SCSA3024 - DISTRIBUTED SYSTEMS AND SECURITY

UNIT 3
Access Control Systems: Operating system access controls – authentication and
authorization – access operations – access control structures – ownership – hardware
protection - intermediate controls – policy instantiation – comparing security attributes

3.1. Access Control Systems:

Operating system access controls:
Access controls in an operating system (OS) are security measures designed to regulate how
users and processes interact with system resources. They ensure that only authorized entities
can access or manipulate data, enhancing security and protecting sensitive information. These
controls are implemented using various models and mechanisms.

3.1.1. What is Access Control?

Access Control is a method of limiting access to a system or resources. Access control refers
to the process of determining who has access to what resources within a network and under
what conditions. It is a fundamental concept in security that reduces risk to the business or
organization. Access control systems perform identification, authentication, and
authorization of users and entities by evaluating required login credentials that may include
passwords, pins, bio-metric scans, or other authentication factors. Multi-factor
authentication requires two or more authentication factors, which is often an important part
of the layered defense to protect access control systems.

Authentication Factors
 Password or PIN
 Bio-metric measurement (fingerprint & retina scan)
 Card or Key
For computer security, access control includes the authorization, authentication, and audit of
the entity trying to gain access. Access control models have a subject and an object.

Components of Access Control

 Authentication: Authentication is the process of verifying the identity of a user. User

authentication is the process of verifying the identity of a user when that user logs in to a
computer system.
 Authorization: Authorization determines the extent of access to the network and what
type of services and resources are accessible by the authenticated user. Authorization is
the method of enforcing policies.
 Access: After the successful authentication and authorization, their identity becomes
verified, This allows them to access the resource to which they are attempting to log in.
 Manage: Organizations can manage their access control system by adding and removing
authentication and authorization for users and systems. Managing these systems can be
difficult in modern IT setups that combine cloud services and physical systems.
 Audit: The access control audit method enables organizations to follow the principle.
This allows them to collect data about user activities and analyze it to identify possible
access violations.

How Access Control Works?

Access control involves determining a user based on their credentials and then providing the
appropriate level of access once confirmed. Credentials are used to identify and authenticate
a user include passwords, pins, security tokens, and even biometric scans. Multifactor
authentication (MFA) increases security by requiring users to be validated using more than
one method. Once a user’s identity has been verified, access control policies grant specified
permissions, allowing the user to proceed further. Organizations utilize several access control
methods depending on their needs.

Types of Access Control

 Attribute-based Access Control (ABAC): In this model, access is granted or declined by

evaluating a set of rules, policies, and relationships using the attributes of users, systems
and environmental conditions.
 Discretionary Access Control (DAC): In DAC, the owner of data determines who can
access specific resources.
 History-Based Access Control (HBAC): Access is granted or declined by evaluating the
history of activities of the inquiring party that includes behavior, the time between
requests and content of requests.
 Identity-Based Access Control (IBAC): By using this model network administrators can
more effectively manage activity and access based on individual requirements.
 Mandatory Access Control (MAC): A control model in which access rights are regulated
by a central authority based on multiple levels of security. Security Enhanced Linux is
implemented using MAC on the Linux operating system.
 Organization-Based Access control (OrBAC): This model allows the policy designer to
define a security policy independently of the implementation.
 Role-Based Access Control (RBAC): RBAC allows access based on the job title. RBAC
eliminates discretion on a large scale when providing access to objects. For example,
there should not be permissions for human resources specialist to create network
accounts.
 Rule-Based Access Control (RAC): RAC method is largely context based. Example of
this would be only allowing students to use the labs during a certain time of day.
Different access control models are used depending on the compliance requirements and the
security levels of information technology that is to be protected. Basically access control is
of 2 types:
 Physical Access Control: Physical access control restricts entry to campuses, buildings,
rooms and physical IT assets.
 Logical Access Control: Logical access control limits connections to computer networks,
system files and data.
 Figure 5.1. Types of Access Control

Challenges of Access Control

 Distributed IT Systems: Current IT systems frequently combine internet and on-premise

networks. These systems may be distributed geographically and comprise various
devices, assets, and virtual machines. Access is allowed to all of these devices, and
keeping track of them can be challenging.
 Policy Management: Policy makers within the organization create policies, and the IT
department converts the planned policies into code for implementation. Coordination
between these two groups is essential for keeping the access control system up to date
and functioning properly.
 Monitoring and Reporting: Organizations must constantly check access control systems
to guarantee compliance with corporate policies and regulatory laws. Any violations or
changes must be recognized and reported immediately.
 Access Control Models: Access control mechanisms provide varying levels of precision.
Choosing the right access control strategy for your organization allows you to balance
acceptable security with employee efficiency.

