Access Control

Start

1/8

This material was developed with funding from the National Science Foundation under Grant # DUE 1601612

Back

Next

Restart

Unauthorized

Introduction

Access control is the process, procedures, systems and technologies used to ensure that only authorized users and systems gain the right to use an organization’s data systems, resources and information. These same safeguards prevent unauthorized users and systems from gaining access.

Authorized

IAAA

Identity Management Life Cycle

Comparing Access Control Models

Access Control Models

Subjects & Objects

Subjects & Objects

Subjects

Objects

Authorization

Authentication

Accountability

Identification

Identification, authentication, authorization, and accountability (IAAA) are the elements in the process of accessing resources. Click each element above for more information.

A user identifies himself through a username which can be an employee ID, account number, email address name or other unique identifier.

Multi-Factor Authentication

The most popular form of authentication is the use of a password, passphrase, or PIN (something you know). You can also authenticate by using something you have, such as a token or key fob or by something you are like a fingerprint, retinol scan or face recognition. Sometimes a user may be required to provide more than one form of authentication which is known as a multi-factor authentication.

+

Authorization assigns privileges to a subject. These privileges determine which objects the subject can access and the permissions that control the subject’s actions. Permissions include read, write, and delete.

Accountability tracks the actions performed by a subject. Examples of accountability include event or transaction logs.

Access Control Framework

An access control model is a framework that refers to security features used to prevent unauthorized access to objects. These access control systems provide each of the essential services: identification, authentication, authorization, and accountability. Each model uses a different method to control how subjects access objects. Click each model above for more information.

Susan Roles 1+2 Objects A+D

CMS Application

Subjects Assigned Roles

A) Email Data

Role-based

HR Roles 3+5 Objects A+E+F

3) Payroll

E) Timecard System

CMS Roles 2+6 Objects A+B+C+D

4) IT

F) Employee Records

RBAC is based on the subject’s role or job function within an organization. Subjects are assigned a role, and each role is granted access to all the resources required for that job. Subjects do not get additional permissions over and above those required for the role.

Alice in Payroll

Click on the subject to see what objects each can access

5) Human Resources

Susan in Finance

B) Social Media Data

6) Sales

HR Management

C) CMS

1) Employees

Joe Roles 1+6 Objects A+B+C

Joe in Sales

Roles

Objects Permissions

Alice Roles 1+3+5 Objects A+E+F

2) Finance

D) SAP

Rule-based access control uses criteria or rules defined by the custodian or system administrator. If an organization wants to limit access during certain hours of the day, make sure employees are using in-house systems, or to perform a specific transaction, rule-based access control fits the bill. Rules are typically sequential. Once a condition is checked, the permission is granted or denied.

Click on each button to see how rule-based access control works.

12:00PM

Yes

Address

Transaction

Request Access to CMS

No

192.168.12.2

LSM

9:00AM

192.168.1.20

Rule-based

User Request Access

Time

Hours 8am-5pm

CMS

192.168.1.50

Address 192.168.1.*

8:00PM

PAYROLL

192.10.1.30

4:00PM

SAP

The Biba Model describes a set of access control rules designed to ensure data integrity. Data and subjects are grouped into ordered levels of integrity. A subject cannot corrupt data in a level ranked higher than the subject’s permissions and restricts corruption of data at a lower level than the subject. Simple Integrity Axiom: “No read down”; a subject at a specific clearance level cannot read data at a lower classification. This prevents subjects from accessing information at a lower integrity level. This protects integrity by preventing bad information from moving up from lower integrity levels. •* Integrity Axiom: “No write up”; a subject at a specific clearance level cannot write data to a higher classification. This prevents subjects from passing information up to a higher integrity level than they have clearance to change. This protects integrity by preventing bad information from moving up to higher integrity levels.

Unclassified

Top-Secret

Different implementations of MAC are used for different purposes. The Bell–LaPadula model focuses on data confidentiality and controlled access to classified information. This model manages who gets read and write permissions to classified data. It is characterized by the phrase "write up, read down" (WURD). The Simple Security Property states that a subject at a given security level may not read an object at a higher security level. The * (star) Property states that a subject at a given security level may not write to any object at a lower security level because this would reveal information at a greater security level to subjects with lower permissions. Unclassified, confidential and secret information could be written to top secret objects. However, top secret information cannot be shared or written to objects of lesser labels.

