Chapter 4 COMP435
Properties of Mutually Exclusive Roles
1) A user can only be assigned to one role in the set (either during a session or statically) 2)Any permission can be granted to only one role in the set.
Credential Management
1) Authorized individual sponsors an individual or entity for a credential to establish the need for the credential. 2) Sponsored individual enrolls for the credential, a process which typically consists of identity proofing and the capture of biographic and biometric data. 3) Credential produced; depending on credential type, production may involve encryption, use of digital signature, production of smart card, etc. 4) Credential issued to individual or NPE. 5) Credential maintained over life cycle.
ABAC Logical Architecture
1) Subject requests access to object which is routed to an access control mechanism. 2) ACM governed by set of rules that are defined by preconfigured access control policy. Based on rules, ACM assesses attributes of subject, object, and current environmental conditions to determine authorization. 3) The ACM grants the subject access if access is authorized and denies access if it is not authorized.
Session (RBAC0)
A mapping between a user and an activated subset of the set of roles to which the user is assigned.
Group
A named group of users may also be granted access rights, such that membership in the group is sufficient to exercise these access rights.
Role (RBAC0)
A named job function within the organization that controls this computer system. Typically, associated with each role is a description of the authority and responsibility conferred on this role, and on any user who assumes this role.
Object
A resource to which access is controlled. An entity used to contain and/or receive information.
Access Control Lists (ACL)
Access control matrix decomposed by columns; for each object, an ACL lists users and their permitted access rights. Users that are not explicitly listed as having special rights have default access rights following least privilege or read only access. BEST FOR WHEN NEED TO DETERMINE WHICH SUBJECTS HAVE WHICH ACCESS RIGHTS TO A PARTICULAR RESOURCE.
Capability Ticket
Access control matrix decomposed by rows. Specifies authorized objects and operations for a particular user. Each user has a number of tickets and may be authorized to loan or give them to others. Integrity of ticket must be guaranteed (usually by operating system). Must be unforgeable.
Processes
Access rights include the ability to delete a process, stop, and wake up a process
Memory Locations
Access rights include the ability to read/write certain regions of memory that are protected such that the default is to disallow access.
Devices
Access rights include the ability to read/write the device, to control its operation, and to block/unblock the device for use.
Subjects
Access rights with respect to a subject have to do with the ability to grant or delete access rights of that subject to other objects.
Identity Federation
Addresses... 1) How do you trust identities of individuals from external organizations who need access to your system? 2) How do you vouch for identities of individuals in your organization when they need to collaborate with external organizations? Describes tech, standards, policies, and processes that allow an organization to trust digital identities, identity attributes, and credentials created and issued by another organization.
Object Attribute
Also referred to as resource, a passive information system-related entity (devices, files, records, tables, processes, programs, networks, domains, etc.) containing or receiving information. Have attributes such as title, subject, date, author. Can often be extracted from object metadata.
Subject Attribute
An active entity (user application, process, or device) that causes info to flow among objects or changes the system state. Each has attributes that define the identity and characteristics of subject such as identifier, name, organization, job title, etc. Role can also be viewed as attribute.
Permission (RBAC0)
An approval of a particular mode of access to one or more objects. (Access right, privilege, and authorization)
Subject
An entity capable of accessing objects (typically a process)
Audit
An independent review and examination of system records and activities in order to test for adequacy of system controls, to ensure compliance with established policy and operational procedures, to detect breaches in security, and to recommend any indicated changes in control, policy, and procedures.
User (RBAC0)
An individual that has access to this computer system. Has associated user ID.
Identity Management
Assigns attributes to a digital identity and connecting that digital identity to an individual or NPE. Try to establish a trustworthy digital identity that is independent of a specific application or context.
Access Control Context
Authentication, Authorization, Audit
User mode
Certain areas of memory are protected from the user's use and certain instructions may not be executed.
Attributes
Characteristics that define specific aspects of the subject, object, environment conditions, and/or requested operations that are predefined and preassigned.
Identity, Credential, and Access Management (ICAM)
Comprehensive approach to managing and implementing digital identities (and associated attributes), credentials, and access control. 1) create trusted digital identity representations to individuals and nonperson entities 2) bind identities to credentials that may serve as a proxy for the individual or NPE in access transactions. Credential is object or data structure that binds an identity to a token possessed and controlled by a subscriber 3) use credentials to provide authorized access to an agency's resources
Authorization Table
Contains one row for one access right of one subject to one resource. Sort by subject for capability list, sort by object for ACL.
