access control 2 Flashcards
remind me what’s the goal of an access control mechanism , and er also can I have 2 examples
Access control mechanisms of a system enforce security policies by ensuring the system stays within
authorized states.
• If the mechanisms fail, the system may enter into an unauthorized state.
In Unix/Linux, a user may be granted access to raw read/write to a disk. This will bypass the protection imposed by the file system access control mechanism.
• Shared memory: some systems do not clear shared memory between use, so data may be exposed to unauthorized subjects.
what is SPR
S is the set of all possible states
P is the subset of S authorised by the policies
R is the subset of S that is reachable with the security mechanism
under SPR, when is the system secure. and when is it precise.
the system is secure if R is a subset of P
the system is precise (not overprotective) if R = P
also dude just take a screenshot of the diagram.
what are the different levels of sharing
- angry kid who keeps wig
- happy kid creates copies his wig on pieces of paper and gives it out
- happy kid gives out original versions of his wig
- happy kid goes into strangers car
No sharing (complete isolation)
Sharing copies of data objects.
Sharing originals of data objects.
Sharing untrusted programs.
each level of sharing has different security problems
why do sharing problems not fall under the scope of an access control policy
it transfers information, not rights to
access objects.
• It is an information flow problem.
TROJAN HORSE. what is a horsehair wig
a wig that’s scratchy and made out of horsehair. if bucktha puts it on, it is now able to do what bucktha can do. it can destroy zhonghua. Like spyware and viruses
A Trojan Horse performs functions not described in its
(advertised) specifications.
If a Trojan Horse is executed by a principal, it will take on the privileges associated with that principal.
This is the case in Unix and Windows systems.
A Trojan Horse can misuse the rights belonging to the calling principals to copy, misuse or destroy data.
Examples: malwares, viruses, spyware, etc.
what is confinement
Even if a “borrowed” program is confined (e.g., the sandboxing mechanism in Java) so it only has limited access to objects, it can still transmit data that it receives from the calling principal.
A user downloads and executes a software for filing tax return. Suppose the software is executed in a confined environment (e.g., virtual machine in Java), with limited access to the general system.
The user still needs to provide confidential financial data for the software to process. A malicious software may leak this confidential data.
what is mutual suspicion. it’s like the piracy problem when I legally download a game but can make a pirated copy of it lol.
The borrower of the program may be worried that the program steals data.
But the owner of the program may also be worried that the program can be copied without permission.
what are the general mechanisms for access control problems
- brent gets more rights than simone
- if you buy a wig, as a thinning brent, even, you get a receipt that says you OWN it
- there’s a list of the brents who own shit
Access Hierarchies: Automatically give privileged subjects a superset of the rights of less privileged subjects
Capabilities: “Tickets” for objects; possession of a capability unconditionally
authorizes the holder access to the
object.
Access control list: Lists of subjects having access rights
to some particular objects.
what is the revocation of rights problem
Subjects may grant rights (capabilities) to other subjects; subjects may grant the right to grant rights.
In systems where rights can be transferred, revocation of rights can trigger cascading revocation
In Unix, each file has an ACL with three entries corresponding to:
- The owner’s access right
- The access rights of all users in the owner’s group
- The access rights of all others.
it’s that -rwxr-xr-r shit
okay look just look at the tutorial okay
who grants the security policies that specify how buckthas are granted access to wigs
whoever the fuck owns zhonghua, discretionary
or whoever owns all the schools bruh, like er MOE
The owner of a resource, who may decree who is allowed access; such policies are called
discretionary as access control is at the owner’s discretion.
A system-wide policy decreeing who is allowed access; such policies are called mandatory.
what is discretionary access control.
access control based on policies that refer to user identities. this is sometimes called identity based access control (IBAC)
what is mandatory access control
Access control based on policies that refer to security labels (confidential, top secret)
when are direct mappings between subjects/principals and objects impractical
In large organisations, with large number of users and objects to control
what are some intermediate layers between subjects and objects. okay, I guess picture a circle of a large number of buckthas and wigs in an organisation. the air smells of neroli lemongrass. it’s dim and candlelit.
- groups and negative permissions
- roles
- protection rings
in the middle of the circle there is a man with a caved in head. He rolls on the floor in pain. pain, bread. french bread. he’s rolling out some french bread on the floor. hear his screams. on the floor there is also a glittering object. pick it up, wipe the blood off and see that some blood can’t come out of the grooves.
it was supposed to protect me, he says, writhing on the floor, the baguette becoming more french by the minute
what is indirect mappings between subjects and objects in access control
principals of different primary schools will be grouped by district or by importance of primary school.
wigs will be grouped by colour and fullness.
the groups containing principals and the groups containing wigs are linked by procedures.
Talk about scaling up IBAC
IBAC does not scale well and will incur an “identity management” overhead
Alice and Bob are students in a large class; teacher wants to give students access to some documents.
Putting all names into several ACLs is tedious so the teacher defines a group, declares the students to be members of group, and puts group into the ACLs.
Access rights are often defined for groups:
Unix: owner, group, others
what are negative permissions
to handle exceptions, negative permissions withdraw rights.
what is a role
a role is a collection of procedures assigned to users, a user can have more than one role and more than one user can have the same role. Bucktha’s can have the role “cool bucktha” and get a cool leather jacket and a the procedure to sell meth
what is role based access control
‘High level’ access operations with a more complex semantic than read or write;
procedures can only be applied to objects of certain data types.
• Example: Funds transfer between bank accounts.
• Roles are a good match for typical access control requirements in business.
• RBAC typically found at the application level.
e.g. if I’m a software developer in a large bank. i don’t have access to the database where upper management interferes with the political regime in developing countries
what is the difference between group and role
group is a set of users, and they’re less stable (like the good place dorks, we call em not stable cos people resign very fast).
role is a set of procedures, tends to be more stable, this defins the necessary functions in the organisation rather than the organisation structures.
The french bread creates a structured bagettte empire where all french breads have parts to play and not play. Rise, like the yeast that made you made you.
What is privileged mode
Gives a supervisor an access to every object in the system “root” in UNIX, “admin” in windows
also look at the image of the rings.
how did windows get fucked by french count dooku
• In Windows, rendering of TrueType font is done in the kernel space (ring 0).
• The font is basically an executable script
• Specially crafted documents (Word file for example) can embed malicious codes in fonts,
which would then be executed in the kernel protection ring.
• Bug exploited by the ‘Duqu’ malware in 2011
