related Content

Viewers also liked

Similar to Part02 access control authentication

More from Lê Liêu

Recently uploaded

Part02 access control authentication