Information Security

CBS3002

MODULE:2

ACCESS CONTROL MATRIX

 MODULE - 2
• Discretionary based models

• Mandatory based models

• roll-based and task-based models

• unified models

• access control

• algebra

• temporal and spatio-temporal models.

 ACCESS CONTROL MATRIX
INTRODUCTION:
• A protection system describes the conditions under
which a system is secure.

• A classical formulation of a protection system.

• The access control matrix model arose both in

operating systems research and in database research

• It describes allowed accesses using a matrix.

 ACCESS CONTROL MATRIX
PROTECTION STATE:
• The state of a system is the collection of the
current values of all memory locations, all
secondary storage, and all registers and other
components of the system.

• The subset of this collection that deals with

protection is the protection state of the system.

• An access control matrix is one tool that can

describe the current protection state.
 PROTECTION STATE

• Consider the set of possible protection states P.

Some subset Q of P consists of exactly those
states in which the system is authorized to reside.
• whenever the system state is in Q, the system is
secure.
• When the current state is in P – Q, the System is
NOT Secure.
• Characterizing the states in Q is the function of a
security policy.
• preventing the system from entering a state in
P – Q is the function of a security mechanism.
 PROTECTION STATE
• The access control matrix model is the most precise
model used to describe a protection state.
• It characterizes the rights of each subject (active
entity, such as a process) with respect to every
other entity.
• As the system changes, the protection state
changes. When a command changes the state of
the system, a state transition occurs.
• In practice, any operation on a real system causes
multiple state transitions; the reading, loading,
altering, and execution of any datum or instruction
causes a transition.
 PROTECTION STATE

• For example:
a program that changes a variable to 0 does
not (usually) alter the protection state.

• However, if the variable altered is one that

affects the privileges of a process, then the
program does alter the protection state and needs
to be accounted for in the set of transitions.
 Access Control Matrix Model
• The simplest framework for describing
protection system is the Access Control Matrix
model, which describes the rights of users over
files in a matrix.
• Who discovered Access Control Matrix?
Butler Lampson, first proposed this model in
1971.
Graham and Denning, refined it, and we will
use their version.
 Access Control Matrix Model
• The set of all protected entities (that is, entities
that are relevant to the protection state of the
system) is called the set of objects O.
• The set of subjects S is the set of active objects,
such as processes and users.
• In the access control matrix model, the relationship
between these entities is captured by a matrix A
with rights drawn from a set of rights R in each
entry a[s, o],
where s ∈ S, o ∈ O, and a[s, o] ⊆ R
• The subject s has the set of rights a[s, o] over the
object o.
 Access Control Matrix Model
• The set of protection states of the system is
represented by the triple (S, O, A).
Access Control Matrix Model
ACCESS CONTROL MATRIX
ACCESS CONTROL MATRIX
ACCESS CONTROL- BASIC ELEMENTS
 Discretionary – based Model

• A security policy may use two types of access

controls, alone or in combination.
• In one, access control is left to the discretion of
the owner.
• In the other, the operating system controls access,
and the owner cannot override the controls.
• The first type is based on user identity and is the
most widely known:
 Discretionary – based Model
EXAMPLE:
• Suppose a child keeps a diary.
• The child controls access to the diary, because
he/she can allow someone to read it (grant read
access) or not allow someone to read it (deny read
access).
• The child allows his/her mother to read it, but no
one else.
• This is a discretionary access control because access
to the diary is based on the identity of the subject
(mom) requesting read access to the object (the
diary).
 Mandatory Access Control
• The second type of access control is based on fiat,
and identity is irrelevant:
Definition :
When a system mechanism controls access to
an object and an individual user cannot alter that
access, the control is a mandatory access control
(MAC), occasionally called a rule-based access
control.
 Mandatory Access Control
• The operating system enforces mandatory access controls.
• Neither the subject nor the owner of the object can
determine whether access is granted.
• Typically, the system mechanism will check information
associated with both the subject and the object to
determine whether the subject should access the object.
EXAMPLE:
• The law allows a court to access driving records without
the owners’ permission.
• This is a mandatory control, because the owner of the
record has no control over the court’s accessing the
information.
 What is a Mandatory Access Control System (MAC)?

• Mandatory Access Control (MAC) is a system to allow or

deny access to private information in an organization.
• What makes MAC different from other system is that it
works on a hierarchy pattern.
• The whole team force must be divided into categories
according to their roles and responsibility and according
to the information they must be allowed to see.
• The administration needs to put a lot of efforts at the
time of planning the information flow properly.
• It would be only a one-time effort to set things up in
order, after that it would only require updates as per
change in the position/role.
Mandatory Access Control System (MAC)
Mandatory Access Control System (MAC)
 Mandatory Access Control System (MAC)

• MAC system is to be used, categorizing the

information flow in different categories like -
ground level, confidential, secret and top-secret is
suggested.

