Kandahar University

Computer Science
Faculty
Network department
Advanced Computer Network -
CS740
Lecture 4
Access Control
TA. Shams Rashidy
[email protected]

Shams Rashidy
Conttents
1 Learning Objectives
2 Introduction
3 Access Control Principles
4 Subjects, Objects, and Access Rights
5 Discretionary Access
Control An Access Control
Model
6 Example: UNIX File Access
Control Access Control Lists in
UNIX
7 Role-Based Access
Control RBAC Reference
Models
Attribute-Based Access
Control ABAC Logical
NetSec Shams Rashidy
 Learning Objectives
• explain how access control fits into the broader context that includes authentication,
authorization, and audit.
• define the three major categories of access control policies.
• distinguish among subjects, objects, and access rights.
• Describe the UNIX le access control model.
• Discuss the principal concepts of role-based access control.
• Summarize the RBAC model.
• Discuss the principal concepts of attribute-based access control.
• Explain the identity, credential, and access management model.
• Understand the concept of identity federation and its relationship to a trust framework.

NetSec Shams Rashidy

Introduction

1 NIST IR 7298, Glossary of Key Information Security Terms,

defines access control as the process of granting or denying
specific requests to:
1 obtain and use information and related information processing
services
2 enter specific physical facilities.
2 Internet Security Glossary, defines access control as a
process by which use of system resources is regulated
according to a security policy and is permitted only by
authorized entities.

NetSec Shams Rashidy

Access Control

ITU-T Recommendation X.800 definition:

“The prevention of unauthorized use of a resource, including the prevention of
use of a resource in an unauthorized manner.”

RFC 2828 defines computer security as:

“Measures that implement and assure security services in a computer system,
particularly those that assure access control service”.

Shams Rashidy
Access Control Principles

Access Control
Access control implements a security policy that specifies who or
what (ex in the case of a process) may have access to each
specific system resource and the type of access that is permitted
in each instance.

NetSec Shams Rashidy

 Access Control Context

• Authentication: Verification that the credentials of a user or other system entity

are valid.
• Authorization: This function determines who is trusted for a given purpose.
• Audit: An independent review and examination of system records and activities in
order to test for adequacy of system controls.

NetSec Shams Rashidy

 Relationship Among Access Control and Other Security
Functions

NetSec Shams Rashidy

Access Control Policies

• Discretionary access control (DAC)

• Mandatory access control (MAC)
• Role-based access control (RBAC)
• Attribute-based access control (ABAC)

NetSec Shams Rashidy

Access Control Policies
based on comparing
security labels with
dictates clearances
• what types of access are permitted,
• under what circumstances,
• by whom.
based on the
identity of the
requestor and on
access rules

based on the roles

and their accesses

Shams Rashidy
Access Control Requirements

• Reliable input
• Support for fine and coarse specifications
• Least privilege
• Separation of duty
• Open and closed policies
• Policy combinations and conflict resolution
• Administrative Policies
• Dual control

Shams Rashidy
Subjects, Objects, and Access
Rights

• The basic elements of access control are: subject, object,

and access right.
• A subject is an entity capable of accessing objects.
• Any user or application actually gains access to an object
by means of a process that represents that user or
application.

NetSec Shams Rashidy

Access Control Basic Elements

subject entity • concept equates with that of process

capable of • typically held accountable for the actions they initiate
accessing
objects • often have three classes: owner, group, world

object • entity used to contain and/or receive information

resource to
which access is • protection depends on the environment in which
controlled access control operates

access right:
the way in
which a subject • e.g. read, write, execute, delete, create, search
may access an
object

Shams Rashidy
Subject

• Basic access control systems typically define three classes

of subject:
• Owner: This may be the creator of a resource, such as a
file.
• Group: In addition to the privileges assigned to an owner, a
named group of users may also be granted access rights,
such that membership in the group is sufficient to exercise
these access rights.
• World: The least amount of access is granted to users who
are
able to access the system but are not included in
the categories owner and group for this resource.

NetSec Shams Rashidy

Access Right

• An access right describes the way in which a subject

may access an object.
• Read
• Write
• Execute
• Delete
• Create
• Search

NetSec Shams Rashidy

Discretionary Access Control

Definition
As was previously stated, a discretionary access control scheme
is one in which an entity may be granted access rights that
permit the entity, by its own volition, to enable another entity
to access some resource.

