part02 access control authentication
TRANSCRIPT
2/21/2012
1
LOGO
Access Control, AuthenticationIT Faculty – Dalat University
February - 2012
Access Control
The mechanism by which users aregranted or denied the ability tointeract with and use resources
Access control is often referred tousing the term authorization
With proper authorization or access
control, a system will properly controlaccess to resources in order toprevent unauthorized access.
2 Phan Thi Thanh Nga - IT Faculty
Access Control Methods
Discretionary Access Control (DAC)
bases access decisions on users’ identity
Mandatory Access Control (MAC)
bases access decisions on mandated
regulations defined by a central authority
Role-Based Access Control (RBAC)
bases access decisions on the roles played
by users in the models
3 Phan Thi Thanh Nga - IT Faculty
2/21/2012
2
Discretionary Access Control
based on the identity of the user requesting access and on a set of rules, called authorizations
stating which user can perform whichaction on which resource
4 Phan Thi Thanh Nga - IT Faculty
Basic elements
5 Phan Thi Thanh Nga - IT Faculty
User - Principals
user and principals: 1
to n mapping
System authenticates user in the context of principals
Shared principals (account ) are not good for auditing and accountability
6 Phan Thi Thanh Nga - IT Faculty
2/21/2012
3
Principal - Subjects
1 to n mapping between principal and subject
A subject is a program or application run on behalf of principal
7 Phan Thi Thanh Nga - IT Faculty
Objects
Object is an anything on which a subject can perform allowed operations (i.e. with grant rights)
Usually objects are passive: files, directories, processes, tables, …
8 Phan Thi Thanh Nga - IT Faculty
Rights
A right specifies what kind of access a subject can perform on an object
Own
Read
Write
Execute
Create
Delete
…
9 Phan Thi Thanh Nga - IT Faculty
2/21/2012
4
Discretionary Access Control
In the most basic form, an authorization is a triple (s, o, a), stating that user s can execute action a on object o
The first discretionary access control model proposed in the literature is the access matrix model
10 Phan Thi Thanh Nga - IT Faculty
Access Matrix Model
Let S, O,and A be a set of subjects, objects, and actions, respectively.
The access matrix model represents the set of authorizations
through a |S|×|O| matrix A.
11 Phan Thi Thanh Nga - IT Faculty
Access Matrix Model
Each entry A[s, o] contains the list of actions that subject s can execute over object o
Ex: user Ann can read and writeDocument1
12 Phan Thi Thanh Nga - IT Faculty
2/21/2012
5
Access Matrix Model
The access matrix model can be implemented through different
mechanisms.
The mechanisms typically adopted are:
Authorization table. The non empty entries
of A are stored in a table with three attributes:
user, action,and object.
13 Phan Thi Thanh Nga - IT Faculty
Authorization table
Phan Thi Thanh Nga - IT Faculty14
Access Matrix Model
Access control list (ACL).
The access matrix is stored by column, that is,
each object is associated with a list of
subjects together with a set of actions they
can perform on the object.
O {(S,A)}: ACL
15 Phan Thi Thanh Nga - IT Faculty
2/21/2012
6
Access Control List
Phan Thi Thanh Nga - IT Faculty16
Capability
The access matrix is stored by row, that is, each
subject is associated with a list indicating, for each
object, the set of actions the subject can perform on it.
S {(O,A)}
17 Phan Thi Thanh Nga - IT Faculty
Capability List
18 Phan Thi Thanh Nga - IT Faculty
2/21/2012
7
Disadvantages
List some disadvantages of access matrix ?????????
Possible conditions:
• data-dependent (sal<1000)
• timedependent (8:00am-5:00pm)
• Context dependent (“name-salary” pair is
prohibited)
• History dependent, …
19 Phan Thi Thanh Nga - IT Faculty
DAC
DAC systems have evolved and they include support for the following features:
Conditions: support conditions associated
with authorizations
Abstractions: supports user groups and
classes of objects
Exceptions: support exceptions in
authorization definition
20 Phan Thi Thanh Nga - IT Faculty
DAC vulnerabilities
Trojan horses
does not distinguish between users and
subjects
21 Phan Thi Thanh Nga - IT Faculty
2/21/2012
8
Mandatory Access Control
The most common form of mandatory policy is the multilevel security policy, based on the classifications of subjects and objects in the system
Each subject and object in the system is associated with an access class
a security level
a set of categories.
22 Phan Thi Thanh Nga - IT Faculty
Mandatory Access Control
Given two access classes c1 and c2, c1 dominates c2, denoted c1 ≥ c2,iff
The security level of c1 is greater than or
equal to the security level of c2 and
the set of categories of c1 includes the set of
categories of c2.
23 Phan Thi Thanh Nga - IT Faculty
Mandatory Access Control
Mandatory policies can be classified as secrecy-based and integrity-based, operating in a dual manner.
Secrecy-Based Mandatory Policy
The main goal is to protect data confidentiality
applying the following two principles
• No-Read-Up. A subject s can read an object o if
and only if the access class of the subject
dominates the access class of the object.