3.2. Authentication and Authorization

Figure 5.2. Authorization

Authentication and Authorization are utilized in data security, allowing the safeguarding of
an automated data system. Both are very crucial topics often associated with the internet as
key components of its service infrastructure. However, each term is distinct, representing
different concepts. While they are frequently used in the same context with the same tools,
they are entirely distinct from one another.

Figure 5.3. Authentication

What is Authentication?
Authentication is the method of verifying the identity of a consumer or system to ensure
they’re who they claim to be. It involves checking credentials which include usernames,
passwords, or biometric information like fingerprints or facial recognition. This step is vital
for securing access to systems, programs, and sensitive records. By confirming identities,
authentication saves you from unauthorized entry and protects you against safety breaches.

Steps in Authentication:
1. Credential Submission: The user provides credentials (e.g., username and password).
2. Validation: The system compares the submitted credentials against stored data (e.g., in a
database or directory).
3. Verification Outcome: Access is granted or denied based on whether the credentials
match.
Types of Authentication:
1. Something You Know:
 Passwords, PINs, or answers to security questions.
 Example: Logging into an email account with a password.
2. Something You Have:
 Smartcards, tokens, or one-time passwords (OTP).
 Example: Using an OTP sent to a mobile device.
3. Something You Are:
 Biometrics like fingerprints, facial recognition, or retinal scans.
 Example: Unlocking a smartphone with a fingerprint.
4. Location-Based:
 Validating based on geographic location or IP address.
5. Behavioral-Based:
 Monitoring typing patterns or mouse movements.
Advanced Methods:
  Multi-Factor Authentication (MFA): Combines two or more factors (e.g., password +
OTP).
 Single Sign-On (SSO): A user logs in once to access multiple systems.
 Biometric Authentication: Uses physiological traits for verification (e.g., fingerprints,
facial recognition).

What is Authorization?
Authorization is the method of figuring out and granting permissions to a demonstrated user
or system, specifying what assets they can access and what actions they’re allowed to carry
out. It comes after authentication and guarantees that the authenticated entity has the proper
rights to use certain data, applications, or services. This step is important for implementing
protection guidelines and controlling access within the system, thereby stopping
unauthorized activities.

Key Components of Authorization:

1. Access Control:
 Rules governing user permissions on resources.
 Examples: Read, write, execute, delete.
2. Policy Enforcement:
 Applying security policies to determine access rights.
 Example: A user may only access files they own or those explicitly shared with
them.
3. Role Assignment:
 Based on the user's role or group membership (e.g., Admin, User, Guest).

Types of Authorization Models:

1. Role-Based Access Control (RBAC):

 Permissions are assigned to roles rather than individuals.
 Example: A "Manager" role has access to project reports, while a "Team Member"
role does not.
2. Mandatory Access Control (MAC):
 System-enforced policies restrict access based on sensitivity levels.
 Example: A file marked "Confidential" is accessible only to users with the
"Confidential" clearance.
3. Discretionary Access Control (DAC):
 Resource owners control access rights.
 Example: A user shares a document with specific individuals.
4. Attribute-Based Access Control (ABAC):
 Access is granted based on attributes such as location, device type, or time of
access.
 Example: Allow access only during business hours.
 Figure 5.4. Authorization and Authentication

Authentication verifies the identity of a person or device, at the same time as authorization
determines their access rights and permissions within a device. Together, they make sure that
users aren’t only who they claim to be but also have the permissions to perform certain
actions or access certain sources.

3.3. Access Operations

Access operations refer to the actions or methods that allow a user, process, or system to
interact with resources (such as files, data, or devices) in a computing environment. Access
operations can include the following:

 Read: Accessing data to retrieve information without altering it.

 Write: Modifying or updating data.
 Execute: Running a program or script.
 Delete: Removing data or files.
 Append: Adding data to an existing file or data structure without modifying its current
content.
 Create: Generating new resources or data (e.g., files, records).

