1

Computer Security
 the protection afforded to an automated information system in order to
attain the applicable objectives of preserving the integrity, availability
and confidentiality of information system resources (includes hardware,
software, firmware, information/data, and telecommunications)

Key Security Concepts

2
Definitions
Confidentiality is the concealment(keeping secret / hiding) of
information or resources.
 E.g., only sender, and intended receiver should “understand”
message contents
Authenticity is the identification and assurance of the origin of
information.
Integrity refers to the trustworthiness of data or resources in terms of
preventing improper and unauthorized changes.
Availability refers to the ability to use the information or resource
desired.
 The more critical a component or service, the higher is the level of
availability required.

3
Examples of Security Requirements
confidentiality – student grades(grades should only be available to
students, their parents, and their employers (when required for the
job))
integrity – patient allergy information(high integrity data) , a doctor
should be able to trust that the info is correct and current
 If a nurse deliberately falsifies the data, the database should be
restored to a trusted basis and the falsified information traced back
to the person who did it
availability – a system that provides authentication services(high
availability requirement)
 If customers cannot access resources, the loss of services could result
in financial loss

4
Aspects of Security
Consider 3 aspects of information security:
security attack- Any action that compromises the security of
information owned by an organization
security mechanism-A process that is designed to detect, prevent, or
recover from a security attack.
security service- A processing or communication service that
enhances the security of the data processing systems and the information
transfers of an organization.
 The security services are intended to counter security attacks, and
they make use of one or more security mechanisms to provide the
service.
Eg, Confidentiality is a security service. Cryptography is mechanism.

5
Security Threats and Attacks
 A threat/vulnerability is a potential violation of security.
 Flaws in design, implementation, and operation.
 An attack is any action that violates security.
 Active adversary/an opponent or rival
 An attack has an implicit concept of “intent”
 Router mis-configuration or server crash can also cause loss of
availability, but they are not attacks

 note terms
 threat – an indication of an about to happen/occur danger
a potential for violation of security, That is, a threat is a possible
danger that might exploit a vulnerability
 attack – an assault on system security that derives from an intelligent
threat, a deliberate attempt to evade security services and violate the
security policy of a system.

6
Friends and enemies: Alice, Bob, Trudy
well-known in network security world
Bob, Alice (lovers! ) want to communicate “securely”
Trudy (intruder) may intercept, delete, add messages

Alice Bob
channel data, control
messages
data secure secure data
sender receiver

Trudy
Eavesdropping - Message Interception (Attack
on Confidentiality)
Unauthorized access to information
Packet sniffers and wire-tappers
Illicit copying of files and programs

A B

Eavesdropper

8
Integrity Attack - Tampering With Messages
Stop the flow of the message
Delay and optionally modify the message
Release the message again

A B

Perpetrator

9
Authenticity Attack - Fabrication
Unauthorized assumption of other’s identity
Generate and distribute objects under this identity

A B

Masquerader: from A

10
Attack on Availability
Destroy hardware (cutting fiber) or software
Modify software in a subtle way (alias commands)
Corrupt packets in transit

A B

Blatant denial of service (DoS):

 Crashing the server
 Overwhelm the server (use up its resource)
Classify Security Attacks as:
Passive attacks - eavesdropping on, or monitoring of, transmissions
to:
 are an attack on confidentiality
 Can be of two types
 release of message contents - the goal of the opponent is to obtain
message contents.
 traffic analysis - monitor traffic flow to determine location and identity of
communicating hosts and could observe the frequency and length of
messages being exchanged
 These attacks are difficult to detect because they do not involve any
alteration of the data, but measures are available to prevent their success.

12
Active attacks – modification of data stream to:
 masquerade of one entity as some other
 replay previous messages

 modify messages in transit to produce an unauthorized effect

 denial of service- - prevents or inhibits the normal use or management

of communications facilities
 can violate the other 3 properties(Integrity, authenticity, and availability)
 On the other hand, it is quite difficult to prevent active attacks absolutely,
because of the wide variety of potential physical, software, and network
vulnerabilities.
 Instead, the goal is to detect active attacks and to recover from any
disruption or delays caused by them.
 i.e Easy to detect, but difficult to prevent.

