part02 access control authentication

2/21/2012

1

LOGO

Access Control, AuthenticationIT Faculty – Dalat University

February - 2012

Access Control

The mechanism by which users aregranted or denied the ability tointeract with and use resources

Access control is often referred tousing the term authorization

With proper authorization or access

control, a system will properly controlaccess to resources in order toprevent unauthorized access.

2 Phan Thi Thanh Nga - IT Faculty

Access Control Methods

Discretionary Access Control (DAC)

bases access decisions on users’ identity

Mandatory Access Control (MAC)

bases access decisions on mandated

regulations defined by a central authority

Role-Based Access Control (RBAC)

bases access decisions on the roles played

by users in the models


2/21/2012

2

Discretionary Access Control

based on the identity of the user requesting access and on a set of rules, called authorizations

stating which user can perform whichaction on which resource


Basic elements


User - Principals

user and principals: 1

to n mapping

System authenticates user in the context of principals

Shared principals (account ) are not good for auditing and accountability


2/21/2012

3

Principal - Subjects

1 to n mapping between principal and subject

A subject is a program or application run on behalf of principal


Objects

Object is an anything on which a subject can perform allowed operations (i.e. with grant rights)

Usually objects are passive: files, directories, processes, tables, …


Rights

A right specifies what kind of access a subject can perform on an object

Own

Read

Write

Execute

Create

Delete

…


2/21/2012

4

Discretionary Access Control

In the most basic form, an authorization is a triple (s, o, a), stating that user s can execute action a on object o

The first discretionary access control model proposed in the literature is the access matrix model


Access Matrix Model

Let S, O,and A be a set of subjects, objects, and actions, respectively.

The access matrix model represents the set of authorizations

through a |S|×|O| matrix A.


Access Matrix Model

Each entry A[s, o] contains the list of actions that subject s can execute over object o

Ex: user Ann can read and writeDocument1


2/21/2012

5

Access Matrix Model

The access matrix model can be implemented through different

mechanisms.

The mechanisms typically adopted are:

Authorization table. The non empty entries

of A are stored in a table with three attributes:

user, action,and object.


Authorization table

Phan Thi Thanh Nga - IT Faculty14

Access Matrix Model

Access control list (ACL).

The access matrix is stored by column, that is,

each object is associated with a list of

subjects together with a set of actions they

can perform on the object.

O {(S,A)}: ACL


2/21/2012

6

Access Control List


Capability

The access matrix is stored by row, that is, each

subject is associated with a list indicating, for each

object, the set of actions the subject can perform on it.

S {(O,A)}


Capability List


2/21/2012

7

Disadvantages

List some disadvantages of access matrix ?????????

Possible conditions:

• data-dependent (sal<1000)

• timedependent (8:00am-5:00pm)

• Context dependent (“name-salary” pair is

prohibited)

• History dependent, …


DAC

DAC systems have evolved and they include support for the following features:

Conditions: support conditions associated

with authorizations

Abstractions: supports user groups and

classes of objects

Exceptions: support exceptions in

authorization definition


DAC vulnerabilities

Trojan horses

does not distinguish between users and

subjects


2/21/2012

8

Mandatory Access Control

The most common form of mandatory policy is the multilevel security policy, based on the classifications of subjects and objects in the system

Each subject and object in the system is associated with an access class

a security level

a set of categories.



Given two access classes c1 and c2, c1 dominates c2, denoted c1 ≥ c2,iff

The security level of c1 is greater than or

equal to the security level of c2 and

the set of categories of c1 includes the set of

categories of c2.



Mandatory policies can be classified as secrecy-based and integrity-based, operating in a dual manner.

Secrecy-Based Mandatory Policy

The main goal is to protect data confidentiality

applying the following two principles

• No-Read-Up. A subject s can read an object o if

and only if the access class of the subject

dominates the access class of the object.

• No-Write-Down. A subject s can write an object o

if and only if the access class of the object

dominates the access class of the subject.


