Types of Access Control in Computer Security

Types of Access Control: Discretionary Access Control(DAC) or Identity Based Access Control(IBAC): Individual user sets access control mechanism to allow or deny access to an object. Access control is left to the discretion of the owner. Discretionary access controls base access rights on the identity of the subject and the identity of the object involved. Identity is the key; the owner of the object

Types of Access Control:

Discretionary Access Control(DAC) or Identity Based Access Control(IBAC):
Individual user sets access control mechanism to allow or deny access to an object. Access control is left to the discretion of the owner. Discretionary access controls base access rights on the identity of the subject and the identity of the object involved. Identity is the key; the owner of the object constrains who can access it by allowing only particular subjects to have access. The owner states the constraint in terms of the identity of the subject, or the owner of the subject. The owner can pass rights onto other subjects (discretion). Also their programs can pass their rights and the owner has power to determine who can access.

EXAMPLE: Suppose a child keeps a diary. The child controls access to the diary, because she can allow someone to read it (grant read access) or not allow someone to read it (deny read access). The child allows her mother to read it, but no one else. This is a discretionary access control because access to the diary is based on the identity of the subject (mom) requesting read access to the object (the diary).

Mandatory Access Control (MAC) or Rule Based Access Control:

When a system mechanism controls access to an object and an individual user cannot alter that access, the control is a mandatory access control (MAC), occasionally called a rule-based access control. System mechanism controls access to object, and individual cannot alter that access. The operating system controls access, and the owner cannot override the controls. Neither the subject nor the owner of the object can determine whether access is granted. Typically, the system mechanism will check information associated with both the subject and the object to determine whether the subject should access the object. Rules describe the conditions under which access is allowed. Subjects cannot pass the rights and subjects programs cannot pass the right to access. System controls all accesses, and no one may alter the rules governing access to those objects.

EXAMPLE: The law allows a court to access driving records without the owners' permission. This is a mandatory control, because the owner of the record has no control over the court's accessing the information.

Originator Controlled Access Control (ORCON or ORGCON):

An originator controlled access control (ORCON or ORGCON) bases access on the creator of an object (or the information it contains). Information is controlled by originator or creator of information not owner. Sometimes creator may be owner too. The goal of this control is to allow the originator of the file (or of the information it contains) to control the dissemination of the information. ORCON is the combination of MAC and DAC and the basic rules are:

- The owner of an object cannot change the access controls of the object.

- When an object is copied, the access control restrictions of that source are copied and bound to the target of the copy.

- The creator (originator) can alter the access control restrictions on a per-subject and per-object basis.

EXAMPLE: For protecting Audio/Video CD access is controlled to control piracy. Master CD is allowed to copy for selling and once copied CD is prevented to copy.

Role Based Access Control (RBAC):

Role Based Access Control (RBAC), also known as Non discretionary Access Control, takes more of a real world approach to structuring access control. Access under RBAC is based on a user's job function within the organization to which the computer system belongs.

Essentially, RBAC assigns permissions to particular roles in an organization. Users are then assigned to that particular role. For example, an accountant in a company will be assigned to the Accountant role, gaining access to all the resources permitted for all accountants on the system. Similarly, a software engineer might be assigned to the developer role.

Roles differ from groups in that while users may belong to multiple groups, a user under RBAC may only be assigned a single role in an organization. Additionally, there is no way to provide individual users additional permissions over and above those available for their role. The accountant described above gets the same permissions as all other accountants, nothing more and nothing less.

The Bell-LaPadula Model:

A confidentiality policy, also called an information flow policy, prevents the unauthorized disclosure of information. Unauthorized alteration of information is secondary. For example, the navy must keep confidential the date on which a troop ship will sail. If the date is changed, the redundancy in the systems and paperwork should catch that change. But if the enemy knows the date of sailing, the ship could be sunk. Because of extensive redundancy in military communications channels, availability is also less of a problem.

The Bell-LaPadula Model corresponds to military-style classifications. It has influenced the development of many other models and indeed much of the development of computer security technologies. The simplest type of confidentiality classification is a set of security clearances arranged in a linear (total) ordering. These clearances represent sensitivity levels. The higher the security clearance, the more sensitive the information and the greater the need to keep it confidential. A subject has a security clearance levels like C (for CONFIDENTIAL), TS (for TOP SECRET). An object has a security classification levels like S (for SECRET), UC (for UNCLASSIFIED). When we refer to both subject clearances and object classifications, we use the term "classification". The goal of the Bell-LaPadula security model is to prevent read access to objects at a security classification higher than the subject's clearance.

The properties of the Bell-LaPadula model are:

- The simple security property which is “no read up”.

- The star property which is “no write down”.

A problem with this model is it does not deal with the integrity of data.

The Biba Integrity Model:

Integrity refers to the trustworthiness of data or resources. Integrity is usually defined in terms of preventing improper or authorized change to data. There are three main goals of integrity:

- Preventing unauthorized users from making modifications to data or programs.

- Preventing authorized users from making improper or unauthorized modifications.

- Maintaining internal and external consistency of data and programs.

The Biba integrity model was published in 1977 at the Mitre Corporation; one year after the Bell La-Padula model was published. The primary motivation for creating this model is the inability of the Bell-LaPadula model to deal with integrity of data. The Biba model addresses the problem with the star property of the Bell-LaPadula model, which does not restrict a subject from writing to a more trusted object.

A classification is an element of hierarchical set of elements. It consists of elements like C (for Crucial), VI (for Very Important), I (for Important). Set of categories and classification determines the level of integrity.

The properties of Biba Model are:

- The “no write-up” is essential, since it limits the damage that can be done by malicious objects in the system. For instance, “no write-up” limits the amount of damage that can be done by a trojan horse in the system. The trojan horse would only be able to write to objects at it integrity level or lower. This is important because it limits the damage that can be done to the operating system.

- The “no read-down” prevents a trust subject from being contaminated by a less trusted object.

You May Also Like...

Socialize with Us