13
Security Policy and Mechanism
Policy: a statement of what is, and is not allowed.
Mechanism: a procedure, tool, or method of enforcing a policy.
Security mechanisms implement functions that help prevent, detect,
and respond to recovery from security attacks.
Security functions are typically made available to users as a set of
security services through APIs or integrated interfaces.
Cryptography underlies many security mechanisms.
Eg, confidentiality is a security service. Cryptography is mechanism. The
data is confident to whom is expressed by policies

OSI Security Architecture

ITU-T X.800 Security Architecture for OSI
Defines a systematic way of defining and providing security
requirements
X.800 defines security services in 5 major categories
14
Security Service
enhance security of data processing systems and information transfers
of an organization
intended to counter security attacks, using one or more security
mechanisms
often replicates functions normally associated with physical documents
which, for example:
 have signatures, dates;

 need protection from disclosure, tampering, or destruction;

 be notarized or witnessed;

 be recorded or licensed

Definitions of “security services” :

X.800:
“a service provided by a protocol layer of communicating open systems, which
ensures adequate security of the systems or of data transfers”
RFC 2828:
“a processing or communication service provided by a system to give
a specific kind of protection to system resources” 15
Security Services (X.800)
Authentication - assurance that communicating entity is the one claimed
 have both peer-entity & data origin authentication
Access Control - prevention of the unauthorized use of a resource
Data Confidentiality –protection of data from unauthorized disclosure
Data Integrity - assurance that data received is as sent by an authorized
entity
Non-Repudiation - protection against denial by one of the parties in a
communication

16
 Ta
bl
e:
Se
cu
rit
yS
er
vi
ce
s(
X.
80
0)
17
Security Mechanism
feature designed to detect, prevent, or recover from a security attack
no single mechanism that will support all services required
however one particular element underlies many of the security
mechanisms in use:
 cryptographic techniques ( hence our focus on this topic)

Security Mechanisms (X.800)

o Specific security mechanisms: o Pervasive security mechanisms:
 Encipherment  Trusted functionality
 Digital signatures  Security labels
 Access controls  Event detection

 Data integrity  Security audit trails

 Security recovery
 Authentication exchange
 Traffic padding
 Routing control
 Notarization 18
 Ta
(X ble
.80 : S
0) ecu
ri t
yM
ec
ha
ni
sm
s
19
Model for Network Security

 Using this model requires us to:

 Design a suitable algorithm for the security transformation
 Generate the secret information (keys) used by the algorithm
 Develop methods to distribute and share the secret information
 Specify a protocol enabling the principals to use the transformation and
secret information for a security service 20
Model for Network Access Security

 Using this model requires us to:

 Select appropriate gatekeeper functions to identify users
 Implement security controls to ensure only authorised users access
designated information or resources
 Trusted computer systems can be used to implement this model
21
Levels of Impact
 can define 3 levels of impact from a security breach
 Low
 Moderate
 High

Computer Security Challenges

1) not simple
2) must consider potential attacks
3) procedures used counter-intuitive
4) involve algorithms and secret info
5) must decide where to deploy mechanisms
6) battle of wits between attacker / admin
7) not perceived on benefit until fails
8) requires regular monitoring
9) too often an after-thought
22
10) regarded as impediment to using system
23
Computer Network Security, by Joseph Migga Rizza
24
Definition
 Authentication is the process of validating the identity of someone or
something.
 Generally authentication requires the presentation of credentials or items of
value to really prove the claim of who you are.
 The items of value or credential are based on several unique factors that show
something you know, something you have, or something you are .

