Chapter 4

ACCESS CONTROL
 ACCESS CONTROL

• Access Control: The prevention of unauthorized use of a

resource, including the prevention of use of a resource in an
unauthorized manner
• We can view access control as the central element of computer
security.
• The principal objectives of computer security are:
1- to prevent unauthorized users from gaining access to resources,
2- to prevent legitimate users from accessing resources in
an unauthorized manner,
3-to enable legitimate users to access resources in an authorized
manner.
 Access Control functions
• Access control involves the following functions:
1- Authentication: Verification that the
credentials of a user or other system entity are
valid.
2- Authorization: The granting of a right or
permission to a system entity to access a
system resource. This function determines who
is trusted for a given purpose.
 Audit
3- Audit: An independent review and examination
of system records and activities in order to :
a-test for adequacy of system controls
b- ensure compliance with established policy and
operational procedures
c-detect breaches in security
d- recommend any indicated changes in control,
policy and procedures.
 Access control policies categories:

• Discretionary(‫ ) تقديرية‬access control

(DAC): Controls access based on the identity of
the requestor and on access rules
(authorizations) stating what requestors are (or
are not) allowed to do.
*This policy is termed discretionary because an
entity might have access rights that permit the
entity, by its own volition, to enable another
entity to access some resource.
• Mandatory access control (MAC): Controls access
based on comparing security labels (which indicate
how sensitive or critical system resources are) with
security clearances (which indicate system entities
are eligible to access certain resources).
This policy is termed mandatory because an entity
that has clearance to access a resource may not,
just by its own volition, enable another entity to
access that resource.
• Role-based access control (RBAC): Controls
access based on the roles that users have
within the system and on rules stating what
accesses are allowed to users in given roles.
 Access Control Requirements
• reliable input
• support for fine and coarse specifications
• least privilege
• separation of duty
• open and closed policies
• policy combinations and conflict resolution
• administrative policies
• dual control
 reliable input

• inputs to the access control system must also

be reliable. For example, some access control
restrictions may depend on an address, such
as a source IP address or medium access
control address.
 support for fine and coarse specifications

• The access control system should support

fine-grained specifications, allowing access to
be regulated
at the level of individual records in files, and
individual fields within records.
 least privilege

• This is the principle that access control should

be implemented so that each system entity is
granted the minimum system resources and
authorizations that the entity needs to do its
work.
• This principle tends to limit damage that can
be caused by an accident, error, or fraudulent
or unauthorized act.
 Separation of duty
• This is the practice of dividing the steps in a system
function among different individuals, so as to keep a
single individual from subverting the process.
• separation of duty requires the appropriate power
and flexibility in the access control system, including
least privilege and fine-grained access control.
• Another useful tool is history-based authorization,
which makes access dependent on previously
executed accesses.
 Open and closed policies
• The most useful, and most typical, class of access
control policies are closed policies.

• In a closed policy, only accesses that are specifically

authorized are allowed. In some applications, it may also
be desirable to allow an open policy for some classes of
resources.

• In an open policy, authorizations specify which accesses

are prohibited; all other accesses are allowed.
Policy combinations and conflict resolution