Types of Access Operations

1. Read (R):
 Grants permission to view or access the contents of a resource without modifying
it.
 Example:
 Opening a file to read its contents.
 Viewing records in a database query.
2. Write (W):
 Grants permission to modify or overwrite the resource.
 Example:
 Editing a document.
 Updating records in a database table.
3. Execute (X):
  Grants permission to run or execute a resource, such as a script, program, or binary
file.
 Example:
 Running an executable file or a script on a system.
 Launching a software application.
4. Delete (D):
 Grants permission to remove or delete a resource.
 Example:
 Deleting a file or directory.
 Dropping a table or database in a database system.
5. Create:
 Grants permission to create new resources.
 Example:
 Creating a new file in a directory.
 Adding a new table in a database.
6. Modify:
 Grants permission to change the structure or properties of a resource.
 Example:
 Renaming a file.
 Changing file permissions or metadata.
7. List (L):
 Grants permission to view the names of resources in a directory or collection.
 Example:
 Listing files in a folder using ls (Linux) or dir (Windows).
8. Append:
 Grants permission to add data to the end of a resource without overwriting existing
data.
 Example:
 Adding new lines to a log file.
9. Specialized Operations:
 Copy: Permission to duplicate the resource.
 Move: Permission to transfer a resource from one location to another.
 Change Permissions: Permission to alter access controls on the resource.
 Audit: Permission to view access logs or security-related information.

In systems that involve databases or file systems, access operations are essential for ensuring
the desired level of interaction between users and the resources they need to access.

3.4. Access Control Structure

Access control structures define the rules and mechanisms that govern how resources in a
system can be accessed and by whom. They are designed to protect sensitive information and
ensure that only authorized users or systems can perform specific actions.
 Figure 5.5. Access Control Structure

The main components of an access control structure include:

 Access Control Lists (ACLs): A list that defines what operations (read, write, execute)
users or groups of users can perform on specific resources.
 Example: A file ACL might list a user with "read" permission, another user with
"write" permission, and a third with "no access."
 Roles and Permissions: Access is often granted based on the role of a user within a system.
For example:
 Admin: Can create, delete, and modify resources.
 User: Can read and write resources, but not delete or modify system-level settings.
 Authentication: The process of verifying the identity of a user, system, or device
attempting to access a resource. This could involve passwords, biometric data, or security
tokens.
 Authorization: After authentication, authorization determines what actions the
authenticated user is allowed to perform. This is often based on user roles or other
attributes.
 Access Control Models:
 Discretionary Access Control (DAC): The resource owner decides who can access
the resource.
 Mandatory Access Control (MAC): Access is based on strict policies enforced by the
system, often using labels or classification levels.
 Role-Based Access Control (RBAC): Access is granted based on the user’s role within
the organization or system.
 Attribute-Based Access Control (ABAC): Access decisions are made based on attributes
(e.g., department, time of access) of the user, resource, and environment.
 Audit Trails and Logging: Systems often keep logs of access operations, recording who
accessed what resources, when, and what actions were performed. This is important for
security monitoring and compliance.

3.5. Ownership in Computing

In computing, ownership refers to the concept of controlling or managing access to resources

(such as files, memory, or devices) within a system. Ownership establishes who has the
authority to perform certain operations on resources, such as reading, writing, modifying, or
deleting them.
Types of Ownership

 File Ownership: In an operating system, each file is typically associated with a user or
group of users, called the owner. The owner has certain privileges, such as the ability to
modify or delete the file, while other users may only have read access or no access at all.
 Resource Ownership: This extends to other system resources such as memory, processes,
and hardware devices. Ownership helps determine who can access, modify, or manage
these resources. For example, a process may "own" a block of memory, which means it has
exclusive control over it during its execution.
 Access Control: Ownership often ties into access control mechanisms like Access Control
Lists (ACLs) or Role-Based Access Control (RBAC), where the owner can grant or restrict
access to resources for others.

Key Features of Ownership

1. Resource Creator as Owner:

 By default, the creator of a resource (e.g., a file or directory) is its owner.
 In some systems, ownership can be transferred to another user if allowed by
policies.
2. Owner Permissions:
 Owners have full control over their resources.
 They can:
 Modify access permissions.
 Rename or delete the resource.
 Transfer ownership to another user (if the system permits).
3. Ownership Hierarchies:
 User Ownership: Resources owned by individual users.
 Group Ownership: Resources assigned to groups, where multiple users may share
control.

Ownership Conflicts

1. Orphaned Ownership: Occurs when the owner account is deleted. The resource may
become inaccessible unless reassigned.
2. Conflicting Group Ownership: When multiple users in a group attempt conflicting actions
on a shared resource.

Ownership and Security

Ownership plays a vital role in enforcing security:

1. Preventing Unauthorized Access:

 Only owners can grant or revoke access to resources.
2. Audit and Accountability:
 Ownership attributes help track who is responsible for a resource in audit logs.
3. Delegation of Control:
 Owners can delegate permissions to other users or groups.
3.6. Hardware Protection

Hardware protection refers to the mechanisms used to safeguard the physical hardware of a
computer system, as well as its components (e.g., CPU, memory, storage devices, etc.), from
unauthorized access, malicious activities, or physical damage. These mechanisms work at both
the hardware and software levels to ensure that the system's integrity, security, and availability
are maintained.