Fig: Authentication example 25

Something you know:
 This may be something you mentally possess.
 This could be a password, a secret word known by the user and the
authenticator.
Something you have: This may be any form of issued or acquired self
identification such as:
 SecurID
 CryptoCard
 Activcard
 SafeWord
 and many other forms of cards and tags.
Something you are:
 This being a naturally acquired physical characteristic such as voice,
fingerprint, iris pattern and other biometrics.
In addition to the top three factors, another factor, though indirect, also
plays a part in authentication.
 Somewhere you are: This usually is based on either physical or logical
location of the user. The use, for example, may be on a terminal that can be
used to access certain resources.
26
In general authentication takes one of the following three forms:
 Basic authentication involving a server
The server maintains a user file of either passwords and user names
or some other useful piece of authenticating information.
 This information is always examined before authorization is granted.

 Challenge-response
 the server or any other authenticating system generates a challenge
to the host requesting for authentication and expects a response.
 Centralized authentication
 central server authenticates users on the network and in addition
also authorizes and audits them.

27
Multiple Factors and Effectiveness of
Authentication
 To increase authentication effectiveness, a scheme with multiple methods is used.
 Systems using a scheme with two or more methods can result in greater system
security
 The popular technique, referred to as multi-factor authentication, overcome the
limitations of a specific authentication.

28
Authentication Elements
An authentication process as is based on the following five elements:
 Person or Group Seeking Authentication
 usually users who seek access to a system either individually or as
a group.
 If individually, they must be prepared to present to the
authenticator evidence to support the claim that they are
actually authorized to use the requested system resource.
 Distinguishing Characteristics for Authentication
 User characteristics are grouped into four factors that include:

 something you know

 something you have

 something you are, and

 a weaker one somewhere you are.

 In each of these factors, there are items that a user can present to
the authenticator for authorization to use the system.
29
The Authenticator
 to positively and sometimes automatically identify the user and
indicate whether that user is authorized to access the requested
system resource.
The Authentication Mechanism
 consists of three parts that work together to verify the presence of
the authenticating characteristics provided by the user.
 the input, E.g:- computer keyboard, card reader, video camera,
telephone etc
 the transportation system: responsible for passing data b/n the
input component and the element that can confirm a person's
identity.
 and the verifier.

Access Control Mechanism

 User identifying and authenticating information is passed to access
control from the transport component.
 That information is validated against the information in its
database residing on a dedicated authentication server. 30
Types of Authentication
There are two basic types of authentication:
Non-repudiable Authentication
 involves characteristics whose proof of origin cannot be denied.
 Such characteristics include biometrics like:
 iris patterns

 retinal images, and

 hand geometry

 and they positively verify the identity of the individual.

Repudiable Authentication
 involves factors, “what you know” and “what you have,” that can present
problems to the authenticator
 the information presented can be unreliable since such factors suffer from
several well-known problems including the fact that possessions can be
lost, forged, or easily duplicated.
Other types of authentication include user, client, and session
authentication.
31
Authentication Methods
There are several authentication methods including: password, public-
key, anonymous, remote and certificate-based authentication.
Password authentication
 The oldest and the easiest to implement.
 It includes reusable passwords, one-time passwords, challenge
response passwords, and combined approach passwords.
Public Key Authentication
 This requires each user of the scheme to first generate a pair of keys
and store each in a file.
 Each key is usually between 1024 and 2048 bits in length.
 Public-private keys pairs are typically created using a key generation
utility.
 The server knows the user's public key because it is published
widely. However, only the user has the private key.

32
Anonymous Authentication
 Used for clients who do not intend to modify entries or access
protected attributes or entries on a system .
 Mostly these users are not indigenous users in a sense that they do
not have membership to the system they want access to.
 They access the system via a special “anonymous” account.
Digital Signatures-Based Authentication
 does not require passwords and user names.
 It consists of an electronic signature that uses public key
infrastructure (PKI) to verify the identity of the sender of a message
or of the signer of a document.
Wireless Authentication
 This is an IEEE’s 802.1X, Extensible Authentication Protocol (WEP)
scheme that authenticates mobile devices as they connect to fixed
network as well as mobile networks.
 This authentication requires Wi-Fi mobile units to authenticate with
network operating systems such as Windows XP.
33
Developing an Authentication Policy
Several steps are necessary for a good authentication policy:
List and categorize the resources that need to be accessed, whether
these resources are data or systems. Categorize them by their business
sensitivity and criticality.
Define the requirements for access to each of the above categories
taking into account both the value of the resource in the category as well
as the method of access.
Set requirements for passwords and IDs.
Create and implement processes for the management of
authentication systems.
Communicate policies and procedures to all concerned in the
organizations and outside it, the creation of policies

