Information Right

Management
Pertemuan 9

Fakultas Ilmu Komputer

 Information Right Management

Information right management encompasses two processes:

• Authentication is the process to verifying and validating
the identity (who you are).
• Authorization is he process where requests to access a
particular resource should be granted or denied to
appropriate privilege.
• A successful access control approach—whether intended
to control physical access or logical access—always
consists of both authentication and authorization
 Authentication vs Authorization

• Authentication (password/crypto/etc.)
– Who are you?
• Authorization (Acess control)
– What are you allowed to do.
– Focus is policy
• Enforcement Mechanism
- How its policy implemented/enforced
 Authentication Mechanism

• Mechanism types:
– Something you know
– Something you have
– Something you are
– Something you produce
• Strong authentication uses at least two different
authentication mechanism types
 Something You Know
• This type of authentication mechanism verifies the user’s
identity by means of a password, passphrase, or other unique
code
• A password is a private word or combination of characters that
only the user should know
• A passphrase is a plain-language phrase, typically longer than a
password, from which a virtual password is derived
• A good rule of thumb is to require that passwords be at least
eight characters long and contain at least one number and one
special character
Password Power (1)
Password Power (2)
 Check Password Power

• https://howsecureismypassword.net/
• https://password.kaspersky.com/
 Something You Have

• This authentication mechanism makes use of something (a

card, key, or token) that user or system possesses
• One example is a dumb card (such as an ATM cards) with
magnetic stripes
• Another example is the smart card containing a processor
• Another device often used is the cryptographic token, a
processor in a card that has a display
• Tokens may be either synchronous or asynchronous
Access Control Token
 Something You Are

• This authentication mechanism takes advantage of

something inherent in the user that is evaluated using
biometrics
• Most of the technologies that scan human
characteristics convert these images to obtain some
form of minutiae — unique points of reference that
are digitized and stored in an encrypted format
 Something You Do

• This type of authentication makes use of something

the user performs or produces
• It includes technology related to signature
recognition and voice recognition, for example
 Authorization

• Authorization for each authenticated user

– System performs authentication process to verify specific entity
– Grants access to resources for only that entity
• Authorization for members of a group
– System matches authenticated entities to a list of group memberships
– Grants access to resources based on group’s access rights
• Authorization across multiple systems
– Central authentication and authorization system verifies entity identity
– Grants a set of credentials to verified entity
 Managing Information Right

• To appropriately manage information right, an organization

must have a formal access control policy in place
– Determines how access rights are granted to entities and
groups
– Must include provisions for periodically reviewing all
access rights, granting access rights to new employees,
changing access rights when job roles change, and
revoking access rights as appropriate
 Access to Library - Example

• Authentication
– ID Check
• Access Control
– Visitor - allowed in
– Member - allowed to borrow
– Staff - allowed to access All area
• Enforcement Mechanism
– Walls, Doors, Locks, Bouncers
 What do this for?

• Express information access policies.

– Who can access my files, who can’t, how.
• Sandboxing: Minimize damage inflicted by malicous program.
• Privilege Seperation: Allow programs to be written to
minimize damage in case of failure.
– Think about compartments in a ship
Defense-in-Depth
 Principle
• Principle of Least privilege
• Make controls granular enough and apply them to enforce them to
minimize harm.
• Need to know basis
• determines whether the person should have access or not
 Principle

■ This model is generally used to help understand

the various issues involved in access control
■ The subject issues requests to access the object,
and protection is enforced by a reference monitor
that knows which subjects are allowed to issue
which requests
 Subjects and Objects

• Subjects
– can be processes, modules, roles
• Objects
– can be files, processes, etc.
• Authentication often used to subjects, but not necessary.
– e.g. process assumes identity of one subject, then
another.
• Authorization often focus on objects
 Elementary Form

• Whitelists/Blacklists (Single object, multiple Subjects)

– Examples: Spam prevention
– Blacklists:
• Default on (fail open)
• Hard to reason about who can access system
– Whitelists:
• Default off (fail closed)
• Have to deal with adding whitelist entries
 Access Control Matrix
• Instantaneous protection state of a system
• Dynamically Changing!

Objects

A B C D
alice 0 0 1 0
bo 1 1 0 1
subject
b
s charlie 0 0 1 0
dave 1 1 0 1
 Access Right

• Document/ File:
– Read
– Write
– Delete
• Server:
– Start
– Stop
– Reboot
 Adding Access Rights
• Access Rights
– e.g. Simple: Read, Write
– e.g. Complex: execute, change ownership
Objects

A B C D
alice r r/w r -
bo r r - r/w
subject
b
s charlie - - w -
dave r/w - w
 Grouping

• Subjects
– Groups e.g. staff = {alice,dave}, students = {bob, charlie},
department, etc
• Objects
– Types e.g. system_file = {A,B}, user_file = {C,D}
• Can have compound names
– e.g. in AFS talg:friends, system:backup
 ACL’s (Access Control Lists)
• What if I break my matrix down by columns?
– Each object has a set of <user, right> tuples
– A {<bob, r/w>, <alice,w>}
• Properties
– Good for many applications (file systems)
– Can grow quite large
ACL’s (Access Control Lists)
 Capabilities
• What if I break my matrix down by rows
– Alice {<A,r/w>, <B,w>, <C,r>}
• Properties
– Natural model for delegation (rights coupled to object)
• Each tuple can be viewed as a handle to an object
Capabilities List
 Protection Domain

• ACLs and capabilities help to efficiently implement the access

control matrix, but can still become quite cumbersome
• A protection domain is a set of (object, access rights) pairs,
where each pair specifies for a given object exactly what
operations can be carried out
• By associating a protection domain with each request, we can
cut down on redundant information in access control lists
 Protection Domain

■ One approach to using protection domains is to construct

groups of users
■ Another approach is to use roles instead of groups
– Roles: head of a department, manager of a project,
member of a personnel search committee
 Model of Access Control

• Discretionary Access Control (DAC)

• Mandatory Access Control (MAC)
• Role Base Access Control (RBAC)
 Discretionary Access Control (DAC)

 Access to data objects (files, directories, etc.) is

permitted based on the identity of users.
 Explicit access rules that establish who can, or cannot,
execute which actions on which resources.
 Discretionary: users can be given the ability of passing
on their privileges to other users, where granting and
revocation of privileges is regulated by an
administrative policy.
 Mandatory Access Control (MAC)

 In MAC users do not have the authority to override the

policies and it totally controlled centrally by the security
policy administrator
 MAC is a system-wide policy which defines who is
allowed to have access; individual user cannot change
that access rules. It totally relies on the central system.
 MAC policies are defined by the system administrator,
and it is strictly enforced by the OS or security kernel.
 Role Base Access Control (RBAC)

• Many organizations base access control decisions on “the roles

that individual users take on as part of the organization”.
• They prefer to centrally control and maintain access rights that
reflect the organization’s protection guidelines.
• With RBAC, role-permission relationships can be predefined,
which makes it simple to assign users to the predefined roles.
• The combination of users and permissions tend to change over
time, the permissions associated with a role are more stable.
Role Base Access Control (RBAC)
Any Question?