Access Control
Allen Firestone
11/30/2011
Operating Systems
Introduction
Access Control is a series of instructions designed to build security in a system through data management and role assignment. To put it simply, Access Control allows access to be given to certain individuals or, in the case of computers, even processes in order to allow them to complete tasks within their domain of function. Access Control appears in more than just computers, it is involved in nearly everything in everyday life. From the dorms we live in to the banks we visit. In dorms it is the scan cards and readers at entrance. In banks it is the combination or timer associated with the vault door. However for this paper, we will be focusing purely on computer related Access Control methods.
To better understand Access Control it will help us to understand where the idea of Access Control came from and how it developed through history, focusing on the early beginnings of one of the inaugural algorithms. Once we know where and how Access Control was developed, we can then look at Authorization and how its’ sub-sections (Privileges, Objects, Authentication, and Subjects) all work together. After a decent understanding of these topics is made, we can then look at different Access Control techniques, Specifically: Discretionary Access Control, Mandatory Access Control, Attribute-Based Access Control, and finally Role-Based Access Control.
ACCESS CONTROL, A HISTORY
Throughout history, innovations in technology have either come from a necessity, or from a desire to make luxuries more accessible to the population. Access Control was most certainly developed out of a need by the Government to be able to better secure itself against enemies both foreign and domestic, as well as to develop better offensive capabilities through better organization and information control. In the 1970’s, as computers were being more and more utilized by the military, a concern that these multi-user systems would be insecure and lead to poor defenses against espionage and the like. Preliminary work commenced with the work of Lampson, who developed the Access Matrix. The Access Matrix defined the basic concepts regarding objects and subjects. Later on, the Bell-LaPadula model emerged. This model implimented the idea that specific users are only allowed access to data at their classification level, and transferred that idea into mathematical terms that computers could use to perform basic Database Access Control6.
The Essay on Computers general History
In this report, youll about the components and history regarding the computer. A computer is a devise that processes, organize, and calculate, displays information. It can communicate with other computers all over the world. The most powerful computer can perform 10s of billion of calculations per second. People use computers for business, track inventories, and use bar codes, personal home use ...
The Bell-LaPadula model had two primary specifications. First the “Reading down” specification6, stated that a subject could only read objects with a lower security level than its own, thus preventing a subject from gaining higher levels of access than it is supposed to. The second specification was the “Writing Up” or *- specification, meaning that a subject could only change data above its access level, thus keeping the subject from passing higher access level data to lower levels that might not have access to that data6.
During the 1980’s a Department of Defense, publication titled Trusted Computer System Evaluation Criteria was published and defined two quite significant Access Control models. The First being Discretionary Access Control and the second being Mandatory Access Control. Also in the 1980’s a more business friendly version of the Bell-LaPadula model was developed by Clark and Wilson8. The main benefit of the Clark-Wilson model was that it limited users to only modifying information in certain ways defined prior to execution, as well as a separation of duty which monitored changes to critical data and kept it consistent throughout the Database8.
In the 1990’s a revolutionary idea of Role-Based Access Control emerged with the goal of simplifying authorization in the business world. Role-Based Access Control came about in the same manner that the Clark-Wilson model did, designed to be used more in the business sector than the military sector. Role-Based Access Control is in a nutshell, rather straight forward in its explanation of functionality. The key to a system using Role-Based Access Control is Roles2. Roles are simply a list of accesses to objects that vary based on a users specific role within a business. This would be most easily explained in that a CEO will obviously have more access to data and objects than a single programmer or manager would. Following Role-Based Access Control were models like the Chinese Wall and Brewer-Nash models9. The Chinese wall model secluded users with a specific set of allowed actions and a “wall” to block the user from data outside their walled area. The Brewer-Nash model brought forward the idea of dynamically allocated access permissions.
The Essay on Nazi Control Was Based More on Propaganda and Terror
It is to a significant degree that this statement is true, as Nazi control was predominately based on propaganda and terror in the period to 1939, however Nazi social policies also played a major role in gaining Nazi support. A series of popular social policies were introduced throughout the 1930s such as the Strength Through Joy programs, the notion of Volksgemeinschaft, and various organizations ...
In the mid nineties, Nyanchama and Osborn thought up a new role organization procedure, splitting roles into three primary role relationships: shared, augmented, and partial9. In 1996, Sandhu-Ferraiolo further broke the Role-Based Access Control model down into four Sub-sections based on functionality. These were, Core RBAC, Hierarchical RBAC, Constraint RBAC, and Consolidated RBAC4. The first three sub-models each defined a specific function of the larger RBAC model with the fourth sub-model being a conglomeration of the previous three sub-models.
Today, Role-Based Access Control has become the dominant model used in both military and civilian database systems. This appears to come from its increased degree of flexibility as to how roles are described and allocated between different security levels.
AUTHORIZATION
What is authorization in regards to Access Control? It is what allows the whole system to work. It is the key to vault or your PIN number or even your scan card to get you into dinner each night! In order to have a working access control scheme, authorization is REQUIRED. If you didn’t have authorization, access control would not work, all data would be available to all users and and at the same time none of the data would be available to any user. Thus being physically impossible. Now that we know its important, lets dive a little deeper into it!
