![Page 1: Lecture 4 - Authorization · • An identity permits access to resources • In computer security this is called – Access control – Authorization • In authorization, we talk](https://reader034.vdocuments.site/reader034/viewer/2022042321/5f0bd7c77e708231d4327bfe/html5/thumbnails/1.jpg)
CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger
Lecture 4 - Authorization
CMPSC 443 - Spring 2012Introduction Computer and Network Security
Professor Jaegerwww.cse.psu.edu/~tjaeger/cse443-s12/
![Page 2: Lecture 4 - Authorization · • An identity permits access to resources • In computer security this is called – Access control – Authorization • In authorization, we talk](https://reader034.vdocuments.site/reader034/viewer/2022042321/5f0bd7c77e708231d4327bfe/html5/thumbnails/2.jpg)
CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page
Why authenticate?• Why do we want to verify the identity of a user?
2
![Page 3: Lecture 4 - Authorization · • An identity permits access to resources • In computer security this is called – Access control – Authorization • In authorization, we talk](https://reader034.vdocuments.site/reader034/viewer/2022042321/5f0bd7c77e708231d4327bfe/html5/thumbnails/3.jpg)
CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page
A Brief History
• Early computing systems had no isolation– Shared memory space– Shared file space
• Some physical limitations made this OK– Batch processing– Load the tape/disk for the application– Network? What network?
• In the mid-60s people started to work on ʻmultiuserʼ or ʻtime-sharingʼ systems– What about a bug?– What about my data?
3
![Page 4: Lecture 4 - Authorization · • An identity permits access to resources • In computer security this is called – Access control – Authorization • In authorization, we talk](https://reader034.vdocuments.site/reader034/viewer/2022042321/5f0bd7c77e708231d4327bfe/html5/thumbnails/4.jpg)
CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page
Multiprogrammed Systems
• Multics project – AT&T, MIT, Honeywell, etc.– General purpose, multi-user
system– Comprehensive security
• Hardware protection• Subject labeling• Permission management
• UNIX project– Spin-off of Multics project
• When AT&T left– A stripped-down multiuser
system
4
![Page 5: Lecture 4 - Authorization · • An identity permits access to resources • In computer security this is called – Access control – Authorization • In authorization, we talk](https://reader034.vdocuments.site/reader034/viewer/2022042321/5f0bd7c77e708231d4327bfe/html5/thumbnails/5.jpg)
CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page
Control Access
• An identity permits access to resources• In computer security this is called
– Access control– Authorization
• In authorization, we talk about:– Subjects (for whom an action is performed)– Objects (upon what an action is performed)– Operations (the type of action performed)
• Authorization limits a subjectʼs access perform an operation on an object– The combination of object and operations allowed are
called a permission
5
![Page 6: Lecture 4 - Authorization · • An identity permits access to resources • In computer security this is called – Access control – Authorization • In authorization, we talk](https://reader034.vdocuments.site/reader034/viewer/2022042321/5f0bd7c77e708231d4327bfe/html5/thumbnails/6.jpg)
CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page
Access Matrix
• Describe all possible accesses– Operations of (S2,O2)– E.g., read, write, execute
• Specify which usersʼ processes can access which files
• Necessary to specify policy to protect users
O1 O2 O3
S1 Y Y N
S2 N Y N
S3 N Y Y
6
![Page 7: Lecture 4 - Authorization · • An identity permits access to resources • In computer security this is called – Access control – Authorization • In authorization, we talk](https://reader034.vdocuments.site/reader034/viewer/2022042321/5f0bd7c77e708231d4327bfe/html5/thumbnails/7.jpg)
Page CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger
Access Control Lists
O1 O2 O3
S1 Y Y N
S2 N Y N
S3 N Y Y
• System stores– Which operations can subjects
perform– For each object
• Advantage: Makes you think about how to protect each object– Also, easier to confine subjects as
weʼll discuss later• Disadvantage: Cannot tell what
permissions a particular subject has without looking at each object– Process always uses all of its
permissions, as weʼll discuss later
7
![Page 8: Lecture 4 - Authorization · • An identity permits access to resources • In computer security this is called – Access control – Authorization • In authorization, we talk](https://reader034.vdocuments.site/reader034/viewer/2022042321/5f0bd7c77e708231d4327bfe/html5/thumbnails/8.jpg)
Page CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger
Capabilities
O1 O2 O3
S1 Y Y N
S2 N Y N
S3 N Y Y
• System stores– Which operations can be
performed on each object– For each subject
• Advantages and disadvantages are reverse of ACL case, naturally
8
![Page 9: Lecture 4 - Authorization · • An identity permits access to resources • In computer security this is called – Access control – Authorization • In authorization, we talk](https://reader034.vdocuments.site/reader034/viewer/2022042321/5f0bd7c77e708231d4327bfe/html5/thumbnails/9.jpg)
CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page
Authentication and Access• Authenticate user
– E.g., login and ssh– Verify password or ...