34
Outline
User authentication
 Password authentication, salt
 Challenge-response authentication protocols
 Biometrics
 Token-based authentication
Authentication in distributed systems (multi service
providers/domains)
 Single sign-on, Microsoft Passport

35
Password authentication
Basic idea
 User has a secret password
 System checks password to authenticate user
Issues
 How is password stored?
 How does system check password?
 How easy is it to guess a password?
 Difficult
to keep password file secret, so best if it is hard to guess
password even if you have the password file

36
Basic password scheme
n  is can of
t io at ta of
User Password file u nc n th da ata
f io ap d
h
s nct m to
exrygbzyf a
h  fu to ize
kiwifruit  
A y ed s
kgnosfix an us rary e.
ggjoklbsz be bit siz
ar ed
… fix
hash function …

 Hash function h : strings  strings

 Given h(password), hard to find password
 No known algorithm better than trial and error
 User password stored as h(password)
 When user enters password
 System computes h(password)
 Compares with entry in password file
 No passwords stored on disk 37
Unix password system
Hash function is 25xDES
 25 rounds of DES-variant encryptions
Any user can try “dictionary attack”
“Salt” makes dictionary attack harder
for each user UID:
 create/ask the pwd
 generate a random salt (should contain rarely used or control
characters)
 compute HP = hash ( pwd || salt )
 store the triples { UID, HP, saltUID }
Without salt the store was:
 { UID, Word, HP}

38
The “dictionary” attack
hypothesis:
 known hash algorithm
 known password hash values
 pre-computation:
 for (each Word in Dictionary) do store ( DB, Word, hash(Word) )
 attack:
 let HP be the hash value of a (unknown) password
 w = lookup ( DB, HP )
 if ( success ) then write ( “pwd = ”, w ) else write ( “pwd not in my
dictionary” )

39
 Salt
Password line
walt:fURfuu4.4hY0U:129:129:Belgers:/home/walt:/bin/csh

Compare
Salt
Input
Constant, Key
Ciphertext
A 64-bit block of 0 25x DES
Plaintext

When password is set, salt is chosen randomly 12-bit salt slows dictionary
attack by factor of 212
40
Dictionary Attack – some numbers
Typical password dictionary
 1,000,000 entries of common passwords
 people'snames, common pet names, and ordinary words.
Suppose you generate and analyze 10 guesses per second
 This may be reasonable for a web site; offline is much faster

Dictionary attack in at most 100,000 seconds = 28 hours, or 14

hours on average
If passwords were random
Assume six-character password
 Upper- and lowercase letters, digits, 32 punctuation characters

 689,869,781,056 password combinations.

 Exhaustive search requires 1,093 years on average

41
Outline
User authentication
 Password authentication, salt
 Challenge-response authentication protocols
 Biometrics
 Token-based authentication
Authentication in distributed systems (multi service
providers/domains)
 Single sign-on, Microsoft Passport

42
Challenge-response Authentication
Goal: Bob wants Alice to “prove” her identity to him
Protocol ap1.0: Alice says “I am Alice”

“I am Alice”
Failure scenario??

NB: ap1.0 – authentication protocol 1.0 43

Authentication
Goal: Bob wants Alice to “prove” her identity to him
Protocol ap1.0: Alice says “I am Alice”

In a network, Bob can not

“see” Alice, so Trudy simply
declares herself to be Alice
“I am Alice”

44
Authentication: another try
Protocol ap2.0: Alice says “I am Alice” in an IP packet containing her
source IP address

Alice’s
IP address
“I am Alice”

Failure scenario??

