Scribd
Upload
292 views23 pages

Cyber Security: Access Control Basics

This lecture discusses access control and different access control models. It introduces basic concepts of access control including authentication, authorization, and reference monitors. It then covers discretionary access control (DAC), mandatory access control (MAC), and different access control structures like access control matrices, capabilities, and access control lists that can be used to implement access control policies. The lecture provides examples and compares advantages and disadvantages of different access control models and structures.

Uploaded by

Sampath Darshana
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
292 views23 pages

Cyber Security: Access Control Basics

This lecture discusses access control and different access control models. It introduces basic concepts of access control including authentication, authorization, and reference monitors. It then covers discretionary access control (DAC), mandatory access control (MAC), and different access control structures like access control matrices, capabilities, and access control lists that can be used to implement access control policies. The lecture provides examples and compares advantages and disadvantages of different access control models and structures.

Uploaded by

Sampath Darshana
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 23

Department of Computer Science

COMP40451 Cyber Security

Lecture 3
Access Control

Dr Xiaoqi Ma
Outline
1 Basic concepts

2 Authentication and authorisation

3 DAC and MAC

4 Access control structures

5 Summary
Basic Concepts
 Access control is the ability to permit or deny the use of a particular resource by a
particular entity
 Its function is to control who have access to which resources in the system
 Which files they can read
 Which programs they can execute
 How they share data with other principals
 ...
 Access control mechanisms can be used in managing physical or logical resources
Authentication and Authorisation
 Why?
 A computer system supposed to be used only by those authorised must attempt to detect and exclude
the unauthorised
 Who?
 Principal: an entity that can be granted access to objects or can make statements affecting control
decisions, e.g. a user identity in an operating system
 Subject: an active entity within an IT system, e.g. a process running under a user identity (principal)
 How?
Fundamental Model

 Reference monitor: An access control concept that refers to an abstract machine that
mediates all accesses to objects by subjects
Examples of Objects
 Memory
 A file or data set on a storage device
 An executing program in memory
 A directory of files
 A hardware device
 A data structure, such as a stack
 Instructions, especially privileged instructions
Rules of Access Control
 Check every access
 Privileges of previously authorised users may be revoked
 Enforce least privilege
 A subject should have access to the smallest number of objects necessary to perform some task
 Verify acceptable usage
 It is equally important to check that the activity to be performed on an object is appropriate
Access Operations in Unix/Linux
 Files
 Read: reading from a file
 Write: writing to a file
 Execute: executing a (program) file
 Directories
 Read: listing directory contents
 Write: creating or renaming a file in the directory
 Execute: searching the directory
Discretionary Access Control (DAC)
 Definition of DAC: “A means of restricting access to objects based on the identity of
subjects and/or groups to which they belong. The controls are discretionary in the sense
that a subject with a certain access permission is capable of passing that permission
(perhaps indirectly) on to any other subject (unless restrained by mandatory access
control)”
 Simply speaking, an owner is defined for each resource and let the owner decree who is
allowed to have access. That is to say, access control is at the discretion of the owner
Mandatory Access Control (MAC)
 The operating system constrains the ability of a subject to access or generally perform
some sort of operation on an object
 Any operation by any subject on any object will be tested against the set of authorisation
rules (policy) to determine if the operation is allowed
 The security policy is centrally controlled by a security policy administrator; users do not
have the ability to override the policy
DAC vs MAC
 Discretionary access control
 You decide how you want to protect and share your data
 Mandatory access control
 The system decides how the data will be shared
Access Control Structures
 How to decide which access operations on certain objects are permitted?
 We need to choose suitable access control structures
 Two requirements of deciding on access control structures:
 The access control structure should help to express desired access control policy
 You should be able to check that your policy has been captured correctly
Access Control Matrix (1)
 Access rights can be defined individually for each combination of subject and object
quite simply in the form of an access control matrix (also referred to as access permission
matrix)
 For example, there are three users and three files in a system:
 File 1 can be read and written by user 2, while users 1 and 3 have no access at all
 File 2 can be executed by users 1 and 2, while user 3 has no access
 File 3 can be executed by all users. Meanwhile, user 2 can read and write it and user 3 can read it
Access Control Matrix (2)
File 1 File 2 File 3
User 1 – {Execute} {Execute}
User 2 {Read, Write} {Execute} {Execute, Read, Write}
User 3 – – {Execute, Read}

 Access control matrix is simple and straightforward


 Not very suitable for direct implementation if the number of subjects and objects is large
or if the sets of subjects and objects change frequently
Capabilities (1)
 Access rights information can be kept with subjects
 Each subject is given a capability, an unforgeable token that specifies this subject’s
access rights
 A subject’s capability corresponds to its row in the access control matrix
 Typically, capabilities are associated with discretionary access control
Capabilities (2)
 The access rights of the previous example:
 User 1’s capability: File 2:Execute; File 3:Execute
 User 2’s capability: File 1:Read,Write; File 2:Execute; File 3:Execute,Read,Write
 User 3’s capability: File 3:Execute, Read

File 1 File 2 File 3


User 1 – {Execute} {Execute}
User 2 {Read, Write} {Execute} {Execute, Read, Write}
User 3 – – {Execute, Read}
Propagation of Capabilities
 Capabilities can be transferred or propagated between subjects
 Transfer or propagate is also a possible access right; a subject having this right can pass
copies of capabilities to other subjects
 For example, process A can pass a copy of a capability to B, who can then pass a copy to
C. B can prevent further distribution of the capability by omitting the transfer right from
the rights passed in the capability to C
Disadvantages of Capabilities
 It is difficult to get an overview of who has permission to access a given object
 It is very difficult to revoke a capability, especially when propagation of capabilities is
involved
Access Control List (1)
 An access control list (ACL) stores the access rights to an object with the object itself
 There is one such list for each object, and the list shows all subjects who should have
access to the object and what their access is
 An ACL corresponds to a column of the access control matrix and states who may access
a given object
Access Control List (2)
 The ACLs of the previous example:
 ACL for File 1: User 2:Read,Write
 ACL for File 2: User 1:Execute; User 2:Execute
 ACL for File 3: User 1:Execute; User 2:Read,Write, Execute; User 3:Read,Execute

File 1 File 2 File 3


User 1 – {Execute} {Execute}
User 2 {Read, Write} {Execute} {Execute, Read, Write}
User 3 – – {Execute, Read}
Advantages of Access Control List
 ACLs are a natural choice in environment where users manage their own file security
 ACLs are easy to implement
Disadvantages of Access Control List
 It is difficult to get an overview of the permissions given to an individual user
 ACLs are less suited where the user population is large and constantly changing
 ACLs are less suited where users want to be able to delegate their authority to run a
particular program to another user for some set period of time
Summary
1 Basic concepts about access control
2 Authentication and authorisation
3 Rules of access control
4 DAC and MAC
5 Access control structures

You might also like