• Create processes with appropriate identity (subject)– E.g., UNIX user id
• Limit access of these processes using subject– E.g., Access control of files based on subject
• Protect one user from another
9
![Page 10: Lecture 4 - Authorization · • An identity permits access to resources • In computer security this is called – Access control – Authorization • In authorization, we talk](https://reader034.vdocuments.site/reader034/viewer/2022042321/5f0bd7c77e708231d4327bfe/html5/thumbnails/10.jpg)
CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page
Sharing in the Access Matrix
• How do you give someone access to your file?
• Access matrix also has management permissions– owner permission
• A subject with owner permission can– Give another user permissions to
an object– Even the owner permission itself
• This seems necessary, right?
O1 O2 O3
S1 Y Y N
S2 N Y N
S3 N Y Y
10
![Page 11: Lecture 4 - Authorization · • An identity permits access to resources • In computer security this is called – Access control – Authorization • In authorization, we talk](https://reader034.vdocuments.site/reader034/viewer/2022042321/5f0bd7c77e708231d4327bfe/html5/thumbnails/11.jpg)
CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page
Authorization Challenges• Sounds pretty easy, but there are several challenges
– Whatʼs an object?– Whatʼs an operation?– Whatʼs a subject?– Whoʼs going to manage permissions?
11
![Page 12: Lecture 4 - Authorization · • An identity permits access to resources • In computer security this is called – Access control – Authorization • In authorization, we talk](https://reader034.vdocuments.site/reader034/viewer/2022042321/5f0bd7c77e708231d4327bfe/html5/thumbnails/12.jpg)
CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page
Operating Systems and Authorization• Traditionally, all true authorization was
performed operating systems– But, that is no longer the case
• Operating systems are not fully trusted– Commercial operating systems are
immense– Thus, system trust is being focused lower
layers (VMM, microkernel, ...)• Security-critical decisions are often
made by user-space programs– We depend on several now (X, Apache,
DBs, DBus, ...)• Applications may span multiple hosts,
so Internet services do authorization12
![Page 13: Lecture 4 - Authorization · • An identity permits access to resources • In computer security this is called – Access control – Authorization • In authorization, we talk](https://reader034.vdocuments.site/reader034/viewer/2022042321/5f0bd7c77e708231d4327bfe/html5/thumbnails/13.jpg)
CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page
Objects• Whatʼs an object?
– OS: Many things are files– Although not all
• Different software components have their own objects– Virtualization– Microkernels– X Windows– Database– Apache– Logrotate– Clouds– Social Networks
13
![Page 14: Lecture 4 - Authorization · • An identity permits access to resources • In computer security this is called – Access control – Authorization • In authorization, we talk](https://reader034.vdocuments.site/reader034/viewer/2022042321/5f0bd7c77e708231d4327bfe/html5/thumbnails/14.jpg)
CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page
Operations• Whatʼs an operation?
– OS: System call– Well, not really because many things can happen in a
single system call• What happens on a file open?
• Security-sensitive operations– Any operation that may impact the security of your
system • Confidentiality, Integrity, Availability
– A little bit imprecise, but enables some interaction between subjects
• Lots of security-sensitive operations– Communication between VMs– Cut-and-paste between windows– Update a database record– Post a message to a social network
14
![Page 15: Lecture 4 - Authorization · • An identity permits access to resources • In computer security this is called – Access control – Authorization • In authorization, we talk](https://reader034.vdocuments.site/reader034/viewer/2022042321/5f0bd7c77e708231d4327bfe/html5/thumbnails/15.jpg)
CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page
Subjects• Whatʼs a subject?
