Unit 5 - Cloud Security
Cloud Security
Cloud Security
Cloud security ensures data and applications are readily available to authorized users.
It is a collection of procedures and technology designed to address external and internal threats to business security.
Data should be adequately protected against tampering and eavesdropping as it transits networks inside and external to the cloud, using encryption, service authentication, and network-level protections.
Organizations need cloud security as they move toward their digital transformation strategy and incorporate cloud-based tools and services.
Security Challenges
Lack of visibility: It's easy to lose track of data access, especially with cloud services accessed outside corporate networks or through third parties.
Multitenancy: Public cloud environments house multiple client infrastructures, creating a risk of collateral damage from attacks targeting other businesses.
Access management and shadow IT: Administering access restrictions can be challenging in cloud environments compared to on-premises systems.
Types of Cloud Security Solutions
Identity and Access Management (IAM):
Creates digital identities for all users for active monitoring and restriction during data interactions.
Data Loss Prevention (DLP):
Uses remediation alerts, data encryption, and other preventative measures to protect all stored data, whether at rest or in motion.
Prevents sensitive data from being lost, stolen, or inappropriately accessed.
Security Information and Event Management (SIEM):
Helps organizations collect, analyze, and correlate security data from various sources, enabling real-time threat detection and response.
Business Continuity and Disaster Recovery:
Provides organizations with the tools, services, and protocols necessary to expedite the recovery of lost data and resume normal business operations.
Seven Complementary Principles
CIA Triad: Confidentiality, Integrity, Availability.
Additional Cloud Security Services: Authentication, Authorization, Auditing, Accountability.
The CIA triad is a common model that forms the basis for the development of security systems.
Encryption
Encryption techniques safeguard data so that even if an attacker gains access, they will not be able to decrypt it.
Cloud Computing Software Security Fundamentals
Designing security into cloud software during the software development life cycle can greatly reduce the cloud attack surface.
Security investment is often not aligned with actual risks; 84\% of all cyber attacks happen on the application layer.
Newer security models such as identity and access management (IAM) need to be coded right into applications.
The use of APIs, including public and private cloud services within applications, means developers must come up with approaches and enabling technology to secure these services.
Cloud Security Domains by CSA (Cloud Security Alliance)
Information Lifecycle Management: Cloud provider policies and processes for data retention and destruction.
Application Security: IaaS, PaaS, and SaaS create differing trust boundaries for the software development lifecycle.
Storage: Data destruction is extremely difficult in a multi-tenant environment; strong storage encryption should render data unreadable when storage is recycled, disposed of, or accessed outside authorized applications.
Cloud Information Security Objectives
Secure Software Design Principles as the Fundamental Basis for Software Assurance
Security Myths and Misconceptions
"This cannot happen to me, only important or rich people are targeted."
"Install this security application and you will be fine."
"I do not need security programs because I do not access unsafe locations."
"I set some strong and complex passwords to my accounts, so I will be OK."
"I only open e-mails from my friends, so I should be fine."
"I do not have important information or sensitive data on my system. Why should I worry?"
Software Assurance
Software Assurance is defined as:
“the basis for gaining justifiable confidence that software will consistently exhibit all properties required to ensure that the software, in operation, will continue to operate dependably despite the presence of sponsored (intentional) faults.''
“the level of confidence that software functions as intended and is free of vulnerabilities, either intentionally or unintentionally designed or inserted as part of the software.”
Three Properties for Secure Software (DACS)
Dependability: Software that executes predictably and operates correctly under a variety of conditions, including when under attack or running on a malicious host.
Trustworthiness: Software that contains a minimum number of vulnerabilities or no vulnerabilities or weaknesses that could sabotage the software’s dependability and is resistant to malicious logic.
Survivability (Resilience): Software that is resistant to or tolerant of attacks and has the ability to recover as quickly as possible with as little harm as possible.
Introduction to IDAM
The simplest form of identity management is logging on to a computer system with a user ID and password.
For Cloud Computing, it requires more robust authentication, authorization and access control.
It should determine what resources are authorized to be accessed by a user or process by using technology such as biometrics or smart cards.
It should determine when a resource has been accessed by unauthorized entities.
Identity Management
Identification is the act of a user professing an identity to a system, usually in the form of a username or user logon ID to the system.
Identification establishes user accountability for the actions on the system.
User IDs should be unique and not shared among different individuals.
User IDs should follow set standards in large organizations, such as first initial followed by last name and so on. An ID should not reflect the user’s job title or function.
Authentication
It is a verification that the user’s claimed identity is valid.
It is usually implemented through a user password at logon.
Based on the three factor types:
Type 1 — Something you know, such as a personal identification number (PIN) or password.
Type 2 — Something you have, such as an ATM card or smart card.
Type 3 — Something you are (physically), such as a fingerprint or retina scan.
Sometimes a fourth factor, something you do, is added to this list.
Two-factor authentication requires two of the three factors to be used in the authentication process.
