Csce824-ac - Access Control Security Controls Access Control Inference Control Flow control CSCE 824 Farkas 2 Access Control Example Access Control

Info iconThis preview shows pages 1–15. Sign up to view the full content.

View Full Document Right Arrow Icon
Access Control
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Security Controls Access Control Inference Control Flow control CSCE 824 - Farkas 2
Background image of page 2
CSCE 824 - Farkas 3 Access Control Example Access Control Policy for son Edward Allowed access: House Disallowed access: Automobile
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 824 - Farkas 4 Access Control Example Access Control Policy for son Edward Allowed access: House Disallowed access: Automobile
Background image of page 4
CSCE 824 - Farkas 5 Access Control Example Access Control policy Allowed access: House: Disallowed access: Automobile Problem! Unauthorized access
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 824 - Farkas 6 Access Control Example Access Control Policy for son Edward Allowed access: House Kitchen Disallowed access: Automobile Car key
Background image of page 6
CSCE 824 - Farkas 7 Access Control Example Correct Access Control Policy for son Edward Allowed access: House Kitchen Disallowed access: Automobile Car key
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 824 - Farkas 8 Access Control Protection objects : system resources for which protection is desirable Memory, file, directory, hardware resource, software resources, etc. Subjects : active entities requesting accesses to resources User, owner, program, etc. Access mode : type of access Read, write, execute
Background image of page 8
CSCE 824 - Farkas 9 Access Control Requirement Cannot be bypassed Enforce least-privilege and need-to-know restrictions Enforce organizational policy
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 824 - Farkas 10 Access Control Access control : ensures that all direct accesses to object are authorized Protects against accidental and malicious threats by regulating the reading, writing and execution of data and programs Need: Proper user identification and authentication Information specifying the access rights is protected form modification
Background image of page 10
CSCE 824 - Farkas 11 Access Control Access control components: Access control policy : specifies the authorized accesses of a system Access control mechanism : implements and enforces the policy Separation of components allows to: Define access requirements independently from implementation Compare different policies Implement mechanisms that can enforce a wide range of policies
Background image of page 11

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 824 - Farkas 12 Closed v.s. Open Systems Closed system Open System Access requ. Access requ. Exists Rule? Exists Rule? Access permitted Access denied Access denied Access permitted Allowed accesses Disallowed accesses yes no yes no (minimum privilege) (maximum privilege)
Background image of page 12
CSCE 824 - Farkas 13 Authorization Management Who can grant and revoke access rights? Centralized administration: security officer Decentralized administration: locally autonomous systems Hierarchical decentralization : security officer > departmental system administrator > Windows NT administrator Ownership based : owner of data may grant access to other to his/her data (possibly with grant option) Cooperative authorization : predefined groups of users or predefined number of users may access data
Background image of page 13

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 824 - Farkas 14 Access Control Models All accesses Discretionary AC Mandatory AC Role-Based AC
Background image of page 14
Image of page 15
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 12/13/2011 for the course CSCE 824 taught by Professor Staff during the Fall '11 term at South Carolina.

Page1 / 109

Csce824-ac - Access Control Security Controls Access Control Inference Control Flow control CSCE 824 Farkas 2 Access Control Example Access Control

This preview shows document pages 1 - 15. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online