Access Controls

Exploring Ways to Securely Manage Access

Gregory M. Kapfhammer

November 11, 2024

Key computer computer security tasks?

• Authentication: Confirm the identity of a user
• Authorization: Control access to resources
• Accounting: Track usage of resources

• Reminders:
  • Must effectively offer all features in a system!
  • Both hardware and software must be secure!

Least Privilege Principle

• Principle: Only permit necessary access
• Resources: Processes, programs, user accounts
• Benefits: Reduces attack surface, limits malware spread
• Compliance: Easier audits, limited Internet access

• Key Questions:
  • What do you prefer more secure or easy-to-use?
  • What are principles to striking the right balance?

Multi-Factor Authentication (MFA)

• Definition: Two or more identification components
• Categories: Username, password, token codes, biometrics
• Popular Products: Google Authenticator, Authy, RSA IDs

• Concrete examples of multi-factor authentication:
  • Password and fingerprint scan
  • Password and security token
  • Password and facial recognition
• Benefits and drawbacks of multi-factor authentication?

Authenticating a Person

• Three main strategies for authentication:
  • Authentication based on what you know
  • Authentication based on what you have
  • Authentication based on what you are
  • Each of these are an identification factor

• In-Class Discussion
  • What is an example of each type of authentication?
  • What are the strengths and weaknesses of each type?

What comes next after authentication?

• Provide authorization for both users and administrators
• Attach an identity to processes and resources
• Define access control lists (ACLs) for resources
• Enforce permissions for users and groups

Authorization Models

• MAC: Mandatory Access Control
  • High security, complex implementation
• DAC: Discretionary Access Control
  • Flexible, owner-controlled, less secure
• RBAC: Role-Based Access Control
  • Role-based, flexible, common
• ABAC: Attribute-Based Access Control
  • Attribute-based, flexible, rule-based

What are the similarities and differences between sudo and su?

• Similarities:
  • Execute commands with elevated privileges
  • Require authentication to gain elevated privileges

Let’s explore the detailed differences between sudo and su!

Using the sudo and su Commands

• Differences:
  • Usage:
    • sudo: Executes a single command with superuser privileges. Example: sudo apt update.
    • su: Switches to the superuser account or another user account. Example: su or su - username.
  • Scope:
    • sudo: Limited to the command being executed
    • su: Provides privileges to a shell until exit

How do we manage multiple users who need to securely use an operating system?

• User account
• Group accounts
• Privileged accounts
• Service accounts

Identity Management

• Privileged Identity Management (PIM)
  • Purpose: Granular access control
  • Features: Better reporting, anomaly detection
• Privileged Access Management (PAM)
  • Purpose: Safeguard identities, advanced capabilities
  • Usage: Common in Linux, temporary privilege escalation
• Identity and Access Management (IAM)
  • Framework: Manages digital identities
  • Functions: User database, access privileges, groups/roles

Unix File Permissions

• Design: Owner (or “user”), group, all users (or “others”)
• Permissions: Read (1), Write (2), Execute (4)
  • Example: Read + Execute = 5 = (1 + 4)
• chmod Command: Set permissions
  • Format: chmod 710 <filename>
  • 710: Owner (7), Group (1), Others (0)
• chown Command: Change owner/group
  • Format: chown <owner>.<group> <filename>
  • Note: Group optional

Understanding Permissions

Illustrating Unix File Permissions

• Source: Access Controls Chapter of Computer Systems Security: Planning for Success
• Although concepts are consistent, different versions of Linux/Unix may use slightly different approaches

Access Control Lists

drwxr-xr-x    - gkapfham users 31 Oct 07:27 .git
drwxr-xr-x    - gkapfham users  2 Sep 18:16 .github
.rw-r--r-- 2.4k gkapfham users  2 Sep 18:23 .gitignore
drwxr-xr-x    - gkapfham users 29 Oct 12:48 .quarto
drwxr-xr-x    - gkapfham users 12 Sep 07:54 _extensions
drwxr-xr-x    - gkapfham users 16 Sep 11:34 _freeze
drwxr-xr-x    - gkapfham users  2 Sep 18:16 _include
.rw-r--r--  125 gkapfham users  2 Sep 19:17 _publish.yml
.rw-r--r-- 1.8k gkapfham users 18 Sep 20:27 _quarto.yml
drwxr-xr-x    - gkapfham users 31 Oct 07:30 _site
drwxr-xr-x    - gkapfham users 18 Sep 21:35 css
drwxr-xr-x    - gkapfham users  2 Sep 18:43 icons
drwxr-xr-x    - gkapfham users  2 Sep 18:47 images
.rw-r--r-- 5.4k gkapfham users 28 Oct 21:21 index.qmd
drwxr-xr-x    - gkapfham users 30 Oct 09:16 projects
.rw-r--r--  247 gkapfham users  3 Sep 09:08 README.md
drwxr-xr-x    - gkapfham users 29 Oct 07:27 schedule
drwxr-xr-x    - gkapfham users 31 Oct 07:30 slides
drwxr-xr-x    - gkapfham users 29 Oct 15:12 syllabus

Where does the operating system store an access control list?

Access Control List Storage

• Linux: Extended attributes
• Windows: NTFS file system
• macOS: HFS+ file system

• Important Considerations:
  • Security: ACLs must be protected
  • Performance: ACLs can slow down file access
  • Maintenance: Regularly review and update ACLs

Who are the users on your laptop?

root:x:0:0:System administrator
messagebus:x:4:4:D-Bus system message bus daemon user
polkituser:x:28:995:PolKit daemon
cups:x:36:20:CUPS printing services
lightdm:x:78:78:Light Display Manager
systemd-coredump:x:151:993:Core dump user
systemd-network:x:152:152:Network management daemon
systemd-resolve:x:153:153:Resolver daemon
systemd-timesync:x:154:154:Time synchronization daemon
nm-openvpn:x:217:217:Virtual Private Network user
fwupd-refresh:x:992:991:Firmware update daemon
systemd-oom:x:993:992:Systemd Out Of Memory user
rtkit:x:994:994:RealtimeKit daemon for audio
nixbld1:x:30001:30000:Nix build user 1

• Wow, there are many users on a NixOS system!
• What are the purposes of these users?
• Who created these users and what are their permissions?