45
Authentication: another try
Protocol ap2.0: Alice says “I am Alice” in an IP packet containing her
source IP address
 IP spoofing is the creation of Internet Protocol (IP) packets with a
forged source IP address, with the purpose of concealing the identity of
the sender or impersonating another computing system.

Trudy can create

a packet “spoofing”
Alice’s address
Alice’s
IP address
“I am Alice”

46
Authentication: another try
Protocol ap3.0: Alice says “I am Alice” and sends her secret password to
“prove” it.

Alice’s Alice’s
“I’m Alice”
IP addr password
Failure scenario??
Alice’s
OK
IP addr

47
Authentication: another try
Protocol ap3.0: Alice says “I am Alice” and sends her secret password to
“prove” it.

Alice’s Alice’s
“I’m Alice”
IP addr password
playback attack: Trudy
Alice’s records Alice’s packet
OK
IP addr and later plays it back
to Bob

Alice’s Alice’s
“I’m Alice”
IP addr password

48
Authentication: yet another try
Protocol ap3.1: Alice says “I am Alice” and sends her encrypted secret
password to “prove” it.

Alice’s encrypted
“I’m Alice”
IP addr password

Alice’s
OK Failure scenario??
IP addr

49
Authentication: another try
Protocol ap3.1: Alice says “I am Alice” and sends her encrypted secret
password to “prove” it.

Alice’s encryppted
“I’m Alice” Record and
IP addr password
playback
Alice’s still works!
OK
IP addr

Alice’s encrypted
“I’m Alice”
IP addr password

50
Authentication: yet another try
Goal: avoid playback attack
Nonce: number (R) used only once –in-a-lifetime
ap4.0: to prove Alice “live”, Bob sends Alice nonce, R. Alice must return
R, encrypted with shared secret key. nonce is an arbitrary number that
may only be used once
“I am Alice”

R
KA-B(R) Alice is live, and
only Alice knows
key to encrypt
nonce, so it must
Failures, drawbacks? be Alice!

51
Authentication: ap5.0
ap4.0 doesn’t protect against server database reading
 can we authenticate using public key techniques?
ap5.0: use nonce, public key cryptography

“I am Alice”
Bob computes
R + -
- KA (KA (R)) = R
K A (R) and knows only Alice
could have the private
key, that encrypted R
such that
+ -
K (K (R)) = R
A A

52
Outline
User authentication
 Password authentication, salt
 Challenge-response authentication protocols
 Biometrics
 Token-based authentication
Authentication in distributed systems (multi service
providers/domains)
 Single sign-on, Microsoft Passport

53
Biometrics
 Use a person’s physical characteristics
 fingerprint, voice, face, keyboard timing, …
 Advantages
 Cannot be disclosed, lost, forgotten
 Disadvantages
 Cost, installation, maintenance
 Reliability of comparison algorithms
 False positive: Allow access to unauthorized person
 False negative: Disallow access to authorized person

 If forged, how do you revoke?

 Common uses
 Specialized situations, physical security
 Combine
 Multiple biometrics

 Biometric and PIN

 Biometric and token 54

Token-based Authentication Smart Card
With embedded CPU and memory
 Carries conversation with a small card reader
Various forms
 PIN protected memory card
 Enter PIN to get the password
 Cryptographic challenge/response cards
 Computer create a random challenge

 Enter PIN to encrypt/decrypt the challenge with the card

55
Outline
User authentication
 Password authentication, salt
 Challenge-Response
 Biometrics
 Token-based authentication
Authentication in distributed systems
 Single sign-on, Microsoft Passport

56
 LAN

Rules Database

user name,
password, Authentication Application
other auth

Server

• Advantages
 User signs on once
 No need for authentication at multiple sites, applications
 Can set central authorization policy for the enterprise
57
Microsoft Passport
 Launched 1999
 Claim > 200 million accounts in 2002
 Over 3.5 billion authentications each month
 Log in to many websites using one account
 Used by MS services Hotmail, MSN Messenger or MSN subscriptions;
also Radio Shack, etc.
 Hotmail or MSN users automatically have Microsoft Passport accounts
set up

