Chapter 4 - Access Control Flashcards
Acess Control Definition
Define Access Control
The prevention of unauthorized access of a resource (or entering into physical facility)
also prevent legitimate users from using in unauthorize way
RFC Definition (of computer security)
Define Access Control
Process by which use of system** resources** is regulated according to a security policy and permitted only by authorized entities
Difference between User Authentication and Access Control
Define Access Control
Authentication establishes **who **you are and Access control establishes what you can do within a system
Relationship to other security functions
Define Access Control
“Broader Context of Access Control”
- Authentication: first verifies credentials of user are valid
- Access Control: Grants permissions to a system resource
- Auditing: Independent review of system records and activities to test adequacy, ensure compliance, and detect breaches
Access control policies should dictate:
Access Control Principles
- Who can access a resource
- What type of access is allowed
- Under what conditions
Access Control Basic Elements
Access Control Basic Elements
- Subject (entity capable of accessing objects)
- Object (Resource to be accessed)
- Access Rights (What subject can do with object)
Subjects held accountable for actions they initiate!!!
Classes of Subject (3)
Access Control Basic Elements
- Owner
- Group
- World
Examples of Access Rights
Access Control Basic Elements
- read
- write
- execute
- delete
- create
- search
What are the three main Access Control Policies?
Access Control Principles
- Discretionary Access Control (DAC): Based on identity of requestor
- Mandatory Access Control (MAC): Based on labels and security clearances
- Role-based Access Control (RBAC): Based on roles that users have in system
Not mutually exclusive, we can implement multiple at once!!!
DAC definition
DAC
Scheme in which an entity may enable another entity to access some resource
How is DAC often implemented?
DAC
An access matrix where:
- Rows = subjects
- Columns = objects
- Each cell = access rights
(That subject has to an object)
The value of cell password file:Eric = read
*From these we make access control lists and capability lists
Why use ACLs or Capability Lists?
DAC
- Access matrix can become huge
- most of the cells are empty which wastes space
- changing permissions requires modifying matrix, more cumbersome than list
What are Access Control Lists (ACLs)
DAC
List of subjects that can acccess a particular object
What are capability lists?
DAC
List of objects that a particular subject can access
ACL
Pro vs Con
DAC
Pro:
* Object owner can easily control who can access their resource
Con:
* Takes up too much space/search overhead (Many more objects in system compared to subjects)
good for managing permissions from perspective of objects (unix)
Capability List
Pro vs Con
DAC
Pro:
* Easy to see what a user is allowed to access
* More flexible, subjects can access many objects and its easier to control that with capability lists
Con:
* Harder to manage by object (see all subjects that can access specific object)
Good for user-focused resource control
How are UNIX files managed?
DAC
inodes
What is an inode (index node) in Unix
DAC
A data structure in Unix that stores key information about a file for operating systemsto provide efficient hierarchical organization and access control
Does not contain file name or file contents
- File Attributes
- File permissions
- File control information
remember directory = file with list of file names and their respective inodes
inode table
stored in disk, contains inodes of all files in filesystem
What happens when a Unix file is opened
DAC
Its inode is brought into main memory (in memory-resistant inode table)
Inode table contains inodes of all files in the file system
- System checks:
* UID (unique user ID)
* GID (Group ID)
* Protection bits (Specify access permissions) - System grants either owner (UID), group (GID) or other class permissions
How are the 12 protection bits used to show permissions?
DAC
Here’s a clearer version you can update your flashcard with:
Q: How are the 12 protection bits used to show permissions?
A:
1. 3 bits – Owner (rwx)
2. 3 bits – Group (rwx)
3. 3 bits – Other (rwx)
4. 3 bits – Special permissions:
• SUID (Set User ID): • s – Execute bit is set (rwsr-xr-x) • S – Execute bit is not set (rwSrw-r--) • SGID (Set Group ID): • s – Execute bit is set (rwxr-sr-x) • S – Execute bit is not set (rwxrwS--) • Sticky Bit: • t – Execute bit is set (rwxr-xr-t) • T – Execute bit is not set (rwxr-xr-T)
Special bits explanation:
• Lowercase (s or t) – Execute permission is present.
