Print Email Download Reference This Send to Kindle Reddit This
submit to reddit

Access Control In Information Security System Computer Science Essay

Abstract: In the literature research, improving the quality of information security management has been discussed, a specific technique which called access control will be analysed in this report. Access control is a process that every access to a system and its resource should be controlled and that all and only authorized accesses can take place. The implementation of an access control system needs regulations which are defined according to the control of accesses. It is quite important that their implementation is executable by computer system. The implementation process is usually carried out with an approach based on these concepts: security policy, security model and security mechanism. In this report, the security models and how it works are following the introduction of three security policies. Then it is the security mechanism which defines the low level functions that include the controls.

1. Introduction

Authentication, access control, and audit are considered to be the foundation for information security. Access control as one of the three foundations, is the process of measuring every request to data and resource stored in a system and judging whether this request should be granted or denied, it needs authentication 'as a prerequisite '.[3] The access control decision is executed by a mechanism following regulations based on a security policy. Different access control can be applied according to different definition of what security means.

Access control is requireed to achieve secrecy, integrity and availability objectives. [1] Information management system should ' protect data and resource against unauthorized disclosure (secrecy) and unauthorized or improper modifications (integrity)', meanwhile it provide the ' availability to legitimate users ( no denials-of-service)'.[2] Applying protection demands that every access to a system ought to be controlled and only authorized accessed can happen. The definition of the regulations is indispensable to develop an access control system. The definition is made according to which access should be controlled and the implementations are executable by computer system. In order to deploy the development a ' multi-phrase approach ' is needed which comes from the following concepts:

Security Policy: it defines the high level secure rules that addresses constraints on functions and flow among them according to which access must be controlled. [2] [17]

Security model: it attempts to ' specify and enforce ' security policies and a 'formal representation ' is provided according to the security policy. [2] [16]

Security mechanism: it defines the low level functions , the controls defined in the policy and stated by the model are implemented in these functions.

The three concepts represent a 'conceptual separation between different levels of abstraction of the design.[2] Specially, the separation of policies and mechanisms ensure the independence between mechanism implementing and protection demand. The advantage is that:(1) advance protection requirements without concerning the implementation, (2) compare different policies and different mechanisms that implement the same policy, and (3) one mechanism is able to implement multiple policies. The middle phrase between policy and mechanism produces formal models ' representing the policy and its working '. [5] Therefore, we can claim the system is secure through proving the model is secure and the mechanism implements the model correctly.

The definition of access control policies is very important and difficult because a security policy must contain all the regulations and also consider possible weakness as a result of the use of computer system. Access control policies can be divided into three classes: [3]

Discretionary (DAC) policies restrict access based on the identity of requesters which they belong. The controls are discretionary because a requester with a certain access is able to pass that permission to other requesters. [18]

Mandatory (MAC) policies are consist of mandated regulations managing by a central authority. Users do not have the ability to override the policy because this policy is centrally controlled by a policy administrator. [15]

Role-based (RBAC) policies are depending on the roles of the users and rules that describe what accesses are given to users. [2]

This report is structured as follows. Section 2 shows discretionary policies and models.Section 3 introduces mandatory policies and the reason why they are needed. Section 4 illustrates role-based access control policies. A conclusion is provided is section 5.

2. Discretionary policies and models

Discretionary policies implement access control based on the ' identity of the requesters and explicit access rules that establish who can, or cannot, execute which actions on which resources. '[2] Discretionary means users can pass their privileges on to other users. The early Discretionary models are discussed in this section and will be analysed later comparing mandatory controls.

2.1 The access matrix model

The first step of access control system development is the identification of the objects which are the sets of entities that need to be protected (e.g. files, accounts), and subjects that consist of active entities and execute request and activities access to objects, and actions (rights) specify access that a subject is allowed to process objects. [2] [19]

The state of the system is a triple (S, O, A), where S means subjects, O indicates objects; and A is the access matrix, where subjects are listed in rows and objects are shown in columns, and entry A(s, o) represents the relationship between s and o. Figure 1 shows an example of access matrix.