For example, withdrawing funds from an ATM machine requires two-factor authentication in the form of the ATM card (something you have) and a PIN number (something you know).
Passwords
Because passwords can be compromised, they must be protected.
“one-time password,” or OTP, provides maximum security because a new password is required for each new logon.
Static password - A password that is the same for each logon.
Dynamic password - changes with each logon.
The passwords are required to be changed.
Passphrases
A passphrase is a sequence of characters that is usually longer than the allotted number for a password.
The passphrase is converted into a virtual password by the system.
Using a passphrase can help secure your account better than a password. Think of a sentence or phrase and then add or substitute numbers or special characters for some of the letters to strengthen it. Example: "My car is blue" becomes your password as "Mycari5b!u3". This is a very secure password and can be easy for you to remember.
Implementing Identity Management
Establishing a database of identities and credentials
Managing users’ access rights
Enforcing security policy
Developing the capability to create and modify accounts
Setting up monitoring of resource accesses
Installing a procedure for removing access rights
Providing training in proper procedures
Cloud Computing Risk Issues
Seven Complementary Principles that Support Cloud Software Assurance
CIA triad of Information System Security – Confidentiality – Integrity – Availability
Additional Cloud Security Services – Authentication – Authorization – Auditing – Accountability
Information Security
INTEGRITY
AVAILABILITY
CONFIDENTIALITY
Confidentiality
Confidentiality refers to the prevention of intentional or unintentional unauthorized disclosure of contents.
Loss of Confidentiality - Examples:
Intentional release of private company information
Misapplication of network rights.
Ensuring Confidentiality
Network security protocols
Network authentication services
Data encryption services
Encryption in Cloud Systems
Encryption - Scrambling messages so that they cannot be read by an unauthorized entity, even if they are intercepted.
The amount of effort (work factor) required to decrypt the message is a function of the strength of the encryption key and the robustness and quality of the encryption algorithm.
Encryption in flight, or the need to secure data as it flows from system to system. In some instances, this is where data is most vulnerable.
Encryption at rest, or data as it sits in a storage subsystem. This includes data that exists in raw storage, or in a database.
Encryption in use, or data that an application accesses and manipulates. Data services let you access data in use through layers of abstraction. Whether the data is in use or not, the same security requirements always exist.
Integrity
Integrity is the guarantee that the message sent is the message received and that the message is not intentionally or unintentionally altered.
Loss of Integrity
An intentional attack to change information. (Example: a website defacement)
Unintentional (data is accidentally altered by an operator).
Ensuring Integrity
Firewall services
Communications security management
Intrusion detection services
Integrity is the characteristic of not having been altered by an unauthorized party
An important issue that concerns data integrity in the cloud is whether a cloud consumer can be guaranteed that the data it transmits to a cloud service matches the data received by that cloud service
Integrity can extend to how data is stored, processed, and retrieved by cloud services and cloud-based IT resources
Availability
Availability refers to the elements that create reliability and stability in networks and systems.
It ensures that connectivity is accessible when needed, allowing authorized users to access the network or systems.
It includes the guarantee that security services for the security practitioner are usable when they are needed.
Availability is the characteristic of being accessible and usable during a specified time period
In typical cloud environments, the availability of cloud services can be a responsibility that is shared by the cloud provider and the cloud carrier
The availability of a cloud-based solution that extends to cloud service consumers is further shared by the cloud consumer
It tends to include areas that are traditionally not thought of as pure security (such as guarantee of service, performance, and up time), yet are obviously affected by breaches such as a denial-of-service (DoS) attack.
Ensuring Availability
Fault tolerance for data availability, such as backups and redundant disk systems
Acceptable logins and operating process performance
Reliable and interoperable security processes and network security mechanisms
Threats
A threat is simply any event that, if realized, can cause damage to a system and create a loss of confidentiality, availability, or integrity.
Threats can be malicious, such as the intentional modification of sensitive information, or they can be accidental — such as an error in a transaction calculation or the accidental deletion of a file.
Vulnerability
A vulnerability is a weakness in a system that can be exploited by a threat.
Reducing the vulnerable aspects of a system can reduce the risk and impact of threats on the system.
Example: A password-generation tool reduces the chance that users will select poor passwords (the vulnerability) and makes the password more difficult to crack (the threat of external attack).
Common Threats
Eavesdropping
Fraud
Theft
Sabotage
External attack
Eavesdropping
Data scavenging, traffic or trend analysis, social engineering, economic or political espionage, sniffing, dumpster diving, keystroke monitoring, and shoulder surfing are all types of eavesdropping to gain information or to create a foundation for a later attack.
Eavesdropping is a primary cause of the failure of confidentiality.
It consists of the unauthorized interception of network traffic.
Passive eavesdropping: Covertly monitoring or listening to transmissions that are unauthorized by either the sender or receiver.
Active eavesdropping: Tampering with a transmission to create a covert signaling channel or actively probing the network for infrastructure information.
Common Threats (contd.)
