Advanced Computer

Networks & Computer and

Network Security

Prof. Dr. Hasan Hüseyin BALIK

(4th Week)
 Outline
• 2. Computer security technology and
principles
—2.1. Cryptographic Tools
—2.2. User Authentication
—2.3 Access Control
—2.4 Malicious Software
—2.5. Denial-of-Service Attacks
—2.6 Intrusion Detection
—2.7 Firewalls and Intrusion Prevention Systems
2.3. Access Control
 2.3.Outline
• Access Control Principles
• Subjects, Objects, and Access Rights
• Discretionary Access Control
• Example: UNIX File Access Controll
• Role-Based Access Control
• Attribute-Based Access Control
• Identity, Credential, and Access Management
• Trust Frameworks
Access Control Definitions
1/2
NISTIR 7298 (Glossary of Key Information Security
Terms , May 2013) defines access control as:

“the process of granting or denying

specific requests to: (1) obtain and use
information and related information
processing services; and (2) enter specific
physical facilities”
Access Control Definitions
2/2
RFC 4949 (Internet Security Glossary) defines
access control as:

“a process by which use of system

resources is regulated according to a
security policy and is permitted only by
authorized entities (users, programs,
processes, or other systems) according to
that policy”
 Basic Security Requirements
1 Limit information system access to authorized users, processes acting on behalf of
authorized users, or devices (including other information systems).
2 Limit information system access to the types of transactions and functions that authorized
users are permitted to execute.

Derived Security Requirements

3 Control the flow of CUI in accordance with approved authorizations.
4 Separate the duties of individuals to reduce the risk of malevolent activity without

5
collusion.
Employ the principle of least privilege, including for specific security functions and
Access
6
privileged accounts.
Use non-privileged accounts or roles when accessing nonsecurity functions.
Control
7 Prevent non-privileged users from executing privileged functions and audit the execution Security
of such functions.
8 Limit unsuccessful logon attempts. Requirements
9 Provide privacy and security notices consistent with applicable CUI rules.
10 Use session lock with pattern-hiding displays to prevent access and viewing of data after ( SP 800-171)
period of inactivity.
11 Terminate (automatically) a user session after a defined condition.
12 Monitor and control remote access sessions.
13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions.
14 Route remote access via managed access control points.
15 Authorize remote execution of privileged commands and remote access to security-
relevant information.
16 Authorize wireless access prior to allowing such connections.
17 Protect wireless access using authentication and encryption.
18 Control connection of mobile devices.
19 Encrypt CUI on mobile devices.
20 Verify and control/limit connections to and use of external information systems.
21 Limit use of organizational portable storage devices on external information systems.
22 Control CUI posted or processed on publicly accessible information systems.

CUI = controlled unclassified information

Access Control Principles
• In a broad sense, all of computer security is
concerned with access control

• RFC 4949 defines computer security as:

“measures that implement and assure

security services in a computer system,
particularly those that assure access control
service”
Source: Based on [SAND94].
 Access Control Policies
• Discretionary access control
• Role-based access
(DAC)
o Controls access based on the control (RBAC)
identity of the requestor and on o Controls access based on the
access rules (authorizations) stating roles that users have within the
what requestors are (or are not)
allowed to do system and on rules stating what
o This policy is termed discretionary accesses are allowed to users in
because an entity might have given roles
access rights that permit the entity,
by its own volition, to enable another • Attribute-based access
entity to access some resource.
control (ABAC)
• Mandatory access control o Controls access based on
(MAC) attributes of the user, the resource
o Controls access based on to be accessed, and current
comparing security labels with environmental conditions
security clearances
o This policy is termed mandatory
because an entity that has
clearance to access a resource may
not, just by its own volition, enable
another entity to access that
resource
 Subjects, Objects, and
Access Rights
Access
Subject Object
right

Describes the way in

An entity capable of A resource to which
which a subject may
accessing objects access is controlled
access an object

Three classes Could include:

• Owner •Read
Entity used to contain •Write
• Group and/or receive •Execute
• World information •Delete
•Create
•Search
 Discretionary Access Control
(DAC)
• Scheme in which an entity may be granted access
rights that permit the entity, by its own violation, to
enable another entity to access some resource
• Often provided using an access matrix
o One dimension consists of identified subjects that may
attempt data access to the resources
o The other dimension lists the objects that may be
accessed
• Each entry in the matrix indicates the access rights
of a particular subject for a particular object
 OBJECTS
File 1 File 2 File 3 File 4
Own Own
User A Read Read
Write Write
Own
SUBJECTS User B Read Read Write Read
Write

Read Own
User C Read Read
Write Write
(a) Access matrix

Figure 4.2 Example of Access Control Structures

File 1 A B C User A File 1 F

 (a) Access matrix

File 1 A B C User A File 1 File 3

Own R Own Own
R R W R R
W W W
• • •

File 2 B C User B File 1 File 2 File 3 File 4

Own Own
R R R R W R
W W
• • • •

File 3 A B User C File 1 File 2 File 4

Own R Own
R W W R R
W W
• • •

File 4 B C
Own (c) Capability lists for files of part (a)
R R
W
•

(b) Access control lists for files of part (a)

