Authorization and Access Control Flashcards
Authorization
Process of determining exactly what an authenticated party can do
Access controls
Tools and systems you use to deny and allow access
What are the four basic tasks of access controls?
Allowing access
Denying access
Limiting access
Revoking access
Sandbox
Isolated environments containing a set of resources for a given purpose
What are the two main uses of sandboxes?
Prevent contents of sandboxes from interacting with resources they shouldn’t
Contain things you don’t trust, eg, code from public websites
What are the two main methods of implementing access controls?
Access Control Lists, ACLs or ackles
Capabilities
Access control list
Contains information about what kind of access certain parties are allowed to have in a given system
Often part of application or OS software
Ex: Badge readers
What are the two types of ACL?
File system ACL
Network ACL
What are the three types of permissions in file system ACLs?
Read
Write
Execute
Characteristics of Network ACLs
Filter access based on identifiers used for network transactions, such as Internet Protocol (IP) addresses
Permissions are binary, not RWX
Grant permissions to traffic rather than users
What are three main identifiers network ACLs use to filter traffic?
Media access controls
IP addresses
Port
Media access controls (context: network ACLs)
Unique identifiers hard coded into each network interface in a given system
Easily changed
IP addresses (context: network ACLs)
Unique address for a computer
ACL can filter single address or range of addresses
Can be falsified
Port (context: network ACLs)
Numerical designation for one side of a connection between two devices
Ports are used as a convention, not by rule, ie, can be changed
Socket
When an ACL uses both an IP address and a port, it is called a socket
Confused deputy problem
When software with access to a resource (the deputy) has greater level of permission to access the resource than the user who is controlling the software
Cross-site request forgery (CSRF)
Example of confused deputy problem
If attacker knows of a website that had already authenticated user, he can embed a link in a web page or HTML email, such that when the target’s browser attempts to retrieve the image, it also executes additional malicious commands
Clickjacking, AKA user interface redressing
Example of confused deputy problem
Attacker, who has control over some portion of a website, puts invisible layer over something the user would normally click. When user clicks, client executes command that is different from what user is expecting
Blackholing
Filtering large swaths of IP addresses
Capabilities
Can define permissions based on a user’s token or key, AKA capability
Relies purely on possession of token, not who possesses it
Not susceptible to confused deputy
Access control model
Way of determining who should be allowed to access what resources
Common access control models (6)
Discretionary access control
Mandatory access control
Rule-based access control
Role-based access control
Attributes-based access control
Multilevel access control
Discretionary access control (DAC)
owner of the resource determines who gets access and the level of access they get
Mandatory access control
Owner doesn’t decide–separate group or individual decides
Ex: government organizations label resource based on sensitivity level
Rule-based access control
Allows access according to a set of rules defined by the system administrator
Role-based access control (RBAC)
Allows access based on the role of the individual being granted access
Attribute-based access control
Access based on specific attributes of a person, resource, or environment
What are the three kinds of attributes in attribute-based access control?
Subject attributes
Resource attributes
Environmental attributes
Subject attributes
Belongs to individuals
Ex: Must be this tall to ride, CAPTCHAs
Resource attributes
Belong to a resource, such as an application or operating system
Ex: some software only works on certain OSes, some websites only work on certain browsers
Environmental attributes
Can enable access controls based on environmental conditions
Ex: time of day, time limits until required reconnection for authorization
Multilevel access control
Access control model that combines several of the common access control models discussed
Bell-LaPadula model
Multilevel access control
Opposite of Biba model
Combines discretionary and mandatory access control models
Concerned with confidentiality of resource in question
Involves two security properties: simple security property and * property AKA star property
Simple security property
Individuals cannot read resources at a higher level but can access and read resources at a lower level
No read up
- Property, AKA star property
Anyone accessing a resource can only write (or copy) its contents to another resource classified at the same level or higher
No write down
The Biba Model
Multilevel access control
Opposite of Bell-LaPadula model
Concerned with protecting the integrity of data, even at the expense of confidentiality, ie, more important to keep people from altering data than accessing it
Two security principles: simple integrity axiom and *integrity axiom (star integrity axiom)
Simple integrity axiom
Access to one level does not grant access to lower levels
No read down
- integrity axiom
Can only write (or copy) contents to a resource classified at same level or lower
No write up
Brewer and Nash model
Multilevel access control
Designed to prevent conflicts of interest
Once a user accesses certain materials he would not be able to access materials that would create a conflict of interest
3 main resource classes: objects, company groups, conflict classes
Objects (context: Brewer and Nash model)
resources, such as files or information, pertaining to a single organization
Company groups (context: Brewer and Nash model)
All objects pertaining to an organization
Conflict classes (context: Brewer and Nash model)
All groups of objects concerning competing parties
Physical access controls
Concerned with controlling the movement of individuals and vehicles
Common concern: tailgating
What are the two types of user accounts in Windows?
Local user account
Domain user account
Local user account
Restricted to the operating system on which it was created
Ex: home users or small network without Active Directory server
Domain user account
Used to access resource on a domain
Ex: file shares
Centrally managed through a system known as Active Directory, which is installed on a server called a domain controller
Domain controller
Used for authentication and authorization of the users on a network
What are the two ways by which domain users can be managed?
Active Directory Users and Computers
PowerShell
Active Directory Users and Computers
Graphical tool by which domain users are managed
