ACCESS CONTROL AND INTRUSION DETECTION

ROADMAP. . .

ACCESS CONTROL CATEGORIES OF ACCESS CONTROLS -DAC -MAC -RBAC INTRUSION DETECTION CLASSIFICATION OF ID SYSTEMS

3

• ACCESS TO SYSTEM. . .

A system can protect itself in two ways:• It can limit who can access the system. This requires the system to implement a two-step process of

identification (asking you who you are) and authentication (asking you to prove it)

It can limit what user can do after they have accessed the system.This requires the system to implement access control mechanisms.

4

INTERPRETATION:

5

• ACCESS CONTROL : NOTION

The primary purpose of security mechanisms in a system is to control access to resources.

Resources: Files, memory areas, processor time, devices, database records.

Some history . . . Early systems had no internal access control. Any user could access any file simply by knowing

its name. Access control became a more serious issue with

the emergence of disk storage, on which les of many users could be stored (before the days of network and interactive computing).

6

• ACCESS CONTROL ?

An access control policy dictates… -what types of access are permitted, - under what circumstances, and - by whom.

Vital for security in operating systems

7

• THREE STEPS TO ACCESS CONTROL

• Identification. {eg: username, account number…}• Authorization. {eg: pwds, pin nos, tokens…}• Authentication. {digital signature, fingerprint…}

8

CATEGORIES OF ACCESS CONTROL. . .

Discretionary access control

(DAC)

Mandatory access control

(MAC)

Role-based access control

(RBAC)

9

# DISCRETIONARY ACCESS CONTROL (DAC)

Controls access based on… - the identity of the requestor and - on access rules (authorizations)

stating what requestors are (or are not) allowed to do.

This policy is termed “ discretionary” because:

an entity might have access rights that permit the entity, by its own volition, to enable another entity …to access some

resource.

10

DAC OVERVIEW…

What is DAC ? Why is DAC needed ? Where it is used ? How is DAC implemented..? Advantages of DAC ? Disadvantages of DAC ?

11

• WHAT IS DAC ?

Discretionary access control (DAC) is a policy determined by the owner of an object.

The owner decides who is allowed to access the object, and what privileges they have.

12

TWO IMPORTANT CONCEPTS IN DAC ARE…

--File and data ownership: Every object in the system has an owner. In most DAC systems, each object's initial owner is the subject that caused it to be created. The access policy for an object is determined by its owner.

--Access rights and permissions: These are the controls that an owner can assign to other subjects for specific resources.

13

TECHNICALLY SPEAKING…

In computer security, discretionary access control (DAC) is a type of access control defined by the 

Trusted Computer System Evaluation Criteria(TCSEC)  as :

“a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control)”.

14

• HOW IS DAC IMPLEMENTED..?

Usually implemented through Access control lists (ACLs) Each resource object on a DAC based system has an Access Control List (ACL) associated with it. An ACL contains a list of users and groups to which the user has permitted access together with the level of access for each user or group.

15

• WHERE IT IS USED ?

DAC is typically the default access control mechanism for most desktop operating systems. widely used in commercial and government sectors. Operating systems must be built differently depending upon whether they are going to provide DAC or any other access functionality. For example, Windows-based platforms provide a DAC access structure.

16

• ADVANTAGES OF DAC ?

FlexibilitySimplicityEase of implementation

17

• DISADVANTAGES OF DAC ?

increases the risk that data will be made accessible to users that should not necessarily be given access.

DAC mechanisms fail to recognize a fundamental difference between human users and computer programs.

However, DAC is known to be inherently weak for two reasons.

18

CONT..

• First, granting read access is transitive.

• Information can be copied from one object to another; therefore, there is no real assurance on the flow of information in a system. • No restrictions apply to the usage of information when the user has

received it.

• Second, DAC policy is vulnerable to Trojan horse attacks; because programs inherit the identity of the invoking user.

19

# MANDATORY ACCESS CONTROL (MAC)

Controls access based on… -comparing security labels (which indicate.. how sensitive or critical system

resources are) with security clearances (which indicate ..system entities are eligible to

access certain resources).