Figure 4.2 Example of Access Control Structures

Subject Access Object
Mode
A Own File 1
A Read File 1
A Write File 1
Authorization
A Own File 3 Table
A
A
Read
Write
File 3
File 3
for Files in
B Read File 1 Figure 4.2
B Own File 2
B Read File 2
B Write File 2
B Write File 3
B Read File 4
C Read File 1
C Write File 1
C Read File 2
C Own File 4
C Read File 4
C Write File 4
 Protection Domains
• Set of objects together with access rights to those objects
• More flexibility when associating capabilities with
protection domains
• In terms of the access matrix, a row defines a protection
domain
• User can spawn processes with a subset of the access
rights of the user
• Association between a process and a domain can be
static or dynamic
• In user mode certain areas of memory are protected
from use and certain instructions may not be executed
• In kernel mode privileged instructions may be executed
and protected areas of memory may be accessed
UNIX File Access Control
UNIX files are administered using inodes (index
nodes)
• Control structures with key information needed for a particular file
• Several file names may be associated with a single inode
• An active inode is associated with exactly one file
• File attributes, permissions and control information are sorted in the
inode
• On the disk there is an inode table, or inode list, that contains the
inodes of all the files in the file system
• When a file is opened its inode is brought into main memory and
stored in a memory resident inode table

Directories are structured in a hierarchical tree

• May contain files and/or other directories

• Contains file names plus pointers to associated inodes
 UNIX
File Access Control

ss

ss
as
a

a
cl

cl
Unique user identification

cl
⚫

er
ne

u
number (user ID)

ro

th
w
O

O
⚫ Member of a primary group rw- r-- ---
identified by a group ID
user: :rw-
⚫ Belongs to a specific group group::r--
⚫ 12 protection bits other::---
⚫ Specify read, write, and
execute permission for the (a) Traditional UNIX approach (minimal access control list)
owner of the file, members
of the group and all other
users Figure 4.5 UNIX File Access Control

s
The owner ID, group ID, and

as

s
as
⚫

as
cl

cl

cl
protection bits are part of the

er
ne

u
file’s inode

ro

th
w
O

O
rw- rw- ---
user: :rw-
masked user:joe:rw-
 Traditional UNIX
File Access Control
⚫ “Set user ID”(SetUID)
⚫ “Set group ID”(SetGID)
⚫ System temporarily uses rights of the file owner/group in
addition to the real user’s rights when making access
control decisions
⚫ Enables privileged programs to access files/resources not
generally accessible
⚫ Sticky bit
⚫ When applied to a directory it specifies that only the owner
of any file in the directory can rename, move, or delete
that file
⚫ Superuser
⚫ Is exempt from usual access control restrictions
⚫ Has system-wide access
 Access Control Lists (ACLs)
in UNIX
Modern UNIX systems support ACLs
•FreeBSD, OpenBSD, Linux, Solaris

FreeBSD

•Setfacl command assigns a list of UNIX user IDs and groups

•Any number of users and groups can be associated with a file
•Read, write, execute protection bits
•A file does not need to have an ACL
•Includes an additional protection bit that indicates whether the file has an extended ACL

When a process requests access to a file system object two steps

are performed:
•Step 1 selects the most appropriate ACL
•Step 2 checks if the matching entry contains sufficient permissions
Users Roles Resources

Role 1

Role 2

Role 3

Figure 4.6 Users, Roles, and Resources

 R1 R2 Rn

U1

U2

U3

U4

U5

U6

Um

OBJECTS
R1 R2 Rn F1 F1 P1 P2 D1 D2

control owner owner read * read

R1 wakeup wakeup seek owner
control owner

R2 control write * execute owner seek *

ROLES

Rn control write stop

Figure 4.7 Access Control Matrix Representation of RBAC

Scope RBAC Models
 RBAC3
Consolidated model

RBAC1 RBAC2
Role hierarchies Constraints

RBAC0
Base model

(a) Relationship among RBAC models

(RH) Role
Hierarchy Oper-
ations

(UA) User (PA) Permission

Assignment Assignment
Users Roles
Permissions

user_sessions session_roles

Objects

Sessions

(b) RBAC models

Figure 4.8 A Family of Role-Based Access Control Models.

