emerging research challenges in cloud securitymcglink/lectures/cs7012/... · [1] kizza - guide to...
TRANSCRIPT
Security Management-Access Control
1
[1]
Dr. Kaniz Fatema
Trinity College Dublin March, 2016
Authentication Authorisation
2
Access Control
Identifies someone/ something
Verifies the identified someone/ something has right to access
3
Access Control Models
o Identity based access control
o Role Based Access Control (RBAC) model
o Attribute Based Access Control (ABAC) model
4
Identity based access control
In an identity based system the access rights are based on the identity of the subject It can be implemented using an access control matrix, access control lists or capabilities (Sandhu and Samarati 1994).
5
Role Based Access Control (RBAC) model
The main concept of RBAC is that permissions are associated with roles and users get permissions based on the roles assigned to them. Unlike identity based systems adding or removing users is much easier in this model.
6
Attribute Based Access Control (ABAC) model
The Attribute Based Access Control Model is an extension of the RBAC Model where permissions are given based on the attributes possessed by the user.
Attributes are not limited to organisational roles, they can be anything such as degree, qualification, name, age and of course roles.
Attributes (usually assigned by Attribute Authorities (AAs)), are assigned to users and permissions are assigned to attributes and thus users get permissions based on the attributes they possess.
Authentication
Authentication is a way of identifying an entity and is a process by which it is possible to determine whether someone/something is genuine.
7
8
Password and PIN based authentication One-time password
Authentication elements
Something you know: This may be something you mentally possess. This could be a password, a secret word known by the user and the authenticator.
9
Authentication elements
Secret / Private key for- Symmetric-key authentication Public-key authentication
Electronic Identity Cards
Something you have:
10
Biometric authentication
Authentication elements
Something you are: This being a naturally acquired physical characteristic such as voice, fingerprint, and other biometrics.
12
To increase authentication effective ness, a scheme with multiple methods is used. Systems using a scheme with two or more methods can result in greater system security
The popular technique, referred to as multi-factor authentication, overcome the limitations of a specific authentication.
Multiple Factors and Effectiveness of Authentication
13
Privacy preserving Authentication methods
Privacy preserving authentication technique should allow
• Anonymity
• Unlinkability
• Minimum disclosure
14
User
eID Server
Cloud service
Cloud service
Cloud service
Age = 12 years
Name = ?XDate of Birth= ?X
Privacy Preserving Authentication
15
Authorisation determines that the proven identityhas the right to perform the requested actions (e.g.,read the file, write in the database) on therequested resources.
An authorisation system determines who isauthorised to do what i.e. it assigns privileges tousers and provides a decision on whethersomeone is allowed to perform a requested actionon a resource.
Authorisation
16
Policy based authorisation system
Initiator
Policy Decision Point
Target
Policy Enforcement
Point
Submit Access Request
Decision Request Decision
Present Access Request
17
Example Policy<Policy PolicyId="PolicyNo1forMedicalData"RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-
algorithm:deny-overrides"><Target/><Rule RuleId="MedicalDataAccessByMedicalProfessional"
Effect="Permit"><Description>Medical Professional of this organisation can read the
medical data </Description> <Target>
<Subjects> <Subject><SubjectMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><AttributeValue
DataType= "http://www.w3.org/2001/XMLSchema#string">Medical Professional</AttributeValue>
<SubjectAttributeDesignator AttributeId=Role DataType="http://www.w3.org/2001/XMLSchema#string"/>
</SubjectMatch></Subject> </Subjects>
18
Example Policy<Resources> <Resource>
<ResourceMatchMatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValueDataType="http://www.w3.org/2001/XMLSchema#string">Medical Data</AttributeValue>
<ResourceAttributeDesignatorDataType="http://www.w3.org/2001/XMLSchema#string" AttributeId="ResourceType"/>
</ResourceMatch></Resource>
</Resources><Actions> <Action> <ActionMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string">READ</AttributeValue>
<ActionAttributeDesignatorDataType="http://www.w3.org/2001/XMLSchema#string" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"/>
</ActionMatch></Action> </Target> </Rule> </Policy>
19
Adding privacy protection to policy based authorisation system
Needs to add policies from Data Subject to honour his/her wishes.
Needs to enforce obligations to notify the data subject.
Needs to add policies from the data protection legislations.
Needs to integrate the policies of all the authorities who have any control over the
data such as the controller, issuer.
Needs to resolve conflicts among multiple independent policies of all the
stakeholders.
Needs to have facility to enforce policies in a distributed environment.
Needs to have the facility to include and execute policies from multiple languages.
20
First an organization must choose the access control model.
Then the organization must select and implement different access control technologies.
Access Control Administration comes in many forms:oCentralized
oHierarchical
oCooperative
oOwnership based
oDecentralized
Access Control Administration
21
Centralized Access Control Administration:
◦ One entity is responsible for overseeing access to all resources.
◦ Provides a consistent and uniform method of controlling access rights.