Attribute-Based Access Control (ABAC)
Controls access based on attributes of the user, the resource to be accessed, and current environmental conditions.
Mandatory Access Control (MAC)
Controls access based on comparing security labels (which indicate how sensitive or critical system resources are) with security clearances (which indicate system entities are eligible to access certain resources). Termed mandatory because an entity that has clearance to access a resource may not enable another entity to access that resource.
Discretionary Access Control (DAC)
Controls access based on identity of requestor and on access rules (authorizations) stating what requestors are allowed to do. An entity may have access rights that permit the entity to enable another entity to access some resource.
Role-Based Access Control (RBAC)
Controls access based on the roles that users have within the system and on rules stating what accesses are allowed to users in given roles.
Owner
Creator of resource, system administrator, etc.
Resource Management
Defines rules for a resource that requires access control. Include credential requirements and what user, resource, and environment attributes required for access of a given resource for a given function.
Environment Attributes
Describe operational, technical, and situational environment or context in which info access occurs. Attributes such as date and time, current virus/hacker activities, and network's security level.
Prerequisite Role
Dictates that a user can only be assigned to a particular role if it is already assigned to some other specified role. Can be used to structure the implementation of least privilege.
Access Control Policies
Discretionary access control (DAC), Mandatory access control (MAC), Role-based access control (RBAC), Attribute-based access control (ABAC)
Least Privilege in RBAC
Each role should contain the minimum set of access rights needed for that role.
Privilege Management
Establishes and maintains the entitlement or privilege attributes that comprise an individuals access profile. Attributes represent features of an individual that can be used as the basis for determining access decisions to both physical and logical resources. Privileges are considered attributes that can be linked to a digital identity.
Policy Management
Governs what is allowable and unallowable in an access transaction. Given the identity and attributes of the requestor, the attributes of the resource or object, and environmental conditions, a policy specifies what actions this user can perform on this object.
Enterprise Identity
Individuals will have a single digital representation of themselves that can be leveraged across departments and agencies for multiple purposes, including access control.
Access Management
Management and control of the ways entities are granted access to resources. Both logical and physical access, and may be internal to system or an external element.
Types of Constraints
Mutually exclusive roles, cardinality, prerequisite roles
Kernel Mode
Privileged instructions may be executed and protected areas of memory may be accessed.
Representing the Protection State
Processes, Devices, Memory Locations, Subjects
Privileges
Represent the authorized behavior of a subject, defined by authority and embodied in a policy.
Mutually Exclusive Roles
Roles such that a user can be assigned to only one role in the set. Supports separation of duties and capabilities w/i an organization. Increases the difficulty of collusion among individuals of different skills or divergent job functions to thwart security policies.
Digital Identity
Set of attributes that when aggregated uniquely identify a user within a system or an enterprise.
Protection Domain
Set of objects together with access rights to those objects. (Row in access matrix)
Policy
Set of rules and relationships that govern allowable behavior within an organization, based on the privileges of subjects and how resources or objects are to be protected under which environment conditions. Typically written from the perspective of the object that needs protecting and the privileges available to subjects.
Cardinality
Setting a maximum number with respect to roles. Such as setting a max number of users that can be assigned to a given role.
Types of Attributes
Subject, Object, Environment
Authorization
The granting of a right or permission to a system entity to access a system resource. Determines who is trusted for a given purpose.
World
The least amount of access is granted to users who are able to access the system but are not included in the categories owner and group for this resource.
Protection State
The set of information, at a given point in time, that specifies the access rights for each subject with respect to each object.
Access Right
The way in which a subject may access an object.
Write
User may add, modify, or delete data in a system resource (includes read access)
create
User may create new files, records, or fields
Delete
User may delete certain system resources
Search
User may list the files in a directory or otherwise search the directory
Read
User may view information in a system resource (includes ability to copy or print)
Base Model (4 Entities)
User, Role, Permission, Session
Authentication
Verification that the credentials of a user or other system entity are valid
Key Elements to ABAC
attributes, policy model, architecture model
Access Control
implements a security policy that specifies who or what may have access to each specific system resource and the type of access that is permitted in each instance
Life Cycle Management
mechanisms, policies, and procedures for protecting personal identity info; controlling access to identity data; techniques for sharing authoritative identity data with applications that need it; revocation of an enterprise identity
Three classes of Subject
owner, group, world
Object Examples
records, blocks, pages, segments, files, directories, programs, etc.
Execute
user may execute specified program