58
59
60
Access Control and Authorization
Access control is a process to determine “Who does what to what,” based
on a policy.
It is controlling access of who gets in and out of the system and who
uses what resources, when, and in what amounts.
Access control is restricting access to a system or system resources
based on something other than the identity of the user
 Access control consists of four elements:
 subjects,

 objects,

 operations,

 a reference monitor(server)

61
Subjects are system users and groups of users while objects are files
and resources such as memory, printers, and scanners including
computers in a network.
An access operation comes in many forms including Web access,
server access, memory access, and method calls.
Whenever a subject requests to access an object, an access mode must
be specified.
There are two access modes:
 Observe - in this mode, the subject may only look at the content of
the object.
 This mode is the typical read in which a client process may request a server
to read from a file.
 Alter – in this mode, the subject may change the content of the
object

62
 For example a user, initiates an access request for Web resource.
 The request goes to the reference monitor.
 The job of the reference monitor is to check on the hierarchy of rules that
specify certain restrictions.
 A set of such rules is called an access control list (ACL).
 The access control hierarchy is based on the:
 URL path (http://www.goal.com/en/fixtures/premier-league/) for a
Web access, or
 file path (C:\Windows\Users\david\Favorites\Links) for a file access
such as in a directory.
 When a request for access is made, the monitor or server goes in turn
through each ACL rule, continuing until it encounters a rule that prevents
it from continuing and results in a request rejection or comes to the last
rule for that resource, resulting into access right being granted.

Figure 1: Access Control Administration 63

 Access rights refer to the user’s ability to access a system resource.
 There are four access rights:
 execute

 read

 append

 write

NB: The user is cautioned not to confuse access rights and access modes.
 The difference lies in the fact that you can perform any access right
within each access mode.
 Figure 2: shows how this can be done.
 Note that according to the last column in Figure 2: there are ‘x’ marks in
both rows because in order to write, one must observe first before altering.
 This prevents the operating system from opening the file twice, one for the
read and another for a write.

Figure 2: Access modes and Access Rights 64

 Who sets these rights? - The owner of the
resource sets the access rights to the resource.
 In a global system, the operating systems
owns all system resources and therefore
sets the access rights to those resources.
 However, the operating system allows folders
and file owners to set and revoke access rights.
 Operating System resources: are the
physical or virtual components of limited
availability within a computer system.
 Every device connected to a computer system
is a resource.
 Every internal system component is a resource.
 Virtual system resources include files, network
connections and memory areas.
 CPU time, memory (RAM as well as virtual
memory), secondary storage like hard disks,
network throughput, battery power, external
devices are all resources of a computer which
an operating system manages. 65
Access Control Techniques and Technologies
 Because a system, especially a network system, may have thousands of users and
resources, the management of access rights for every user per every object may
become complex.
 Several control techniques and technologies have been developed to deal with this
problem; they include:
 Access Control Matrix
 Access Control Lists

 Capability Tables

 Role-Based Access Control

 Rule-Based Access Control

 Restricted Interfaces

 Content-Dependent Access Control.

 For a long time, access control was used with user- or group-based access
control lists, normally based in operating systems.
 However, with Web-based network applications, this approach is no longer
flexible enough because it does not scale in the new environment.
 Thus, most Web-based systems employ newer techniques and technologies such
as role-based and rule-based access control, where access rights are based on
specific user attributes such as their role, rank, or organization unit.
66
Access Control Matrix
 All the information needed for access control administration can be put
into a matrix with rows representing the subjects or groups of subjects and
columns representing the objects.
 The access that the subject or a group of subjects is permitted to the object
is shown in the body of the matrix.
 For example, in the matrix in Figure 3 below, user A has permission to
write in file R4.

Figure 3: Access Matrix

 One feature of the access control matrix is its sparseness.

