Cybersecurity Fundamentals

CYB281
Chapter 3
Access control (Part1)
Lecture 06
Department of Information Systems
College of Computer Science and Engineering
Taibah University, Yanbu
Course Coordinator: Prof. Fatemah Alharbi
Instructor: Prof. Fatemah Alharbi
Objectives
• Explain how access control fits into the broader context that includes
authentication, authorization, and audit.
• Define the four major categories of access control policies.
• Distinguish among subjects, objects, and access rights.

2/17 Cybersecurity Fundamentals CYB281– Lecture06

 In
Access Control
as
• ITU-T Recommendation X.800 definition: 8 1 46 si
12m
• “The prevention of unauthorized use of a resource, including the prevention of use of a
resource in an unauthorized manner.” of

• RFC 2828 defines computer security as:

• “Measures that implement and assure security services in a computer system,
I
Weib
particularly those that assure access control service”.

a
m

3/17 Cybersecurity Fundamentals CYB281– Lecture06

 Granting of a right or
Access Control permission to an
entity to access a
Principles system resource.

• Authentication
• Authorization
• Audit
Verification that the
2 N credentials of a user or
an entity are valid.

An independent review
and examination of
system records and
activities

system's
4/17 Cybersecurity Fundamentals CYB281– Lecture06
Access Control Policies (1/2)
• Dictates:
• What types of access are permitted?
• under what circumstances?
• by whom?

5/17 Cybersecurity Fundamentals CYB281– Lecture06

Access Control Policies (2/2)
• Access control policies are generally grouped into the following categories:
we_E
ea.it
How• Discretionary access control (DAC): Controls access based on the identity of the requestor and
on access rules (authorizations) stating what requestors are (or are not) allowed to do.
w̅
• This policy is termed discretionary because an entity might have access rights that permit
the entity, by its own volition, to enable another entity to access some resource.
is
• Mandatory access control (MAC): Controls access based on comparing security labels (which
indicate how sensitive or critical system resources are)
with security clearances (which indicate system entities are eligible to access certain resources).
• This policy is termed mandatory because an entity that has clearance to access a resource
may not, just by its own volition, enable another entity to access that resource.
If • Role-based access control (RBAC): Controls access based on the roles that users have within
the system and on rules stating what accesses are allowed to users in given roles.
• Attribute-based access control (ABAC): Controls access based on attributes of the user, the
resource to be accessed, and current environmental
ys conditions. fill Iiib 5641
sing it
lj8 G
34 s

6/17 Cybersecurity Fundamentals CYB281– Lecture06

Access Control Requirements
• The following are concepts and features that should be supported by an access control system:
1. Reliable input: The old maxim garbage-in-garbage-out applies with special force to access control. An access control system
assumes that a user is authentic; thus, an authentication mechanism is needed as a front end to an access control system. Other
inputs to the access control system must also be reliable.
2. Support for fine and coarse specifications: The access control system should support fine-grained specifications, allowing access

z.wbs.WMAC.sm AC
to be regulated at the level of individual records in files, and individual fields within records. The system should also support fine-
grained specification in the sense of controlling each individual access by a user rather than a sequence of access requests.
3. Least privilege: This is the principle that access control should be implemented so that each system entity is granted the
K. smm
minimum system resources and authorizations that the entity needs to do its work.
4. Separationv5of duty: This is the practice of dividing the steps in a system function among different individuals, so as to keep a
single individual from subverting the process.
5. Open and closed policies: The most useful, and most typical, class of access control policies are closed policies. In a closed policy,
only accesses that are specifically authorized are allowed. In some applications, it may also be desirable to allow an open policy for
some classes of resources. In an open policy, authorizations specify which accesses are prohibited; all other accesses are allowed.
imti.tk
6. Policy combinations and conflict resolution: An access control mechanism may apply multiple policies to a given class of
resources. In this case, care must be taken that there are no conflicts such that one policy enables a particular access while
another policy denies it. Or, if such a conflict exists, a procedure must be defined for conflict resolution.
7. Administrative policies: As was mentioned, there is a security administration function for specifying the authorization database
that acts as an input to the access control function. Administrative policies are needed to specify who can add, delete, or modify
authorization rules. In turn, access control and other control mechanisms are needed to enforce the administrative policies.
8. Dual control: When a task requires two or more individuals working in tandem.