NetSec Shams Rashidy

 Shams Rashidy

A Model for Access Control

access reference
subject object
request monitor

source request guard resource

(e.g. users, (e.g. files,
processes) printers)
Discretionary Access Control

• A general approach to DAC, as exercised by an

operating system or a database management system, is
that of an access matrix.
• In practice, an access matrix is usually sparse
• The matrix may be decomposed into columns, yielding
Access Control Lists (ACLs)
• Decomposition by rows yields capability tickets that specify
authorized objects and operations for a particular user.

NetSec Shams Rashidy

Access matrix

NetSec Shams Rashidy

Example of Access Control
Structures

NetSec Shams Rashidy

Example of Access Control Structures - Authorization Table

NetSec Shams Rashidy

An Access Control Model

• The model assumes a set of subjects, a set of objects, and

a set of rules that govern the access of subjects to objects.
• Protection state of a system is the set of information, at
a given point in time, that specifies the access rights for
each subject with respect to each object.

NetSec Shams Rashidy

Three requirements of the ACCM

• Processes: Access rights include the ability to delete a

process, stop (block),
• Devices: Access rights include the ability to read/write
the device, to control
• Memory locations or regions: Access rights include
the ability to read/write certain regions of memory that
are protected such that the default is to disallow access.

NetSec Shams Rashidy

Extended Access Control Matrix

NetSec Shams Rashidy

 An Organization of the Access Control
Function

NetSec Shams Rashidy

Introduction - UNIX File

• All types of UNIX files are administered by the

operating system by means of inodes.
• An inode (index node) is a control structure that contains
the key information needed by the operating system for a
particular file.
• An active inode is associated with exactly one file, and
each file is controlled by exactly one inode.

NetSec Shams Rashidy

Traditional UNIX File Access Control
• Most UNIX systems depend on, or at least are based on, the
file access control scheme introduced with the early versions
of UNIX.
• Each UNIX user is assigned a unique user
identification number (user ID).
• A user is also a assigned to a group or a number of
groups with GID.
• Files are created and marked by the owner ID.
• Associated with each file is a set of 12 protection bits.
• Nine of the protection bits specify read, write, and
execute permission for the owner and others
• The remaining three bits define special additional behavior
for files or directories.
• Two of these are the set user ID (SetUID) and set group
ID (SetGID) permissions.
NetSec Shams Rashidy
UNIX File Access Control

NetSec Shams Rashidy

Access Control Lists in UNIX

• Many modern UNIX and UNIX-based operating systems

support access control lists.
• The feature is referred to as extended access control list, while
the traditional UNIX approach is referred to as minimal
access control list.
• FreeBSD allows the administrator to assign a list of UNIX
user IDs and groups to a file by using the setfacl
command.

NetSec Shams Rashidy

ACLs strategy in UNIX/Linux systems

1 The owner class and other class entries in the 9-bit

permission field have the same meaning as in the minimal
ACL case.
2 The group class entry specifies the permissions for the owner
group for this file. These permissions represent the
maximum permissions that can be assigned to named users
or named groups, other than the owning user.
3 Additional named users and named groups may be
associated with the file, each with a 3-bit permission field.

NetSec Shams Rashidy

Role-Based Access Control

• Traditional DAC systems define the access rights of

individual users and groups of users.
• In contrast, RBAC is based on the roles that users assume
in a system rather than the users identity
• The relationship of users to roles is many to many

NetSec Shams Rashidy

Users, Roles, and
Resources

NetSec Shams Rashidy

Access
Control
Matrix

Shams Rashidy
RBAC Reference Models

• A variety of functions and services can be included under

the general RBAC approach.
• The model family is designed based on role
hierarchy (RBAC0,RBAC1,RBAC2,RBAC3).

NetSec Shams Rashidy

Base Model RBAC0

• Contains the four types of entities in an RBAC0

1 User: An individual that has access to this computer system.
Each individual has an associated user ID.
2 Role: A named job function within the organization that
controls this computer system.
3 Permission: An approval of a particular mode of access
to one
or more objects. Equivalent terms are access right,
privilege, and authorization.
4 Session: A mapping between a user and an activated subset
of
the set of roles to which the user is assigned.

