Access Control Mechanism

Abstraction

Anderson(2008) explained that access control is the mechanism that can be implemented in any system to enable certain authority to control access to certain resources. The function of such mechanism is to ensure and control which principals (e.g. machines, people, or processes) have access to which resources within any system (e.g. which program they can execute, how they share such data, or which files they can read). The following are some example of such implementations:

  • The access control mechanism can be implemented through a complex security policy within any application to provide users with certain rules and restrictions that can be different from one user to another and based on their roles within an organization.

 

  • Applications that are written to use a middleware such as database management systems, where the front-end functionalities, and the users’ access to such functionalities can be restricted based on certain access rules implemented within the database that can be enforced within the application. With such applications, the middleware will be responsible to enforce such rules.

 

  • Operating systems are constructed with the implementation of access control mechanism that can restrict users from accessing certain system files, and resources unless they have the right permissions to do so.

When the access control is implemented within a system, it behaves as a mediator that control every request to the resources and data maintained by a system and as such; it determines if such request should be granted or denied. Such access control decision is enforced by a mechanism of regulations established by a security policy. It’s imperative for any computing system to protect its data and resources against unauthorized access to maintain secrecy and integrity and as such; enforcing protection to the system resources is highly required to ensure that only authorized accesses can take place (Bershad and Grimm, 2001).

JVM Sandbox mechanism

Sandbox (Access control mechanism) provided to the users to be able to download Java applet without having to be worried about the code execution that might violate the security policy on the user’s machine. JVM Sandbox mechanism provided the restricted environment that can prevent the Java applet to access the user’s local hard drive and other resources, and to only allow the communication of such code with the host where it came from. To achieve such implementation, the Java Virtual Machine (JVM) was constructed to have only limited access rights through the Sandbox mechanism in any user’s machine to access resources (Anderson, 2008).

With JVM running in a secured Sandbox environment, it guarantees the separation of the application service and security.  Also, the implementation of the Sandbox in JVM ensures that the Java application will not interfere with other applications performance and scalability (e.g. writes data to the local file system or spawns threads). With such mechanism in place, JVM can execute any Java code that can only work within the restrictions of the Sandbox (Anderson, 2008).

Advantages & Disadvantages

  • Malicious Java binaries that are used to exploit the vulnerabilities of JVM can be eliminated by the JVM sandbox restrictions. However such implementations have a performance overhead caused by security configuration (Fleisch and Song, 2007).

 

  • Java binary (Java applets and application programs) security is ensured by the JVM security mechanisms which include sandbox models, a type-safe language, bytecode verifiers, and security managers (Fleisch and Song, 2007).

 

  • With the flaws and bugs found in JVM implementation (e.g. Microsoft Virtual Machine, was found to allow Java applets to write access to the Java security manager), it is imperative for any organization to follow the security upgrades required to prevent such vulnerabilities. However, the discrepancy among users where JVM is implemented on each user’s machine; often creates difficulties in upgrading security patches for all users (Fleisch and Song, 2007).

 

  •  Useful functionalities with the JVM often have to be disabled to prevent critical security threat from happening (e.g. Java binary’s network access might be disabled to prevent security threat) (Fleisch and Song, 2007).

Access-matrix model

Access Control Matrix is an abstract of the computer security model that is used for computer protection through an access rights to computer resources. The theory behind implementing such model is the assumption that computer system is consists of a set of objects that need to be protected. Such security model is consists of two dimensional matrix of protection where there is rows/columns represent the objects within the system. Within such access matrix, the access rights are defined among objects (e.g. read, write, execute and so forth) (Benantar, 2006).

With implementing the Access-matrix model within a system, the protection state of any system can be defined through the privileges possessed by specific object. Such security system provides a framework that defines the dynamics of the protection state of such system (Sandhu, 1992).

Access-control model provides specific constrains that can restrict users from what they can do within any system and also restrict the program execution on behalf of the system’s users to access system resources within the limit defined by the Access-Control-Matrix model. The purpose of such model is to limit the actions or the operations that an authorized user can perform within the system. It defines the access rules of authenticated users where the assumption that is made by such model where authentication is verified successfully prior enforcing the access control rules (Samarati and  Sandhu, 1994).

Advantages & Disadvantage

  • Access-Matrix control model can be a base ground for any permissions access control system; that can be used to apply protection since the model is used as an abstract model of permissions (Sandhu, 1992).

 

  •  Access-Matrix control model provide the flexibility required for users to specify how other users can access the system resources (Sandhu, 1992).

 

  • The model has a fundamental flaw called Discretionary Access Control (DAC) where it’s vulnerable to Trojan Horses, where such virus can modify the protection state without explicit instructions from the system user (Sandhu, 1992).

 

  • Access-control is not a complete solution since it must be coupled with an auditing system (technique) that can analyze the requests and activities of user within the system (Samarati and Sandhu, 1994).

 

  • Auditing system that is coupled with Access-control model can be useful in determining flaws in the security model and also ensure that users are not misused their privileges within the system (Samarati and Sandhu, 1994).

