Difference between revisions of "Access Control"

From MgmtWiki
Jump to: navigation, search
(Problems)
(Problems)
Line 9: Line 9:
 
==Problems==
 
==Problems==
 
Security boundaries seem to be mixing two security features which basically describes why cross-site scripting attacks are so common. The basic rule is this - Don't mix control messages with data messages. The two rules are:
 
Security boundaries seem to be mixing two security features which basically describes why cross-site scripting attacks are so common. The basic rule is this - Don't mix control messages with data messages. The two rules are:
# Bell–LaPadula model focuses on data confidentiality (privacy - hashtag#MAC)
+
# Bell–LaPadula model focuses on data confidentiality (privacy - MAC = Mandatory Access Control)
# Biba Integrity Model is for the protection of data integrity (control - hashtag#MIC)
+
# Biba Integrity Model is for the protection of data integrity (control - MIC = Mandatory Integrity Control)
 
Applying both rules means that no security boundary should be crossed without clear permission to do so. And a security policy that allows data flow (MAC) should not allow control flow (MIC).
 
Applying both rules means that no security boundary should be crossed without clear permission to do so. And a security policy that allows data flow (MAC) should not allow control flow (MIC).
 
So, security boundaries need to distinguish between the two.
 
So, security boundaries need to distinguish between the two.

Revision as of 10:58, 14 November 2024

Full Title or Meme

Authorization of Access to a Resource is the primary end goal for nearly all Identity Management.

Context

There are a variety of reasons to limit access to a resource on the web. The primary ones are:

  1. Embarrassment - there are some things we just don't want others to know about us.
  2. Financial - there are some things that we want to make a profit from releasing.

Problems

Security boundaries seem to be mixing two security features which basically describes why cross-site scripting attacks are so common. The basic rule is this - Don't mix control messages with data messages. The two rules are:

  1. Bell–LaPadula model focuses on data confidentiality (privacy - MAC = Mandatory Access Control)
  2. Biba Integrity Model is for the protection of data integrity (control - MIC = Mandatory Integrity Control)

Applying both rules means that no security boundary should be crossed without clear permission to do so. And a security policy that allows data flow (MAC) should not allow control flow (MIC). So, security boundaries need to distinguish between the two.

  • As a side note Microsoft Vista hashtag#UAC (user access control) is not a boundary of any sort, it is a UX that applies policy to override MAC. (I wrote the spec.)
  • It is the rainbow books that described MAC & MIC rules.

Solutions

In general the wiki page on Authorization deals with Access Control in an Identity Management ecosystem.

In the following cases Access Control is addressed independently from Identity Management.

Also note that the use of Verifiable Credentials can be tied to a one-time or Pseudonym thus avoiding any Identity Management between the holder and the verifier.

Access Control Encryption

or ACE is a scheme for using attribute encryption to acquire access.[1]

References

  1. Made Sedaghat +1, Cross-Domain Attribute-Based Access Control Encryption in Cryptology and Network Security Springer ISBN 9783030925475

Other Material