7/17 Cybersecurity Fundamentals CYB281– Lecture06

Access Control Basic Elements
•concept equates with that of process
I X access she subject entity
capable of •typically held accountable for the actions
accessing they initiate
objects •often have three classes: owner, group, world

asset
object •entity used to contain and/or receive
resource to information
which access is •protection depends on the environment
controlled in which access control operates

access right:
the way in •e.g., read, write, execute,
which a subject delete, create, search
may access an
object

8/17 Cybersecurity Fundamentals CYB281– Lecture06

Discretionary Access Control (DAC)
We in which an entity may enable another entity to access some
• A scheme
resource
• Often provided using an access matrix:
• One dimension consists of identified subjects that may attempt data access to the resources
• The other dimension lists the objects that may be accessed
• Each entry in the matrix indicates the access rights of a particular subject for a
particular object

9/17 Cybersecurity Fundamentals CYB281– Lecture06

Access Matrix – Example 1

10/17 Cybersecurity Fundamentals CYB281– Lecture06

Access Control Structures – Example 1
• An access matrix is usually
sparse and is implemented
by decomposition in one of
two ways:
1. Access Control Lists (ACLs)
where matrix is
decomposed by columns
2. Capability Tickets where
matrix is decomposed by
raws

11/17 Cybersecurity Fundamentals CYB281– Lecture06

Authorization Table for Files in Example 1

12/17 Cybersecurity Fundamentals CYB281– Lecture06

An Access Control Model
• The model assumes a set of subjects, a set of objects, and a set of rules that govern the
access of subjects to objects
• It define the protection state of a system to be the set of information, at a given point in
time, that specifies the access rights for each subject with respect to each object.
• To represent the protection state, we extend the universe of objects in the access control
matrix to include the following:
• Processes: Access rights include the ability to delete a process, stop (block), and wake
s up a process.
• Devices: Access rights include the ability to read/write the device, to control its
operation (e.g., a disk seek), and to block/unblock the device for use.
• Memory locations or regions: Access rights include the ability to read/write certain
regions of memory that are protected such that the default is to disallow access.
• Subjects: Access rights with respect to a subject have to do with the ability to grant
or delete access rights of that subject to other objects, as explained subsequently.

13/17 Cybersecurity Fundamentals CYB281– Lecture06

Extended Access Control Matrix

memory

I
14/17 Cybersecurity Fundamentals CYB281– Lecture06
Access Control Function
• It suggests that every access by a
subject to an object is mediated by the
controller for that object, and that the
controller’s decision is based on the
current contents of the matrix.
• In addition, certain subjects have the
authority to make specific changes to
the access matrix. A request to modify
the access matrix is treated as an
access to the matrix, with the
individual entries in the matrix treated
as objects. Such accesses are mediated
by an access matrix controller, which
controls updates to the matrix.

15/17 Cybersecurity Fundamentals CYB281– Lecture06

Protection Domains (1/2)
• A set of objects together with access rights to those objects
• More flexibility when associating capabilities with protection domains
• In terms of the access matrix, a row defines a protection domain
• User can spawn processes with a subset of the access rights of the user

16/17 Cybersecurity Fundamentals CYB281– Lecture06

Protection Domains (2/2)
• Association between a process and a domain can be static or dynamic
• Example:
• One form of protection domain has to do with the distinction made in many
operating systems, such as UNIX, between user and kernel mode.
• In user mode, certain areas of memory are protected from use and certain instructions
may not be executed
• In kernel mode, privileged instructions may be executed and protected areas of
memory may be accessed
• Read section 4.4 in textbook (page 124) to see an example for UNIX file access control

17/17 Cybersecurity Fundamentals CYB281– Lecture06