Proof-carrying code mechanism

Proof-carrying code is another mechanism that provides the program code that can be executed on the user’s machine with proof that such code will not break or breach any security policy implemented on the user machine. With such mechanism the overhead of interpreter such as JVM that can be eliminated to overcome any speed penalty in executing any program (Anderson, 2008).

Proof-Carrying code (PCC) use a technique that allows the host of untrusted-code to establish a safety rules that can guarantee the safe behaviour of such code, by using proof validator. With such validator, the host can validate that the foreign code can be trusted (Necula and Lee, 1997).

Necula and Lee (1997) explained that there are many security issues and problems related to host security when it comes to solving such problems with untrusted-code that is required to execute on the host and some of these issues are:

  • How to ensure the damage to the host of such code can be prevented.
  • How the host can ensure that such untrusted-code will not use too much of the system resources during the execution (e.g. memory, CPU time, and so forth).
  • The effect of the untrusted-code on the system performance since the security measures taken to protect the system can degrade the system performance.

Advantages & Disadvantages

  • Proof-Carrying code (PCC) can safely allow users to download code that can be implemented within the operating system kernel that can be safely used once it passes the PCC check where performance of such system can be improved (Necula and Lee, 1997).

 

  • Proof-Carrying code (PCC) burden on securing the system is shifted to the code producer where the safety of such code has to pass the PCC check before it is used (Necula and Lee, 1997).

 

  • The host system will have a simple easy-to-use checking process that can guarantee the safety execution of untrusted-code. Such proof checker improves the host performance since complex interpreters or compilers are not required on the host (Necula and Lee, 1997).

 

  • Any modification by a malicious code or accidental change, will lead to a result that the proof checker is no longer valid and downloaded programs (Untrusted-code) will be rejected (Necula and Lee, 1997).

 

  • Proof-Carrying code (PCC) is compatible with the security of the untrusted-code and it is used to check the intrinsic properties of such code and as such; no trusted third party is required for proof checking (Necula and Lee, 1997).

Conclusion

The most of the attacks that happened to the system and applications occur at all levels where the exploitation of bugs and security gaps are used. The most important function of access control is to limit the amount of damage that might happen to any system due to principals’ error (e.g. users, groups, or programs) or malicious code (Anderson, 2008).

Access control is implemented with the system to enforce certain rules that can be used to grant or deny requests. Such implementation is established through a mechanism that maintains the security policy that protects systems’ resources and data (Anderson, 2008).

Finally, it’s imperative for systems to be protected against an authorized access by enforcing protection through rules implemented by access control mechanism.

References

Anderson, R. (2008) Security Engineering. 2nd ed. IN: Wiley Publishing, Inc.

Benantar, M. (2006)  Access Control Systems : Security, Identity Management and Trust Models [Online]. Available from:http://books.google.ca/books?id=dpjsXA5SPPwC&pg=PA147&lpg=PA147&dq=access+matrix+model&source=bl&ots=VHH-xmaq4F&sig=Sybm6XmfHg7BfHqUntQtO-KgNhI&hl=en&ei=isfdTKbWO4WglAezg5TdDQ&sa=X&oi=book_result&ct=result&resnum=2&ved=0CBsQ6AEwATge#v=onepage&q=access%20matri&f=false (Accessed: 13 November 2010).

Bershad, B. & Grimm, R. (2001) Separating Access Control Policy, Enforcement, and Functionality in extensible Systems [Online]. Available from: http://www.cs.washington.edu/homes/bershad/Papers/tocs01.pdf (Accessed:  13 November 2010).

Fleisch, B. & Song, Y. (2007) ‘Utilizing Binary Rewriting for Improving End-Host Security’, Parallel and Distributed Systems, IEEE Transactions on, IEE Computer Society, pp. 1687-1699, IEEE Journal [Online]. Available from: http://ieeexplore.ieee.org.ezproxy.liv.ac.uk/stamp/stamp.jsp?tp=&arnumber=4359394 (Accessed: 13 November 2010).

Necula, G. & Lee, P.  (1997) ‘Research on proof-carrying code for untrusted-code security’, Security and privacy, 1997. Proceedig., 1997 IEEE, IEE Computer Society, pp. 204, IEEE Journal [Online]. Available from: http://ieeexplore.ieee.org.ezproxy.liv.ac.uk/stamp/stamp.jsp?tp=&arnumber=601335 (Accessed: 13 November 2010).

Sandhu, R. (1992) The Typed Access Matrix Model [Online]. Available from: http://ieeexplore.ieee.org.ezproxy.liv.ac.uk/stamp/stamp.jsp?tp=&arnumber=213266&tag=1 (Accessed: 13 November 2010).

Samarati, P. & Sandhu, R. (1994) Access Control: Principles and Practice [Online]. Available from:http://ieeexplore.ieee.org.ezproxy.liv.ac.uk/stamp/stamp.jsp?tp=&arnumber=312842&tag=1 (Accessed: 13 November 2010).

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: