distributed computer security
DESCRIPTION
Distributed Computer Security. 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy. Index. Security policies Access control Different types of ACM Distributed compartment - discom ACM implementations ACL vs CL RBAC Research 3D ACM ACM for grid networks. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Distributed Computer Security](https://reader030.vdocuments.net/reader030/viewer/2022020117/56816374550346895dd45091/html5/thumbnails/1.jpg)
Distributed Computer Security
8.2 Discretionary Access Control Models
- Sai Phalgun Tatavarthy
![Page 2: Distributed Computer Security](https://reader030.vdocuments.net/reader030/viewer/2022020117/56816374550346895dd45091/html5/thumbnails/2.jpg)
IndexSecurity policiesAccess controlDifferent types of ACMDistributed compartment - discomACM implementationsACL vs CLRBACResearch
◦3D ACM◦ACM for grid networks
![Page 3: Distributed Computer Security](https://reader030.vdocuments.net/reader030/viewer/2022020117/56816374550346895dd45091/html5/thumbnails/3.jpg)
Security policyThere are two kinds of security policies:
◦Simple security policies Access control matrix (ACM) models are widely
used to enforce the simple security policies.
◦Complex Security policies Security requirements how and when the
accesses are performed( special constraints are involved).
Relevant to the distributed systems.
![Page 4: Distributed Computer Security](https://reader030.vdocuments.net/reader030/viewer/2022020117/56816374550346895dd45091/html5/thumbnails/4.jpg)
Access ControlAn access control is a function that
given a subject and object pair i.e. (s,o) and a requested operation r , from s to o , returns a true value if requested is permitted.
R = P ( s , o )P – access matrixR – set of allowable operations.( ‘r’ is a particular
operation belonging to set ‘R’ ).s – subjecto – object
![Page 5: Distributed Computer Security](https://reader030.vdocuments.net/reader030/viewer/2022020117/56816374550346895dd45091/html5/thumbnails/5.jpg)
Access ControlThe process of access validation
is performed by a ‘reference monitor’ with an ACM for all subjects and objects
Practically it is preferable to have separate reference monitors for different categories of subjects and objects.
![Page 6: Distributed Computer Security](https://reader030.vdocuments.net/reader030/viewer/2022020117/56816374550346895dd45091/html5/thumbnails/6.jpg)
Resource ACM
In a resource ACM subjects are users and objects are the files to be accessed.
Access Rights - “read”, “write”, “execute”, “append”.
Special privileges may be like “owner” privilege.
![Page 7: Distributed Computer Security](https://reader030.vdocuments.net/reader030/viewer/2022020117/56816374550346895dd45091/html5/thumbnails/7.jpg)
Process ACM
In process ACM the subjects and objects are both processes.
Operations are basically related to communication and synchronization
![Page 8: Distributed Computer Security](https://reader030.vdocuments.net/reader030/viewer/2022020117/56816374550346895dd45091/html5/thumbnails/8.jpg)
Domain ACM
Set of objects with same access rights
![Page 9: Distributed Computer Security](https://reader030.vdocuments.net/reader030/viewer/2022020117/56816374550346895dd45091/html5/thumbnails/9.jpg)
ACMReducing the Size of Access Control
Matrix
◦ Subject rows in the ACM that have identical entries i.e. subjects that have similar access rights on common objects , could be merged into groups.
◦ If a user belongs to more than one group, his access rights is the union of all access rights of all the groups he belongs to.
◦ Similarly Object columns with same entries could be merged into ‘categories’.
![Page 10: Distributed Computer Security](https://reader030.vdocuments.net/reader030/viewer/2022020117/56816374550346895dd45091/html5/thumbnails/10.jpg)
Distributed compartment
![Page 11: Distributed Computer Security](https://reader030.vdocuments.net/reader030/viewer/2022020117/56816374550346895dd45091/html5/thumbnails/11.jpg)
Distributed compartmentA solution to management of system
resources and access control in a distributed computing environment.
