lecture01 - purdue university · 2006-01-10 · access control is interesting n has (relatively)...
TRANSCRIPT
![Page 1: lecture01 - Purdue University · 2006-01-10 · Access Control is Interesting n Has (relatively) well-developed theories n 30+ years history n some (quite involved) theory (apparently)](https://reader033.vdocuments.site/reader033/viewer/2022050501/5f93db24d37faa7d2a76a7e9/html5/thumbnails/1.jpg)
CS590UAccess Control: Theory and Practice
Lecture 1 (Jan 10)Introduction to the Course
![Page 2: lecture01 - Purdue University · 2006-01-10 · Access Control is Interesting n Has (relatively) well-developed theories n 30+ years history n some (quite involved) theory (apparently)](https://reader033.vdocuments.site/reader033/viewer/2022050501/5f93db24d37faa7d2a76a7e9/html5/thumbnails/2.jpg)
Instructor Info
n Ninghui Lin Email: [email protected] Office phone: 765-496-6756n Office: REC 217C
n Office hourn Tuesday 4:20pm to 4:50pmn Thursday 4:20pm to 4:50pmn By appointment
![Page 3: lecture01 - Purdue University · 2006-01-10 · Access Control is Interesting n Has (relatively) well-developed theories n 30+ years history n some (quite involved) theory (apparently)](https://reader033.vdocuments.site/reader033/viewer/2022050501/5f93db24d37faa7d2a76a7e9/html5/thumbnails/3.jpg)
Coursework
n Readingsn before each lecture
n Assignments (30%)n problemsn review of assigned papers
n Mid-term exam (30%)n A project (40%)
![Page 4: lecture01 - Purdue University · 2006-01-10 · Access Control is Interesting n Has (relatively) well-developed theories n 30+ years history n some (quite involved) theory (apparently)](https://reader033.vdocuments.site/reader033/viewer/2022050501/5f93db24d37faa7d2a76a7e9/html5/thumbnails/4.jpg)
Check the course homepage
![Page 5: lecture01 - Purdue University · 2006-01-10 · Access Control is Interesting n Has (relatively) well-developed theories n 30+ years history n some (quite involved) theory (apparently)](https://reader033.vdocuments.site/reader033/viewer/2022050501/5f93db24d37faa7d2a76a7e9/html5/thumbnails/5.jpg)
Why a Course on Access Control?
![Page 6: lecture01 - Purdue University · 2006-01-10 · Access Control is Interesting n Has (relatively) well-developed theories n 30+ years history n some (quite involved) theory (apparently)](https://reader033.vdocuments.site/reader033/viewer/2022050501/5f93db24d37faa7d2a76a7e9/html5/thumbnails/6.jpg)
What is Access Control?
n Quote from Security Engineering by Ross Andersonn Its function is to control which principals
(persons, processes, machines, …) have access to which resources in the system ---which files they can read, which programs they can execute, and how they share data with other principals, and so on.
![Page 7: lecture01 - Purdue University · 2006-01-10 · Access Control is Interesting n Has (relatively) well-developed theories n 30+ years history n some (quite involved) theory (apparently)](https://reader033.vdocuments.site/reader033/viewer/2022050501/5f93db24d37faa7d2a76a7e9/html5/thumbnails/7.jpg)
Access Control is Pervasive
n Applicationn business applications
n Middlewaren DBMS
n Operating Systemn controlling access to files, ports
n Hardwaren memory protection, privilege levels
![Page 8: lecture01 - Purdue University · 2006-01-10 · Access Control is Interesting n Has (relatively) well-developed theories n 30+ years history n some (quite involved) theory (apparently)](https://reader033.vdocuments.site/reader033/viewer/2022050501/5f93db24d37faa7d2a76a7e9/html5/thumbnails/8.jpg)
Access Control is Important
n Quote from Security Engineeringn Access control is the traditional center of
gravity of computer security. It is where security engineering meets computer science.