2/21/2012

9

Secrecy-Based Mandatory Policy



Integrity-Based Mandatory Policy

The main goal is to prevent subjects from

indirectly modifying information they cannot

write.

Applying the following two principles

• No-Read-Down. A subject s can read an object o

if and only if the integrity class of the object

dominates the integrity class of the subject.

• No-Write-Up. A subject s can write an object o if

and only if the integrity class of the subject

dominates the integrity class of the object.


Integrity-Based Mandatory Policy


2/21/2012

10

Role-Based Access Control

A role is defined as a set of privileges that any user playing that role is associated with

The access control policy is then defined through two different steps:

the administrator defines roles and the

privileges related to each of them;

each user is assigned with the set of roles she

can play.


Role-Based Access Control

A user may be allowed to simultaneously play more than one role and

More users may simultaneously play the same role

The main advantage of RBAC, with

respect to DAC and MAC, is that it better suits to commercial environments.


Authentication

The process of proving that a subject is the valid user of an account

The authentication process requires that the subject provide an identity and then proof of that identity.


2/21/2012

11

Authentication

Identity proofing typically takes the form of one or more of the following three authentication factors:

Something you know (such as a password)

Something you have (such as a smartcard)

Something you are (such as a fingerprint)


Authentication

Some protection mechanisms used to secure the authentication credentials (identity claim and identity proofs) while they’re in transit from the client to the authentication server.

Kerberos

CHAP

Certificates.


Kerberos

A trusted thirdparty authentication protocol

Kerberos is used to authenticate network principles (subjects) to other entities on the network (objects, resources, and servers)


2/21/2012

12

Kerberos

The core element of a Kerberos solution is the Key Distribution Center (KDC)

KDC is responsible for verifying the identity of principles and granting and controlling access within a network environment through the use of secure cryptographic keys and tickets


Kerberos

Kerberos is a trusted third-party authentication solution because the KDC acts as a third party in the communications between a client and a server

Kerberos is also a single sign-on solution


Kerberos

The basic process of Kerberos authentication is as follows:


2/21/2012

13

Kerberos

1. The subject provides logon credentials.

2. The Kerberos client system encrypts the password with Data Encryption Standard (DES) and transmits the protected credentials to the KDC.

3. The KDC verifies the credentials and then creates a Ticket Granting Ticket (TGT—a hashed form of the subject’s password with the addition of a timestamp that indicates a valid lifetime). The TGT is encrypted and sent to the client.


Kerberos

4. The client receives the TGT. At this point, the subject is an authenticated principle in the Kerberos realm.

5. The subject requests access to resources on a network server. This causes the client to request a Service Ticket (ST) from the KDC.

6. The KDC verifies that the client has a valid TGT and then issues an ST to the client. The ST includes a timestamp that indicates its valid lifetime.


Kerberos

7. The client receives the ST.

8. The client sends the ST to the network server that hosts the desired resource.

9. The network server verifies the ST. If it’s verified, it initiates a communication session with the client. From this point forward, Kerberos is no longer involved.


2/21/2012

14

Kerberos

The Kerberos authentication method helps to ensure that logon credentials aren’t compromised while in transit from the client to the server.

The inclusion of a timestamp in the tickets ensures that expired tickets can’t be reused. This prevents replay and spoofing attacks against Kerberos.


Kerberos

Kerberos is used to provide security and protection for authentication credentials alone.

It isn’t used in any way to provide encryption or security for other types of data transfer.


References

James Michael Stewart, Security+ Fass Pass,

Chapter 1, Sybex, 2004

Micheal Gertz, Sushil Jajodia. Handbook of

Database Security -Application and Trend. Recent

Advances in Access Control, pages 1-9. Springer,

2007


part02 access control authentication

Business

resources access control

document112 phan thi

kind of access

unauthorized access

disadvantages of access

user s

subject s

list of actions