UNIT 2

ACCESS CONTROL
ACCESS CONTROL
Authorization
• Important aspect of information security in controlling how resources are accessed
so that they can be protected from unauthorized modifications or disclosure.
• By authentication individual must prove to the system that he is who he claims to
be. Now the system must establish whether the user is authorized to access a
particular resource.

Access criteria
• Can be enforced by roles, groups, location , time and transaction types.

Access control models

• Framework that dictates how subjects access object.
• Discretionary Access Control (DAC)
• Mandatory Access Control (MAC)
• Role based Access Control(RBAC)

Access control Techniques

• Access control matrix
• Content based access
• Access control list Block sites based on specific words
• Capability Table • Context based access
• Rule based access Block a sequence of packets based on
some context
• Restricted interface
Database views
ACCESS CONTROL MODELS
MANDATORY ACCESS CONTROL(MAC)
•Access to resource is predefined through administrative
procedures.
•No resource ownership concept. System entities have no control
over access of information.
•MAC policies falls under Lattice based access control system.
•MAC models are based on
•Bell-LaPadulla model
•Biba model
•Chinese Wall Policy(CWP)
Bell- LaPadulla Model
Bell- LaPadulla Model

•It is a State machine model.

•Model enforces the “Confidentiality “ of CIA.
•First mathematical model of multi level policy used to define the
concept of secure state and modes of access.
•Access operations are read, write, read/write.
•It uses lattice of security levels and users are having different
clearances to use the system.
•Security Levels - “Top secret, secret, Confidential, Unclassified”

Rules

•Simple security rule (“no read up “ rule)

•Subject at given security level can't read data at higher level.
•* Property Rule (“ no write down” rule)
•Subject at given security level can't write data to lower level.
•Strong star property rule.
•Subject that has read/write capability can only perform those
functions at same level.
Biba Model
Biba Model

• It is a mathematical model uses the concept state

machines.
• Model enforces the “Integrity “ of CIA.
• It uses lattice of integrity levels .
• It is a total inverse of Bell-LaPadulla model

Rules …

• Simple integrity axiom (“ no read down” rule)

• Subject can’t read data from a lower integrity level.
• *-integrity axiom (“no write up “ rule)
• Subject can’t write data to an object at a higher integrity
level.
• Invocation property.
• A subject can’t request service of higher integrity.
DISCRETIONARY ACCESS CONTROL(DAC)
•Owner centric model in which each resource is assigned
ownership by one or more entities.
•The owner has complete discretion over who else can
access the resource and in what mode.
•Adv.
•Simplicity, flexibility and ease of implementation
•Disadv.
•It does not provide any formal assurance concerning the
flow of information.
•DAC policies are implemented using Access matrix, Access
control list and Capability table.
ROLE BASED ACCESS CONTROL(RBAC)

Access matrix model provides a fine grain level of control to access ,

but costly to manage.

Complexity increases when resources are removed or added to the

system and users joining, leaving or changing their roles in
organization.
RBAC model is emerged as an alternative to discretionary and
mandatory access policies.

It is a paradigm that closely mimics the real world processes.

Regulative access to resources, systems and business processes

based on the role of the subject.
Basic RBAC

Basic concepts

• Permissions- are assigned to roles in many to one relationship.

• Users are assigned roles in many to one relationships.
• Role – can be virtual where no directly assigned users.
• Operations- Functional interface for accessing the resource.

User Role Permissions Operations

Permissions Role
ACCESS CONTROL TECHNIQUES
ACCESS MATRIX MODEL

❑ It is a 2D matrix modeling the protection state.

❑ It has a row for every subject and a column for
every object.
❑ Entire row ‘S’ is the ‘Capability’ of subject ‘S’.
❑ Column corresponding----to object ‘O’ is the
‘Access control list’ for that object.
❑ The snapshot of the matrix at any point of time
represents a protection state.
❑ Since the number of resources are too many in a
computing system , it may yield sparse matrix.
 ACCESS MATRIX MODEL

OBJECTS

File 1 File 2 File 3 File 4 Subject Subject Subject

1 2 3

S Subject Read/ Execute ---- Read ---- ---- ----

U 1 Write
B
Subject ---- ---- Read/ ---- ---- ---- ----
J
2 Write/
E Execute
C
T Subject Append ---- Execute Read/ ---- ---- ----
S 3 Write
ACCESS CONTROL LIST - ACL
 It is a resource perspective view of Access
Control matrix.
 ACL corresponds to a column of Access
matrix.
 Advantage
 Easy to revoke or update an access.
 Disadvantage
 Detectingan account or enumerating the list of
resources requires traversal.
ACCESS CONTROL LIST - ACL
File 1 File 2 File 3 File 4

Subject 1 Subject 1 Subject 2 Subject 1

Read /Write Execute R /W / Exe Read

Subject 3 Subject 3 Subject 3

Append Execute Read /Write
CAPABILITY LIST
 It is a subject view of Access matrix.
 Corresponds to the rows of Access matrix.
 It enumerates the list of resources accessible
to the object.
 Advantage
 Ease of determining all the resources accessible to
a particular user.
 Disadvantage
 To determine all subjects that have access to a
particular resource , remove a resource requires
traversal.
CAPABILITIES

File 1 File 2 File 4

Subject 1
Read/ Write Execute Read

Subject 2 File 3
Read/ Write

File 1 File 3 File 4

Subject 3
Append Execute Read / Write
TAKE GRANT PROTECTION MODEL
Introduction

•This model is based on two key access rights-take and grant.

•Model assumes that the entities transfers the access right and such transfers are
known as sharing or conspiring.

Definition

•In this model , the system is represented by a finite labeled directed graph whose
nodes corresponds to the entities of the protection system.

Active entity(subject)
α
e Either subject or object
s

Passive entity(Object)
A directed edge from s to e represents
‘s’ has access to ‘e’ with weight ‘α’
TAKE GRANT PROTECTION MODEL
‘Take’ (t) and ‘Grant’ (g) are two special rights for take-grant model .
Subject ‘s’ that has ‘Take’ right to Subject ‘s’ has ‘Grant’ right to
entity ‘e’ tells that ‘s’ can assume entity ‘e’ , can transfer any right
any right that ‘e’ has on other it has for other entity to ‘e’
objects.

γ
g
t

‘Take’ right results in propagating rights forward , while the

‘Grant’ right disseminates rights backward with respect to the
initiating subject.
TAKE GRANT PROTECTION MODEL - RULES
Rule 1- x ‘Takes’ (α to z ) from y Rule 3- x ‘Creates ’ (α to new node) y

α
α
γ β α⊆ β

x x C x y
y z

Rule 2- x ‘Grants ’ (α to z ) to y Rule 4- x ‘Removes’ α to y

α
β β-α
γ β

y x y y
x z x

g α⊆ β
R
Drawback of DAC

1. Information flow is not controlled (BLP/Biba)

A -> Read-> B -> Copy-> C

2. Trojan horses
DAC authorizes only owner