Chapter 3 - Authorization and Access Control

Question 1

What is authorization?

Answer 1

Authorization is the next step taken after we have completed identification and authentication.

It enables us to determine, once we have authenticated the party in question, exactly what they are allowed to do. We typically implement authorization through the use of access controls, which we will discuss later in this chapter.

Question 2

What is the principle of least privilege?

Answer 2

A concept to keep in mind when deciding the level of access given to individuals.

Question 3

What are the four basic tasks of access control?

Answer 3

Allowing access
Denying Access
Limiting Access
Revoking Access

Question 4

Describe ALLOWING ACCESS

Answer 4

Access Control:

Allowing access lets us give a particular party access to a given resource.

Question 5

Describe DENYING ACCESS

Answer 5

Access Control:

Denying access if the diametric opposite of granting access. When we deny access we are preventing access by a given party to a resource in question.

Question 6

Describe LIMITING ACCESS

Answer 6

Access Control:

Limiting access refers to allowing some access to a resource, but only up to a certain point.

This is very important when using applications that may be exposed to attack-prone environments.

Question 7

Describe REVOKING ACCESS

Answer 7

Revocation of access is a very important idea in access control. It is vital that once we have given a party access to a resource, we be able to take that access away again.

Question 8

What are the two main methods we might use in access control?

Answer 8

Access control lists

Capabilities

Question 9

What are access control lists?

Answer 9

ACL’s, often referred to as “ackles”, are a very common choice of access control implementation. ACLs are usually used to control access in the file systems on which our operating systems run and to control the flow of traffic in the networks to which our systems are attached.

Question 10

What is a file system ACL?

Answer 10

When we look at ACls in most file systems, we commonly see three permissions in use: read, write and execute, respectively allowing us to access the contents of a file or directory, write to it, and, presuming that a file contains either a program or a script capable of running on the system in question, execute the contents of the file.

Question 11

What is a network ACL?

Answer 11

When we look at the variety of activities that take place on networks, both private and public, we can again see ACLs regulating such activity. In the case of network ACLs, we typically see access controlled by the identifiers we use for network transactions, such as Internet Protocol (IP) addresses, Media Access Control (MAC) addresses, and ports. We can see such ACLs at work in network infrastructure such as routers, switches, and firewall devices, as well as in software firewalls, Facebook, Google, e-mail, or other forms of software.

Question 12

What is a MAC address?

Answer 12

MAC addresses are, in theory, unique identifiers attached to each network interface in a given system. Each network interface has a hardcoded MAC address issued when it is created.

NOTE: Unfortunately for those of us depending on MAC addresses as a basis for our ACLs, the MAC address used by a network interface can be overridden by software settings in most operating systems. Such changes are very trivial to put in place, and the MAC address is not a good choice for a unique identifier of a particular device on the network.

Question 13

What are capabilities in the context of access control?

Answer 13

Capability-based security can provide us with an alternate solution to access control that uses a different structure than what we see in ACLs.

Capabilities are oriented around the use of a token that controls our access. we can think of a token in a capability as being analogous to the badge we might use to open the door in a building.

Capability-based systems base access allowances on the possession of the token, not on who possesses it.

Question 14

What is the difference between capability-based systems and ACL s?

Answer 14

Where ACLs define the permissions based on a given resource, an identity, and a set of permissions, all generally held in a file of some sort, capabilities are oriented around the use of a token that controls our access.

Question 15

What are the most common access control models mentioned in the book?

Answer 15

Discretionary Access Control

Mandatory Access Control

Role-based Access Control

Attribute-based Access Control

Multi-level access control

Question 16

Describe discretionary access control.

Answer 16

Discretionary access control (DAC) is a model of access control based on access being determined by the owner of the resource in question. The owner of the resource can decide who does and does not have access, and exactly what access they are allowed to have. In Microsoft operating systems, we can see DAC implemented. If we decide to create a network share, for instance, we get to decide who we want to allow access.

Question 17

Describe mandatory access control.

Answer 17

Mandatory access control (MAC) is a model of access control in which the owner of the resource does not get to decide who gets to access it, but instead access is decided by a group or individual who has the authority to set access on resources.