The Term Paper on Access Control Proposal 2
... By contrast, discretionary access control (DAC), which also governs the ability of subjects to access objects, allows users the ability to ... set of security attributes. Whenever a subject attempts to access an object, an authorization rule enforced by the operating system ... authorization rules (aka policy) to determine if the operation is allowed. A database management system, in its access control ...
Authorization is broken down into four sub-sections, Authentication, Subjects, Objects, and Privileges1. Authentication means answering the question, “Is this user really the user they say they are?” The first method of authentication is nearly as old as time itself, it is called Secret Knowledge1. Secret Knowledge is exactly that, a password or key that is unique to a user allowing them to access the appropriate locations. The second method is Biometrics1. Biometrics is an entirely automated method of verifying that a person is precisely who they say they are, whether that be by finger-print scan, retinal scan, DNA or whatever else signifies you are you and not me. Furnell describes the six best characteristics that determine if a biometric authenticator is good or not so good1. Number one, Uniqueness; Can the biometric differentiate between two people1? Number two, Universal; Can this biometric be used en mass1? Number three, Permanent; Does your biometric change over time or not1? Number four, Collectable; Does the scan work the first time every time1? Number five, Acceptable; Is this biometric within the social and ethical norms of the time and place the biometric is being used1? Finally number six, Unforgetability; Can this biometric be copied from person to person?1 The easiest way to describe how authentication works is that when someone is trying to gain access to an object they must supply a sample of a biometric. This sample is then compared against a control biometric for that persons assumed identity. If the sample and the control match then the person is given access, if not, they are locked out.
After authentication comes subjects. What is a subject? No it is not Spanish two in high school, a subject is a specific user, a group of users, a role or even a process working on behalf of one of the prior mentioned subjects1. Note that not all access control schemes will allow all of these subject types to access objects, vice versa, some access control systems allow all these subject types to access objects, provided they supply proper authentication.
Next is objects, authorization objects are the pieces of information that your access control system is protecting1. They considered to be the passive entity within authorization. Similarly to subjects, objects can be placed in hierarchies to deal with propagation of authorization after a user or process has access to the object or any sub-objects that this specific object has access to.
The Essay on Enable Windows Active Directory And User Access Controls
This lab provides students with the hands-on skills needed to create a new Active Directory domain in Windows Server 2003 and demonstrates how to configure a centralized authentication and policy definition for access controls. The Active Directory users and workstation plug-ins will be used to create users, groups, and configure role-based access permissions and controls on objects and folders in ...
Finally there is authorization privileges, often referred to as access modes1. Access modes lay the ground rules for what a subject can do with the objects that it accesses. Ferrari states some privileges that can be assigned. When working with a database privileges like insert, select, update, and delete can be assigned7. When dealing with and operating system, things like: read, write, and execute can be used. Ferrari states, “a hierarchical organization of privileges is possible, which usually represents a subsumption relation among privileges. Privileges toward the bottom of the hierarchy are subsumed by privileges towards the top.”7
To wrap authorization back up into a nice bow, authorization consists of four essential parts, authentication, subject, objects, and privileges. These parts work together to make sure that you are who you really say you are, remind you of what you can and can’t do, remind you of what you can and can’t access and what you can do with the information that you are allowed to access.
ACCESS CONTROL MODELS
Since we have discussed the history of how modern access control models have come about, as well as looking at what authorization means for access control, we can now take a look at some specific access control models that are used today. We will take a look at Discretionary Access Control, Mandatory Access Control, Attribute-Based Access Control and finally Role-Based Access Control.
One of the earlier models for access control was the Discretionary Access Control(DAC) model. This model relies heavily upon the user to set its permissions regarding file creation and sharing1. When a file is created, the user is able to apply certain permissions to that file. Permissions that are generally applied tend to define what other users might have access to said file. Since the user defines all the permissions, there is not central point of control divvying out permissions1. Discretionary Access Control is corner stoned by two relatively simple ideas. Firstly, the ownership of information1, and secondly, how rights are delegated. Essentially, ownership of information simply means whoever creates a file has the permissions to divvy out access to other users while also determining what others can do with that information. Rights delegation means that users that have gained access to a file then may give access to other users in the same fashion that the file creator did1.
The Essay on Role Models
Who are the Role Models of Today? Who are the role models of today? It seems as though the culture of today has the tendency to mistake who a role model is rather then what a role model should be. How, then, is a role model defined? A role model is a person in our lives that give us inspiration, hope and keep our spirits up. Roles models help us in our difficult times that we may have, by giving ...
In Discretionary Access Control systems, all these specified rights that the users have been creating get stored in what is called an Access Control Matrix1(ACM).
