Chapter 4

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

Protection Domain

(LAMP71) A set of objects together with access rights to those objects In terms of an access matrix, a row defines a protection domain; thus, each user has a protection domain, shared by any processes spawned by that user (Might be a subset of the access rights)

Key ABAC Elements

- Attributes: Defined for entities in a configuration - Policy model: Defines the ABAC policies - Architecture model: Applies to policies that enforce access control

Lifecycle Management (ICAM)

- Mechanisms, policies, and procedures for protecting personal identity information - Controlling access to identity data - Techniques for sharing authoritative identity data with applications that need it - Revocation of an enterprise identity

RBAC Relationships

- The relationship of users to roles is many to many - The relationship of roles to resources is many to many - The set of users changes, in some environments frequently, and the assignment of a user to one or more roles may also be dynamic - The set of roles in the system in most environments is relatively static, with only occasional additions or deletions -The set of resources and the specific access rights associated with a particular role are also likely to change infrequently

Subject Access to an Object (ABAC)

1. A subject requests access to an object. This request is routed to an access control mechanism 2. The access control mechanism is governed by a set of rules. Based on these rules, the access control mechanism assesses the attributes of the subject, object, and current environmental conditions to determine authorization 3. The mechanism grants or denies access based on its assessment

ABAC Solution Core Capabilities

1. ABAC systems are capable of enforcing DAC, RBAC and MAC concepts 2. ABAC enables fine-grained access control, which allows for a higher number of discrete inputs into an access control decision, providing a bigger set of possible combinations 3. Moreover, ABAC systems can be implemented to satisfy a wide array of requirements from basic access control lists through advanced expressive policy models

Protection Bits

12 bits associated with each file and considered part of the file's inode - 9 of the protection bits specify read, write, and execute permission for the Owner, Group and Other - The other 3 bits define special behavior for files or directories -- SetUID -- SetGID -- Sticky bit

Superuser

A UNIX user who is exempt from the usual file access control constraints and has system-wide access.

Access Matrix

A common means of implementing DAC in which one dimension of a matrix consists of identified subjects that may attempt data access to the resources. - Typically it consists of individual users or user groups, though it can also be done by terminals, network equipment, hosts or applications The other dimension lists the objects that may be accessed - Each object might have its own data field, or grouped by types that take up a single data field Each entry in the matrix indicates the access rights of a particular subject for a particular object

Identity, Credential, and Access Management (ICAM)

A comprehensive approach to managing and implementing digital identities (And associated attributes), credentials and access control

Inode (Index node)

A control structure containing the key information needed by the OS for a particular file (UNIX). All types of UNIX files are administered by the OS through their use - Several file names may be associated with a single _______ - an active _______ is associated with exactly one file, and each file is controlled by exactly one _______ - Directories also have _______

Credential Production

A credential is produced. Depending on the credential type, production may involve encryption, the use of a digital signature, the production of a smartcard, or other functions.

Subdirectory

A directory contained inside another directory.

Subject Hierarchy

A hierarchy of subjects who are the "Owners" of other subjects because they created those subjects, going all the way back up to the "root" subject Child subjects are created with a subset of the parents access rights

Role (RBAC)

A job function within an organization

Inode Table/List

A location on the hard disk containing the inodes of all the files in the file system - When a file is opened, its inode is brought into main memory and stored in a memory-resident inode table

Session

A mapping between a user and an activated subset of the roles to which the user is assigned - Used to define a temporary one-to-many relationship between a user and one or more of the roles to which they've been assigned The user establishes a session with only the roles needed for a particular task (Least privilege)

Cardinality

A maximum number with respect to roles - Ex: maximum number of users that can be assigned to a given role OR maximum # of roles per user

Group

A named group of users granted access rights, such that membership in the group is sufficient to exercise these access rights. In most schemes, a user may belong to multiple groups.

