Foundations of Computer SecurityLecture 11: Access Control PoliciesDr. Bill YoungDepartment of Computer SciencesUniversity of Texas at AustinLecture 11: 1 Access Control PoliciesAccess Control PoliciesThe Bell and LaPadula Model is an example of an Access ControlPolicy. This is a popular way of conceptualizing and implementingsecurity.The basic idea is to introduce rules that control what accesses(i.e., actions) subjects may take with respect to objects.Lecture 11: 2 Access Control PoliciesAside: MAC vs. DACSpecifically, BLP is a mandatory access control system, asdistinguished from a discretionary system.Mandatory Access Controls (MAC): rules are enforced on everyattempted access, not at the discretion of any systemuser;Discretionary Access Controls (DAC): rule enforcement may bewaived or modified by some users.What that means for BLP is that no access is ever allowed unlessit satisfies the Simple Security Property and *-Property.Contrast that with Unix file protection system; Unix implementsDAC since file protections can be modified by a file’s owner.Lecture 11: 3 Access Control PoliciesAccess Control MatrixIn general, any access control policy can be represented by anaccess control matrix (ACM). Given all subjects and objects in thesystem, the matrix shows explicitly what accesses are allowed foreach subject/object pair.object1. . . objectksubject1Ai, Aj∅. . .subjectnAlAi, AmLecture 11: 4 Access Control PoliciesBLP Access Control MatrixSuppose we had a BLP system with exactly three subjects andobjects with the given labels. Suppose also that H > L.SubjectsLevel Objects LevelSubj1 (H, {A, B, C }) Obj1 (L, {A, B, C })Subj2 (L, {}) Obj2 (L, {})Subj3(L, {A, B}) Obj3 (L, {B, C })The following is the associated access control matrix.Obj1 Obj2 Obj3Subj1 R R RSubj2 W R, W WSubj3 W R -Lecture 11: 5 Access Control PoliciesAccess Control MatrixAs with any access control policy, you could define an ACM for alarge Bell and LaPadula system. However, the matrix would behuge for most realistic systems.The matrix is implicit in the rules (Simple Security and the*-Property), so access permissions can be computed on the fly.Lecture 11: 6 Access Control PoliciesLessonsBLP is an example of a class of policies called “access controlpolicies.”BLP is also an example of a mandatory policy in that therules are enforced on every attempted access.Any access control policy can be modeled as an explicitmatrix.Next lecture: Lattice-based Security and the BLP MetapolicyLecture 11: 7 Access Control
View Full Document