An access control mechanism

• may apply multiple policies to a given class of
resources.
• In this case, care must be taken that there are
no conflicts such that one policy enables a
particular access while another policy denies
it. Or, if such a conflict exists, a procedure
must be defined for conflict resolution.
 Administrative policies
• As was mentioned, there is a security administration
function for specifying the authorization database that
acts as an input to the access control function.
• Administrative policies are needed to specify who can
add, delete, or modify authorization rules.
• In turn, access control and other control mechanisms
are needed to enforce the administrative policies.
• Dual control: When a task requires two or more
individuals working in tandem.
 Access
Control Basic Elements
• The basic elements of access control are: subject, object,
and access right.
• A subject is an entity capable of accessing objects.
• Any user or application actually gains access to an object by
means of a process that represents that user or application.
• The process takes on the attributes of the user, such as
access rights.
• A subject is held accountable for the actions they have
‫ ) تعقبعمليات‬may be used to
initiated, and an audit trail(
record the association of a subject with security relevant
actions performed on an object by the subject.
• Three classes of subject, with different access rights for each class:
1- Owner: This may be the creator of a resource, such as a file. For
system resources, ownership may belong to a system
administrator. For project resources, a project administrator or
leader may be assigned ownership.
2- Group: In addition to the privileges assigned to an owner, a
named group of users may also be granted access rights, such that
membership in the group is sufficient to exercise these access
rights. In most schemes, a user may belong to multiple groups.
3- World: The least amount of access is granted to users who are
able to access the system but are not included in the categories
owner and group for this resource.
 2- Object
• An object is a resource to which access is
controlled. In general, an object is an entity
used to contain and/or receive information.
Examples include records, pages, files, portions
of files, directories, directory trees, mail boxes,
messages, and programs.
• Some access control systems also encompass,
bits, bytes, words, processors, communication
ports, clocks, and network nodes.
• An access right describes the way in which a subject may access an
object. Access rights could include the following:
• Read: User may view information in a system resource (e.g., a file,
selected records in a file, selected fields within a record, or some
combination). Read access includes the ability to copy or print.
• Write: User may add, modify, or delete data in system resource (e.g.,
files, records, programs). Write access includes read access.
• Execute: User may execute specified programs.
• Delete: User may delete certain system resources, such as files or
records.
• Create: User may create new files, records, or fields.
• Search: User may list the files in a directory or otherwise search the
directory.
 Constraints – RBAC
(Role Based Access Control)
• provide a means of adapting RBAC to the specifics of
administrative and security policies of an organization
• a defined relationship among roles or a condition related
to roles
• types:
1- mutually exclusive roles
• a user can only be assigned to one role in the set (either
during a session or statically)
• any permission (access right) can be granted to only one
role in the set
2- cardinality: setting a maximum number with
respect to roles
3- prerequisite roles: dictates that a user can
only be assigned to a particular role if it is
already assigned to some other specified role
 RBAC System and Administrative Functional
Specification
1- administrative functions: provide the
capability to create, delete, and maintain RBAC
elements and relations
2- supporting system functions: provide
functions for session management and for
making access control decisions
3- review functions: provide the capability to
perform query operations on RBAC elements
and relations.
 Core RBAC
1- administrative functions:
• add and delete users from the set of users
• add and delete roles from the set of roles
• create and delete instances of user-to-role
assignment
• create and delete instances of permission-to-
role assignment
2- supporting system functions:
• create a user session with a default set of
active roles
• add an active role to a session
• delete a role from a session
• check if the session subject has permission to
perform a request operation on an object
3- review functions
enable an administrator to view but not modify
all the elements of the model and their
relations.
 Chapter 5
Data Base security

5.4 Database Access Control:

database access control system determines:
- if the user has access to the entire database or
just portions of it
- what access rights the user has (create, insert,
delete, update, read, write)
• Can support a range of administrative policies
• centralized administration
– small number of privileged users may grant and revoke access
rights
• ownership-based administration
– the creator of a table may grant and revoke access rights to the
table
• decentralized administration
– the owner of the table may grant and revoke authorization
rights to other users, allowing them to grant and revoke access
rights to the table
 SQL Access Controls
• two commands for managing access rights:
• grant
– used to grant one or more access rights or can
be used to assign a user to a role
• revoke
– revokes the access rights
• typical access rights are:
• select, insert, update, delete, references
 Role-Based Access Control (RBAC)

• role-based access control eases administrative burden and

improves security
• categories of database users:
• application owner
– an end user who owns database objects as part of an application
• end user
– an end user who operates on database objects via a particular
application but does not own any of the database objects
• administrator
– user who has administrative responsibility for part or all of the
database
• a database RBAC needs to provide the following
capabilities:
• create and delete roles
• define permissions for a role
• assign and cancel assignment of users to roles
 Database Encryption
the database is typically the most valuable information resource for any
organization
protected by multiple layers of security
firewalls, authentication, O/S access control systems, DB access control systems,
database encryption

encryption is often implemented with particularly sensitive data

can be applied to the entire database at the record level, the attribute
level, or level of the individual field

disadvantages to encryption:
key management
inflexibility
 Entities involved in Database Encryption:

• Data owner – organization that produces data to be

made available for controlled release
• User – human entity that presents queries to the
system
• Client – frontend that transforms user queries into
queries on the encrypted data stored on the server
• Server – an organization that receives the
encrypted data from a data owner and makes
them available for distribution to clients
 5.8 Cloud Security
• A model for enabling ubiquitous, convenient, on-
demand network access to a shared pool of
configurable computing resources (e.g., networks,
data bases, servers, storage, applications, and
services) that can be rapidly provisioned and
released with minimal management effort or
service provider interaction. This cloud model
promotes availability and is composed of five
essential characteristics, three service models, and
four deployment models.”
• the cloud service provider(CSP) must ensure
that the users are not facing any serious
problem like data loss and data theft which
may cause a great loss depending on the
sensitivity of the data stored in cloud. A
malicious user may pretend to be the
legitimate users and infecting the cloud.
 Cloud computing
service models
• Software as a service (SaaS)
• Platform as a service (PaaS)
• Infrastructure as a service (IaaS)
• Four deployment models:
Public, private, Hybrid , community
 Cloud computing-specific security threats:

