Access Control

Previous page
Table of content
Next page

Before discussing identity verification of security principles, we review the methods of access authorization that may be utilized once authentication has occurred. Planning for access control may affect the methods utilized in the authentication processfor example, if there will only be a need for anonymous access to a public read-only HTML document, there is no need for a complex authentication process.

graphics/tip_icon.gif

Whenever you're confronted by a solution involving the determination of proper levels of access, remember the phrase "Less is more." This is a convenient reminder of the security practice known as least privilege , where an account is granted no more access rights than the bare minimum needed to perform assigned tasks . Remember you are dealing with human beings when you give users access. It is always better received when rights or privileges are added than when taken away.


Access control generally refers to the process of making resources available to accounts that should have access, while limiting that access to only what is required. The forms of access control you need to know include the following:

  • Mandatory Access Control (MAC)

  • Discretionary Access Control (DAC)

  • Rule-Based Access Control (RBAC)

  • Role-Based Access Control (RBAC)

We discuss these types of access control in the following sections.

graphics/note_icon.gif

The Trusted Computer System Evaluation Criteria (TCSEC) specification used by many government networks explicitly specifies only the MAC and DAC forms of access control.


Mandatory Access Control

Mandatory Access Control ( MAC ) is often found in government systems, although it is not restricted to them. It is a strict, hierarchical model. What is important to understand with MAC is that the operating system controls the access and that a data owner cannot override this control. All objects are given security labels, also referred to as sensitivity labels . Users are assigned security clearances, such as top secret or confidential, and data is also classified accordingly . This classification is stored in the resource security label.

Besides the classification, the security label contains categories. Categories can be used to define such things as levels of management, departments, or projects. When a user requests access to an object, the system checks the user's security clearance and the classification of the object to determine accessibility. In other words, the system determines access by comparing the labels of the user and the object. Because labels have classifications and categories, if you have top-secret clearance but are not in a certain department, you will not have access to that department's information, even though you have top-secret clearance.

Discretionary Access Control

Discretionary Access Control ( DAC ) is a model where the data owners decide who has access to data. This is most commonly found in the PC environment. Access is restricted based on permissions granted to the users. The creator/owner of a file can determine who has access to the file. The basis of DAC is the use of access control lists (ACLs) . These lists are enforced by the operating system but are determined by the owners and set by the network administrator. For example, suppose you want to give Mary access to your hard drive but not John. All you do is set the share and/or security permissions to mirror this. Mary then has access to the hard drive; John does not. Note that in MAC, the operating system determines the access, and in DAC, the data owner determines the access. Therefore, in this situation, if you were using MAC and the security labels did not allow Mary access to your hard drive, she would not be able to access it no matter what you did.

Rule-Based Access Control

Two access control methods share the same acronym, RBAC. The first of these is Rule-Based Access Control , and the second is Role-Based Access Control . Rule-Based Access Control is also based on ACLs. The basis of this type of access is to determine what can happen to an object based on a set of rules. The most common use of this is on routers and firewalls. Access is determined by looking at a request to see whether it matches a predefined set of conditions. An example would be if you configured your router to deny any IP addresses from the 10.10.0.0 subnet and allow addresses from the 192.168.10.0 network. When a machine with an address of 192.168.10.15 requests access, the router looks at the rules and accepts the request. In Rule-Based Access Control, the administrator sets the rules. This is considered a type of mandatory control because the users cannot change these rules. In other words, if the administrator sets the aforementioned router conditions, you, as a user, cannot have the router accept requests from a 10.10.0.25 address.

graphics/alert_icon.gif

Role-Based Access Control is based on a predefined set of rules that determines the object's access.


In a Rule-Based Access Control solution, accounts may be granted varying levels of access, such as Read, Write, or Edit. These rights may vary by account, by group membership, by time of day, or by many other forms of conditional testing. An example of this would be setting the filtering of IP packets on a proxy server or firewall. Say you want to keep the production staff from downloading BMP files, but you want to allow the development staff to do so. Before you allow any file to be downloaded, you check conditions such as the file type and the group membership. Remember that the most common form of Rule-Based Access Control involves testing against an ACL that details systems and accounts with access rights and the limits of their access for the resources. ACLs are used within operating systems such as Novell NetWare, Microsoft Windows, DEC OpenVMS, and most Unix and Linux packages.

Role-Based Access Control

The second type of access control that utilizes the RBAC acronym is the Role-Based Access Control method. This method of access is based on an organization's structure and the roles the users play in the organization. In this type of access control, it is determined what job functions each employee performs and then access is assigned based on those functions. Role-Based Access Control is also known as Nondiscretionary Access Control .

Because users are assigned roles and then permissions are assigned to these roles, this may sound similar to a group membership. However, this is not necessarily so. Roles and groups both provide ways of controlling user access, but in a group environment, users can belong to other groups. In a role-based model, users can only be assigned one role. Another difference is that sometimes in a group environment, users are assigned separate or individual permissions. A role-based model does not support this. Therefore, if you are assigned to the role of "developer," you have access to the resources that are allowed for that rolenothing more, and nothing less.

Many times, this type of access control model will be used in companies that use a lot of independent contractors or have a high turnover . This saves on administrative overhead because the administrator can more easily remove and add users to a role. For example, let's look at the difference between a user in a group scenario and a user in a role scenario.

Your company had a developer who belonged to the following groups: development, testing, and production. He also had administrative permissions on two of the servers in the development office. He has left the company, and a new developer has been hired to replace him. Because you don't want the new developer to have the excessive permissions the original developer had, you cannot just rename the old account. This creates a lot of work for you as the administrator, and if turnover is high in your company, before you know it, you will have very little control or will be spending all your time setting permissions.

If the preceding situation is designed as a role-based scenario, the permissions are much cleaner because the developer can only be assigned one role. Therefore, when a new developer is hired, he either has the same role as the previous developer or is assigned a different one, but he can only have one role, making administration much easier.

The Role-Based Access Control model can use task-based access, lattice-based access, and role-based access. Task-based access is similar to role-based access, except tasks instead of roles are defined. Lattice-based access defines the upper and lower bounds of a user's permissions. This is found in MAC situations. Let's say the developer role has a security clearance of top-secret. The upper bound would be top-secret, and the lower bound would be anything the public would have access to. So you see, role-based access can be used in MAC. It can also be used in DAC. In DAC, the data owners decide on the permissions; therefore, administrators can make roles and the data owners can then decide to which roles to give access.


Previous page
Table of content
Next page
Security+ Exam Cram 2 (Exam SYO-101)
Security+ Certification Exam Cram 2 (Exam Cram SYO-101)
ISBN: 0789729105
EAN: 2147483647
Year: 2005
Pages: 162
Authors: Kirk Hausman, Diane Barrett, Martin Weiss, Ed Tittel
BUY ON AMAZON
Strategies for Information Technology Governance
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
Developing Tablet PC Applications (Charles River Media Programming)
SQL Hacks
HTI+ Home Technology Integrator & CEDIA Installer I All-In-One Exam Guide
Microsoft Visual Basic .NET Programmers Cookbook (Pro-Developer)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy