Wednesday, 9 January 2019

OS Security Goals, Policy & Model and Access Control Techniques

 Security Goals

Secrecy (confidentiality)
- Unauthorized disclosure
- Limits the objects (files/sockets) that a process can read

- Unauthorized modification
- Limits the objects that a process can write
 (objects may contains information that other processes depend on)

- Limits the system resources that processes (or users) may consume 
- Therefore preventing denial of service attacks
- Achieved by OS resource management techniques like fair scheduling

Confidentiality & Integrity

Achieved by Access Control
  • Every access to an object in the system should be controlled
  • All and Only authorized accesses can take place
Access Control Systems

Development of an access control system has three components
- Security Policy  : high level rules that define access control
- Security Model  : a formal representation of the access control security policy and its working.
       (this allows a mathematical representation of a policy; there by aid in proving that the model is secure)
- Security Mechanism  : low level (sw / hw) functional implementations of policy and model.

Security Policy
  • A scheme for specifying and enforcing security policies in a system
  • Driven by
         - Understanding of threat and system design
  • Often take the form of a set of statements
       - Succinct statements
       - Goals are agreed upon either by
                 * The entire community
                 * Top management
                 * Or is the basis of a formal mathematical analysis

A bad security policy model of a company

Megacorp Inc security policy
  1. This policy is approved by Management.
  2. All staff shall obey this security policy.
  3. Data shall be available only to those with a 'need-to-know'. 
  4. All breaches of this policy shall be reported at once to security.

Security Model

Why have it at all?
  • It is a mathematical representation of the policy.
  • By proving the model is secure and that the mechanism correctly implements the model, we can argue that the system is indeed secure (w.r.t. the security policy)

Security Mechanism
  • Implementing a correct mechanism is non trivial 
  • Could contain bugs in implementation which would break the security
  • The implementation of the security policy must work as a 'trusted base' (reference monitor)
  • Properties of the implementation
           - Tamper proof
           - Non-bypassable (all access should be evaluated by the mechanism)
           - Security kernel - must be confined to a limited part of the system (scattering security functions all over the system implies that all code must be verified)
          - Small - so as to achieve rigorous verification.

Discretionary Access Control

Discretionary (DAC)
  • Access based on
          - Identity of requestor
          - Access rules state what requestors are (or are not) allowed to do
  • Privileges granted or revoked by an administrator
  • Users can pass on their privileges to other users
  • Example. Access Matrix Model.
Access Matrix Model
  • By Butler Lampson, 1971
  • Subjects : active elements requesting information
  • Objects : passive elements storing information

States of Access Matrix 


Post a comment

Popular Posts


Android (21) AngularJS (1) Assembly Language (2) Books (10) C (75) C# (4) C++ (81) Course (1) Data Strucures (4) Downloads (1) Engineering (13) flutter (1) FPL (17) Hadoop (1) HTML&CSS (38) IS (25) Java (87) Leet Code (4) PHP (20) Projects (1) Python (218) R (69) Selenium Webdriver (2) Software (14) SQL (27)