Role

A named job function within the organization that controls this computer system. Typically, associated with each ______ is a description of the authority and responsibility conferred on this role

Authorization Table

A non-sparse, more convenient method of implementing an access control data structure Each row is for one access right of one subject to one resource, meaning it can be sorted by subject (Like a Capability List) or by object (Like an ACL). Typically done as a relational database

Constraints

A relationship among roles or a condition related to roles - SAND96 lists the constraint types: Mutually exclusive roles, Cardinality, Prerequisite roles - Provide a means of adapting RBAC to the specifics of administrative and security policies in an organization

Object

A resource to which access is controlled; an entity used to contain and/or receive information - Records, blocks, pages, files, directories, etc.

Identity Federation

A term used to describe the technology, standards, policies and processes that allow an organization to trust digital identities, identity attributes, and credentials created and issued by another organization

Processes

Access rights include the ability to delete a process, stop (Block), and wake up a process

Memory Location/Region

Access rights include the ability to read/write certain regions of memory that are protected such that the default is to disallow access.

Devices

Access rights include the ability to read/write the device, to control its operation (e.g., a disk seek), and to block/unblock the device for use

Mutually Exclusive Permission Assignments

An additional constraint added to mutually exclusive roles; it has the following properties: 1. A user can only be assigned to one role in the set (either during a session or statically) 2. Any permission (access right) can be granted to only one role in the set I.e. non-overlapping permissions

Permission

An approval of a particular mode of access to one or more objects. Equivalent terms are access right, privilege, and authorization

Credential Sponsorship

An authorized individual sponsors an individual or entity for a credential to establish the need for the credential

Subject

An entity capable of accessing objects - Typically it's a process (Processes access things on behalf of users and applications) - Held accountable for the actions they initiate and may have an audit trail created to record their actions

Access Control List (ACL)

An implementation of an access matrix in which it is decomposed by columns For each object, it lists users and their permitted access rights. It may also contain a default/public entry for those who do not have specified rights and typically has the fewest rights

Capability Tickets

An implementation of an access matrix in which it is decomposed by rows Specifies authorized objects and operations for a particular user. Each user has a number of tickets and may be authorized to loan or give them to others, which requires further security measures to keep secure

Audit

An independent review and examination of system records and activities in order to test for adequacy of system controls, to ensure compliance with established policy and operational procedures, to detect breaches in security, and to recommend any indicated changes in control, policy and procedures.

User

An individual that has access to this computer system. Each individual has an associated user ID

Access Matrix Controller

An object access controller specifically being used to managed the access matrix itself

ABAC Object

An object, also referred to as a resource, is a passive containing or receiving information.

Process and Protection Domain Association

Can be static or dynamic. For example, a process may execute a sequence of procedures and require different access rights for each procedure, such as read file and write file

Resource Management

Concerned with defining rules for a resource that requires access control. The rules would include - credential requirements - user attributes - resource attributes - environmental conditions

Privilege Management

Concerned with establishing and maintaining the privilege/entitlement attributes that comprise an individual's access profile. These attributes represent features of an individual that can be used as the basis for determining access decisions to both physical and logical resources. - Privileges are considered attributes that can be linked to a digital identity.

Attribute-Based Access Control (ABAC)

Controls access based on attributes of the user, the resource to be accessed, and current environmental conditions. - Can define authorizations that express conditions on properties of both the resource and the subject - Strength is in flexibility and expressive power - Mostly used for Web and Cloud (XAMCL)

Discretionary Access Control (DAC)

Controls access based on the identity of the requestor and on access rules (authorizations) stating what requestors are (or are not) allowed to do. Discretionary because an entity might have access rights that permit it to enable another entity to access some resource.

