protection models
DESCRIPTION
Protection Models. Yeong-Tay Timothy Sun September 27, 2011. Agenda. What is Protection (and why do we need it?) A Simple Message Passing System Collaborative Access Control Models Access Matrix Role-Based Access Control (RBAC) Task-Based Access Control (TBAC) - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Protection Models](https://reader033.vdocuments.net/reader033/viewer/2022042902/5681638d550346895dd481fe/html5/thumbnails/1.jpg)
Protection Models
Yeong-Tay Timothy Sun
September 27, 2011
1Dennis Kafura – CS5204 – Operating Systems
![Page 2: Protection Models](https://reader033.vdocuments.net/reader033/viewer/2022042902/5681638d550346895dd481fe/html5/thumbnails/2.jpg)
Dennis Kafura – CS5204 – Operating Systems
Agenda
What is Protection (and why do we need it?) A Simple Message Passing System Collaborative Access Control Models
Access Matrix Role-Based Access Control (RBAC) Task-Based Access Control (TBAC) Team-Based Access Control (TBAC) Bell-LaPadula Lock and Key Spatial Access Control (SPACE) Context-Aware Access Control
Conclusion
2
![Page 3: Protection Models](https://reader033.vdocuments.net/reader033/viewer/2022042902/5681638d550346895dd481fe/html5/thumbnails/3.jpg)
What is Protection?
Protection governs access to shared system assets
Unsolicited access may be malicious or simply unintentional
Having different protections in different system contexts is a core concept
![Page 4: Protection Models](https://reader033.vdocuments.net/reader033/viewer/2022042902/5681638d550346895dd481fe/html5/thumbnails/4.jpg)
A Simple Message Passing System
Primitive Message System consists of isolated processes Processes encapsulate their own collection of objects Inter-process communication consists of passing message
back and forth; message IDs cannot be forged
Communication protocols become complicated when multiple processes are involved
Cannot force a process to do anything, or to destroy it
![Page 5: Protection Models](https://reader033.vdocuments.net/reader033/viewer/2022042902/5681638d550346895dd481fe/html5/thumbnails/5.jpg)
Implications for Access Control Models?
Should be applied and enforced at a distributed level Should be generic and configurable (expressive) Should support both fine and coarse granularity Should be usable (transparent = good) Should be easy to summarize (manageable) Should support dynamic policies Should perform reasonably (scalable)
![Page 6: Protection Models](https://reader033.vdocuments.net/reader033/viewer/2022042902/5681638d550346895dd481fe/html5/thumbnails/6.jpg)
Collaborative Access Control Models(Access Matrix)
Object system has a subject-object relationship Different domains have different access rights
![Page 7: Protection Models](https://reader033.vdocuments.net/reader033/viewer/2022042902/5681638d550346895dd481fe/html5/thumbnails/7.jpg)
Access Matrix (2)
![Page 8: Protection Models](https://reader033.vdocuments.net/reader033/viewer/2022042902/5681638d550346895dd481fe/html5/thumbnails/8.jpg)
Access Matrix (3)
Both implementations (ACLs, C-Lists) have disadvantages, dynamic changes to access rights not well-supported
Difficult to adapt to more complex schemes (competency, least privilege, etc.) without additional system context
Ownership may be subject to other system constraints
![Page 9: Protection Models](https://reader033.vdocuments.net/reader033/viewer/2022042902/5681638d550346895dd481fe/html5/thumbnails/9.jpg)
Role-Based Access Control
Permissions assigned to roles rather than individual users A role models a job function Users can be assigned from one role to another
![Page 10: Protection Models](https://reader033.vdocuments.net/reader033/viewer/2022042902/5681638d550346895dd481fe/html5/thumbnails/10.jpg)
Role-Based Access Control (2)
Early implementations not dynamic in their assignment of roles, did not account for context (passive vs. active)
Early implementations did not support role assignments to specific object instances
![Page 11: Protection Models](https://reader033.vdocuments.net/reader033/viewer/2022042902/5681638d550346895dd481fe/html5/thumbnails/11.jpg)
Task-Based Access Control (TBAC)
Domains contain task-based contextual information Access control changes dynamically w/ task progressionSupports type-based, instance, usage-based access over RBAC
![Page 12: Protection Models](https://reader033.vdocuments.net/reader033/viewer/2022042902/5681638d550346895dd481fe/html5/thumbnails/12.jpg)
Task-Based Access Control (2)
Context awareness remains tied to activities, tasks, workflow progression
JIT permission assignments could lead to race conditions Mainly used to augment other access control models
![Page 13: Protection Models](https://reader033.vdocuments.net/reader033/viewer/2022042902/5681638d550346895dd481fe/html5/thumbnails/13.jpg)
Team-Based Access Control (TMAC, C-TMAC)
Access rights associated with groups of users User context, object context Offers fine-grained control
![Page 14: Protection Models](https://reader033.vdocuments.net/reader033/viewer/2022042902/5681638d550346895dd481fe/html5/thumbnails/14.jpg)
Team-Based Access Control (2)
Existing implementations are underdeveloped Lacks self-adminstration capabilities of models like
access matrices Needs more context-awareness Suitability for certain tasks is unclear
![Page 15: Protection Models](https://reader033.vdocuments.net/reader033/viewer/2022042902/5681638d550346895dd481fe/html5/thumbnails/15.jpg)
Bell-LaPadula
Intended to control the proliferation of data Uses access matrix for level clearance ★ Property – information can only become more
secure, not less
![Page 16: Protection Models](https://reader033.vdocuments.net/reader033/viewer/2022042902/5681638d550346895dd481fe/html5/thumbnails/16.jpg)
Lock and Key
Similar but different from C-List Involves Keys and Locks Keys can change hands Key doesn’t tell you capabilities it “unlocks” until it is
used
![Page 17: Protection Models](https://reader033.vdocuments.net/reader033/viewer/2022042902/5681638d550346895dd481fe/html5/thumbnails/17.jpg)
Spatial Access Control (SAC)
Transparent security mechanisms Access governed by credentials Does not allow for fine-grained control Difficult to apply
![Page 18: Protection Models](https://reader033.vdocuments.net/reader033/viewer/2022042902/5681638d550346895dd481fe/html5/thumbnails/18.jpg)
Context-Aware Access Control
Extends RBAC w/ environmental roles Roles capture environment state Activated based on environment conditions Ubiquitous computing
![Page 19: Protection Models](https://reader033.vdocuments.net/reader033/viewer/2022042902/5681638d550346895dd481fe/html5/thumbnails/19.jpg)
Conclusion
There are many things to consider when choosing a protection scheme for a system.
No single protection model can address all of these issues but some excel at areas where others do not.