Secret

Confidential

Focuses on Data Integrity

Close

Focuses on Data Confidentiality

MAC is the strictest type of control. It takes a hierarchical approach to controlling access to objects. Subjects are assigned a clearance level and objects get assigned a label.  A subject can access an object only if the subject’s clearance is equal to or greater than the object’s label. In the MAC model, permissions are only valid for objects that a subject requires to perform the assigned task. A top-secret subject does not get unfettered access to all top-secret objects.

a clearance level to reveal object access

Click a clearance level to reveal object access

Bell–LaPadula Model

Biba Model

MAC

Click each administrator for more information.

DAC

DAC restricts access to objects based on the identity of subjects and/or groups to which they belong. In the strictest interpretation, each object controlled under DAC must have an owner who controls the permissions that allow access to the object. Although many modern operating systems support the concept of an owner, this is not always implemented. The model does not define “owners” leaving a problematic definition when group ownership occurs.

Local Administrator Headquarters

Local Administrator Cloud Center

End of User Identity

Determines the rights to access the systemsManaging the systems

Identity Management Life Cycle

Revoking permissions & unauthorizing user identities to enterprise systems

Authentication

Governance

Self-Services

Password changes & resetsUpdating personal informationUser attributes sync with other systems as required

Defining password dictionaryEnabling password policiesSync password with end points

Create User IDs & IdentitiesDefine his/her group membershipDefine Systems

Identity Management Life Cycle

Provisioning

Deprovisioning

Start of User Identity

Password Management

Defining organizations IAM guidelines to write rules/policies

Authorization

Validate user identities using SSO services

Operating systems Government systems

Simplifies permission administration Enforces least privilege

Advantages

Complex If granular rules devised, system loses its usefulness

Disadvantages

Can prevent cybercriminals from accessing data even if a way into the network is found

Correct! Great Job!

Cumbersome to manage and maintain

Use

Role explosion

Comparing Access Control Models

Drag and drop the items to the correct space in the table.

Minimizes administration, cost-effective

Centralized administration Defines specific and detailed situations for object access

Smaller organizations where some users wear many hats

Gives end-user complete control to set security level settings

Access control lists (ACLs), firewalls, routers

Environments where confidentiality is important Government systems

Element with Audio HTML

Program

User

Application

A subject is an entity that requests access to a resource and/or the data stored on that resource. Subjects can be a user, server, application, or program.

Server

Objects are resources that a subject requests access to including: data, systems, networks, devices or other subjects.

Subjects

Resources

Devices

Information

Authentication Server

The user sends an authentication request to the portal. The portal takes the request and forwards it to an authentication server. The portal is now the subject and the authentication server is the object.

Authentication Request

Portal

Object

The authentication server acknowledges the request. The portal then allows or denies the user’s request. The original object (the portal) became the subject.

Subject

A user needs access to a web portal to retrieve information. The user is the subject and the portal is the object.

User

Example

Subjects and objects can switch roles

Media Sharing

CMS App

Database

Virtual VoIP

Virtual Desktop

Backups

Printing

Integrity

Confidentiality

There are various applications of MAC implemented for different purposes. The Bell–LaPadula model focuses on data confidentiality and controlled access to classified information. This model manages who gets read and write permissions to classified data. It is characterized by the phrase "write up, read down" (WURD). The Simple Security Property states that a subject at a given security level may not read an object at a higher security level (no read up). The * (star) Property states that a subject may not write to any object at a lower security level because a subject can reveal information with a higher security level to subjects with lower security. Top secret information cannot be shared or written to objects with lower security labels.

Click a clearance level to reveal object access

The Biba Model describes a set of access control rules designed to ensure data integrity. Data and subjects are grouped into ordered levels of integrity. A subject cannot change data at a higher level than the subject’s clearance level. The Simple Integrity Axiom, no read down, means that a subject with a specific clearance level cannot read data with a lower security label. This protects integrity by preventing bad information from moving up to higher integrity levels.