Role-Based Access Control (RBAC)

Controls access based on the roles that users have within the system and on rules stating what accesses are allowed to users in given roles. - Access rights are assigned to roles, not the users themselves

Mandatory Access Control (MAC)

Controls access by comparing security labels with security clearances Mandatory because an entity that has clearance to access a resource may not enable another entity to access that resource without higher approval

ICAM Purposes

Create trusted digital identity representations of individuals and Nonperson Entities (NPEs) - NPEs include processes, applications and automated devices seeking access to a resource Bind those identities to credentials that may serve as a proxy for the individual or NPE in access transactions Use the credentials to provide authorized access to an agency's resources

Multiple Access Control Policies

DAC, MAC, RBAC and ABAC are not mutually exclusive, and some mechanisms may employ multiple of these policies to cover different classes of system resources

Access Management

Deals with the management and control of the ways entities are granted access to resources. It covers both logical and physical access, and may be internal to a system or an external element - Purpose is to ensure proper identity verification - Three support elements: Resource management, Privilege management and Policy management

Access Right

Describes the way in which a subject may access an object Could include: Read, Write, Execute, delete, Create and Search

Prerequisite Role

Dictates that a user can only be assigned to a particular role if it is already assigned to some other specified role - used to structure the implementation of the least privilege concept

Access Control Policy

Dictates what types of access are permitted, under what circumstances, and by whom. Access control policies are generally grouped into the following categories - DAC - MAC - RBAC - ABAC Can be embodied in an authorization database,

ICAM Goal

Establish a trustworthy digital identity that is independent of a specific application or context.

setfacl

FreeBSD (UNIX-based OS) allows an administrator to assign a list of UNIX user IDs and groups to a file with this command

Extended ACL Support

FreeBSD and most UNIX implementations that support extended ACLs use the following strategy 1. The owner class and other class entries in the 9-bit permission field have the same meaning as in the minimal ACL case. 2. The group class entry specifies the maximum permissions that can be assigned to named users or named groups, other than the owning user. In this latter role, the group class entry functions as a mask. 3. Additional named users and named groups may be associated with the file, each with a 3-bit permission field. The permissions listed for a named user or named group are compared to the mask field. Any permission for the named user or named group that is not present in the mask field is disallowed.

Policy Management

Governs what is allowable and unallowable in an access transaction. That is, given the identity and attributes of the requestor, the attributes of the resource or object, and environmental conditions, a policy specifies what actions this user can perform on this object

Set User ID (SetUID)

If active for an executable file, any user who executes the file temporarily inherits the rights of the file's creator - Also known as the "effective user ID" (As opposed to "real user ID) - Ignored for directories

SetGroupID (SetGID)

If active for an executable file, any user who executes the file temporarily inherits the rights of the file's group - Also known as the "effective group ID" (As opposed to "real group ID") - For directories it means newly created files automatically inherit the group the directory belongs to

Security Label

Indicates how sensitive or critical an associated resource is

Security Clearance

Indicates what system entities are eligible to access certain resources

Credential Maintenance

Might include revocation, reissuance/replacement, reenrollment, expiration, personal identification number (PIN) reset, suspension, or reinstatement

RBAC Use

NIST FIPS PUB 140-3 requires support for access control and administration through roles

Classes of Subjects

Owner, Group and World

Access Control System Commands

Pg. 123 has a table summarizing these weird formula-rules

Access Control (RF 4949)

Process by which use of system resources is regulated according to a security policy and is permitted only by authorized entities (users, programs, processes, or other systems) according to that policy

Role Hierarchies

Provide a means of reflecting the hierarchical structure of roles in an organization. - Typically, job functions with greater responsibility have greater authority to access resources - A subordinate job function may have a subset of the access rights of the superior job function

RBAC1

RBAC1 includes the RBAC0 functionality and adds role hierarchies, which enable one role to inherit permissions from another role

RBAC2

RBAC2 includes RBAC0 and adds constraints, which restrict the ways in which the components of a RBAC system may be configured

RBAC3

RBAC3 contains the functionality of RBAC0, RBAC1, and RBAC2

Basic Elements of Control

Subject, Object and Access Right

Access Control

The central element of computer security. The principal objectives of computer security are to prevent unauthorized users from gaining access to resources, to prevent legitimate users from accessing resources in an unauthorized manner, and to enable legitimate users to access resources in an authorized manner.

Credential Issuance

The credential is issued to the individual or NPE

Directory Execute Permission

The execute permission for a directory means you can open it or search it for a file it contains

Authorization

The granting of a right or permission to a system entity to access a system resource. This function determines who is trusted for a given purpose.