File 1 File 2 File 3 Program 1

joanna

own

read

read

write

execute

Bobread

read

write

Clark

read

execute

read

Fig. 1. An example of access matrix

2.2 Implementation Approaches

In general system, the access matrix will be ' enormous in size, and most of its cells are likely to be empty. '[1] There are three approaches to develop the access matrix in a practical system.

Access Control Lists (ACLs)

In this approach the matrix is shown by columns. Each object ' is associated with an ACL, indicating for each subject in the system the accessed the subject is authorized to execute on the object.' [1] Figure 2 is the ACLs for the matrix in Figure 1.

Joanna

own

read

write

bob

read

Joanna

read

write

Clark

read

File 1

bob

read

1

File 2

Bob

read

write

Joanna

execute

Clark

ececute

read

Program 1

File 3

bob

read

1

Fig. 2. ACLs for the matrix in Figure 1

Capability

In this approach the matrix is stored by rows. Each user has associated capability list indicating, ' for each object, the access that the user is allowed to execute on the object. ' [2] Figure 3 is the capabilities for the matrix in Figure 1.

File 1

own

read

write

File 2

read

write

Joanna

Program 1

execute

File 1

read

File 3

read

write

Bob

File 2

read

Clark

Program 1

execute

read

Fig. 3. Capabilities for the matrix in Figure 1

Authorization Table

In this approach no empty entries are listed in the table with three columns, containing subjects, actions and objects. The authorizaion table approach is generally used in database management systems. Figure 4 is the authorization table for the matrix in Figure 1.

User

Access control

Object

Joanna

own

File 1

Joanna

read

File 1

Joanna

write

File 1

Joanna

read

File 2

Joanna

write

File2

Joanna

execute

Program 1

Bob

read

File 1

Bob

read

File 3

Bob

write

File 3

Clark

read

File 2

Clark

execute

Program 1

Clark

read

Program 1

Fig. 4. authorizaion table for the matrix in Figure 1

ACLs and capabilities have been presented as column-based and row-based implementations of the access control matrix. They show advantages and disadvantages regrading authorization control and management. Using ACLs it is immediate to check the authorizations that connecting to an object, ' while retrieving all the authorizations of a subject requires the examination of the ACLs for all the objects. '; using capabilities, it is easy to understand the privileges of a subject, ' while retrieving all the accesses executable on an object requires the examination of all the different capabilities. '[2]

2.3 Vulnerabilities

Safety analysis which decides whether rights can leaded in future states is considered to be a fundamental problem in access control.[4] This safety problem is closely related to the flaw of DAC. In DAC, a subject gets rights from the discretion of other objects.Therefore it is asserted that the safety is undecidable in DAC.[7] Discretionary policies ignore the problem which separating users from subjects, consider ' all request submitted by a process running on behalf of some user against the authorizations of the user.' [2] It makes discretionary policies weak to protect the process executing malicious programs having the authorizations of the user presents whom they are executing. For example, the Trojan Horses which might use the authorization to create user or delete all files of the user hiding in the programs can bypass the access control system. Moreover, discretionary policies do not have the control over the flow of information, that means the information which acquired by a process can be leaked to unauthorized users.

3. Mandatory policies and models

In mandatory policies, both subjects and objects each have a set of security attributes.[15] No matter when a subject tries to access a object, an authorization rule by a central authority check these security attributes and determine whether the access can happen. Every operation by subjects on any object will be examined against the authorization rules to decide if the operation is legal.

The most common mandatory policy is the multilevel security policy. In the multilevel security system, each subject and object have a classification, objects are passive entities while 'subjects are active entities that request access to the objects'.[2] Particularly, there is a distinction between users and subjects in mandatory policies: users are people who can access the system while subjects are processes which executing on users' behalf. [1] Policies with this distinction can control the indirect accesses ( leaking information).

3.1 Secrecy-based mandatory policies: The Bell-LaPadula model

The direct and indirect information flows can be controlled to prevent leakages to unauthorized subjects in a secrecy-based mandatory policy.

The Bell-LaPadula model is based on the secrecy-based mandatory policies which use security labels on objects and clearances for subjects. The clearance is the security attributes of the access associated with a user. Security labels range from the Top Secret down to the Unclassified. The model defines two MAC rules and one DAC rules with three security properties: [13]

The Simple Security Property - an object at a given security level may not be read by a subject at a lower security level (no read-up).

The *-property - a subject with a given security level must not write to objects with lower security level (no write-down).

The Discretionary Security Property - an access matrix is used to specify the discretionary access control.

In the system with Bell-LaPadula, users can add content only not below their own security level, while they can read content only not above their own security level.

3.2 Integrity-based mandatory policies: The Biba model

The secrecy-based mandatory policies focus on the data confidentiality and access to the classified information; the integrity is out of the control. The same as secrecy, each subject and object have an integrity classification in the system. For example, the integrity levels can be: Crucial, Important, and Unknown. In general, there are three goals to preserve the data integrity:

Unauthorized subjects cannot modify data.

Unauthorized subjects cannot modify unauthorized data.

Consistency should be maintained internally and externally.

Similar to the Bell-LaPadula model, the Biba model defines a set of security rules which are the reverse of the Bell-LaPadula rules: [14]

The simple Integrity Axiom - a subject at a given level is not allowed to read an object at a ower integrity level (no read down).

The * Integrity Axiom - a subject with a given level of integrity is not allowed to write an object with a higher integrity level.

3.3 Limitation of mandatory policies

The secrecy mandatory policies only control overt flows of information, while the covert flows still vulnerable. Covert flows are not intended for normal communication, but they can be used to get system information. Covert flows require particular consideration in the design of the implementation mechanism, and it is hard to control because difficulty lies in ' mapping access control model's primitive to a computer system. ' [11]

4. Role-Based Access Control Policies

Role-based access control has been proposed to be an alternative to classical DAC and MAC policies that is attracting increasing attention, specially from commercial and government organizations. Role-based policies control users' access to the information based on the activities the user operate in the system. A role can be defined as ' set of actions and responsibilities associated with a particular working activity. ' [1] Then, access authorizations of objects are specified to roles instead of specifying accesses which each user is permitted to execute. One user have the authorizations to adopt several roles. Therefore, because users are not authorized permissions directly, but gain them through the roles, user rights management becomes assigning roles to correct user.[6] There are three principles in RBAC:[12]

Role assignment : A subject cannot execute a transaction without having selected or being assigned a role.

Role authorization: Users only can adopt roles for which they are authorized.

Transaction authorization: Users only can execute transactions which they have been authorized to.

The role-based approach has some advantages: authorizaion management, hierarchical roles, least privilege, separation of duties, and constraints enforcement. The advantages can be understood clearly in the paper [8].

5. Conclusion

No policies is considered to be better than others; some policies just can provide more protection than others. However, because systems have the different protection requirements, policies suitable for a given system might not function well in another. The choice of access control policy should be analysed carefully based on the particular requirement and environment.

In this paper, several access control principles, policies and models have been proposed. Mostly, I just give the basic concepts about these policies and models, many details have been omitted. Moreover, there are many policies and models that do not mention which list below:

(1) The Chinese Wall policy and authorization-based information flow policies enrichs DAC with mandatory restrictions.

(2) DAC has developed dramatically since the proposing of the access matrix, some policies have been developed, such as administrative policies and integrity policies (Clark and Wilson model)

(3) Advanced access control models: Certificate-based access control

We should realize that integrating computer and network security is a key factor to develop a true discipline of information security. From the view of overall system security, a security architecture is only as strong as its weakest link. [9] So the organizations should realize the importance of a overall approach to securing technology, process, people and other organizational factors on an enterprise scale.[10]

Print Email Download Reference This Send to Kindle Reddit This

Share This Essay

To share this essay on Reddit, Facebook, Twitter, or Google+ just click on the buttons below:

Request Removal

If you are the original writer of this essay and no longer wish to have the essay published on the UK Essays website then please click on the link below to request removal:

Request the removal of this essay.


More from UK Essays