advertisement

Intro To Access Controls

75 %
25 %
advertisement
Information about Intro To Access Controls
Technology

Published on December 15, 2008

Author: harinathpv

Source: slideshare.net

Description

Presentation on Introduction to Access Controls by Sundar during the OWASP Bangalore Chapter meeting on 14 Dec 2008
advertisement

Overview of Access controls Sundar N suntracks@gmail.com

Access A specific interaction between a subject and object resulting information flow from one to another . R FW R X Mail

A specific interaction between a subject and object resulting information flow from one to another .

Trusted computer security evaluation criteria (TCSEC) is a DOD standard 5200.28 It defined a standard for manufacturers and set a metrics for degree of measurement for security. MAC (Mandatory access control): defined for multilevel security access generally used for military applications. DAC (Discretionary access control): defined for single level access generally deployed for non military applications.

Trusted computer security evaluation criteria (TCSEC) is a DOD standard 5200.28

It defined a standard for manufacturers and set a metrics for degree of measurement for security.

MAC (Mandatory access control): defined for multilevel security access generally used for military applications.

DAC (Discretionary access control): defined for single level access generally deployed for non military applications.

MAC Mandatory access control Is defined in the security policy of an organization and enforced by an admin Has a multilevel security level access in terms of hierarchy Generally used for confidential or classified information. Define the appropriate Read and write access separately to the information depending on the levels of security for each user. It is more of a micromanagement It is a centrally administered access.

Mandatory access control

Is defined in the security policy of an organization and enforced by an admin

Has a multilevel security level access in terms of hierarchy

Generally used for confidential or classified information.

Define the appropriate Read and write access separately to the information depending on the levels of security for each user.

It is more of a micromanagement

It is a centrally administered access.

DAC Discretionary access control Information owner defines the access to data and type of access to it for the users. It is more of a hands off approach Mostly depends on the discretion of the information owner. Access can be passed on from one individual to another

Discretionary access control

Information owner defines the access to data and type of access to it for the users.

It is more of a hands off approach

Mostly depends on the discretion of the information owner.

Access can be passed on from one individual to another

Models RBAC (Role based access controls) It is non discretionary Defined as per role Duties Responsibilities Qualifications Has flexibility of DAC but not as hard policies as MAC

RBAC (Role based access controls)

It is non discretionary

Defined as per role

Duties

Responsibilities

Qualifications

Has flexibility of DAC but not as hard policies as MAC

Access control administration methods Centralized X Admin S1 S2

Centralized

Access control administration methods Decentralized X S1 S2

Decentralized

Security models BELL LAPADULA (1970) BIBA (1977) Clark Wilson (1987)

BELL LAPADULA (1970)

BIBA (1977)

Clark Wilson (1987)

BELL LAPADULA Maintain the property of the confidentiality Maintain the simple security rule. Do not downgrade the security levels. TS S C P

Maintain the property of the confidentiality

Maintain the simple security rule.

Do not downgrade the security levels.

BIBA Maintain the integrity of the information Follow the rules against each of the security on the information levels. Maintain the property of the information

Maintain the integrity of the information

Follow the rules against each of the security on the information levels.

Maintain the property of the information

Clark Wilson Introduction of a middle man in the transaction from subject to the object Limit the capabilities for the subject Have well formed transactions to prevent manipulations .

Introduction of a middle man in the transaction from subject to the object

Limit the capabilities for the subject

Have well formed transactions to prevent manipulations .

Authentication Methods Username/Passwords Tokens (HW/SW) Biometrics (Retina/fingerprints/voice)

Username/Passwords

Tokens (HW/SW)

Biometrics (Retina/fingerprints/voice)

Access Attacks Protocol Analysis Dos attacks (Smurf/Syn Flood/DDos) Spoofing

Protocol Analysis

Dos attacks (Smurf/Syn Flood/DDos)

Spoofing

Appendix Preventive access control Deterrent access control Detective access control Corrective access control Recovery access control Compensation access control Directive access control Administrative access controls Logical/technical access controls Physical access controls

Preventive access control

Deterrent access control

Detective access control

Corrective access control

Recovery access control

Compensation access control

Directive access control

Administrative access controls

Logical/technical access controls

Physical access controls

Add a comment

Related presentations

Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...

In this presentation we will describe our experience developing with a highly dyna...

Presentation to the LITA Forum 7th November 2014 Albuquerque, NM

Un recorrido por los cambios que nos generará el wearabletech en el futuro

Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...

Microsoft finally joins the smartwatch and fitness tracker game by introducing the...

Related pages

Intro to controls and patterns - msdn.microsoft.com

Access sensors and devices from a background task. ... Intro to controls and patterns. ... this article shows you how to add controls to your app.
Read more

Introduction to forms - Access - support.office.com

Introduction to forms. Applies To: Access 2010, Less. ... or other controls that you need to operate your ... Access creates the form and displays it in ...
Read more

Introduction to reports - Access

Introduction to reports Applies To: Access ... This is where you place the controls that make up the main ... Access 2010 includes more powerful tools for ...
Read more

Intro to Access Control Flashcards | Quizlet

Start studying Intro to Access Control. Learn vocabulary, terms, and more with flashcards, games, and other study tools.
Read more

Intro To Access Controls - Technology - docslide.us

Presentation on Introduction to Access Controls by Sundar during the OWASP Bangalore Chapter meeting on 14 Dec 2008
Read more

Access Control Intro v2 - YouTube

This explores Access Control Models. Skip navigation ... Access Control Intro v2 ... Access Controls and Data Classification v3 - Duration: ...
Read more

20. (Advanced Programming In Access 2013) Using Tab ...

Using Tab Controls video in the "Advanced Programming in Microsoft Access 2013" series hosted by Steve Bishop.
Read more

Introduction to Access Control - Softpanorama

Introduction to Access Control in Operating Systems. News: ... The same basic ideas apply, but access controls usually have different attributes.
Read more

Access Control Lists (Windows) - msdn.microsoft.com

An access control list (ACL) is a list of access control entries (ACE). Each ACE in an ACL identifies a trustee and specifies the access rights allowed ...
Read more