• Every system that an individual might be using

would have been given prior access as per the
requirements.
MAC- IMPLEMENTATION
 MAC- USES

• MAC has a wide range of usage in different sectors

which requires a system that can secure
confidential data without any constant supervision.

• Majorly used in sectors like - government offices,

military, health care, financial, engineering
projects, etc.
 MAC- Advantages

• High-level data protection (most secure system among role,

mandatory and discretionary system):
With MAC, one can be sure that their most
confidential data is well protected and leaves no room for
any leakage.
• Centralized Information:
Once data is set in a category it cannot be de-
categorized by anyone other than the head administrator.
This makes the whole system centralized and under the
control of only one authority.
• Privacy:
Data is set manually by an administrator. No one other
than admin can make changes in category or list of users'
accesses to any category. It can be updated only by admin.
 MAC-Disadvantages

• Careful Setting-Up Process:

MAC must be set up with good care otherwise it will make
working chaotic.
It is because sometimes a piece of information needs to be
shared among co-workers in the same organization but MAC
restricts anyone to do so.
• Regular Update Required:
It requires regular updating when new data is added or old
data is deleted.
The administration is required to put some consideration
into the MAC system and ACL list now and then.
• Lack of Flexibility:
MAC system is not operationally flexible. It is not an easy
task to initially input all data and create an ACL that won’t create
any trouble later.
 Role-based access control
• Role-based access control (RBAC) is a method of restricting
network access based on the roles of individual users within an
enterprise.
• Organizations use RBAC -- also called role-based security -- to
parse levels of access based on an employee's roles and
responsibilities.
• Limiting network access is important for organizations that have
many workers, have contractors or allow third parties -- such as
customers and vendors -- Network access, as monitoring network
access effectively can be difficult.
• Companies that depend on RBAC are better able to secure their
sensitive data and critical applications. RBAC ensures that users
access only the information they need to do their jobs,
preventing them from accessing information that doesn't pertain
to them.
Role-based Access control
 Role-based access control
• RBAC is based on the concept of roles and privileges.
• Access is based on factors such as authority, competency
and responsibility.
• Network access and other resources -- such as access to
specific files or programs -- can be limited by employee.
• Example:
Specific files might be read-only, but temporary
access can be granted to specific files or programs to
complete a task.
Organizations can designate whether a user is an
end user, administrator or specialist user.
These roles can also overlap or give different
permission levels to specific roles.
 Benefits of Role-based access control
• Improved operational efficiency:
companies can decrease the need for paperwork
and password changes when they hire new
employees or switch the roles of existing employees.
• Enhanced compliance:
Every organization must comply with local, state
and federal regulations.
Companies generally prefer to implement RBAC
systems to meet the regulatory and statutory
requirements for confidentiality and privacy, as
executives and IT departments can more effectively
manage how the data is accessed and used.
 Benefits of Role-based access control
• Increased visibility:
 RBAC gives network administrators and managers
more visibility and oversight into the business.
• Reduced costs:
 By not allowing user access to certain processes
and applications, companies can conserve or more
cost-effectively use resources such as network
bandwidth, memory and storage.
• Decreased risk of breaches and data leakage:
 Implementing RBAC means restricting access to
sensitive information, thus reducing the potential for 
data breaches or data leakage.
 Task Based Access Control
• A paradigm for Access control and Authorization
management in computerized information
systems, called Task-Based Authorization Controls
•
• TBAC models access control from a task-oriented
perspective instead of the traditional subject-
object ones like ACMsand ACLs.
Task Based Access Control
ACCESS CONTROL MATRIX
 UNIFIED DATA MODEL (UDM)

What is UDM?
- The Unified Data Model (UDM) is a Chronicle
standard data structure that stores information
about data received from sources.
- It is also called the 'schema'.
- Chronicle can store the original data it receives
in two formats, as the original raw log and as a
structured UDM record.
- The UDM record is a structured representation
of the original log.
- Chronicle always stores the original raw log.
 UNIFIED DATA MODEL (UDM)

• Customers can also transform raw logs to

structured UDM format before sending the data
to Chronicle using the Ingestion API.
 Benefits of UDM
• The same type of record from different vendors is
stored using the same semantics.

• It is easier to write rules against UDM records.

• It is easier to support log types from new devices.

• It is easier to identify relationships between users,

hosts, IP addresses because the data is
normalized into a standard UDM schema.
 UNIFIED DATA MODEL (UDM)
Logical Objects:
• Each UDM record identifies whether it describes
an Event or Entity.
UDM Event:
•  It stores data for an action that occurred in the
environment.
• The original event log describes the action as it
was recorded by the device, firewall, web proxy,
etc. This is the UDM Event data model.
 UNIFIED DATA MODEL (UDM)

UDM Entity:
• A UDM Entity is a contextual representation of
an asset, user, resource, etc. in the
environment.

• It is obtained from a 'source of truth' data

source.
This is the UDM Entity data model.
Event Data Model
Entity data model