 Because the matrix is so sparse, storage consideration becomes an issue, and
it is better to store the matrix as a list.

67
Access Control Lists
• In the access control lists (ACLs), groups with access rights to an object are
stored in association to the object.
• If you look at the access matrix in Figure 3 above, each object has a list of
access rights associated with it.
• In this case each object is associated with all the access rights in the column.
• For example, the ACL for the matrix in Figure 3 is shown in Figure 4 below.
• ACLs are very fitting for operating systems as they manage access to objects.

Figure 4: Access Control List (ACL)

68
Access Control Capability
 A capability specifies that “the subject may do operation O on object X.”
 Unlike the ACLs, where the storage of access rights between objects and
subjects is based on columns in the access control matrix, capabilities
access control storage is based on the rows.
 This means that every subject is given a capability, that specifies the
subject’s access rights.
 From the access matrix in Figure 3, we can construct a capability as shown
in Figure 5 below.

Figure 5: Access Control Capability Lists

69
 Role-Based Access Control(RoBAC)
Control authorization based on who you are (or based on roles
assigned to each user) in an organization.
 E.g., user, administrator, human resources manager, or one can take on a
role as a chief executive officer, a chief information officer, or chief
security officer.
A user may be assigned one or more roles, and each role is assigned one
or more privileges that are permitted to users in that role.
Access decisions are then based on the roles individual users have as
part of an organization.

70
Rule-Based Access Control
 Rule-based access control (RuBAC), also known as policy-based access
control (PBAC), will control authorization based on conditions other than
who you are
 e.g., time of day, location, type of device
 RBAC is a multi-part process where one process assigns roles to users just
like in the role-based access control techniques.
 The second process assigns privileges to the assigned roles based on a
predefined policy.
 Another process is used to identify and authenticate the users allowed to
access the resources.
 It is based on a set of rules that determine users’ access rights to resources
within an organization’s system.
 Many organizations, for example limit the scope and amount, sometimes
the times, employees, based on their ranks and roles .
 Such limits may be specified based on the number of documents that can
be downloaded by an employee during a certain time period and on the
limit of which part of the Web site such an employee can access. 71
EXAMPLE
Consider you are renting a room in a hotel and they give you an access
card. Possession of that card (authentication) gives you access to your room
(authorization) any time of day.
The card also grants you access to the gym, which is only open from
5:00am-11:00pm each day. This is an example of rule-based control.
Your card does not grant you access to the employee lounge, regardless of
the time of day. This is an example of role-based control.
Say you really liked the place, so you decided to get a job working there.
You finally get to see what’s behind the doors of the coveted employee lounge!
You get there a few hours early to enjoy your new amenity. You walk to the
door, swipe the card, and you’re greeted with a flashing red light. Role & rule
- you’re allowed to get in, but only within +/- 1 hour of your shift. Maybe just
hang out at KALDIS for a while.

72
Access Control Systems
 Physical Access Control
 In a limited number of cases, accesses to an organization systems come
from intruders physically gaining access on the system itself, where
they can install password cracking programs.
 Studies have shown that a great majority of system break-ins originate
from inside the organization.
 Access Cards
 Access cards are perhaps the most widely used form of access control
system worldwide.
 With advanced digital technology, cards now contain magnetic strips
and embedded microchips.
 Access cards are used in most e-commerce transactions, payment
systems, and in services such as health and education.
 These types of identification are also known as electronic keys.