 Director

Project Lead 1 Project Lead 2

Production Quality Production Quality

Engineer 1 Engineer 1 Engineer 2 Engineer 2

Engineer 1 Engineer 2

Engineering Dept

Figure 4.9 Example of Role Hierarchy

 Constraints - RBAC
• Provide a means of adapting RBAC to the specifics
of administrative and security policies of an
organization
• A defined relationship among roles or a condition
related to roles
• Types:
Mutually exclusive
Cardinality Prerequisite roles
roles
•A user can only be •Setting a maximum •Dictates that a user
assigned to one role in number with respect can only be assigned
the set (either during a to roles to a particular role if it
session or statically) is already assigned to
•Any permission some other specified
(access right) can be role
granted to only one
role in the set
 Attribute-Based Access
Control (ABAC)

Main obstacle to
its adoption in Web services
real systems has have been
Can define been concern pioneering
There is
authorizations about the technologies
Strength is its considerable
that express performance through the
flexibility and interest in
conditions on impact of introduction of
expressive applying the
properties of evaluating the eXtensible
power model to cloud
both the resource predicates on Access Control
services
and the subject both resource Markup
and user Language
properties for (XAMCL)
each access
 ABAC Model: Attributes
Subject Object Environment
attributes attributes attributes
• A subject is an active • An object (or • Describe the
entity that causes resource) is a passive operational,
information to flow information system- technical, and even
among objects or related entity situational
changes the system containing or environment or
state receiving information context in which the
information access
• Attributes define the • Objects have occurs
identity and attributes that can • These attributes have
characteristics of the be leverages to so far been largely
subject make access control ignored in most
decisions access control
• A subject’s role can
also be viewed as an policies
attribute.
 ABAC
Relies upon the evaluation
of attributes of the subject,
Distinguishable because it
attributes of the object,
controls access to objects
and a formal relationship
by evaluating rules against
or access control rule
the attributes of entities,
defining the allowable
operations, and the
operations for subject-
environment relevant to a
object attribute
request
combinations in a given
environment

Allows an unlimited
Systems are capable of
number of attributes to be
enforcing DAC, RBAC,
combined to satisfy any
and MAC concepts
access control rule
 Subject Object Environmental
Attributes Attributes Attributes

Clearance Owner Temperature

Name Type Time

Etc. Affiliation Etc. Classification Etc. Security

2b 2c 2d

Permit
1 3

Access
control Deny
mechanism
Subject (user)
2a

Access Control
Policies

Figure 4.10 ABAC Scenario

 ABAC Policies
A policy is a set of rules and relationships that govern allowable behavior
within an organization, based on the privileges of subjects and how
resources or objects are to be protected under which environment conditions

Typically
written Privileges represent the authorized behavior of a subject
from the and are defined by an authority and embodied in a policy
perspective
of the
object that
needs
protecting
and the Other terms commonly used instead of privileges are: rights,
privileges authorizations, and entitlements
available to
subjects
 Identity, Credential, and
Access Management (ICAM)
• A comprehensive approach to managing and
implementing digital identities, credentials, and
access control
• Developed by the U.S. government
• Designed to:
o Create trusted digital identity representations of individuals and
nonperson entities (NPEs)
o Bind those identities to credentials that may serve as a proxy for the
individual of NPE in access transactions
• A credential is an object or data structure that authoritatively binds
an identity to a token possessed and controlled by a subscriber
o Use the credentials to provide authorized access to an agency’s
resources
 Identity Federation
• Term used to describe the technology, standards,
policies, and processes that allow an organization
to trust digital identities, identity attributes, and
credentials created and issued by another
organization
• Addresses two questions:
o How do you trust identities of individuals from external
organizations who need access to your systems
o How do you vouch for identities of individuals in your
organization when they need to collaborate with external
organizations
 Identity (Possible contract)
Service Relying
Provider Party

Te OS

en e
em ic
rm ) a
(T

t
re rv
a g Se
s o gr

S) o f
f S eem

O s
er en

(T erm
vi t
ce

T
Identity (Possible contract)
Service Relying
Provider Users Party
e
Te OS ic t
(a) Traditional triangle of parties involved in an exchange of identity information
v
rm ) a er men
(T
S
s o gr f ee
f S eem s o gr
rm S) a
Trust Framework
er en Providers
e
vi t T O
ce (T
Attribute Providers
Identity
Service Attribute Exchange
Network Relying
Providers
Parties

Assessors Dispute
& Auditors Resolvers

Users

(a) Traditional triangle of parties involved

Users in an exchange of identity information

(B) Identity attribute exchange elements

Figure 4.13 Identity Information Exchange Approaches

Trust Framework
Providers
 Open Identity Trust
Framework
OpenID
•An open standard that allows users to be
authenticated by certain cooperating sites
using a third party service
OITF
•Open Identity Trust Framework is a
standardized, open specification of a
trust framework for identity and
attribute exchange, developed jointly by
OIDF and ICF
OIDF
•OpenID Foundation is an international
nonprofit organization of individuals
and companies committed to enabling,
promoting, and protecting OpenID
technologies
OIX
•Open Identity Exchange Corporation is
an independent, neutral, international
provider of certification trust frameworks
conforming to the OITF model
ICF
•Information Card Foundation is a
nonprofit community of companies and
individuals working together to evolve
the Information Card ecosystem
AXN
•Attribute Exchange Network is an online
Internet-scale gateway for identity
service providers and relying parties to
efficiently access user asserted,
permissioned, and verified online
identity attributes in high volumes at
affordable costs
 Trust Framework
Providers

Attribute Providers
Identity
Service Attribute Exchange
Network Relying
Providers
Parties

Assessors Dispute
& Auditors Resolvers

Users

(B) Identity attribute exchange elements

Figure 4.13 Identity Information Exchange Approaches