Figure 5.6. Hardware Protection

Key Aspects of Hardware Protection:

1. Memory Protection:
o Purpose: Prevents a program from accessing or modifying the memory space of
another program or the operating system. This is critical for system stability and
security.
o Mechanism: Memory protection is achieved through hardware-based memory
management units (MMUs), which can enforce boundaries between user and kernel
space, or between different processes. Segmentation and paging are common
techniques used in memory protection.
2. Physical Security:
o Purpose: Protects the hardware itself from physical tampering, theft, or destruction.
This is important for sensitive systems (e.g., servers, financial systems).
o Mechanism: Examples include lockable server racks, tamper-resistant casing, and
physical intrusion detection systems.
3. CPU Privilege Levels:
o Purpose: Ensures that code running in different modes (privileged vs non-
privileged) cannot accidentally or maliciously interfere with the system’s hardware
or other software components.
o Mechanism: Most processors have different privilege levels, like user mode and
kernel mode (also known as supervisor mode). Code running in kernel mode has
unrestricted access to hardware, while user-mode code is restricted from performing
critical operations.
4. I/O Protection:
o Purpose: Prevents unauthorized access to or control over input/output devices such
as network cards, hard drives, and printers.
o Mechanism: Hardware I/O ports or bus systems often have protections in place that
allow the operating system to control access, ensuring that only authorized
processes can interact with hardware peripherals.
5. Access Control for Hardware Resources:
 o Purpose: Ensures that hardware resources (e.g., CPU cycles, memory, storage,
network bandwidth) are allocated and used securely, preventing unauthorized users
or processes from accessing critical hardware.
o Mechanism:
 Virtualization: Virtual machines (VMs) are used to partition hardware
resources. A hypervisor ensures that each VM is isolated and can't interfere
with others.
 Device Drivers: Only authorized and verified device drivers are allowed to
interact with hardware, reducing the risk of malicious software exploiting
hardware vulnerabilities.
6. Secure Boot and Trusted Platform Module (TPM):
o Purpose: These technologies protect the system from malicious firmware or
bootkits that attempt to compromise the system’s hardware at startup.
o Mechanism: Secure Boot ensures that only trusted operating systems and firmware
can be loaded on startup. TPM provides hardware-based cryptographic operations,
securing hardware-based keys and ensuring system integrity.
7. Encryption and Secure Storage:
o Purpose: Prevents unauthorized access to sensitive data stored on hardware devices
(e.g., hard drives, USB devices).
o Mechanism: Full disk encryption or hardware security modules (HSMs) can be used
to encrypt sensitive data and prevent unauthorized access, even if the hardware is
physically stolen.

There are a number of general problems with interfacing hardware and software security
mechanisms. For example, it often happens that a less privileged process such as application
code needs to invoke a more privileged process such as a device driver. The mechanisms for
doing this need to be designed with some care, or security bugs can be expected. The IBM
mainframe operating system MVS, for example, had a bug in which a program which executed
a normal and an authorized task concurrently could make the former authorized too [774]. Also,
performance may depend quite drastically on whether routines at different privilege levels are
called by reference or by value.

3.7. Intermediate Controls in Security

Intermediate controls are security mechanisms that operate between the user (or external
system) and the core system resources to manage and regulate access, ensure compliance, and
enforce security policies. These controls can be seen as the "middle layer" in the security
architecture, sitting between lower-level controls (like hardware security) and higher-level
policies (such as user access management).
 Figure 5.7. Types of Cyber Security controls

Some examples of intermediate controls include:

1. Firewalls: A security system that monitors and controls incoming and outgoing network
traffic based on predetermined security rules.
 Role: It acts as an intermediary, ensuring that only authorized traffic is allowed to
pass between different networks or devices, thus protecting internal systems from
external threats.
2. Intrusion Detection and Prevention Systems (IDPS): These systems detect and respond to
potentially malicious activities or intrusions in real-time.
 Role: They provide an intermediate layer of monitoring and enforcement by
analyzing traffic or system behavior and blocking or alerting administrators about
suspicious actions.
3. Proxies and Gateways: A proxy server can be used to mediate between the user and the
network, filtering requests to ensure compliance with security policies.
 Role: It ensures that requests are valid, secure, and authorized before passing
through to the target system or network.
4. Access Control Mechanisms (RBAC, DAC, MAC): These controls determine what actions
a user or process can perform on system resources. They are often implemented in the
middle layer of access management systems.
 Role: These controls ensure that security policies, such as limiting access to certain
files or systems, are applied correctly.
5. Logging and Monitoring Systems: Systems that track user actions, access attempts, and
system activities in real-time.
 Role: They help detect potential security incidents, provide audit trails for
investigations, and ensure compliance with security policies by flagging anomalous
behavior.