Access Control Administration
22
Hierarchical Access Control Administration:
◦ A central authoriser is responsible for assigning administrative responsibilities to other administrators.
◦ The administrators can then grant and revoke access authorisations to the users of the system.
◦ Hierarchical administration can be applied, for example, according to the organisation chart.
Access Control Administration
23
Cooperative Access Control Administration:
◦ Special authorisations on given resources cannot be granted by a single authoriser but needs cooperation of several authorisers.
Ownership based Access Control Administration:
◦ A user is considered the owner of the objects he/she creates. The owner can grant and revoke access rights for other users to that object..
Access Control Administration
24
Decentralized Access Control Administration:
◦ In decentralized administration the owner of an object can also grant other users the privilege of administering authorisations on the object.
◦ Has no methods for consistent control, lacks proper consistency.
Access Control Administration
25
A few threats to access control
◦ Insiders◦ Countermeasures include good policies and procedures, separation of
duties, job rotation
◦ Dictionary Attacks◦ Countermeasures include strong password policies, strong authentication,
intrusion detection and prevention
◦ Brute Force Attacks◦ Countermeasures include minimum necessary information provided,
monitoring, intrusion detection
◦ Spoofing at Logon◦ Countermeasures include a guaranteed trusted path, security awareness to
be aware of phishing scams, SSL connection
Threats to Access Control
Policy Based Network Management
26
[1]
27
What is PBNM
“ ...policy based networking is a concept where
access to network resources e.g. bandwidth or
servers, is governed by explicit policies.
A policy-based management tool is responsible
for translating these policies into commands
sent to network devices ….”
28
So What IS a policy ?
There are several interpretations as to what actually
constitutes a policy
Some see a policy as a goal or high level objective
others as a ‘RULE based approach’
“ …Policies represent business goals and objectives
which must be translated (to their realisation) in
the network ….” [IETF Policy Core Schema]
“….. A policy is a rule that can be used to change the
behaviour of a system …….” [Sloman et al 2000]
29
Simple Definition of a Policy
“ a Policy is one or more rules that describe the
action(s) to occur when specific condition(s)
exist” [QoS
Forum]
It can be thought of as comprising:
– Event(s)/Condition(s): which must be satisfied
for the policy to be enacted
– Action: the high level operations which must be
carried out on the device(s) to realise the policy
30
Why use Policy Based Management Approach
Natural fit for Business, where network should
behave in accordance with business/high level goals
Allows great flexibility in changing the way the
(network) management system behaves without
having to recode the management systems
themselves (i.e. just change the policies!)
31
Properties of a Policy
Policies can comprise other policies
This is vital to enable complex policies to be
constructed from simpler policies
Policies should be deterministic i.e. must
define a finite state machine
32
Policy Framework & Architecture
PEP
PDP
PolicyRepository
AuthenticationServer
……..
Net
work
Bord
er
Poin
t
PDP exports info. for monitoring &
management (using SNMP etc.)[QoSForum2000]
http://www.hjp.at/doc/rfc/rfc2748.html
COPS – Common Open Policy Service
33
Architectural Components
PDP: Policy Decision Point
– makes decisions based on policies it retrieves from
the policy repository.
– Involves retrieving policy; interpreting policy;
detecting policy conflicts, ;receiving interface (Role)
descriptions, policy decision requests and policy
elements (conditions); determining which policy is
relevant, applying the policy and returning the
results). Also involves sending policy elements to the
PEP
34
Architectural Components
Policy Repository
– provides storage and distributed (storage)
management of policies
PEP Policy Enforcement Point:
– enforces the policy actions on the network device
– applying actions according to PDP decisions & based
on relevant policies and current network conditions
35
Policy Standardisation
IETF
– Policy Working Group
– Directory Enabled Networking ad hoc working
group
DMTF
– SLA & Policy Information Group (integrated into
DMTF’s Common Information Model)
Policy Model defines: policy, policyGroup,
policy Rule, policy Condition …...
36
Managing your network using PBNM approach
Four Phases:
– Identifying the needs/service features which
needs to be differenciationally managed e.g.
traffic profiles etc.
– Defining Policies to manage these resources
(includes design of policies, testing and
verification/validation)
– Deploying the Policies into the network
– Feedback mechanism for self-tuning
37
[1] Kizza - Guide to Computer Network Security
[2] Jeff Smith, ITNS and CERIAS CISSP Luncheon Series: Access Control Systems & Methodology, Purdue University.
[3] Ravi S. Sandhuy and Pierangela Samaratiz, “Authentication, Access Control, and Intrusion Detection.”
[4] www.qosforum.com - white paper ‘Introduction to QoS Policies’
[5] www.neworkcomputing.com ‘Policy-Based Network Management’ J Conover
[6] ‘Ponder: A langauge for specifying security & management for distributed system’ Sloman et al
[7] www.nwfusion.com ‘Policy based management ain’t what it used to be’ J Caruso
References