The big hangup with these ACM’s is that they take so much space in memory even when most of the matrix might actually be empty. An alternative option for storing rights would be to use an Access Control List(ACL)9. These lists can come in two varieties, the first being a list that assigns a group of objects to each subject, and the second being the opposite, where a group of subjects are assigned to an object. It all depends on which List method you prefer, whether it be subject-centric or object-centric9. Discretionary Access Control systems have a couple significant issues that should be mentioned. The primary one being Enforcement of Security Policy, meaning, making sure that files only go to the correct users is up to the users and not the company or enterprise that the users work for. Cascading Authorization is another large issue, meaning that users, after having access suspended, can still access those files. Finally, No Information Flow creates problems in a DAC system when a user instead of assigning access to a file, copies it and creates entirely new rights for a “new” file.
Next up on our tour of different Access Control models is the Mandatory Access Control model. This model has been primarily embraced by the military for its unique quality in that, in order to access data a user must have the proper level of security clearance1. In a Mandatory Access Control model, there is not a resource-owner driven ownership concept. Rather, there is no individual ownership of specific data1. At it’s core, the Mandatory Access Control model a subject can read or write to an object so long as its in the proper clearance level that the subject has access to. Something that really benefits a Mandatory Access Control based system is that it has the ability to stop Trojan horse attacks by setting limits on the whole of a program1.
The Essay on Unit 3 Assignment 1: Remote Access Control Policy Definition
... Access Control model. Constrained User Interface incorporates similar concepts of two other access control models that have been detailed, Role Base and Rule Base. Constrained User Interface is defined as a user’s ... ability to get into certain resources based on the user’s ...
In an Attribute-Based Access Control model, authorizations are deciphered from the interactions between subjects and object attributes. Furnell states that “Subject and object descriptors are similar to groups; however, the assignment of individuals to these groups is not done explicitly but implicitly based on the attribute values.”1 When it all boils down, attributes control everything from the interaction of subjects and objects to the assignment of privileges.
The last model we will be taking a look at is a Role-Based Access Control model. This model Like DAC, Role-Based Access Control is based around two specific security principles. The first is Separation of Duty, essentially, tasks that require more than one user are assigned to multiple users or role, and not loaded on just one user7. The second, Least Privilege, meaning that a user is limited to a set of roles depending on the task at hand. Each role is then defined in such a way that it grants access to only the privileges it requires to perform the tasks deemed necessary by the role7. Essentially the Goldie locks solution, not too much access and not too little access, just the right amount to get done what it has been asked to accomplish.
Roles are the main unit that allow authorization to be handled within a Role-Based Access Control scheme. Many users can be assigned to a single role, and the opposite is true too, many roles may be given to a single user2. Permissions work in the same way users do in relation to roles. However, in the event that only one permission is used for one role and vice versa, a Role-Based Access Control scheme is as ineffective space-wise as a ACM2. As in most dynamic systems used throughout the world, modification of size scope or function is often required. Adding roles and privileges in a Role-Based Access Control model is simplified by using administrative privileges. These privileges are given through a hierarchy system4. Using this method allows administration to grant access more quickly and help facilitate work flow both on the computing and the personnel level2.
Conclusion
In conclusion, access control in its most basic explanation is the process of sorting out a system to keep information in the right hands and out of the wrong ones, making sure that those who have access to the right information do only as they are asked with that information, as well as keeping those who don’t have access from inadvertently changing data that they can not access. Looking at the history of access control, It was developed out of a need for security. After many iterations, it was determined that the model that best performs this is the Role-Based Access control system. However, in the future who knows what we’ll think up that may be able to perform the task of access control with more efficiency!
Authorization is one of the biggest lynch pins in the entire idea of access control. To perform it’s assigned task, Authorization breaks itself down into four different tasks. First, authentication, determining if a person is who they say they are. Second, subjects, making sure those who have access have the right access rights. Third, Objects, categorizing all the pieces of information in the system. And finally, Privileges, giving out all the correct roles and rights to the correct subjects and objects.
Ultimately, we took a look at different access control models and their finer points. They were, Discretionary Access Control, Mandatory Access Control, Attribute-Based Access Control, and finally Role-Based Access Control. Each model listed serves the same purpose but through a slightly different method to facilitate specific needs of the end user.
CITED SOURCES
1 Furnell, Steven. Securing Information and Communications Systems: Principles, Technologies, and Applications. Boston: Artech House, 2008. Print.
2 Benantar, Messaoud. Access control systems: security, identity management and trust models. Springer, 2006. Print.
4 NIST Assessment of Access Control Systems , Interagency Report 7316
6 Landwehr,C.E, Formal Models of Computer Security, ACM Computing Surveys, Sept. 1981
7 Ferrari, Elena. Access Control and Privacy in Data Management Systems. 2010. Print.
8 Clark, Wilson. A Comparison of Commercial and Military Computer Security Policies. 1987. Print.
9 Ferraiolo, David, D. Richard. Kuhn, and Ramaswamy Chandramouli. Role-based Access Control. Boston: Artech House, 2007. Print..
OUTLINE
History of Access Control
History of Access Control
Inception of RBAC
Authorization
Authentication
Subjects
Objects
Privileges
Access Control Techniques
DAC (Discretionary Access Control)
MAC (Mandatory Access Control)
ABAC (Attribute-Based Access Control)
RBAC (Role-Based Access Control)