• No-Write-Down. A subject s can write an object o
if and only if the access class of the object
dominates the access class of the subject.
24 Phan Thi Thanh Nga - IT Faculty
2/21/2012
9
Secrecy-Based Mandatory Policy
Phan Thi Thanh Nga - IT Faculty25
Mandatory Access Control
Integrity-Based Mandatory Policy
The main goal is to prevent subjects from
indirectly modifying information they cannot
write.
Applying the following two principles
• No-Read-Down. A subject s can read an object o
if and only if the integrity class of the object
dominates the integrity class of the subject.
• No-Write-Up. A subject s can write an object o if
and only if the integrity class of the subject
dominates the integrity class of the object.
26 Phan Thi Thanh Nga - IT Faculty
Integrity-Based Mandatory Policy
27 Phan Thi Thanh Nga - IT Faculty
2/21/2012
10
Role-Based Access Control
A role is defined as a set of privileges that any user playing that role is associated with
The access control policy is then defined through two different steps:
the administrator defines roles and the
privileges related to each of them;
each user is assigned with the set of roles she
can play.
28 Phan Thi Thanh Nga - IT Faculty
Role-Based Access Control
A user may be allowed to simultaneously play more than one role and
More users may simultaneously play the same role
The main advantage of RBAC, with
respect to DAC and MAC, is that it better suits to commercial environments.
29 Phan Thi Thanh Nga - IT Faculty
Authentication
The process of proving that a subject is the valid user of an account
The authentication process requires that the subject provide an identity and then proof of that identity.
30 Phan Thi Thanh Nga - IT Faculty
2/21/2012
11
Authentication
Identity proofing typically takes the form of one or more of the following three authentication factors:
Something you know (such as a password)
Something you have (such as a smartcard)
Something you are (such as a fingerprint)
31 Phan Thi Thanh Nga - IT Faculty
Authentication
Some protection mechanisms used to secure the authentication credentials (identity claim and identity proofs) while they’re in transit from the client to the authentication server.
Kerberos
CHAP
Certificates.
32 Phan Thi Thanh Nga - IT Faculty
Kerberos
A trusted thirdparty authentication protocol
Kerberos is used to authenticate network principles (subjects) to other entities on the network (objects, resources, and servers)
33 Phan Thi Thanh Nga - IT Faculty
2/21/2012
12
Kerberos
The core element of a Kerberos solution is the Key Distribution Center (KDC)
KDC is responsible for verifying the identity of principles and granting and controlling access within a network environment through the use of secure cryptographic keys and tickets
34 Phan Thi Thanh Nga - IT Faculty
Kerberos
Kerberos is a trusted third-party authentication solution because the KDC acts as a third party in the communications between a client and a server
Kerberos is also a single sign-on solution
35 Phan Thi Thanh Nga - IT Faculty
Kerberos
The basic process of Kerberos authentication is as follows:
36 Phan Thi Thanh Nga - IT Faculty
2/21/2012
13
Kerberos
1. The subject provides logon credentials.
2. The Kerberos client system encrypts the password with Data Encryption Standard (DES) and transmits the protected credentials to the KDC.
3. The KDC verifies the credentials and then creates a Ticket Granting Ticket (TGT—a hashed form of the subject’s password with the addition of a timestamp that indicates a valid lifetime). The TGT is encrypted and sent to the client.
37 Phan Thi Thanh Nga - IT Faculty
Kerberos
4. The client receives the TGT. At this point, the subject is an authenticated principle in the Kerberos realm.
5. The subject requests access to resources on a network server. This causes the client to request a Service Ticket (ST) from the KDC.
6. The KDC verifies that the client has a valid TGT and then issues an ST to the client. The ST includes a timestamp that indicates its valid lifetime.
38 Phan Thi Thanh Nga - IT Faculty
Kerberos
7. The client receives the ST.
8. The client sends the ST to the network server that hosts the desired resource.
9. The network server verifies the ST. If it’s verified, it initiates a communication session with the client. From this point forward, Kerberos is no longer involved.
39 Phan Thi Thanh Nga - IT Faculty
2/21/2012
14
Kerberos
The Kerberos authentication method helps to ensure that logon credentials aren’t compromised while in transit from the client to the server.
The inclusion of a timestamp in the tickets ensures that expired tickets can’t be reused. This prevents replay and spoofing attacks against Kerberos.
40 Phan Thi Thanh Nga - IT Faculty
Kerberos
Kerberos is used to provide security and protection for authentication credentials alone.
It isn’t used in any way to provide encryption or security for other types of data transfer.
41 Phan Thi Thanh Nga - IT Faculty
References
James Michael Stewart, Security+ Fass Pass,
Chapter 1, Sybex, 2004
Micheal Gertz, Sushil Jajodia. Handbook of
Database Security -Application and Trend. Recent
Advances in Access Control, pages 1-9. Springer,
2007
42 Phan Thi Thanh Nga - IT Faculty