Question

Explain the three major categories of access control policies.

(Chapt 4)

Answer 1

Access control policies can be grouped into three main classes

Discretionary (DAC):

Discretionary (DAC) (authorization-based) policies control access based on the identity of the requestor and on access rules stating what requestors are (or are not) allowed to do.

1)   DAC(Discretionary Access Control)

DAC decides the access rights of users simply based on the access matrix. It is ��discretionary�� in the sense that it allows user to grant other users authorization to access the objects. It has the drawback that it is easy to bypass the access restriction and pass the information to unauthorized user.

Trojan horse problem:  There are a high level user A and a low level user B in the system, and a table T which only A can read. Suppose B is malicious and give a Trojan horse program to A which on the surface does some useful work. Now A runs the program, but without the notice of A, the program reads T and writes the content to another table T�� which B can read. Thus the information in T is leaked to unauthorized user B.

Mandatory (MAC):

Mandatory (MAC) policies control access based on mandated regulations determined by a central authority.

MAC (mandatory access control) which protects data against Trojan horse
   Bell-LaPadula model

   each subject or object has a security level: Top Secret, Secret, Confidential, Unclassified (TS>S>C>U)

   Read-down: a subject S has read access to an object O if and only if  level(S) >= level (O);

   Write-up:     a subject S has write access to an object O if and only if  level(S) <= level (O);

   How it fixes Trojan horse problem:  if T�� has high security level, then B can not read it; if it has low security level, the Trojan horse program, which has the same high security level as A, cannot write it.

Role-based (RBAC):

Role-based (RBAC) policies control access depending on the roles that users have within the system and on rules stating what accesses are allowed to users in given roles.

RBAC introduce the notion role: access rights are specified between objects and roles; a user is associated with one or many roles. Roles can be viewed as a set of actions and responsibilities with a particular working activity.