Download S - FSU Computer Science Department

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
Document related concepts

Spring (operating system) wikipedia , lookup

DNIX wikipedia , lookup

Burroughs MCP wikipedia , lookup

OS 2200 wikipedia , lookup

VS/9 wikipedia , lookup

Security-focused operating system wikipedia , lookup

Unix security wikipedia , lookup

Transcript 
Computer Security
Access Control
5/23/2017
1
The Orange Book
First published in 1983, the Department of Defense Trusted
Computer System Evaluation Criteria, known as the Orange
Book is the de facto standard for computer security today.
The Orange Book, and others in the Rainbow Series, are still
the benchmark for systems produced almost two decades
later, and Orange Book classifications such as C2 provide a
shorthand for the base level security features of modern
operating systems.
5/23/2017
2
Access Control
Terminology
• subject, object, reference monitor
• access request
Subject
5/23/2017
Access
request
Reference
monitor
Object
3
Access Control
Terminology
• Authentication of statement s:
. . answers the question: “who said s ? ”
• Authorization of object o:
..
answers the question: “who is trusted to access o ?”
Subject s
5/23/2017
Access
request
Reference
monitor
Object o
4
Access Control
We can specify
• What a subject is allowed to do
• Way may be done with an object
5/23/2017
5
Access Control
Who is a subject?
• A principal, a user identity
• We might say that a subject `speaks for’ a
principal
5/23/2017
6
Access Operations
• Access modes
– Observe  look at the contents of an object
– Alter  change the contents of an object
5/23/2017
7
Access Operations
• Access rights & attributes
–
Bell-LaPadula security model
Access rights execute
append
observe
alter
5/23/2017
x
read
write
x
x
x
8
Access Operations
• Unix
file
read
write
execute
directory
read from a file
list directory contents
write to a file
create or rename a file in a directory
execute a (program) file search the directory
Access rights specific to a file are changed by my
modifying the file’s entry in its directory
5/23/2017
9
Access Operations
• Windows NT
Permissions of Windows New Technology File System (NTFS)
–
–
–
–
–
–
read
write
execute
delete
change permission
change ownership
5/23/2017
10
Ownership
• The owner of a resource decrees who is
allowed to access it.
• A system wide policy decrees who has access.
5/23/2017
11
Access Control Structures
Now we must state which access operations are
permitted.
We do this by studying their structures.
Let
• S be a set of subjects,
• O a set of objects,
• A a set of access operations
5/23/2017
12
Access Control Matrix
Access rights are determined by a matrix
M = (Mso)seS,oeO with Mso
A
The Bell-LaPadula model employs access contol
matrices to model discretionary access policies of
the Orange Book.
5/23/2017
13
Access Control Matrix
An example
bill.doc
Alice
Bob
5/23/2017
--{read,write}
edit.exe
fun.com
{execute}
{execute, read}
{execute}
{execute,read,write}
14
Access Control Matrix
Access rights can be kept with the
• subjects or the
• objects.
5/23/2017
15
Access Control Matrix
Capabilities
If the access rights are kept with the subjects then
these are the subject’s access rights.
Every subject is given a capability.
Alice’s capability: edit.exe: execute; fun.com: execute, read
Bob’s capability: bill.doc: read, write; edit.exe: execute;
fun.com: execute, read, write
5/23/2017
16
Access Control Matrix
Access control lists (ACL)
An ACL stores the access rights to an object with
the object itself.
ACLs are a typical feature of secure operating
systems of the Orange Book class C2
ACL for bill.doc: Bob: read write
ACL for edit.exe: Alice: execute; Bill: execute
ACL for fun.com: Alice: execute, read; Bill: execute, read, write
5/23/2017
17
Access Control Matrix
Access control lists (ACL)
Management of access rights can be cumbersome.
Therefore users are placed in groups, and derive
access from a user’s group.
5/23/2017
18
Intermediate control
Managing a security policy defined by an
Access Control Matrix is a complex task in large systems.
There are several means of simplifying this task.
5/23/2017
19
Group permissions
subjects
s1
s2
groups
o1
objects
5/23/2017
s3
s4
g1
o2
s5
g2
o3
o4
o5
o6
20
Group and negative permissions
subjects
groups
s1
s2
x
o1
objects
5/23/2017
s3
x
g1
o2
s4
o3
s5
g2
o4
o5
o6
21
Privileges
subjects
s1
s2
privileges
op1
s3
s4
pr1
op2
s5
pr2
op3
op4
op5
op6
operations
5/23/2017
22
Role Based Access Control
Privileges come predefined with the OS
• Roles: a collection of procedures
– roles are assigned to users; a user can have many roles
• Procedures: high-level access control methods.
Can only be applied to objects of certain data types.
• Datatypes: each object has a certain datatype and
can only be accessed throuhg procedures defined
for this datatype.
5/23/2017
23
Protection rings
0
1
2
3
operating system kernel
operating system
utilities
user processors
Each application is assigned a number 0,1,2,3…
depending on its importance.
5/23/2017
24
Protection rings
3
5/23/2017
2 1
0
0 operating system kernel
1
operating system
2
utilities
3
user processors
25
Protection rings
Protection rings are mainly used for integrity protection
An example is the QNX Neutrino microkernel OS *
• The Neutrino microkernel runs in ring 0
• The Neutrino process runs in ring 1
• All other programs run in ring 3
* A microkernel OS is structured as a tiny kernel that provides the minimal services
used by a team of optional cooperating processes, which in turn provide the higher
level OS functionality.
5/23/2017
26
Protection rings
Unix employs a similar protection but uses only two
levels
5/23/2017
27
The lattice OS Security levels
The Mandatory Access Control (MAC) policies and the
multi-level security policies of the Orange Book refer
to security levels.
top secret
secret
confidential
unclassified
This a linearly ordered set, a special case of a lattice.
5/23/2017
28
A lattice
{a,b,c}
{a,b}
{a,c}
{a}
{b}
{b,c}
{c}