Key Features of Intermediate Controls

1. Granularity:
 Offer more precise control over resource access compared to standard mechanisms.
 Example: Restricting access based on time, location, or context.
2. Context-Awareness:
  Include conditions such as the user’s role, network location, or device type.
3. Adaptability:
 Intermediate controls adjust permissions dynamically based on changing
circumstances.
4. Complementarity:
 Enhance basic controls (like Role-Based Access Control (RBAC)) without
replacing them.

3.8. Policy Instantiation in Security

Policy instantiation refers to the process of implementing a security policy into practical,
enforceable measures in a given system. In essence, it is the translation of high-level security
rules and guidelines into specific controls, configurations, or behaviors that can be actively
monitored, enforced, and modified.

Figure 5.8. Policy Instantiation in Security

Steps in Policy Instantiation:

1. Defining the Policy:

 Security policies are typically defined at the organizational level (e.g., "Only
authenticated users can access sensitive data" or "All communications must be
encrypted").
 Policies should be clear, enforceable, and reflect the security needs of the
organization.
2. Designing Controls:
 Based on the defined policy, the next step is to design security controls that can
enforce the policy. For example:
 A policy that mandates encryption could lead to the design of an encryption
strategy that is applied to data storage and transmission.
 A policy that restricts access based on roles might lead to the creation of
Role-Based Access Control (RBAC) systems.
3. Implementation:
 Once controls are designed, the policy is instantiated by applying the controls to the
systems, networks, or applications. This involves configuring firewalls, intrusion
detection systems, access control lists (ACLs), and user authentication systems.
4. Enforcement:
  The instantiated policy must be enforced continuously through automated systems,
human oversight, and monitoring tools. For example, enforcing a password policy
by ensuring that users choose strong passwords through automated checks.
5. Monitoring and Auditing:
 Once a policy is instantiated, it is crucial to monitor its effectiveness. Regular audits
and logging can help ensure compliance with the security policy, identify
weaknesses, and mitigate any potential risks.
6. Adaptation:
 As the organization's needs or the threat landscape evolve, the security policy and
its instantiation must be updated. This may involve updating encryption methods,
changing access control models, or adding new monitoring tools.

Figure 5.9. Adaptation

3.9. Comparing Security Attributes

Security attributes are characteristics or properties that help define the security posture of a
system or resource. These attributes are often used to assess, compare, and evaluate the security
strength of various systems, resources, or entities.

Some common security attributes include:

1. Confidentiality:
 Ensures that sensitive information is only accessible to authorized users or
processes.
 Example: Encryption techniques are used to protect the confidentiality of data in
transit or at rest.
2. Integrity:
 Ensures that information is accurate, consistent, and protected from unauthorized
modification.
 Example: Hash functions or digital signatures are used to verify the integrity of
data.
3. Availability:
 Ensures that authorized users have reliable access to information and resources
when needed.
 Example: Redundancy, failover systems, and load balancing are used to improve
system availability.
4. Authentication:
 The process of verifying the identity of a user, device, or system.
 Example: Usernames, passwords, and biometric data are used for user
authentication.
5. Authorization:
 Determines whether an authenticated user has the right to access a resource or
perform an action.
 Example: Access control mechanisms like RBAC or DAC are used to manage
authorization.
6. Non-repudiation:
 Ensures that a user cannot deny performing an action or sending a message.
 Example: Digital signatures and audit logs provide evidence of actions taken by
users.

Figure 5.10. Comparing Security Attributes

Comparing Security Attributes:

When comparing security attributes, the primary goal is to understand their relative importance
in a given context and to identify trade-offs between them. For instance:

 Confidentiality vs. Availability: Sometimes, enforcing strict confidentiality may lead to

restrictions that affect system availability (e.g., encrypted data that requires complex
decryption might take longer to access).
 Integrity vs. Performance: Implementing mechanisms to maintain data integrity, such as
checksums or audit trails, can introduce additional overhead and impact system
performance.
 Authentication vs. User Experience: Strong authentication methods (e.g., multi-factor
authentication) may enhance security but could negatively impact the user experience due
to the added complexity.

The balance between these attributes depends on the specific needs of the organization, risk
tolerance, and the particular system in question. For instance, a financial institution may
prioritize confidentiality and integrity over availability, whereas an e-commerce platform
might focus on availability and performance.