The model consists of two parts
◦Distributed Handles, a means for user identification and access control
◦Distributed compartments, a method for allowing users to manage resources within a distributed system across computer systems
![Page 12: Distributed Computer Security](https://reader030.vdocuments.net/reader030/viewer/2022020117/56816374550346895dd45091/html5/thumbnails/12.jpg)
Distributed compartmentThe distributed compartment model has a
number of advantages
◦The grouping of subjects and objects is logical and application specific.
◦The accesses are more transparent since they do not depend on the operating systems and administrative units.
◦Since the application manages the distributed handles, it allows different security policies to be implemented
![Page 13: Distributed Computer Security](https://reader030.vdocuments.net/reader030/viewer/2022020117/56816374550346895dd45091/html5/thumbnails/13.jpg)
ACM implementationsFor efficiency and organizational purposes ,
access control matrices need to be partitioned
The Linked list structure that contains all entries in a column for a particular object is called a Access control List (ACL) for the object - specifies the permissible rights that various subjects have on the object
Likewise all entries in a row for a subject is called a Capability List (CL) for the subject - CL specifies privileges to various objects held by a subject – like movie tickets
![Page 14: Distributed Computer Security](https://reader030.vdocuments.net/reader030/viewer/2022020117/56816374550346895dd45091/html5/thumbnails/14.jpg)
ACL vs CL
![Page 15: Distributed Computer Security](https://reader030.vdocuments.net/reader030/viewer/2022020117/56816374550346895dd45091/html5/thumbnails/15.jpg)
Comparison of ACL & CLComparison in terms of
management functions
◦Authentication◦Reviewing of Access Rights◦Propagation of Access Rights◦Revocation of Access Rights◦Conversion between ACL and CL
![Page 16: Distributed Computer Security](https://reader030.vdocuments.net/reader030/viewer/2022020117/56816374550346895dd45091/html5/thumbnails/16.jpg)
AuthenticationACL Authenticates subjects, which is
performed by the system
While in CL, authentication is performed on capabilities of objects , by the object server.
Objects have knowledge of the capabilities ,but do not know the users or processors. This is one of the reasons why many Distributed implementations favour the CL approach
![Page 17: Distributed Computer Security](https://reader030.vdocuments.net/reader030/viewer/2022020117/56816374550346895dd45091/html5/thumbnails/17.jpg)
Review of Access rightsTo know which subjects are authorized to use
a certain objects.
Easier to review ACL, because ACL contains exactly this information. For storage efficiency subject grouping, wildcards ,prohibitive rights could also be used.
It is difficult to review for a CL unless some type of activity log is kept for all subjects that are given the capability
![Page 18: Distributed Computer Security](https://reader030.vdocuments.net/reader030/viewer/2022020117/56816374550346895dd45091/html5/thumbnails/18.jpg)
Propagation of access rightsAccess rights must be replicable to facilitate
sharing.
Propagation is Duplication of some or all the privileges from one subject to the others.
Propagation is not transfer of rights, it is only duplication.
In ACL, propagation of rights is explicitly initiated by a request to the object server, which modifies or adds an entry to its ACL.
![Page 19: Distributed Computer Security](https://reader030.vdocuments.net/reader030/viewer/2022020117/56816374550346895dd45091/html5/thumbnails/19.jpg)
Propagation of access rightsPropagation of rights must adhere to the
principle of least principles, i.e. Only the minimum privileges required to perform the tasks are given when propagating the rights
In CL, theoretically it is possible to propagate rights between subjects without intervention of object server.
This could result in an uncontrollable system and hence is avoided.
![Page 20: Distributed Computer Security](https://reader030.vdocuments.net/reader030/viewer/2022020117/56816374550346895dd45091/html5/thumbnails/20.jpg)
Revocation of Access rightsRevocation is trivial in ACL
because it is easy to delete subject entries from the ACL.
It is difficult for CL’s to revoke access selectively.