Question 18

Describe Role-based Access control

Answer 18

Role-based access control (RBAC) is a model of access control that, similar to MAC, functions on access controls set by an authority responsible for doing so, rather than by the owner of the resource. The difference between RBAC and MAC is that access control in RBAC is based on the role the individual being granted access is performing. For example, if we have an employee whose only role is to enter data into a particular application, through RBAC we would only allow the employee access to that application, regardless of the sensitivity or lack of sensitivity of any other resource he might potentially access. If we have an employee with a more complex role—customer service for an online retail application, perhaps—the employee’s role might require him to have access to information about customers’ payment status and information, shipping status, previous orders, and returns, in order to be able to assist said customers. In this case, RBAC would grant him considerably more access. We can see RBAC implemented in many large-scale applications that are oriented around sales or customer service.

Question 19

Describe attribute-based access control.

Answer 19

Attribute-based access control (ABAC) is, logically, based on attributes. These can be the attributes of a particular person, of a resource, or of an environment. Subject attributes are those of a particular individual.

Captcha

Environmental attributes can be used to enable access controls that operate based on environmental conditions

Resource attributes are those that relate to a particular resource, such as an operating system or application

Question 20

Describe multilevel access control

Answer 20

Multilevel access control models are used where the simpler access control models that we just discussed are considered to not be robust enough to protect the information to which we are controlling access. Such access controls are used extensively by military and government organizations, or those that often handle data of a very sensitive nature. We might see multilevel security models used to protect a variety of data, from nuclear secrets to protected health information (PHI).

Question 21

Describe the bell-lapadula model.

Answer 21

The Bell-LaPadula model implements a combination of DAC and MAC access controls, and is primarily concerned with the confidentiality of the resource in question

Question 22

What is the *Property?

Answer 22

Anyone accessing a resource can only write its contents to one classified at the same level or higher.

Question 23

What is The Simple Integrity Axiom

Answer 23

The level of access granted to an individual must be no lower than the classification of the resource.

Question 24

The *Integrity Axiom?

Answer 24

Anyone accessing a resource can only write its contents to one classified at the same level or lower.

Question 25

The Simple Security Property?

Answer 25

The level of access granted to an individual must be at least as high as the classification of the resource in order for the individual to be able to access it.

Question 26

in the Bell-LaPadula method, what are the two security properties that define how information can flow to and from the resource?

Answer 26

The Simple Security Property: The level of access granted to an individual must be at least as high as the classification of the resource in order for the individual to be able to access it.

The *Property: Anyone accessing a resource can only write its contents to one classified at the same level or higher.

Question 27

What is the Biba model?

Answer 27

The Biba model of access control is primarily concerned with protecting the integrity of data, even at the expense of confidentiality.

Question 28

What are the two security rules of the Biba method that are the exaact reverse of the Bell-Lapadula model rules?

Answer 28

■The Simple Integrity Axiom: The level of access granted to an individual must be no lower than the classification of the resource.

■ The *Integrity Axiom: Anyone accessing a resource can only write its contents to one classified at the same level or lower.

Question 29

What is the brewer and nash model?

Answer 29

The Brewer and Nash model, also known as the Chinese Wall model, is an access control model designed to prevent conflicts of interest. Brewer and Nash is commonly used in industries that handle sensitive data, such as that found in the financial, medical, or legal industry.

Question 30

What are the three main resource classes that are considered in the Brewer and Nash model?

Answer 30

■ Objects: Resources such as files or information, pertaining to a single organization.

■ Company groups: All objects pertaining to a particular organization.

■ Conflict classes: All groups of objects that concern competing parties.

Question 31

What does access control for individuals entail?

Answer 31

Access control for individuals often revolves around controlling movement into and out of buildings or facilities. We can see simple examples of such controls on the buildings of many organizations in the form of badges that moderate opening doors into or within the facility

Question 32

When does tailgating occur?

Answer 32

One of the more common issues with physical access controls is that of tailgating. Tailgating occurs when we authenticate to the physical access control measure, such as using a badge, and then another person follows directly behind us without authenticating themselves. Tailgating can cause a variety of issues, including allowing unauthorized individuals into the building and creating an inaccurate representation of who is actually in the building in case there is an emergency.

Question 33

How do we attempt to solve tailgating?

Answer 33

We can attempt to solve tailgating in a variety of ways, from implementing policy that forbids doing so, to posting a guard in the area, to simply (but expensively) installing a physical access control solution that only allows one person to pass through at a time, such as a turnstile. All of these are reasonable solutions, but, depending on the environment in question, may or may not be effective. We will often find that a combination of several solutions is needed to develop a thorough and complete solution.