1- Abuse and nefarious use of cloud computing: For

many cloud providers (CPs), they have weak
registration system to begin using cloud services,
some even offering free limited trial periods.
• This enables attackers to get inside the cloud to
conduct various attacks, such as spamming,
malicious code attacks, and denial of service. For
example, anyone with a valid credit card may
register and start using the cloud service
immediately.
2-Data Breaches and data loss:
Data that stored to the cloud by the users might be
important and sensitive. The data stored in cloud might
be stolen by the unauthorized users and that might
poses some level of danger to the users under attack.
It is the top threat to cloud computing because hackers
or attackers can easily access the data of the users
which is stored in the cloud.
CAUSES OF DATA LOSS: human error, HW malfunction,
viruses, natural disaster, SW corruption
3- Insecure interfaces and APIs: CPs expose a set of software
interfaces or APIs that customers use to manage and interact
with cloud services.
The API from the authentication and access control to the
encryption and activity monitoring should be well implemented
to protect against both accidental and malicious attack.

4- Malicious insiders: Malicious Insiders Employee of the company

might also be a big threat. They might be the attacker themselves
or a partner of the hacker who have the better chances of
stealing or tampering the data of the cloud model with intention.
5-Shared technology issues:
IaaS vendors deliver their services in a scalable way by
sharing infrastructure. Often, the underlying components
that make up this infrastructure (CPU caches, GPUs, etc.)
were not designed to offer strong isolation properties for a
multi-tenant architecture.
• CPs typically approach this risk by the use of isolated
virtual machines for individual clients.
• This approach is still vulnerable to attack, by both insiders
and outsiders, and so can only be a part of an overall
security strategy.
6- Data loss or leakage:
For many clients, the most devastating impact from a
security breach is the loss or leakage of data. Data stored
in cloud might be damaged or corrupted due to some
reasons such as shut down of server because of financial
or legal problem, natural disaster like earthquakes and
fire . Data might not be able to recover because back up
is not done well and the data of the users will be lost
forever if there are no extra copies of that information.
7- Account or service hijacking:
usually with stolen credentials, remains a top threat. With
stolen credentials, attackers might impersonate the user to
perform malicious and unauthorized activities which might
also harm the user .
• attackers can often access critical areas of deployed cloud
computing services, allowing them to compromise the
confidentiality, integrity, and availability of those services.
• For example, the hackers might manipulate the data,
provide false information and eavesdropping on
transactions using the stolen account.
8- Denial of Service
• Hackers use this type of attack to flood the
machine or network resources of the cloud
service provider which interrupt the users and
prevent the users from connecting to the
network access. This is also a security issues
that might harm the user because cloud
service becomes unavailable to users and they
might not get what they need in time.
 Solution and Practices for Cloud Security Issues

1-Vulnerability shielding:
The cloud service provider should improve the patch
management. They should check the vulnerability
of their cloud service frequently and always update
and maintain the cloud to limit the possible access
point and reduce the risk of attack of the cloud by
the hackers. The cloud service provider might also
use the Intrusion Detection System (IDS) to make
sure the cloud service provided is secure and safe.
2- Trusted cloud service provider:
The user should make sure that they find the
right cloud service provider. Each cloud service
provider have different approaches on data
management in the cloud. Well established
and experienced cloud service provider is
more trust worthy and better choice.
3- Use cloud service wisely:
The data stored in the cloud should be
confidential and even the cloud service
provider should not have access to those
information [24]. The data stored in the cloud
should be well encrypted to ensure the security
of the users’ information. Anyone who need
access to the data in the cloud should ask for
the permission of the users before doing so.
4- Security check events:
The users should have clear contract with the
cloud service provider so that the users can
claim if any accidents or breaches of the
sensitive data stored in the cloud. The users
must have clear agreement with the cloud
service provider before using the cloud
services provided by that particular cloud
service provider.
5- Data storage regulations
The architecture of the cloud environment is an
important aspect to ensure the security of the
data stored in the cloud. The users must
understand the concept of the data storage
regulations which the cloud service provider
follows.
6- Facilities for recovery:
Cloud service provider should take the
responsibility to recover the data of the users
if there is any data loss due to certain issues.
Cloud service provider should make sure that
they have proper backup and can retrieve and
recover the confidential data of the users that
might be costly.
7- Access control :
The cloud service provider should set up the data access control
with rights and the users who access the data should be verified
by the cloud service provider every time.
The cloud service provider must ensure that only the authorized
users may have access to the data stored in cloud. The method
can help to reduce the risk of the data access by the
unauthorized users and thus provide a much secure environment
to store sensitive data.
In addition, third party auditing (Certificate Authority) can also be
one of the alternatives to ensure data integrity of the storage in
the cloud.
8- Identification management and
authentication:
When the user want to access the data stored
in the cloud, they must be authenticated not
only by using the username and password but
also the digital data. Multi-level authentication
technique could be used (static or dynamic
biometrics).