• Uppercase (S or T) – Execute permission is not present, but the special permission still applies
what happens when stickybit is applied to directory
only owners of files in directory can rename, move or delete users
What does this 12 bit permission structure imply?
rwxr-x—
DAC
- Owner can read, write and execute (all permissions)
- Group can read and execute but not write
- Other classes have no permission
- No special permissions
What does this 12 bit permission structure imply?
rwxr-sr–T
DAC
- Owner can read, write, and execute
- Group can read and execute with owner permissions
- Others can only read
- Only owner can delete/rename files
rwxr–r–T
- Owner can read, write, and execute.
- Group can read.
- Others can read.
- Only the owner can delete the file.
because stickybit is located in execute field of other, we use t or T to decide if other can execute or not. T MEANS THEY CAN’T
rwsr-sr– how is this 12 bits?
111 110 100 001
The 9-character representation does not grow beyond 9 characters. It overlays the 12 bits by modifying the x positions for special permissions.
Set UserID (SUID)
and
Set Group ID (SGID)
DAC
- or SUID means file will be executed w/ same permissions as owner of executable file
- GUID means executed with same permissions as group owner of the file
Ex: Passwd comman needs to edit files like /etc/passwd to change password, but these files are owned by root and can only be modified by root.
Why should you be careful with special permissions like SUID and SGID?
DAC
Attackers can inject malicious commands as root user
Role of superuser (root) in Unix
DAC
Exempt from usual access restrictions
Has system-wide access
Can install software and manage users
Kernel can only run with superuser privileges
NEVER run untrusted software with superuser
Why is the traditional Unix file access control inadequate for complex environments?
DAC
No individual user control, would require huge number of groups, impossible to represent some constraints
Modern Unix systems like Linux and FreeBSD support ACLs
What do Modern UNIX systems support instead of the traditional file access control?
DAC
ACLs
More fine-grained control than traditional 12-bit protection system
- setfacl: Used to assign an ACL to a file or directory.
- getfacl: Used to retrieve and display the ACL associated with a file or directory.
Why is ACL Model better than traditional 12-bit permission system?
DAC
Extends these permissions: more granular assignments.
Traditional Permissions:
You would either need to add them all to the group or open access to “others.”
ACLs:
Assign specific read, write, or execute permissions to only the required users, without affecting the rest of the group or “others.”
What is an Access Control List (ACL) in Unix
DAC
ACL tailored to Unix or Unix-like systems to extend the traditional permission model (owner, group, others), to allow defining permissions for individual users (beyond owner, group, others)
• still maintaining hierarchical structure
• Set mask for added control
What is the two-step process in ACL model in UNIX?
DAC
Process requests access to file:
1. OS selects most appropriate ACL entry (Owner, user, group, or others)
2. OS verifies if the matching entry grants sufficient permissions to fulfill the request
Mask in ACL model
DAC
Sets maximum permissions for group/named entries, even if some are assigned higher permissions
What is Mandatory Access Control (MAC)?
MAC
Access is determined by system-enforced security labels and classifications, often used in military settings
Labeling mechanism used
Prevent illegal flow of information through the enforcement of “multi-level security”
Downside of MAC
MAC
Requires a very strict classification of subject and objects, making it too rigid
Information access limited by the “need-to-know
Compartment
MAC
Projects that are associated with a piece of classified information
Maybe file is labeled Secret;Finance – Secret Clearance and Finance Compartment access
Classification
vs
Clearance
MAC
Classification: Class of an object
Clearance: Indication that a subject is trusted up to a certain level
“A subject can read an object is the subject dominates the object”
What is a “Need-to-Know” Principle in MAC?
Access is limited to users who require it for their duties, even if they have the proper security clearance
Role-Based Access Control (RBAC)
RBAC
Access is granted based on roles assigned to users, rather than user identities
- Users assigned to different roles
- widespread commercial use and area of active research, NIST standards developed
What is RBAC0?
RBAC0
Base model in 4 model RBAC family (basis for RBAC standardization efforts, as they are actually ongoing) Containing four types of entities
1. User (individual accessing system)
2. Role (named job function)
3. Permission (approval of particular mode of access to one or more objects)
4. Session (mapping between a user and an activated subset of their roles)
What is RBAC2?
RBAC2
- Mutually Exclusive Roles (only user can assume one role from a set)
- Cardinality: Limits on the number of users per role
- Prerequisite Roles: Users must have a specific role before assuming another
What is RBAC1?
RBAC1
It adds role hierarchies to the basic RBAC model, where roles inherit permissions from subordinate roles.
