Distributed Computer Security - PowerPoint PPT Presentation

1 / 26
About This Presentation
Title:

Distributed Computer Security

Description:

Distributed Computer Security 8.2 Discretionary Access Control Models - Liang Zhao Outline Security Policies Discretionary Access Control Model Access Control Matrix ... – PowerPoint PPT presentation

Number of Views:49
Avg rating:3.0/5.0
Slides: 27
Provided by: Shuman
Learn more at: http://www.cs.gsu.edu
Category:

less

Transcript and Presenter's Notes

Title: Distributed Computer Security


1
Distributed Computer Security
  • 8.2 Discretionary Access Control Models
  • - Liang Zhao

2
Outline
  • Security Policies
  • Discretionary Access Control Model
  • Access Control Matrix (ACM)
  • Distributed Compartments
  • ACM Implementation
  • ACL vs CL
  • References

3
Security Policy
  • There are two kinds of security policies
  • Simple security policies
  • Access control matrix (ACM) models are widely
    used to enforce the simple security policies.
  • Complex Security policies
  • Security requirements how and when the accesses
    are performed( special constraints are involved).
  • Relevant to the distributed systems.

4
Discretionary Access Control
  • Discretionary security models provide access
    control on an individual basis.
  • Access control is based on
  • Users identity and
  • Access control rules
  • Most common administration owner based
  • Users can protect what they own
  • Owner may grant access to others
  • Owner may define the type of access given to
    others

5
Access Control
  • An access control is a function that given a
    subject and object pair i.e. (s,o) and a
    requested operation r , from s to o , returns a
    true value if requested is permitted.
  • R P ( s , o )
  • P access matrix
  • R set of allowable operations.( r is a
    particular operation
    belonging to set R ).
  • s subject
  • o object

6
Access Control matrix
  • Access Control Matrix model is perhaps the most
    fundamental and widely used discretionary access
    control model for enforcing simple security
    policies.
  • Resource and process protection can use separate
    access control matrices.

7
Resource ACM
  • In a resource ACM subjects are users and objects
    are the files to be accessed.
  • Access Rights - read, write, execute,
    append.
  • Special privileges may be like owner privilege.

8
Process ACM
  • In process ACM the subjects and objects are both
    processes.
  • Operations are basically related to communication
    and synchronization

9
Domain ACM
  • Set of objects with same access rights

10
Access Control Matrix
  • Reducing the Size of Access Control Matrix
  • Subject rows in the ACM that have identical
    entries i.e subjects that have similar access
    rights on common objects , could be merged into
    groups.
  • If a user belongs to more than one group, its
    access rights is the union of all access rights
    of all the groups it belongs to.
  • Similarly Object columns with same entries could
    be merged into categories

Randy, 97
11
A Distributed Compartment Model
Randy, 97
12
Advantages of Distributed compartment model
  • The grouping of subjects and objects is logical
    and application specific.
  • The accesses are more transparent since they do
    not depend on the operating systems and
    administrative units.
  • Since the application manages the distributed
    handles, it allows different security policies to
    be implemented

Randy, 97
13
ACM implementations
  • For efficiency and organizational purposes ,
    access control matrices need to be partitioned
  • The Linked list structure that contains all
    entries in a column for a particular object is
    called a Access control List (ACL) for the object
    - specifies the permissible rights that various
    subjects have on the object
  • Likewise all entries in a row for a subject is
    called a Capability List (CL) for the subject -
    CL specifies privileges to various objects held
    by a subject like movie tickets

14
Comparison of ACL CL
  • Comparison in terms of management functions
  • Authentication
  • Reviewing of Access Rights
  • Propagation of Access Rights
  • Revocation of Access Rights
  • Conversion between ACL and CL

Randy, 97
15
Authentication
  • ACL Authenticates subjects, which is performed by
    the system
  • While in CL, authentication is performed on
    capabilities of objects , by the object server.
  • Objects have knowledge of the capabilities ,but
    do not know the users or processors. This is one
    of the reasons why many Distributed
    implementations favour the CL approach

16
Review of Access rights
  • To know which subjects are authorized to use a
    certain objects.
  • Easier to review ACL, because ACL contains
    exactly this information. For storage efficiency
    subject grouping, wildcards ,prohibitive rights
    could also be used.
  • It is difficult to review for a CL unless some
    type of activity log is kept for all subjects
    that are given the capability

17
Propagation Of Access Rights
  • Access rights must be replicatable to facilitate
    sharing.
  • Propagation is Duplication of some or all the
    privileges from one subject to the others.
  • Propagation is not transfer of rights, it is only
    duplication.
  • In ACL, propagation of rights is explicitly
    initiated by a request to the object server,
    which modifies or adds an entry to its ACL.

Randy, 97
18
Propagation Of Access Rights
  • Propagation of rights must adhere to the
    principle of least principles.
  • i.e. Only the minimum privileges required to
    perform the tasks are given when propagating the
    rights
  • In CL, theoretically it is propagate rights
    between subjects without intervention of object
    server.
  • This could result in an uncontrollable system and
    hence is avoided.

19
Revocation Of Access Rights
  • Revocation is trivial in ACL because it is easy
    to delete subject entries from the ACL.
  • It is difficult for CLs to revoke access
    selectively.

20
Conversion Between ACL CL
  • Interactions among processes involving different
    Access control models would require gateways for
    conversions.
  • Conversion to ACL is straightforward.
  • Consider example of processes in a CL requiring
    to access remote objects in ACL
  • Gateway Authenticates the process identifier.
  • It Then verifies the operation in the capability
    list.
  • The request is then converted to ACL and is
    presented to the remote host

Source Randy, 97
21
Conversion Between ACL CL
  • Converting a ACL request to CL is slightly more
    complex
  • Requires a database with resource capabilities
    for the interacting processes
  • Gateway validates the ACL request
  • obtains the resource capability from the database
    server
  • Capability is then presented to capability based
    object server.
  • A system utilizing both ACL and CL suffers the
    drawback of both approaches
  • Furthermore the conversions causes additional
    security hazards

22
My current research
  • Distributed Computing in Smart Grid

23
Distributed Computing in SG
24
Distributed Computing in SG
25
References
  • 1 Randy Chow Theodore Johnson,
    1997,Distributed Operating Systems
    Algorithms, (Addison-Wesley), p. 271 to 278
  • 2 Samarati, P. Bertino, E. Ciampichetti, A.
    Jajodia, S. Information flow control in
    object-oriented systems. Knowledge and Data
    Engineering, IEEE Transactions on Volume 9, 
    Issue 4,  July-Aug. 1997 Page(s)524 - 538
  • 3 Izaki, K. Tanaka, K. Takizawa, M. Access
    control model in object-oriented systems
    Parallel and Distributed Systems Workshops,
    Seventh International Conference on, 2000 4-7
    July 2000 Page(s)69 - 74
  • 4 Lin, Tsau Young (T. Y.) Managing
    Information Flows on Discretionary Access Control
    Models Systems, Man and Cybernetics, 2006. ICSMC
    '06. IEEE International Conference onVolume 6, 
    8-11 Oct. 2006 Page(s)4759 - 4762
  • 5 Solworth, J.A. Sloan, R.H. A layered
    design of discretionary access controls with
    decidable safety properties Security and
    Privacy, 2004. Proceedings. 2004 IEEE Symposium
    on 9-12 May 2004 Page(s)56 - 67

26
QUESTIONS ?
  • Thank you!
Write a Comment
User Comments (0)
About PowerShow.com