n TCSEC evaluates security of computer systems based on access control features + assurance
![Page 9: lecture01 - Purdue University · 2006-01-10 · Access Control is Interesting n Has (relatively) well-developed theories n 30+ years history n some (quite involved) theory (apparently)](https://reader033.vdocuments.site/reader033/viewer/2022050501/5f93db24d37faa7d2a76a7e9/html5/thumbnails/9.jpg)
Access Control is Interesting
n Has (relatively) well-developed theoriesn 30+ years historyn some (quite involved) theory (apparently) not
useful for other fieldsn Many interesting and deep resultsn Many misconceptions and debatesn A large percentage of published works
contain serious errorsn Corollary: Be skeptical, don’t believe too much
what others have said, try form your own opinions
![Page 10: lecture01 - Purdue University · 2006-01-10 · Access Control is Interesting n Has (relatively) well-developed theories n 30+ years history n some (quite involved) theory (apparently)](https://reader033.vdocuments.site/reader033/viewer/2022050501/5f93db24d37faa7d2a76a7e9/html5/thumbnails/10.jpg)
Principles of Access Control(Saltzer and Schroeder 75)
1. Economy of mechanismn keep the design as simple and small as
possible
2. Fail-safe defaultsn default is no-access
![Page 11: lecture01 - Purdue University · 2006-01-10 · Access Control is Interesting n Has (relatively) well-developed theories n 30+ years history n some (quite involved) theory (apparently)](https://reader033.vdocuments.site/reader033/viewer/2022050501/5f93db24d37faa7d2a76a7e9/html5/thumbnails/11.jpg)
Principles of Access Control
3. Complete mediationn every access must be checked
4. Open designn security does not depend on the secrecy
of mechanism
![Page 12: lecture01 - Purdue University · 2006-01-10 · Access Control is Interesting n Has (relatively) well-developed theories n 30+ years history n some (quite involved) theory (apparently)](https://reader033.vdocuments.site/reader033/viewer/2022050501/5f93db24d37faa7d2a76a7e9/html5/thumbnails/12.jpg)
Principles of Access Control
5. Separation of privilegen a system that requires two keys is more
robust than one that requires one
6. Least privilegen every program and every user should
operate using the least privilege necessary to complete the job
![Page 13: lecture01 - Purdue University · 2006-01-10 · Access Control is Interesting n Has (relatively) well-developed theories n 30+ years history n some (quite involved) theory (apparently)](https://reader033.vdocuments.site/reader033/viewer/2022050501/5f93db24d37faa7d2a76a7e9/html5/thumbnails/13.jpg)
Principles of Access Control
7. Least common mechanismn “minimize the amount of mechanism
common to more than one user and depended on by all users”
8. Psychological acceptabilityn “human interface should be designed for
ease of use”n the user’s mental image of his protection
goals should match the mechanism
![Page 14: lecture01 - Purdue University · 2006-01-10 · Access Control is Interesting n Has (relatively) well-developed theories n 30+ years history n some (quite involved) theory (apparently)](https://reader033.vdocuments.site/reader033/viewer/2022050501/5f93db24d37faa7d2a76a7e9/html5/thumbnails/14.jpg)
An Incomplete History of Access Control Research
![Page 15: lecture01 - Purdue University · 2006-01-10 · Access Control is Interesting n Has (relatively) well-developed theories n 30+ years history n some (quite involved) theory (apparently)](https://reader033.vdocuments.site/reader033/viewer/2022050501/5f93db24d37faa7d2a76a7e9/html5/thumbnails/15.jpg)
Earlier Years: Time-Sharing Operating Systems
n Reference monitors (1972)n Access matrix (1971)n Discretionary access control
n trojan horse can leak information
![Page 16: lecture01 - Purdue University · 2006-01-10 · Access Control is Interesting n Has (relatively) well-developed theories n 30+ years history n some (quite involved) theory (apparently)](https://reader033.vdocuments.site/reader033/viewer/2022050501/5f93db24d37faa7d2a76a7e9/html5/thumbnails/16.jpg)
Confidentiality
n Bell-LaPadula Modeln Noninterference (1982)n Nondeducibility (1986)n Covert channeln Proving information flow properties of
systems and programs
![Page 17: lecture01 - Purdue University · 2006-01-10 · Access Control is Interesting n Has (relatively) well-developed theories n 30+ years history n some (quite involved) theory (apparently)](https://reader033.vdocuments.site/reader033/viewer/2022050501/5f93db24d37faa7d2a76a7e9/html5/thumbnails/17.jpg)
Integrity
n Biba modeln Clark-Wilsonn Chinese Wall
![Page 18: lecture01 - Purdue University · 2006-01-10 · Access Control is Interesting n Has (relatively) well-developed theories n 30+ years history n some (quite involved) theory (apparently)](https://reader033.vdocuments.site/reader033/viewer/2022050501/5f93db24d37faa7d2a76a7e9/html5/thumbnails/18.jpg)
Database Access Control
n System R approach: grant/revoke, viewn Ingres approach (query rewriting)n Multilevel databasesn Object/relational databasesn Real systems
n SQL grant/revoke, view, stored procedures, fine-grained access control
n Privacy centric
![Page 19: lecture01 - Purdue University · 2006-01-10 · Access Control is Interesting n Has (relatively) well-developed theories n 30+ years history n some (quite involved) theory (apparently)](https://reader033.vdocuments.site/reader033/viewer/2022050501/5f93db24d37faa7d2a76a7e9/html5/thumbnails/19.jpg)
Role-Based Access Control
n First in database context n Then a generic access control approachn Constraintsn Administrationn Extensions
![Page 20: lecture01 - Purdue University · 2006-01-10 · Access Control is Interesting n Has (relatively) well-developed theories n 30+ years history n some (quite involved) theory (apparently)](https://reader033.vdocuments.site/reader033/viewer/2022050501/5f93db24d37faa7d2a76a7e9/html5/thumbnails/20.jpg)
Access Control in Distributed Systems
n ABLP Logicn Trust management
n PolicyMaker, KeyNote, QCM/SD3, Delegation Logic, Binder, RT
n Automated trust negotiation
![Page 21: lecture01 - Purdue University · 2006-01-10 · Access Control is Interesting n Has (relatively) well-developed theories n 30+ years history n some (quite involved) theory (apparently)](https://reader033.vdocuments.site/reader033/viewer/2022050501/5f93db24d37faa7d2a76a7e9/html5/thumbnails/21.jpg)
Other Topics
n Workflow systemsn Firewalln Cryptographic approach
![Page 22: lecture01 - Purdue University · 2006-01-10 · Access Control is Interesting n Has (relatively) well-developed theories n 30+ years history n some (quite involved) theory (apparently)](https://reader033.vdocuments.site/reader033/viewer/2022050501/5f93db24d37faa7d2a76a7e9/html5/thumbnails/22.jpg)
End of Lecture 1
n Next lecture:n Access matrixn Partial order and latticesn State transition systems