How do we securely manage access to network resources?

• Authentication: Verifying the identity of a user
• Login: Establishing a user session
• Single Sign-On (SSO): One identity provider, many services

Network Access Management

Single Sign-On (SSO)

• Purpose: One identity provider for multiple services
• Benefits: Simplifies user management, enhances security
• Protocols: SAML, OpenID, OAuth

OpenID and OAuth

• OpenID: Decentralized, multiple IDPs
  • OpenID Connect (OIDC): Modern, REST API
• OAuth: Allows websites to access user profile parts
  • Usage: Often part of authentication protocols

SAML Details

• Definition: Security Assertion Markup Language
• Workflow:
  • User accesses service
  • Redirect to SAML IDP with request
  • User logs in, credentials verified
  • SAML IDP sends credentials to service
• Benefits:
  • Centralized identity provider
  • Single sign-on for multiple services

What are the benefits of using SSO and SAML?

• Benefits of SSO:
  • Simplifies user management
  • Enhances overall security
  • Reduces password fatigue

What are examples of software systems that use SSO?

In addition to providing software security, we must also maintain physical security!

• Physical Access: Protect buildings, contents, and data
• Complements: Enhance effectiveness of technical controls

Physical Access

• Importance: Protect buildings, contents, and data
• Risk: Technical controls bypassed if physical security fails

• Quick Examples:
  • Gates, biometrics, key cards, proximity cards
• Let’s explore biometrics and cards in more detail!

Biometrics

• Definition: Identify based on physical traits
• Advantages: Convenient, hard to steal/impersonate
• Types:
  • Physiological (e.g., fingerprints or iris)
  • Behavioral (e.g., voice, signature)

• Discussion Questions:
  • What are the risks associated with biometrics?
  • What are the ethical considerations for using biometrics?

Key Cards

• Usage: Access to rooms
• Types: Magnetic stripes, RFID, NFC
• Risks: Skimming, cloning attacks
• Mitigation: Monitor areas, educate users

• Discussion Questions:
  • What are the benefits and drawbacks of using key cards?
  • How can you prevent attackers from cloning key cards?
  • How should you educate users about key card use?

How do we evaluate the trade-offs of different authentication and authorization solutions?

Evaluation Metrics in Security

• Precision
  • Equation: TP / (TP + FP)
  • High precision: few false positives
• Recall
  • Equation: TP / (TP + FN)
  • High recall: few false negatives
• Accuracy
  • Equation: (TP + TN) / (TP + FP + TN + FN)
  • Overall correctness of the system
• F1-Score
  • Equation: 2 * (Precision * Recall) / (Precision + Recall)
  • Balance between precision and recall

Evaluation Metrics: Precision

Evaluation of a Biometric-based Authentication System

• True Positives (TP): 80
• False Positives (FP): 10
• True Negatives (TN): 90
• False Negatives (FN): 20

\[\begin{equation} \text{Precision} = \frac{TP}{TP + FP} \end{equation}\] \[\begin{equation} \text{Precision} = \frac{80}{80 + 10} = \frac{80}{90} \approx 0.89 \end{equation}\]

Evaluation Metrics: Recall

Evaluation of a Biometric-based Authentication System

• True Positives (TP): 80
• False Positives (FP): 10
• True Negatives (TN): 90
• False Negatives (FN): 20

\[\begin{equation} \text{Recall} = \frac{TP}{TP + FN} \end{equation}\] \[\begin{equation} \text{Recall} = \frac{80}{80 + 20} = \frac{80}{100} = 0.80 \end{equation}\]

Evaluation Metrics: Accuracy

Evaluation of a Biometric-based Authentication System

• True Positives (TP): 80
• False Positives (FP): 10
• True Negatives (TN): 90
• False Negatives (FN): 20

\[\begin{equation} \text{Accuracy} = \frac{TP + TN}{TP + FP + TN + FN} \end{equation}\] \[\begin{equation} \text{Accuracy} = \frac{80 + 90}{80 + 10 + 90 + 20} = \frac{170}{200} = 0.85 \end{equation}\]

Evaluation Metrics: F1-Score

Evaluation of a Biometric-based Authentication System

• True Positives (TP): 80
• False Positives (FP): 10
• True Negatives (TN): 90
• False Negatives (FN): 20

\[\begin{equation} \text{F1-Score} = 2 \times \frac{\text{Precision} \times \text{Recall}}{\text{Precision} + \text{Recall}} \end{equation}\] \[\begin{equation} \text{F1-Score} = 2 \times \frac{0.89 \times 0.80}{0.89 + 0.80} = 2 \times \frac{0.712}{1.69} \approx 0.84 \end{equation}\]

Does the F1-Score accurately measure the effectiveness of a security solution?

• What is more important?
  • Precision: Few false positives
  • Recall: Few false negatives

Summary of Access Control

Key Concepts

Security Layers

• Least privilege principle
• Authorization models
• Identity & access management

Evaluation Metrics

• FP, TP, TN, FN
• Precision, recall, accuracy
• F1-score balances metrics

Best Practices

Implementation

• Multi-factor authentication
• Network access management
• Single-sign-on solutions

Exploration

• Compare security options
• Don’t “roll your own” auth
• Understand key trade-offs