This policy is termed “mandatory ” because an entity that has clearance to access a

resource may not, just by its own volition, enable another entity to access that resource.

20

• SOME THINGS ABOUT MAC…

WHAT IS MAC ? In computer security, mandatory access control (MAC) refers to a type

of access control by which the operating system constrains the ability of a subject to access or generally perform some sort of operation on an object or target.

MAC takes a hierarchical approach to controlling access to resources.

The term mandatory in MAC has acquired a special meaning derived from its use with military systems. MAC means access controls that are mandated by order of a government and so enforcement is supposed to be more imperative than for commercial applications.

21

CONT…

IDEA OF MAC: A system mechanism (e.g., the operating system) controls access to an object and

an individual user cannot alter that access.Neither the subject nor the owner of the object can determine whether access is granted.

The system mechanism will check information associated with both the subject and the object to determine whether the subject should access the object.

Rules describe the conditions under which access is allowed.Mandatory policies are also called rule-based policies.

Under a MAC enforced environment access to all resource objects (such as data files) is controlled by settings defined by the system administrator. As such, all access to resource objects is strictly controlled by the operating system based on system administrator configured settings.

22

CONT…

GOALS OF MAC : Preserve confidentiality and integrity of information Prevent some types of Trojan horse attacks Prevent that a user can change security attributes.

WHERE IT IS USED ? Systems that implement MAC models are used in highly

secured environments, such as military or government organizations and in Defence departments.

23

# ROLE-BASED ACCESS CONTROL (RAC)

Controls access based on… - the roles that users have within the system

and -on rules stating what accesses are allowed to

users in given roles.

24

• SOME THINGS ABOUT RBAC…

Role-based access control (RBAC) models make access decisions based on the rights and permissions assigned to a role or group, not an individual user.

In role based systems, users get assigned roles based on their functions in that system. These systems are centrally

administered, they are nondiscretionary. An example is a hospital.

It is an access policy determined by the system, not the owner.

25

CONT…

USE AND AVAILABILITY… RBAC is a flexible access control technology whose flexibility allows it to

implement DAC or MAC.

used to manage user privileges (computer permissions) within a single system or application. Access under RBAC is based on a user's job function within the organization to which the computer system belongs.

used in commercial applications and also in military systems, where multi-level security requirements may also exist.

This kind of model is effective in large companies that have high turnover rates because it allows the administrator to simply place new employees into roles instead of creating new permissions for each and every person who joins the company.

26

INTRUSION DETECTION. . .

SECURITY INTRUSION…A security event, or a combination of multiple security events,that constitutes a security incident in which an intruder gains, or attempts to gain, access to a system (or system resource) without having authorization to do so.

INTRUSION DETECTION…A security service that monitors and analyzes system events for the purpose of finding, and providing real-time or near real- time warning of, attempts to access system resources in an unauthorized manner.

27

• IDs can be classified as follows:

Host-based IDS: Monitors the characteristics of a single host and the events

occurring within that host for suspicious activity

Network-based IDS: Monitors network traffic for particular network segments or

devices and analyzes network, transport, and application protocols to identify suspicious activity.

28

• ID COMPRISES 3 LOGICAL COMPONENTS:

SENSORS: responsible for collecting data. The input may be any part of a system that could contain

evidence of an intrusion.Types of input include network packets, log files, and system call traces.Sensors collect and forward this information to the analyzer.

ANALYZERS: receive ip from 1 or more sensors or from other analyzers. responsible for determining if an intrusion has occurred.The o/p

of this component indicates that an intrusion has occurred.The output may include evidence supporting the conclusion.

29

CONT….

USER INTERFACE: The user interface to an IDS enables a user to view output from the

system or control the behavior of the system. In some systems, the user interface may equate to a manager, director, or console component.

REFEREN

CES:

ACC

ESS

CONTR

OL-

(Pgno

675

-680

Will

iam

Sta

lling

s..)

IN

TRUSI

ON D

ETEC

TION-

(P

gno

680

-684

Will

iam

Sta

lling

s..)

G

OOGLE