World

The least amount of access is granted to users who are able to access the system but are not included in the categories owner and group for this resource.

Credential Management

The management of the life cycle of the credential, with 5 logical components - Sponsorship - Enrollment - Production - Issuance - Maintenance

User Mode

The mode a user program executes on a computer, in which certain areas of memory are protect from the user's use and certain instructions may not be executed

Kernel/System Mode

The mode system routines are executed in, in which privileged instructions may be executed and protected areas of memory may be accessed

Access Control (NIST IR 7298)

The process of granting or denying specific requests to: - Obtain and use information and related information processing services and/or - Enter specific physical facilities

Credential Enrollment

The sponsored individual enrolls for the credential, a process which typically consists of identity proofing and the capture of biographic and biometric data. This step may also involve incorporating authoritative attribute data

Owner

This may be the creator of a resource, such as a file. For system resources, ownership may belong to a system administrator.

Authentication vs. Access Control

Typically, the authentication function determines whether the user is permitted to access the system at all. The access control function determines if the specific requested access by this user is permitted, typically by consulting a database of access rights for various user/types of users

Write

User may add, modify or delete data in the system resource - Includes read access as well

Create

User may create new files, records, or fields

Delete

User may delete certain system resources, such as files or records

Execute

User may execute the specified program

Search

User may list the files in a directory or otherwise search the directory

Read

User may view information in a system resource, as well as copy it and print it

RBAC0 Entities

User, Role, Permission and Session

Authentication

Verification that the credentials of a user or other system entity are valid.

ACL File Access Steps

When a process requests access to a file system object: 1. The ACL entry that most closely matches the requesting process is selected - Search order goes: Owner, Named users, (Owning or named) groups, others 2. Check if the matching entry contains sufficient permissions - Possible for multiple entries to match; the system will always choose the one with sufficient permissions, if any

Sticky Bit

When set on a file, it indicates the system should retain the file contents in memory following executing When applied to a directory, it specifies only the owner of any file in the directory can rename, move or delete that file

ABAC Subject

an active entity that causes information to flow among objects or changes the system state

RBAC0

contains the minimum functionality for an RBAC system

SAND96

defines a family of RBAC reference models that has served as the basis for ongoing standardization efforts - Consists of four related models -- RBAC0 -- RBAC1 -- RBAC2 -- RBAC3

Environment Attributes

describe the operational, technical, and even situational environment or context in which the information access occurs. For example, attributes, such as current date and time - Largely ignored in most access control policies to date

Access Control Mechanism

mediates between a user (or a process executing on behalf of a user) and system resources, such as applications, operating systems, firewalls, routers, files, and databases

Object Attributes

objects have attributes that can be leveraged to make access control decisions; can often be extracted from the metadata of the object

ABAC Privileges

represent the authorized behavior of a subject; they are defined by an authority and embodied in a policy - AKA rights, authorizations, and entitlements

Mutually Exclusive Roles

roles such that a user can be assigned to only one role in the set - This limitation could be a static one, or it could be dynamic, in the sense that a user could be assigned only one of the roles in the set for a session - Supports separation of duties and capabilities in an organization

ABAC Policy

set of rules and relationships that govern allowable behavior within an organization, based on the privileges of subjects and how resources or objects are to be protected under which environment conditions

Subject Attributes

subject has associated attributes that define the identity and characteristics of the subject. Such attributes may include the subject's identifier, name, organization, job title, and so on. A subject's role can also be viewed as an attribute.


संबंधित स्टडी सेट्स

Corporate Finance Ch 16 (Just Short Answers

View Set

Sample Business Management and Administration Cluster Exam

View Set

Sherpath: Examination Equipment Mini Quizzes

View Set

50 Most Common Job Interview Questions

View Set

Level 1: Digital Video Practice Exam

View Set

PSYC5313 Final Review In Class/Midterm

View Set

AP Human Geo Country Case Studies

View Set