– OS: System (root/administrator) and Regular Users (you and me)
– However, even for operating systems this distinction is unsatisfactory
• System is too coarse• User is too coarse/fine
• Why is system too coarse?– Might that be the same problem for
users?• Do users even matter to operating
systems anymore?– How many users on your devices?
15
![Page 16: Lecture 4 - Authorization · • An identity permits access to resources • In computer security this is called – Access control – Authorization • In authorization, we talk](https://reader034.vdocuments.site/reader034/viewer/2022042321/5f0bd7c77e708231d4327bfe/html5/thumbnails/16.jpg)
Page CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger
Who Are You?
• Identity vs. Permission
16
![Page 17: Lecture 4 - Authorization · • An identity permits access to resources • In computer security this is called – Access control – Authorization • In authorization, we talk](https://reader034.vdocuments.site/reader034/viewer/2022042321/5f0bd7c77e708231d4327bfe/html5/thumbnails/17.jpg)
CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page
Root/Administrative User
• Subjects with full system access– Initialize the system– Modify the kernel– Install software
• Need extra permissions to perform administrative tasks– Ends up being a lot of processes
• All are part of the trusted computing base
17
![Page 18: Lecture 4 - Authorization · • An identity permits access to resources • In computer security this is called – Access control – Authorization • In authorization, we talk](https://reader034.vdocuments.site/reader034/viewer/2022042321/5f0bd7c77e708231d4327bfe/html5/thumbnails/18.jpg)
CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page
Regular Users• An unprivileged user
– However, all your processes run with the same permissions
• What are all the programs that you run?– Should they all have full access to
any file you can access?• Sandboxing
– Run a program with a subset of your permissions
18
![Page 19: Lecture 4 - Authorization · • An identity permits access to resources • In computer security this is called – Access control – Authorization • In authorization, we talk](https://reader034.vdocuments.site/reader034/viewer/2022042321/5f0bd7c77e708231d4327bfe/html5/thumbnails/19.jpg)
Page CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger
Role-Based Access Control
• Associate permissions with job functions– Each job defines a set of tasks– The tasks need permissions– The permissions define a role
• Bank Teller– Read/Write to client accounts– Cannot create new accounts– Cannot create a loan– Role defines only the permissions allowed for the job
• What kind of jobs can we define permission sets for?
19
![Page 20: Lecture 4 - Authorization · • An identity permits access to resources • In computer security this is called – Access control – Authorization • In authorization, we talk](https://reader034.vdocuments.site/reader034/viewer/2022042321/5f0bd7c77e708231d4327bfe/html5/thumbnails/20.jpg)
Page CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger
Role-based Access Control
• Model consists of two relationships– Role-permission assignments– User-role assignments
• Assign permissions to roles– These are largely fixed
• Assign a user to the roles they can assume– These change with each user– Administrators must manage
this relationship
20
![Page 21: Lecture 4 - Authorization · • An identity permits access to resources • In computer security this is called – Access control – Authorization • In authorization, we talk](https://reader034.vdocuments.site/reader034/viewer/2022042321/5f0bd7c77e708231d4327bfe/html5/thumbnails/21.jpg)
CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page
Managing Access Control• Whoʼs going to manage?
– Formerly, you (and your programs)– But, then it was easy
• Subjects: All, Group, Just You• Operations: Read, Write, Execute
– But, this approach does not provide security• Now, we have gone overboard
– Models with multiple types of subjects, objects, operations are common
– Policies with 10,000+ rules• Too complex for users -- even system admins
– OS Distributors can write fixed permissions– But what if we need to change permissions?
• Make the programmer manage it?21
![Page 22: Lecture 4 - Authorization · • An identity permits access to resources • In computer security this is called – Access control – Authorization • In authorization, we talk](https://reader034.vdocuments.site/reader034/viewer/2022042321/5f0bd7c77e708231d4327bfe/html5/thumbnails/22.jpg)
CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page
Take Away
• We have just looked at the most common mechanisms– Password Authentication– User-based Authorization
• There are a slew of problems with each• But, this is what the world uses
– What can we do?
That Is the Topic of This Course
22