|
|
February 25 2013 |
|
|
This
research argues system access control how systems can give permission to
the system’s userss to access their accounts and how that system make sure
what each user can view of system’s contents. As well as focusing on access
control models |
Ahmed AlZayer Webster University |
|
Table of
Contents
Identification and authentication (I&A) 3
Attribute-based access control5
Introduction
System access control
includes authorization, authentication, access approval and audit. Access
control is to only cover access approval, whereby the system makes a decision
to approve or reject an access request from authenticated subject, based on
what the subject is authorized to access. Authentication and access control are
often combined into a single operation, so that access is approved based on
successful authentication, or based on an anonymous access token.
Authentication methods and tokens include passwords, biometric scans, physical
keys, electronic keys and devices, hidden paths, social barriers, and
monitoring by humans and automated systems.
Each access control model,
the entities that can perform actions in the system are called subjects, and
the entities representing resources to which access may need to be controlled
are called objects. Subjects and objects should both be considered as software
entities, rather than as human users: any human user can only have an effect on
the system via the software entities that they control. Although some systems
equate subjects with user IDs, so that all processes started by a user by
default have the same authority, this level of control is not fine-grained
enough to satisfy the principle of least privilege, and arguably is responsible
for the prevalence of malware on such systems. In some models, for example the
object-capability model, any software entity can potentially act as both a
subject and object.
Access control models used by
current systems tend to fall into one of two classes: those based on
capabilities and those based on access control lists (ACLs). In a
capability-based model, holding an unforgettable reference or capability of an
object provides access to the object (roughly analogous to how possession of
your house key grants you access to your house); access conveys to another
party by transmitting such a capability over a secure channel. In an ACL-based
model, a subject's access to an object depends on whether its identity is on a
list associated with the object (roughly analogous to how a bouncer at a
private party would check your ID to
if your name is on the guest list); access is conveyed by editing the
list.
Both capability-based and
ACL-based models have mechanisms to allow access rights to be granted to all
members of a group of subjects (often the group is itself modeled as a
subject).
Access control systems
provide the essential services of authorization, identification and
authentication (I&A), access approval, and accountability where authorization
is to specify what a subject can do; identification and authentication enforces
that only legitimate subjects can log on to a system; access approval is to
grant access during operations, by association of users with the resources that
they are allowed to access based on the authorization policy; accountability
identifies what a subject (or all subjects associated with a user) did.
Authorization
Authorization is the act of
defining access rights for subjects. An authorization policy specifies the
operations that subjects are allowed to execute on the system. Most modern
operating systems implement authorization policies as formal sets of
permissions that are variations or extensions of three basic types of access:
Read (R): The subject can
· Read file contents
· List directory contents
Write (W): The subject can
change the contents of a file or directory with the following tasks:
· Add
· Create
· Delete
Rename
· Execute (X): If the file is a
program, the subject can cause the program to be run.
These rights and permissions
are implemented differently in systems based on the discretionary access
control (DAC) and mandatory access control (MAC).
Identification and authentication (I&A)
Identification and
authentication (I&A) is the process of verifying that an identity is bound
to the entity that makes an assertion or claim of identity. The (I&A)
process assumes that there was an initial validation of the identity, commonly
called identity proofing. Various methods of identity proofing are available
ranging from in person validation using government issued identification to
anonymous methods that allow the claimant to remain anonymous, but known to the
system if they return. The method used for identity proofing and validation
should provide an assurance level commensurate with the intended use of the
identity within the system. Subsequently, the entity asserts an identity
together with an authenticator as a means of validation. The only requirements
for the identifier is that it must be unique within its security domain.
Authenticators are commonly
based on at least one of the following four factors.
1. Something you know, such as a
password or a personal identification number (PIN). This assumes that only the
owner of the account knows the password or PIN needed to access the account.
2. Something you have, such as a
smart card or a security token. This assumes that only the owner of the account
has the necessary smart card or token needed to unlock the account.
3. Something you are, such as
fingerprint, voice, retina, or iris characteristics.
4. Where you are, for example
inside or outside a company firewall, or proximity of login location to a
personal GPS device.
Access Approval
Access approval is the
function that actually grants or rejects access during operations. During
access approval the system compares the formal representation of the
authorization policy with the access request to determine whether the request
shall be approved or rejected.
Accountability
Accountability uses such
system components as audit trails (records) and logs to associate a subject
with its actions. The information recorded should be sufficient to map the
subject to a controlling user. Audit trails and logs are important for
· Detecting security violations
· Recreating security incidents
If no one is regularly
reviewing your logs and they are not maintained in a secure and consistent
manner, they may not be admissible as evidence.
Many systems can generate
automated reports based on certain predefined criteria or thresholds, known as
clipping levels. For example, a clipping level may be set to generate a report
for the following:
· More than three failed logon
attempts in a given period
· Any attempt to use a disabled
user account
These reports help a system
administrator or security administrator to more easily identify possible
break-in attempts.