5/23/2017
29
A lattice
A lattice (L,  ) is a set with a partial ordering "  "
such that:
For each pair of elements a,b of L there is a lub u in
L and a glb v in L.
5/23/2017
30
An example
• Let H be a set of classifications with hierarchical ordering  .
• Take a set of categories C, e.g. project names, company
divisions, etc
• A compartment H is a set of categories, i.e. a subset of C.
• A security label (level) is a pair (h,c), where h in H is
the security level and c in C is a compartment.
5/23/2017
31
An example
• The partial ordering is defined by:
(h1,c1)  (h2,c2) if and only if h1  h2 and c1  c2
5/23/2017
32
The VSTa operating system
• VSTa (Valencia's Simple Tasker) is an operating system
with microkernel architecture.
• Abilities are defined as finite strings of positive integers
separated by a dot, e.g.: .10.0.0.5
• Abilities are ordered using a partial ordering:
.3  .3.31  .3.1.100 but (⌐ .3.1 ≤ 3.2)
• Access is granted if the ability of a subject is a prefix of the
object’s ability.
• The ability “.” defines a superuser.
5/23/2017
33
Related documents
Instructor Rubric for Presentations
Instructor Rubric for Presentations
WWW Lab1
WWW Lab1
Sustainable Consumption & Production
Sustainable Consumption & Production
Document
Document
Tapeworm Diseases - AAP Red Book
Tapeworm Diseases - AAP Red Book
Document
Document
Math 130
Math 130
Slide 1
Slide 1
Marketing Essentials: Intro to Marketing
Marketing Essentials: Intro to Marketing
CFP - IEEE SMC 2017
CFP - IEEE SMC 2017
CA-NLH-002 NLH 2016 Capital Budget Application Page 1 of 1
CA-NLH-002 NLH 2016 Capital Budget Application Page 1 of 1
Summer 2016 Dimensions Fellowships Application Deadline: January 15, 2016 on:
Summer 2016 Dimensions Fellowships Application Deadline: January 15, 2016 on: