CSE543 - Computer And Network Security Module: Access
CSE543 - Computer and Network SecurityModule: Access ControlAsst. Prof. Syed Rafiul HussainCSE543 - Introduction to Computer and Network SecurityPage1
Access Control Method for restricting the operations thatprocesses may perform on a computersystem aka AuthorizationCSE543 - Introduction to Computer and Network SecurityPage2
Access Control Why do you need access control?CSE543 - Introduction to Computer and Network SecurityPage3
Access Control Why do you need access control? Protection Prevent errors - oops, I overwrote your files Security Prevent unauthorized access under all conditionsCSE543 - Introduction to Computer and Network SecurityPage4
Access Control What is needed for “security”? Protect the process - limit others’ access to yourresources Confine the process - limit your access to others’resourcesCSE543 - Introduction to Computer and Network SecurityPage5
Security Policies A security policy specifies the rules of security‣ Some statement of secure procedure or configuration thatparameterizes the operation of a system‣ Example: Airport Policy Take off your shoes No bottles that could contain 3 ozs Empty bottles are OK? You need to put your things through X-ray machine Laptops by themselves, coat off Go through the metal detector Goal: prevent on-airplane (metal) weapon, flammableliquid, dangerous objects (successful?)CSE543 - Introduction to Computer and Network SecurityPage6
Access Control Policy What is access control policy?‣ Check whether a process is authorized toperform perform operations on an object Authorize‣ Subject: Process‣ Object: Resource that is security-sensitive‣ Operations: Actions taken using that resource An object operations is called a permission‣ Sets of permissions for subjects and objects ina system is called an access control policyCSE543 - Introduction to Computer and Network SecurityPage7
Access Control Policy Access control policy determines what operations aparticular subject can perform for a set of objects It answers the questions‣ E.g., do you have the permission to read /etc/passwd‣ Does Alice have the permission to view the CSE website?‣ Do students have the permission to share project data?‣ Does Dr. Hussain have the permission to change your grades? An Access Control Policy answers these questionsCSE543 - Introduction to Computer and Network SecurityPage8
Access Control Concepts Subjects are the active entities that do things‣ E.g., you, Alice, students, Prof. Jaeger Objects are passive things that things are done to‣ E.g., /etc/passwd, CSE website, project data, grades Operations are actions that are taken‣ E.g., read, view, share, changeCSE543 - Introduction to Computer and Network SecurityPage9
Access Policy Model A protection system answers authorization queries usinga protection state (S), which can be modified byprotection state methods (M)‣ Authorization query: Can subject perform requested operationon object? Y/N A protection state (S) relates subjects, objects, andoperations to authorization query results‣ E.g., in mode bits, ACLs, — the policy A protection state methods (M) can change theprotection state (i.e., policy)‣ Add/remove rights for subjects to perform operations onobjects — change the policyCSE543 - Introduction to Computer and Network SecurityPage 10
The Access Matrix An access matrix is one way to represent a protectionstate.‣ Conceptual Columns are objects, subjects are rows.‣ To determine if Si has right to accessO1 O2 O3S1YYNS2NYNS3NYYobject Oj, find the appropriate entry.‣ Often entries list the set of operationspermitted for that subject-object pair The access matrix representsO( S * O ) rulesCSE543 - Introduction to Computer and Network SecurityPage 11
The Access Matrix Suppose the private key file for Jis object O1O1O2O3J?S2?S3?‣ Only J can read Suppose the public key file forJ is object O2‣ All can read, only J can modify Suppose all can read and write fromobject O3 What’s the access matrix?CSE543 - Introduction to Computer and Network SecurityPage 12
ACLs and Capabilities An access matrix is one way to represent a protectionstate.‣ Conceptual Columns are objects‣ Access control lists define thesubjects that can access each object and the operations Subjects are rows‣ Capabilities define the objects thatcan be accessed by each subject - andthe operationsO1 O2 O3S1YYYS2NYYS3NYY This is how access policies are storedCSE543 - Introduction to Computer and Network SecurityPage 13