NetSec Shams Rashidy

A Family of Role-Based Access Control Models

NetSec Shams Rashidy

Example of Role Hierarchy

NetSec Shams Rashidy

Attribute-Based Access Control

• A relatively recent development in access control technology

is the attribute-based access control (ABAC) model.
• An ABAC model can define authorizations that express
conditions on properties of both the resource and the
subject.
PLAT13 points out that the main obstacle to its adoption in
real systems has been concern about the performance

NetSec Shams Rashidy

Attributes

• Attributes are characteristics that define specific aspects of

the subject, object, environment conditions, and/or
requested operations that are predefined and preassigned by
an authority.
• Subject attributes: A subject is an active entity that causes
information to flow among objects or changes the system
state.
• Object attributes: An object, also referred to as a resource, is
a passive information system-related entity containing or
receiving information.
• Environment attributes: These attributes have so far been
largely ignored in most access control policies.

NetSec Shams Rashidy

ABAC Logical Architecture

NetSec Shams Rashidy

Identity, Credential, and Access Management

• ICAM is a comprehensive approach to managing and

implementing digital identities (and associated attributes),
credentials, and access control.
• Create trusted digital identity representations of individuals
and what the ICAM documents refer to as nonperson entities
(NPEs).
• Bind those identities to credentials that may serve as a
proxy for the individual or NPE in access transactions.
• Use the credentials to provide authorized access to an
agencys
resources.

NetSec Shams Rashidy

ICAM

NetSec Shams Rashidy

Identity Management
• Identity management is concerned with assigning attributes
to a digital identity and connecting that digital identity to an
individual or NPE.
• The goal is to establish a trustworthy digital identity that
is independent of a specific application or context.
• The purpose is not to assign access to someone but it can
be an attribute
• Lifecycle:
• Mechanisms, policies, and procedures for protecting personal
identity information
• Controlling access to identity data
• Techniques for sharing authoritative identity data with
applications that need it
• Revocation of an enterprise identity

NetSec Shams Rashidy

Credential Management

• A credential is an object or data structure that

authoritatively binds an identity to a token possessed and
controlled by a subscriber.
• Credential lifecycle management:
• An authorized individual sponsors an individual or entity for a
credential to establish the need for the credential.
• The sponsored individual enrolls for the credential, a process
which typically consists of identity proofing and the capture of
biographic and biometric data.
• A credential is produced.
• The credential is issued to the individual or NPE.
• Finally, a credential must be maintained over its life cycle.

NetSec Shams Rashidy

Access Management

• The access management component deals with the

management and control of the ways entities are granted
access to resources.
• The purpose of access management is to ensure that
the proper identity verification is made when an
individual attempts to access security sensitive
buildings, computer systems, or data.
• Resource management
• Privilege management
• Privilege management
• Policy management

NetSec Shams Rashidy

Identity Federation

1 How do you trust identities of individuals from

external organizations who need access to your
systems?
2 How do you vouch for identities of individuals in your
organization when they need to collaborate with
external organizations?

NetSec Shams Rashidy

Trust Frameworks

• The interrelated concepts of trust, identity, and attributes

have become core concerns of Internet businesses,
network service providers, and large enterprises.
• The need-to-know principle:
• What do you need to know about someone in order to
deal with them?

NetSec Shams Rashidy

Traditional Identity Exchange Approach

• Online communication between parties need the sharing of

identity information.
• Both the parties need to have the level of trust to share
the information.

NetSec Shams Rashidy

Identity Information Exchange Approaches

NetSec Shams Rashidy

Open Identity Trust Framework
• OpenID: This is an open standard that allows users to
be authenticated by cer- tain cooperating sites
• OIDF: The OpenID Foundation is an international
nonprofit organization of individuals and companies
committed to enabling, promoting, and protecting OpenID
technologies.
• ICF: The Information Card Foundation is a nonprofit
community of companies and individuals working together
to evolve the Information Card ecosystem.
• OITF: The Open Identity Trust Framework
• OIX: The Open Identity Exchange Corporation is an
independent, neutral, international provider of certification
trust frameworks conforming to the Open Identity Trust
Frameworks model.
• AXN: An Attribute Exchange Network (AXN)
NetSec Shams Rashidy
Case Study: RBAC System for a
Bank

NetSec Shams Rashidy

Example of Access Control Administration

NetSec Shams Rashidy

 Question?

NetSec Shams Rashidy