COMP2700 - Week 3 - Access Control

Policy vs Mechanism

• Security policy -> A statement of what is, and what is not, allowed

• Security mechanism -> A method, tool, or procedure for enforcing a security policy

Policy

Access control enforces operational security policies; Specifies what can and cannot be done

• An entity requesting access to a resource is the principal

• Resource access is requested for an object

• Reference monitor is the abstract machine enforcing access control

Authentication and Authorisation

Principles make statements, i.e:

• If $s$ is a statement, authentication answers the question 'Who said $s$?' with a principal
• If $o$ is an object, authorisation answers the question 'Who is trusted to access $o$?' with a principal

Authentication -> A reference monitor that verifies the identity of the principal making the request

Users and User Identities

• Requests to reference monitors do not come directly from a user, but from a process

  • The process speaks for the user (identity)

• The active entity making the request is known as the subject

Principles and Subjects

• Principal -> Entity granted access to objects or can make statements affecting access control decisions

  • e.g. User ID

• Subjects -> Operate on behalf of principals. Access based on principal's name that is bound in some unforgeable manner at authentication time

  • e.g. process running under User ID

Access Operations and Access Rights

• Subjects can:

  • Observe -> Look at contents of an object
  • Alter -> Change contents of an object

• Access right (Privilege/permissions) -> Right to perform (access) operation

Bell-LaPadula Model

• Four access rights
  1. execute
  2. read
  3. append
  4. write

Unix

• Three access operations on files

  1. read -> from a file
  2. write -> to a file
  3. execute -> a file

• Three access operations on directories

  1. read -> list contents
  2. write -> create/rename files in directory
  3. execute -> search directory

Access Control Structures

1. Should help express desired access control policy
2. Should be able to check intended policy has been correctly captured

Structures include:

• Access control matrix
• Capability list
• Access control list

Access Control Matrix (ACM)

• Rows -> Subjects
• Columns -> Objects
• Entries -> Access operations

Given $M$, we write $M_{S,O} to mean entry in$M$corresponds to subject$S$and object$O$

Capabilities

• Focus on subject
  • Rows of access control matrix

Access Control List

• Focus on object protection

  • ACLs -> Columns of ACM

• Each object has an ACL, User IDs, Groups, and access rights

-rwxr-xr-x 1 bob staff 11542536 27 mar 14:35 test.txt 
     ACL   _ User Group    _         _       File name

Ownership

• Discretionary access control (DAC) -> Define owner for each resource and let owner set policies

  • Adopted in most OSes

• Mandatory Access Control (MAC) -> Imposed system-wide policies on who are allowed to access what

  • Mostly used in defence

Intermediate Controls

All problems in computer science can be solved by another layer of indirection

• Intermediate layers can be introduced to create more manageable policies