In some systems, we have what is called, Access Control. The role, sort of, is what you do, your function perhaps that may learn what kind of files you can access if your human resources or payroll, or you are in the different department.
Control User Access To Buildings, Rooms, Assets & Computers – Fully Configurable. Biometrics, Smart Card Or PIN – Date & Time Options. Save Time And Money With Our Smart Access Control Solutions.
The set of files you can access would depend on what your role in the organization is. So there is access control or AC that is implemented, it’s a little different so I thought we’ll just spend just a couple of minutes talking about it.
In role-back Access Control, remember, rights are for being able to access different resources, so those are access rights. Those are associated with the role, they’re not associated with the user. So the way to think about the way you going to define your policy, access control policy is you’re going to say, what roles do I have in my system? And for each role, what kind of resources do they need to have access to? So I would say people in this role can read these files or write these files and things like that.
So this part of the policy basically says, access rights are defined for roles. And users who going to log into the system or authenticate themselves to the system can then take on some roles. So RBAC, the way to think about this is that we don’t have direct access rights for users.
Users must be activated into one or more roles. And once they assume one or more roles, based on what those roles give them access to, that’s what the user, or the process running on this behalf of this user, can access. So we’re talking about enterprise setting. Access may be based on job function or role of a given user. That’s where this might make sense.
Project manager may have access to all the files. The developers or people doing QA or something like that may access files in different ways and so on. Payroll manager and HR function may be able to look at files that have people’s salaries and so on because they are payroll managers and things like that. So this is how roles will be defined.
Access rights associated with roles, as we said before, and users when authentication happen and then we know the user is was logging into the system, we have to then so to start with authentication, but then be able to activate one or more roles for them. So role activation is something else that has to be added to this process. The policy defined here and there are two stages, activating a role for a user and based on that deciding what the user can access.
Now there’s some benefits that come when we have access controls. What could be some of these benefits? So first of all we said our policy defines what roles have kind of access for resources in the system.
So the policy doesn’t need to change when, let’s say a certain person leaves the organization. Policy is associated with roles. It’s not associated with users so users coming or going they don’t require changes to the policy the organization has.
When a new employee comes, basically we think about what role is appropriate for them. And as soon as we decide their role, based on their function and what resources they should have access to automatically happens, because that role, along with it has had an access right to various resources.
And that, as I said, happens automatically as soon as we decided what role this new employee can take. An interesting thing, least privilege, remember, is one of the design principles that we had, which said you should always execute with the smallest number of privileges or access rights that you need to do what is being done at that time.
And it’s a really damage containment thing. If something goes wrong, you don’t negatively impact resources that you have no business having access to at that point. So how does AC help you with that? Well actually it does, because user can start in one role and access a subset of the files that are only available to that role.
The user can then switch roles and then go access a different set of roles, a different set of files associated with a new role. If you don’t have AC and a user has a UID and has access to everything, he or she can never access. Roles sort of give you this ability to control, saying if you’re in a certain role at a given time only the resources needed for that role should be available at that point, and we can do that with AC.
Being able to implement least privilege is a good thing. That the design principle for systems we want to trust, so AC actually enables that. So there are actually systems that implement AC. SELinux, we’re going to come back to it, is Security-Enhanced Linux actually supports AC, and there are others as well.
There are different kinds of access control lists, and we’re going to look at some of those models here. First of all, AC, or Access Control, this is one that you’re very familiar with on a Windows system.
What it means is that the owner has the discretion as to who can and cannot access their documents. Now, the owner is usually the creator. And so I’m going to go back here to this list to this thing we saw before. Let’s see if I can find it again.
There we go, the ACL folder. And I’m going to right-click on ACL folder and down to Properties and then over to the Security tab. These are the permissions that I’m going to grant to various people. If I click Advanced, you’re looking here at the access control list for the permissions for this particular folder.
And it says, who is allowed to and not allowed to access this folder? So that is something we call the DACL, D-A-C-L, which stands for Access Control List. And notice that me, as the creator of this folder, have control over who can and cannot access this folder.
In other words, I am the owner and you can see here under Owner, Roger. So this owner has control over who can and cannot access it. And by the, way there is something else here. If you look on this tab, Auditing, you’ll see, well, I have to be an administrator to get into that.
So I’ll go ahead and click Continue because I am an administrator. And besides, I’m the owner of this. This is the SACL, or System Access Control List. And the SACL has to do with auditing. What kind of audit is going to take place? So I’m just going to click Add here. And it says, Select a Principal.
So I’ll select Users. And we’ll check name, sure enough, Redwood Users. And I’m going to go ahead and just click everything there. And I’m going to change this to Fail and then click OK. And what you’re going to see here is that whenever somebody tries to access this folder and they fail to do so because they did not have permission, then I will get a log entry for that action.
So this is one way that we can manage our auditing is to set up a SACL for any folder or file or server or whatever, and then logging will take place depending on what we do. So that is a SACL and a DACL.
By the way, each individual entry in that is called an ACE, or an Access Control Entry. Second is the Mandatory Access Control system. You’re used to seeing these in military and government and movies and so forth. Unless you have top secret clearance, you can’t see top secret documents, for example.
There’s also usually an additional tag that has to do with relevance, whether or not you’re allowed to see something.
Let’s take a look here at a Mandatory Access Control system, or MAC, in Windows. Now, it’s actually– in Windows, it’s actually a command-line tool. And so this is an added piece of software that makes it more viewable. But you can see here that what we have is integrity levels– high, medium, denied, low, and so on. Just this is something similar to confidential, secret, security, top security, and so on. And so when the user matches that level, their permissions match that level, the same level as the document, then they’re allowed to look at that document.
And usually, they also have to have a second tag that says whether or not they are allowed to see that document– in other words, whether or not they have to need to see that particular document. So it’s kind of a double tagging system. There’s a third system that we call AC.
This actually– there are actually two ACs, rule-based and role-based. Just for clarity, I’m going to look at role-based security. And this has to do with– it’s not quite as open, by the way, as AC and not quite as strict as MAC, but kind of in between.
This says, for example, if you are a member of the managers group, then you can access this folder over here. And if you’re a member of the payroll group, you can access this folder over here and so on. Let’s take a look at how that’s done in Windows. And it’s usually done by the server through something we call Windows Security Groups.