Access Control Problem Identify subjects, objects, and operations in each system‣ Minimize effort of parties that specify policies‣ Minimize likelihood of failures Protection — failures due to benign errors Security — failures due to malicious activities Function — failures because programs don’t run Design an Access Control Model‣ Subjects - Per process or group a set of processes?‣ Objects - Per object or group a set of objects orpermissions (object/ops)?‣ Rules - How to compose multiple requirements?CSE543 - Introduction to Computer and Network SecurityPage 14
Access Control Problem You run three programs‣ One from the system - passwd‣ One application - editor‣ One from the Internet - email attachment What access control policies should be assigned toeach program? For protection? For security? How to make specifying access control policies easy?Homework!CSE543 - Introduction to Computer and Network SecurityPage 15
Commodity OS Security UNIX and Windows Protection Systems‣ How do they identify subjects/objects toexpress access control policies?CSE543 - Introduction to Computer and Network SecurityPage 16
The UNIX FS access policy Really, this is a bit string ACL encoding an access matrix E.g.,rwx rwx rwxWorldGroupOwner And a policy is encoded as “r”, “w”, “x” if enabled, and“-” if not, e.g,rwxrw---x Says owner can read, write and execute, group can readand write, and world can execute only.CSE543 - Introduction to Computer and Network SecurityPage 17
Caveats: UNIX Mode Bits Access is often not really this easy: you need to havecertain rights to parent directories to access a file (execute,for example). The reasons for this are quite esoteric.rwx rw- --x The preceding policy may appear to be contradictory‣ A member of the group does not have execute rights, butmembers of the world do, so ‣ A user appears to be both allowed and prohibited fromexecuting access‣ Not really: these policies are monotonic the absence of aright does not mean they should not get access at all. If any ofyour identities have that right in any class (world, group, owner),you are authorized.CSE543 - Introduction to Computer and Network SecurityPage 18
UNIX UIDs Processes and files are associated with user IDs (UIDs) File UID indicates its owner (who gets owner perms)‣ Group UID also (who gets group perms) Process UID indicates the owner of the process‣ Normal user‣ System (root)‣ Now, some special UIDs for some programs‣ Also, a process may run under multiple Group UIDs How do we switch UIDs (e.g., run a privilegedprogram)?CSE543 - Introduction to Computer and Network SecurityPage 19
UID Transition: Setuid A special bit in the mode bits Execute file‣ Resulting process has the effective (and fs) UID/GID offile owner Enables a user to escalate privilege‣ For executing a trusted service Downside: User defines execution environment‣ e.g., Environment variables, input arguments, opendescriptors, etc. Service must protect itself or user can gain unauthorizedaccess‣ UNIX services often run as root UID -- many via setuid!CSE543 - Introduction to Computer and Network SecurityPage 20
Changing Effective User ID A process that executes a set-uid program can drop itsprivilege; it can‣ drop privilege permanently removes the privileged user id from all three user IDs drop privilege temporarily‣ removes the privileged user ID from its effective uid but stores itin its saved uid, later the process may restore privilege byrestoring privileged user ID in its effective uid‣CSE543 - Introduction to Computer and Network SecurityPage 21
What happens during logging 00suid0suid500suid500After the loginprocess verifiesthat the enteredpassword iscorrect, it issuesa setuid systemcall.CSE543 - Introduction to Computer and Network SecurityThe loginprocess thenloads theshell, givingthe user alogin shell.fork()The usertypes in thepasswdcommand tochange hispassword.Page 22
What happens during logging exec(“passwd”) d0The fork call creates a newprocess, which loads “passwd”,which is owned by root user, andhas setuid bit set.CSE543 - Introduction to Computer and Network SecurityDroppidprivilege ropprivilege ruidtemporarilysuid22975005000Page 23
Job Functions In an enterprise, we don’t really do anything asourselves, we do things as some job function‣ E.g., student, professor, doctor One could manage this as groups, right?‣ We are assigned to groups all the time, and given similar rights asthem, i.e., mailing listsCSE543 - Introduction to Computer and Network SecurityPage 24