73
Electronic Surveillance
Consists of a number of captures such as video recordings, system
logs, keystroke and application monitors, screen-capture software
commonly known as activity monitors, and network packet sniffers.
Video recordings capture the activities at selected access points.
Increasingly these video cameras are now connected to computers and
actually a Web, a process commonly now referred to as webcam
surveillance.
Many of these cameras are now motion-activated and they record video
footage shot from vantage points at the selected points.
The video footage can be viewed live or stored for later viewing.
Keystroke monitors are software or hardware products that record
every character typed on keyboards.
Packet sniffers work at a network level to sniff at network packets as
they move between nodes.
Based on the analysis, they can monitor e-mail messages, Web browser
usage, node usage, traffic into a node, nature of traffic, and how often a user
accesses a particular server, application, or network.
74
Biometrics
confirm a person's identity by scanning a physical characteristic such as a
fingerprint, voice, eye movement, facial recognition, and others.
It has probably been one of the oldest access control techniques.
However, during the past several years and with heightened security, it
has become increasingly popular.
Can be used to permit access to a network or a building, and become an
increasingly reliable, convenient and cost-effective means of security.
Improvements in biometrics are essential because bad biometric security
can suspend system and network administrators into a false sense of
safety.
In addition, it can also lock out a legitimate user and admit an intruder.
So care must be taken when procuring biometric devices.

75
Authorization
 This is the determination of whether a user has permission to access,
read, modify, insert, or delete certain data, or to execute certain
programs.
 Authorization is also commonly referred to as access permissions and it
determines the privileges a user has on a system and what the user should
be allowed to do to the resource.
 Access permissions are normally specified by a list of possibilities. For
example, UNIX allows the list { read, write, execute} as the list of
possibilities for a user or group of users on a UNIX file.
 The process of authorization itself has traditionally been composed of two
separate processes:
 Authentication
 Access control.
 To get a good picture let us put them together. In brief authentication
deals with ascertaining that the user is who he or she claims he or she is.
 Access control then deals with a more refined problem of being able to
find out “what a specific user can do to a certain resource.”
76
So authorization techniques such as the traditional centralized access
control uses ACL as a dominant mechanism to create user lists and
user access rights to the requested resource.
However, in more modern and distributed system environments,
authorization takes a different approach from this.
In fact the traditional separation of authorization process into
authentication and access control also does not apply.
As with access control, authorization has three components:
 a set of objects we will designate as O,
 a set of subjects designed as S,
 a set of access permissions designated as A.
The authorization rule is a function f that takes the triple (s, o, a)
where s  S, o  O, a  A and maps then into a binary-value T,
where T = {true, false} as f : S×O×A  (True, False).
When the value of the function f is true, this signals full
authorization to the resource. 77
Authorization Mechanisms
 Authorization mechanisms, especially those in database management systems
(DBMSs), can be classified into two main categories:
Discretionary Authorization Mandatory Authorization
non-compulsory Mandatory policies, unlike the
This is a mechanism grants access discretionary ones seen above, ensure a
privileges to users based on control high degree of protection in that they
policies that govern the access of subjects prevent any illegal flow of information
to objects using the subjects’ identity and through the enforcement of multilevel
authorization rules. security by classifying the data and users
These mechanisms are discretionary in
into various security classes.
that they allow subjects to grant other They are, therefore, suitable for
users authorization to access the data. contexts that require structured but
They are highly flexible, making them graded levels of security such as the
military.
suitable for a large variety of application
domains. However, mandatory policies have the
However, the same characteristics that drawback of being too rigid, in that they
make them flexible also make them require a strict classification of subjects
vulnerable to malicious attacks, such as and objects in security levels, and are,
Trojan Horses embedded in application therefore, applicable only to very few
programs. environments. 78
Types of Authorization Systems
Centralized
Only one central authorization unit grants and delegates access to system
resources.
This means that any process or program that needs access to any system resource
has to request from the one omniscient central authority.
Decentralized
This differs from the centralized system in that the subjects own the objects they
have created and are, therefore, responsible for their security, which is locally
maintained.
Each subject may, however, delegate access rights to its objects to another
subject. Because of these characteristics, decentralized authorization is found to be
very flexible and easily adoptable to particular requirements of individual subjects.
Implicit
In implicit authorization, the subject is authorized to use a requested system
resource indirectly because the objects in the system are referenced in terms of
other objects.
Explicit
Explicit authorization is the opposite of the implicit. It explicitly stores all
authorizations for all system objects whose access has been requested.
79
80