The path to growth of cissp (25): Data Access Control Method

 

In the previous article "distributed access control methods" on the path to the Development of cissp, j0ker introduced several distributed access control methods used to control user resource access. In practical applications, we often need to perform more detailed access control on data and information. For example, enterprises need to allow financial departments to access the detailed financial reports of enterprises in the first half of this year, however, at the same time, access from other departments should be rejected. The centralized or distributed access control method previously introduced is not suitable for this scenario. At this time, we need to use the following data access control methods.

In the previous article "distributed access control methods" on the path to the Development of cissp, j0ker introduced several distributed access control methods used to control user resource access. In practical applications, we often need to perform more detailed access control on data and information. For example, enterprises need to allow financial departments to access the detailed financial reports of enterprises in the first half of this year, however, at the same time, access from other departments should be rejected. The centralized or distributed access control method previously introduced is not suitable for this scenario. At this time, we need to use the following data access control methods.

In the CBK of cissp, five data access control methods are most commonly used: independent access control (DAC) and Mandatory Access Control (MAC) role-Based Access Control (RBAC), content-based access control (CBAC), and Fixed Interface Access Control (constrained interface Access Control, CIAC ). J0ker will introduce these data access control methods one by one in this article and the next article:

Autonomous Access Control: An access control method that controls access to files and other system resources based on user IDs and/or user groups, because it is mainly based on user identification and permission allocation, the allocation of user permissions is implemented by the data owner, therefore, we usually think that DAC is also an Access Control Method Based on access policies, which is also the biggest difference between DAC and the Mac mentioned below. In practice, autonomous access control is usually implemented through access control matrix (ACM) and access control list (ACL:

We know that in computer and network systems, the most data and information organization is based on file structure, that is, data and information are stored in files, files are classified into different folders according to certain classification rules. The organization of data and information allows us to easily determine the access permissions of a user on the information of a collection (file or folder). At the same time, what Access Permissions does other users have for this information set? In most operating systems and network systems, the following data access permissions are often set:

Table 1: Common Data access permission settings

Permission description

Users with no permission or null permission cannot access specified files and resources.

Read (r) users can read specified files and resources, but cannot perform change operations

Write (w) users can perform write operations on specified files and resources, such as editing.

Run (execute, x) The user can execute the specified program

Delete (d) users can delete specified files and resources.

Change (c) users can read, write, and delete specified files and resources, but cannot change their access permission settings.

Full Control (f) Users Have Full permissions on specified files and resources, and can read, write, delete, execute, and change the resource access permission settings.

The most important feature of autonomous access control is resource ownership. In some operating systems, the data creator is the data owner by default. In addition to full control of the data, the data owner can also set the data access control permissions. If a user is not the owner of the specified data, then, he can only operate on the data object at most, but cannot modify the access control settings of the data object. In some organizations, the system administrator is the owner of all files by default, and the system administrator assigns all access permissions to users in the Organization. The main drawback of this policy is that the system administrator may have too many permissions, understanding too much information he should not have understood. Therefore, sharing control with access permissions can improve data security to a certain extent.

The form of autonomous access control in the operating system and network system is the access control matrix and access control list. The relationship between each user and each access target is listed in a matrix, the user is a row and the access target is a column. The intersection of each row is the user's permission to access the target. It is a simple access control matrix example:

Table 2: Access control matrix example

Mary's folder Bob's folder Bruce's folder printer 01

Mary completely controls write and write execution

Bob fully controls write execution

Bruce has no permission to write and fully control the execution.

Sally has no permission, no permission, no permission

If the number of users and data is very large, the system needs to maintain a huge access control matrix. When multiple users initiate access requests at the same time, this will cause a great deal of resource sales to the system. Because autonomous access control is determined based on the user identity, we can set some users to allow access to a certain data, the system requires that the system only judge whether the user has permissions based on the user's permitted list when the data is accessed. This is the principle of the access control list. The access control list can be viewed as a simplified version of the access control matrix, providing a simpler way to control access to specific data by one or more users.

Mandatory Access Control: mandatory access control is an access control method used in systems that process highly sensitive data. Like autonomous access control, mandatory access control is also a policy-based access control method. The most notable feature of mandatory access control is that a security identifier is required for all visitors (users, programs, etc.) and all resources (files, data, and devices) in the system, when a visitor requests to access a resource, the system compares the security levels of the visitor and the resource. Only when the visitor meets the security policy requirements can the visitor access the resource. The division of security levels and the control of security levels are defined in the design document for implementing mandatory access control. Is a simple example of implementing mandatory access control:

　　

Figure 1: simple example of force Access Control

Let's analyze the features of force access control. It uses security labels to determine whether visitors can access a certain resource. Because the security policies of an organization define the security labels, the Organization's system administrator and information owner jointly maintain the deployment of mandatory access control, and the system administrator deploys and maintains mandatory access control measures. The information owner is responsible for assigning security labels to information, and authorize users who can access the resource. Like autonomous access control, to access a resource, the user must be authorized by the resource owner (marking the appropriate security label for the resource ), however, mandatory access control also requires users to use the system's additional control measures based on user tags. In this regard, the security of mandatory access control is better than that of autonomous access control.

