Flashcards in Chapter 3 - Authorization and Access Control Deck (33)
What is authorization?
Authorization is the next step taken after we have completed identification and authentication.
It enables us to determine, once we have authenticated the party in question, exactly what they are allowed to do. We typically implement authorization through the use of access controls, which we will discuss later in this chapter.
What is the principle of least privilege?
A concept to keep in mind when deciding the level of access given to individuals.
What are the four basic tasks of access control?
Describe ALLOWING ACCESS
Allowing access lets us give a particular party access to a given resource.
Describe DENYING ACCESS
Denying access if the diametric opposite of granting access. When we deny access we are preventing access by a given party to a resource in question.
Describe LIMITING ACCESS
Limiting access refers to allowing some access to a resource, but only up to a certain point.
This is very important when using applications that may be exposed to attack-prone environments.
Describe REVOKING ACCESS
Revocation of access is a very important idea in access control. It is vital that once we have given a party access to a resource, we be able to take that access away again.
What are the two main methods we might use in access control?
Access control lists
What are access control lists?
ACL's, often referred to as "ackles", are a very common choice of access control implementation. ACLs are usually used to control access in the file systems on which our operating systems run and to control the flow of traffic in the networks to which our systems are attached.
What is a file system ACL?
When we look at ACls in most file systems, we commonly see three permissions in use: read, write and execute, respectively allowing us to access the contents of a file or directory, write to it, and, presuming that a file contains either a program or a script capable of running on the system in question, execute the contents of the file.
What is a network ACL?
When we look at the variety of activities that take place on networks, both private and public, we can again see ACLs regulating such activity. In the case of network ACLs, we typically see access controlled by the identifiers we use for network transactions, such as Internet Protocol (IP) addresses, Media Access Control (MAC) addresses, and ports. We can see such ACLs at work in network infrastructure such as routers, switches, and firewall devices, as well as in software firewalls, Facebook, Google, e-mail, or other forms of software.
What is a MAC address?
MAC addresses are, in theory, unique identifiers attached to each network interface in a given system. Each network interface has a hardcoded MAC address issued when it is created.
NOTE: Unfortunately for those of us depending on MAC addresses as a basis for our ACLs, the MAC address used by a network interface can be overridden by software settings in most operating systems. Such changes are very trivial to put in place, and the MAC address is not a good choice for a unique identifier of a particular device on the network.
What are capabilities in the context of access control?
Capability-based security can provide us with an alternate solution to access control that uses a different structure than what we see in ACLs.
Capabilities are oriented around the use of a token that controls our access. we can think of a token in a capability as being analogous to the badge we might use to open the door in a building.
Capability-based systems base access allowances on the possession of the token, not on who possesses it.
What is the difference between capability-based systems and ACL s?
Where ACLs define the permissions based on a given resource, an identity, and a set of permissions, all generally held in a file of some sort, capabilities are oriented around the use of a token that controls our access.
What are the most common access control models mentioned in the book?
Discretionary Access Control
Mandatory Access Control
Role-based Access Control
Attribute-based Access Control
Multi-level access control
Describe discretionary access control.
Discretionary access control (DAC) is a model of access control based on access being determined by the owner of the resource in question. The owner of the resource can decide who does and does not have access, and exactly what access they are allowed to have. In Microsoft operating systems, we can see DAC implemented. If we decide to create a network share, for instance, we get to decide who we want to allow access.
Describe mandatory access control.
Mandatory access control (MAC) is a model of access control in which the owner of the resource does not get to decide who gets to access it, but instead access is decided by a group or individual who has the authority to set access on resources.
Describe Role-based Access control
Role-based access control (RBAC) is a model of access control that, similar to MAC, functions on access controls set by an authority responsible for doing so, rather than by the owner of the resource. The difference between RBAC and MAC is that access control in RBAC is based on the role the individual being granted access is performing. For example, if we have an employee whose only role is to enter data into a particular application, through RBAC we would only allow the employee access to that application, regardless of the sensitivity or lack of sensitivity of any other resource he might potentially access. If we have an employee with a more complex role—customer service for an online retail application, perhaps—the employee’s role might require him to have access to information about customers’ payment status and information, shipping status, previous orders, and returns, in order to be able to assist said customers. In this case, RBAC would grant him considerably more access. We can see RBAC implemented in many large-scale applications that are oriented around sales or customer service.
Describe attribute-based access control.
Attribute-based access control (ABAC) is, logically, based on attributes. These can be the attributes of a particular person, of a resource, or of an environment. Subject attributes are those of a particular individual.
Environmental attributes can be used to enable access controls that operate based on environmental conditions
Resource attributes are those that relate to a particular resource, such as an operating system or application
Describe multilevel access control
Multilevel access control models are used where the simpler access control models that we just discussed are considered to not be robust enough to protect the information to which we are controlling access. Such access controls are used extensively by military and government organizations, or those that often handle data of a very sensitive nature. We might see multilevel security models used to protect a variety of data, from nuclear secrets to protected health information (PHI).
Describe the bell-lapadula model.
The Bell-LaPadula model implements a combination of DAC and MAC access controls, and is primarily concerned with the confidentiality of the resource in question
What is the *Property?
Anyone accessing a resource can only write its contents to one classified at the same level or higher.
What is The Simple Integrity Axiom
The level of access granted to an individual must be no lower than the classification of the resource.
The *Integrity Axiom?
Anyone accessing a resource can only write its contents to one classified at the same level or lower.
The Simple Security Property?
The level of access granted to an individual must be at least as high as the classification of the resource in order for the individual to be able to access it.
in the Bell-LaPadula method, what are the two security properties that define how information can flow to and from the resource?
The Simple Security Property: The level of access granted to an individual must be at least as high as the classification of the resource in order for the individual to be able to access it.
The *Property: Anyone accessing a resource can only write its contents to one classified at the same level or higher.
What is the Biba model?
The Biba model of access control is primarily concerned with protecting the integrity of data, even at the expense of confidentiality.
What are the two security rules of the Biba method that are the exaact reverse of the Bell-Lapadula model rules?
■The Simple Integrity Axiom: The level of access granted to an individual must be no lower than the classification of the resource.
■ The *Integrity Axiom: Anyone accessing a resource can only write its contents to one classified at the same level or lower.
What is the brewer and nash model?
The Brewer and Nash model, also known as the Chinese Wall model, is an access control model designed to prevent conflicts of interest. Brewer and Nash is commonly used in industries that handle sensitive data, such as that found in the financial, medical, or legal industry.