Groups Groups are collections of identities who are assignedrights as a collective Important in that it allows permissions to be assignedin aggregates of users GroupUsersAliceBob IvanTrentPermissions This is really about “membership”‣ Group-Permission assignments are transientCSE543 - Introduction to Computer and Network SecurityPage 25
Roles A role is a collection of privileges/permissionsassociated with some function or affiliation NIST studied the way permissions are assigned andused in the real world, and this is it RoleUsersReadDeleteWriteModifyPermissions Important: the permission-role membership is static, theuser-role membership is transientCSE543 - Introduction to Computer and Network SecurityPage 26
Role Based Access Control Most formulations are of the type‣ U: users -- these are the subjects in the system‣ R: roles -- these are the different roles users mayassume‣ P: permissions --- these are the rights which can beassumed There is a many-to-many relation between:‣ Users and roles‣ Roles and permissions Relations define the role-based access control policyCSE543 - Introduction to Computer and Network SecurityPage 27
Take Away Goal: Define protection states to restrict the operationsthat each process may perform‣ For protection from bugs and security from adversaries‣ Operating systems do that by Associating processes with IDs (subjects) Authorizing objects and operations (permissions) Approach: Protection system‣ Protection state: Relates subjects to authorized permissions‣ Methods for modifying the protection state UNIX and Windows implement protection systems‣ Have different notions of subjects and permissions‣ Trade-off complexity and expressive power Compared with role-based access control modelsCSE543 - Introduction to Computer and Network SecurityPage 28
CSE543 - Introduction to Computer and Network Security Page Access Control Policy Access control policy determines what operations a particular subject can perform for a set of objects It answers the questions ‣ E.g., do you have the permission to read /etc/passwd ‣ Does Alice have the permission to view the CSE webs
CSE543 - Introduction to Computer and Network Security Page Goals ‣ My goal: to provide you with the tools to understand and evaluate research in computer security. ‣ Basic technologies ‣ Engineering/research trade-offs ‣ How to read/understand security research papers This is going to be a hard course. The key to success is .
CSE543 - Introduction to Computer and Network Security Page Security Concerns Various attacks were being launched against Windows systems, essentially compromising all Concerns that Linux could also be prone ‣ “Inevitability of Failure” paper Any system with network facing daemons (e.g., sshd, f
The single biggest mistake seen in use of security is the lack of a coherent security model ‣ It is very hard to retrofit security (design time) This class is going to talk a lot about security models ‣ What are the security concerns (risks)? ‣ What are the threats? ‣ Who are our adversaries? 23
2 Understanding Computer Network Security 43 2.1 Introduction 43 2.1.1 Computer Security 44 2.1.2 Network Security 45 2.1.3 Information Security 45 2.2 Securing the Computer Network 45 2.2.1 Hardware 46 2.2.2 Software 46 2.3 Forms of Protection 46 2.3.1 Access Control 46 2.3.2 Authentication 48 2.3.3 Confidentiality 48 2.3.4 Integrity 49
3 CONTENTS Notation 10 Preface 12 About the Author 18 PART ONE: BACKGROUND 19 Chapter 1 Computer and Network Security Concepts 19 1.1 Computer Security Concepts 21 1.2 The OSI Security Architecture 26 1.3 Security Attacks 27 1.4 Security Services 29 1.5 Security Mechanisms 32 1.6 Fundamental Security Design Principles 34 1.7 Attack Surfaces and Attack Trees 37
security in application, transport, network, link layers Network Security 8-3 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 8.4 Securing e-mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7 Securing wireless LANs 8.8 Operational security
COMPUTER NETWORK UNIT-I Lecture-1 Computer Network: Definitions [RGPV June 2013] A computer network or data network is a telecommunications network which allows computers to exchange data. In computer networks, networked computing devices pass dat a . networking hardware. Two such devices are said to be networked together when one device
Scoping study on the emerging use of Artificial Intelligence (AI) and robotics in social care A common theme identified in the review was a lack of information on the extent to which the different AI and robotic technologies had moved beyond the prototype and