Access control models
Access control models are
sometimes categorized as either discretionary or non-discretionary. The three
most widely recognized models are Discretionary Access Control (DAC), Mandatory
Access Control (MAC), and Role Based Access Control (RBAC). MAC is non-discretionary.
Attribute-based access control
In attribute-based access
control (ABAC), access is granted not based on the rights of the subject
associated with a user after authentication, but based on attributes of the
user. The user has to prove so called claims about his attributes to the access
control engine. An attribute-based access control policy specifies which claims
need to be satisfied in order to grant access to an object. For instance the
claim could be "older than 18". Any user that can prove this claim is
granted access. Users can be anonymous as authentication and identification are
not strictly required. One does however require means for proving claims
anonymously. This can for instance be achieved using anonymous credentials.
XACML (extensible access control markup language) is a standard for
attribute-based access control.
Discretionary access control
Discretionary access control
(DAC) is a policy determined by the owner of an object. The owner decides who
is allowed to access the object and what privileges they have. Two important
concepts in DAC are:
· File and data ownership:
Every object in the system has an owner. In most DAC systems, each object's
initial owner is the subject that caused it to be created. The access policy
for an object is determined by its owner.
· Access rights and
permissions: These are the controls that an owner can assign to other subjects
for specific resources.
Access controls may be
discretionary in ACL-based or capability-based access control systems.
Mandatory access control
Mandatory access control
refers to allowing access to a resource if and only if rules exist that allows
a given user to access the resource. It is difficult to manage but its use is
usually justified when used to protect highly sensitive information. Examples
include certain government and military information. Management is often
simplified (over what can be required) if the information can be protected
using hierarchical access control, or by implementing sensitivity labels. What
makes the method "mandatory" is the use of either rules or sensitivity
labels.
· Sensitivity labels: In such a
system subjects and objects must have labels assigned to them. A subject's
sensitivity label specifies its level of trust. An object's sensitivity label
specifies the level of trust required for access. In order to access a given
object, the subject must have a sensitivity level equal to or higher than the
requested object.
· Data import and export:
Controlling the import of information from other systems and export to other
systems (including printers) is a critical function of these systems, which
must ensure that sensitivity labels are properly maintained and implemented so
that sensitive information is appropriately protected at all times.
Two methods are commonly used
for applying mandatory access control:
1. Rule-based (or label-based)
access control: This type of control further defines specific conditions for
access to a requested object. A Mandatory Access Control system implements a
simple form of rule-based access control to determine whether access should be
granted or denied by matching:
o An object's sensitivity label
o A subject's sensitivity label
2. Lattice-based access control:
These can be used for complex access control decisions involving multiple
objects and/or subjects. A lattice model is a mathematical structure that
defines greatest lower-bound and least upper-bound values for a pair of
elements, such as a subject and an object.
Role-based access control
Role-based access control
(RBAC) is an access policy determined by the system, not the owner. RBAC is
used in commercial applications and also in military systems, where multi-level
security requirements may also exist. RBAC differs from DAC in that DAC allows
users to control access to their resources, while in RBAC, access is controlled
at the system level, outside of the user's control. Although RBAC is
non-discretionary, it can be distinguished from MAC primarily in the way
permissions are handled. MAC controls read and write permissions based on a
user's clearance level and additional labels. RBAC controls collections of
permissions that may include complex operations such as an e-commerce
transaction, or may be as simple as read or write. A role in RBAC can be viewed
as a set of permissions.
Three primary rules are
defined for RBAC:
1. Role assignment: A subject
can execute a transaction only if the subject has selected or been assigned a
role.
2. Role authorization: A
subject's active role must be authorized for the subject. With rule 1 above,
this rule ensures that users can take on only roles for which they are
authorized.
3. Transaction authorization: A
subject can execute a transaction only if the transaction is authorized for the
subject's active role. With rules 1 and 2, this rule ensures that users can
execute only transactions for which they are authorized.
Additional constraints may be
applied as well, and roles can be combined in a hierarchy where higher-level
roles subsume permissions owned by sub-roles.
Conclusion
As discussed in this research access control
based on three processes to allow people to access to system or even to
physical area that has security requirements. After verifying all security
purposes and approval were granted than a person can access to limited area
which means the person has limited control in the system there is no full
control of the organization’s system even for security and IT people. Most IT
services are protected to meet user requirements, however, network security
need to have more attention of security in the future which is always be the
reason or vulnerability that may allow hackers to access an organization’s
system and view important data.
References
Whitman, M. E.,
& Mattord, H. J. (2011). Management
of information security. (3rd ed.). Course Technology Ptr.
Ballad, B.,
Ballad, T., & Banks, E. K. (2011). Access
control, authentication, and public key infrastructure. Sudbury,
Mass: Jones & Bartlett Learning.
Norman, T. L. (2011). Electronic Access
Control. Burlington: Elsevier Science.
Konicek, J., & Little, K. (1997). Security,
ID systems, and locks: The book on electronic access control. Boston:
Butterworth-Heinemann.
Kelley, J.,
Campagna, R., & Wessels, D. (2009). Network
access control for dummies. Hoboken, N.J: Wiley.
No comments:
Post a Comment