![Page 21: Distributed Computer Security](https://reader030.vdocuments.net/reader030/viewer/2022020117/56816374550346895dd45091/html5/thumbnails/21.jpg)
Conversion between ACL & CLInteractions among processes involving different
Access control models would require gateways for conversions.
Conversion to ACL is straightforward.
Consider example of processes in a CL requiring to access remote objects in ACL
◦ Gateway Authenticates the process identifier.◦ It then verifies the operation in the capability list.◦ The request is then converted to ACL and is presented
to the remote host
![Page 22: Distributed Computer Security](https://reader030.vdocuments.net/reader030/viewer/2022020117/56816374550346895dd45091/html5/thumbnails/22.jpg)
Conversion between ACL & CLConverting a ACL request to CL is slightly more
complex
Requires a database with resource capabilities for the interacting processes
◦ Gateway validates the ACL request ◦ obtains the resource capability from the database
server◦ Capability is then presented to capability based
object server.
A system utilizing both ACL and CL suffers the drawback of both approaches7)
![Page 23: Distributed Computer Security](https://reader030.vdocuments.net/reader030/viewer/2022020117/56816374550346895dd45091/html5/thumbnails/23.jpg)
Role-based Access Control (RBAC) Access decisions are based on the roles that
individual users have as part of an organization.
Users take on assigned roles (such as doctor, nurse, teller, manager). The operations that a user is permitted to perform are based on the user's role.
Role hierarchies can be established to provide for the natural structure of an enterprise.
Organizations establish the rules for the association of operations with roles.
![Page 24: Distributed Computer Security](https://reader030.vdocuments.net/reader030/viewer/2022020117/56816374550346895dd45091/html5/thumbnails/24.jpg)
Research work - Privacy enhanced access control models
It’s an enhancement to traditional 2D ACM.
We add one more dimension called privacy and make it a 3D ACM.
The access is granted depending on privacy, for example if it’s true grant access else deny.
Costly – so use sparingly.
![Page 25: Distributed Computer Security](https://reader030.vdocuments.net/reader030/viewer/2022020117/56816374550346895dd45091/html5/thumbnails/25.jpg)
Requirements of Access control in Data grid
Single sign onSeparation of dutiesHigh efficiencyCentralized management and
autonomySupport QoS ( Quality of service).
![Page 26: Distributed Computer Security](https://reader030.vdocuments.net/reader030/viewer/2022020117/56816374550346895dd45091/html5/thumbnails/26.jpg)
Future WorkAbsolute trust mechanism in
access control system is an important subject of P2P security research.
Also secure efficient ACM for huge networks especially the data-centric networks will be effectively realized.
Excellent Access control methods for highly dynamic real time systems.
![Page 27: Distributed Computer Security](https://reader030.vdocuments.net/reader030/viewer/2022020117/56816374550346895dd45091/html5/thumbnails/27.jpg)
Questions..?
![Page 28: Distributed Computer Security](https://reader030.vdocuments.net/reader030/viewer/2022020117/56816374550346895dd45091/html5/thumbnails/28.jpg)
Thank you
![Page 29: Distributed Computer Security](https://reader030.vdocuments.net/reader030/viewer/2022020117/56816374550346895dd45091/html5/thumbnails/29.jpg)
References [1] Randy Chow & Theodore Johnson, 1997,“Distributed Operating
Systems & Algorithms”, (Addison-Wesley), p. 271 to 278.
[2] http://en.wikipedia.org/wiki/Access_control
[3] Ninghui Li and Mahesh V. Tripunitara, IEEE Symposium on Security and Privacy, May 2005. "Safety in Discretionary Access Control".
[4] K. Gopinath, Communication System Software and Middleware, 2006, "Access Control in Communication Systems“
[5] Fei Xu; Jingsha He; Xu Wu; Jing Xu; Networks Security, Wireless Communications and Trusted Computing, 2009. "A Privacy-Enhanced Access Control Model". NSWCTC '09. International Conference onVolume 2, 25-26 April 2009 Page(s):703 - 706.