We will use a simple example to illustrate how forced access control works: in an organization, the security level ranges from low to high to three levels, which are public, employees, and managers. If the security level of a file named report.doc is employee, all users marked as employees and managers in the Organization can access this file, and guests of the organization (marked as Public) the file cannot be accessed. Even if this file is submitted by a manager-level user, the file can be accessed as long as the user authorizes the file to the employee level, as long as the user is at or above the employee level, this also reflects the information owner authorization feature of mandatory access control.

Another important purpose of force access control is to control information from other systems for input or output to other systems. Unauthorized access may occur due to the input and output operations of information, for example, a document marked as a secret is output on an insecure printer. Therefore, information systems that process highly sensitive information often use mandatory access control to limit how information is input and output.

　　

Role-Based Access Control (RBAC ):

In many large organizations and enterprises, the formulation and implementation of data access control policies often depend on the roles of users who require access in the enterprise. For example, financial personnel of the company can only access financial data, but cannot access human resources files. This access control method is called role-based access control (RBAC. Similarly, a role-based access control policy defines the permissions that a user can perform operations on data based on the user's role-determined and authorized by the enterprise security policy. Therefore, before using the role-based access control method, you also need to set the role attributes for all data and visitors in the organization so that the access control system can receive the access request, the access is allowed or denied based on the comparison of the role attributes of the visitor and the accessed data.

This is also the biggest difference between Role-Based Access Control and autonomous and forced Access Control described by j0ker. It is a role-based access control access policy, it is not set by the system administrator or user (Autonomous Access Control), nor by the data owner (Mandatory Access Policy) according to the Organization's security policies ). Role-Based Access Control needs to consider how to restrict the user's operations on certain information to protect information integrity.

Ease of management is the biggest benefit of Role-Based Access Control. After an Access Policy (also called a role) is set, the system administrator can easily add or remove users from a role, this allows the user to operate data based on the permissions of the role. For example, after a company recruits a new employee, the system administrator only needs to add the new employee to the corresponding role, and the new employee can work according to his/her permissions. After the employee resigned from the company, the administrator can delete all permissions of the resigned employee by removing the user from the role and disabling the user.

Capability tables: A Role-Based Access Control method used to control user permissions in the backend. A capability table stores the protection tags of user operations on specific data. A capability table is usually displayed as an authorization table. It consists of three parts: visitor, data, and access permission. the columns in the capability table describe the access permission of all the data in the table, the capability table column describes access control and access permissions granted to specific data by visitors according to their permissions. Is a simple example of a capability table:

　　

Database Access Control:

With the wide application of database technology in enterprises, the concept of data is not just as simple as storing files in enterprise systems or networks. Enterprise databases also store a lot of valuable information, such as user account information stored in the Bank database and patient information stored in the database of medical institutions. Because the storage and organization of the data are different from the standard file directory form, the traditional file access control method cannot be directly applied to the database. Currently, the access control mode for databases consists of two parts: Connection Control. Before you connect to the database, you need to perform specific user authentication; the second is to control which data in the database can be accessed by the user, which can be achieved by controlling the user's data view. Although the access control for databases uses many basic technologies in the access control CBK, more things about database security are mentioned in the next CBK-application security, j0ker will be introduced in more detail at that time.

Content-Based Access Control:

Content-based access control is a more advanced and more detailed access control method than based on file directories and data. Its control policy depends on the data content of the accessed object, before using Content-Based Access Control, you must provide the following key attributes:

Basic information of the target to be accessed

To improve the effectiveness of access control, you sometimes need to add an additional tag to the target to be accessed. The content of the target to be accessed also needs to be reviewed.

Record the content and compare it with another target that meets the existing policy

A tool that can implement Content-based access control, such as a program that uses dictionary word checks.

One of the most common content-based examples is the classification system for Internet websites. By classifying and marking various types of websites, user Programs can easily restrict or allow access to certain types of websites. For example, in many enterprises, you are not allowed to access entertainment websites during work hours. Enterprise administrators only need to set policies to prohibit access to websites marked as "Entertainment. Currently, the Internet website classification adopts the Internet Content Selection platform (PICs) standard released by the W3C Council. All programs that support the pics standard can be set according to the pics of the Internet website, to control Website access.

Mandatory User Interface (constrained User Interface): it is also a widely used access control method. The principle of user interface control is to restrict functions, information, and interfaces that can be accessed by users through user interfaces and interfaces to control the access capability of visitors to specific resources. For example, we often see that the gray in the application cannot click the button, which is a mandatory user interface. In addition, the automatic query machine distributed throughout the public query site is also an application instance that forces the user interface, it uses a fixed interface to restrict users to access and query specific content only.