P1L5 Access Control Flashcards
Two parts to Access Control
- Decide who should have access to certain resources. An access control policy.
- Enforcement–only accesses defined by the access control policy are granted
Access Control Matrix (ACM)
Rows correspond to sources of the request (users/subjects/groups)
Columns correspond to the resources that need protected
Discretionary Access Control
Access is at the discretion of its owner. Owner can grant access to other users and also allow or not allow the other users to propagate this access.
Flaw with DAC
Other user can copy to another file and then share with third party.
Access Control List (ACL)
Columns for an object that define each users rights of that object.
Capability List (C-List)
Rows for a user that define that user’s rights for each object.
Where should ACL be stored?
- -In trusted part of system
- -Consists of access control entries
- -Should be stored along with other object meta-data
- -Checking requires traversal of the ACL
Where should C-List be stored?
- -It is per user
- -A capability is an unforgeable reference/handle for a resource
- -User catalogue of capabilities defines what a certain user can access
- -Can be stored in objects/resources themselves
ACL vs C-List
Efficiency–ACL are not as efficient as C-List
Accountability–Can be found easily in ACL. With C-List, each user’s catalog must be checked to see if access ok.
Revocation–Revoking access in ACL is easy
Most OS uses ACL
How does OS implement ACL?
The OS keeps track of info about each file and its metadata, called an i-node. Open files are stored in the meta-data table. The file must be active.
Role Based Access Control (RBAC)
The access rights are associated by roles/jobs. Users can have more than one role.
RBAC benefits
- -Policy need not be updated when a certain person leaves
- -new employee should be able to activate the desired role.
- -Start with minimum access
SELinux supports RBAC
Fail-safe defaults
Implies that when an access control policy is silent about access to a certain user, that access must be denied.