Fraud: Examples of fraud include collusion, falsified transactions, data manipulation, and other altering of data integrity for gain.
Theft: Examples of theft include the theft of information or trade secrets for profit or unauthorized disclosure, and physical theft of hardware or software.
Sabotage: Sabotage includes denial-of-service (DoS) attacks, production delays, and data integrity sabotage.
External attack:
Examples: Malicious cracking, scanning, and probing to gain infrastructure information; demon dialing to locate an unsecured modem line; the insertion of a malicious code or virus.
Common Types of Attacks
Logon Abuse
Inappropriate System Use
Eavesdropping
Network Intrusion
Denial-of-Service (DoS) Attacks
Session Hijacking Attacks
Fragmentation Attacks
Logon Abuse
Logon Abuse refers to legitimate users accessing services of a higher security level that would normally be restricted to them.
Unlike network intrusion, this type of abuse focuses primarily on those users who might be legitimate users of a different system or users who have a lower security classification.
Masquerading is the term used when one user pretends to be another user, such as an attacker socially engineering passwords from an Internet Service Provider (ISP).
Inappropriate System Use
Refers to the non-business or personal use of a network by otherwise authorized users, such as Internet surfing to inappropriate content sites (travel, pornography, sports, and so forth).
Network Intrusion
It refers to the use of unauthorized access to break into a network primarily from an external source.
Unlike a logon abuse attack, the intruders are not considered to be known to the company.
Most common hacks belong to this category.
Also known as a penetration attack, it exploits known security vulnerabilities in the security perimeter.
Piggy-backing, in the network domain, refers to an attacker gaining unauthorized access to a system by using a legitimate user’s connection. A user leaves a session open or incorrectly logs off, enabling an unauthorized user to resume the session.
Denial-of-Service (DoS) Attacks
Use of some of the following techniques to overwhelm a target’s resources:
Filling up a target’s hard drive storage space by using huge e-mail attachments or file transfers.
Sending a message that resets a target host’s subnet mask, causing a disruption of the target’s subnet routing.
Using up all of a target’s resources to accept network connections, resulting in additional network connections being denied.
Session Hijacking Attacks
Unauthorized access to a system.
An attacker hijacks a session between a trusted client and network server.
The attacking computer substitutes its IP address for that of the trusted client and the server continues the dialog, believing it is communicating with the trusted client.
Hijacking attacks include IP spoofing attacks, TCP sequence number attacks and DNS poisoning.
Fragmentation Attacks
IP fragmentation attacks use varied IP datagram fragmentation to disguise their TCP packets from a target’s IP filtering devices.
A tiny fragment attack occurs when the intruder sends a very small fragment that forces some of the TCP header field into a second fragment. If the target’s filtering device does not enforce minimum fragment size, this illegal packet can then be passed on through the target’s network.
An overlapping fragment attack is another variation on a datagram’s zero-offset modification. Subsequent packets overwrite the initial packet’s destination address information, and then the second packet is passed by the target’s filtering device.
Other Types of Attacks
Back-Door
Spoofing
Man-in-the-Middle
Replay
TCP Hijacking
Social Engineering
Dumpster Diving
Password Guessing
Trojan Horses and Malware
Back-Door
A back-door attack takes place using dial-up modems or asynchronous external connections.
The strategy is to gain access to a network through bypassing of control mechanisms.
Spoofing
Intruders use IP spoofing to convince a system that it is communicating with a known, trusted entity in order to provide the intruder with access to the system.
IP spoofing involves alteration of a packet at the TCP level, which is used to attack Internet-connected systems that provide various TCP/IP services.
The attacker sends a packet with an IP source address of a known, trusted host instead of its own IP source address to a target host.
Man-in-the-Middle
This attack involves an attacker A, substituting his or her public key for that of another person P.
Then, anyone desiring to send an encrypted message to P using P’s public key is unknowingly using A’s public key. Therefore, A can read the message intended for P. A can then send the message on to P, encrypted in P’s real public key and P will never be the wiser.
Obviously, A could modify the message before resending it to P.
Replay
The replay attack occurs when an attacker intercepts and saves old messages and then tries to send them later, impersonating one of the participants.
One method of making this attack more difficult to accomplish is through the use of a random number or string called a nonce.
For example, if Bob wants to communicate with Alice, he sends a nonce along with the first message to Alice. When Alice replies, she sends the nonce back to Bob, who verifies that it is the one he sent with the first message. Anyone trying to use these same messages later will not be using the newer nonce.
Another approach to countering the replay attack is for Bob to add a timestamp to his message. This timestamp indicates the time that the message was sent. Thus, if the message is used later, the timestamp will show that an old message is being used.
TCP Hijacking
In this type of attack, an attacker steals, or hijacks, a session between a trusted client and network server.
The attacking computer substitutes its IP address for that of the trusted client, and the server continues the dialog believing it is communicating with the trusted client.
Social Engineering
This attack uses social skills to obtain information such as passwords or PIN numbers to be used against information systems.
For example, an attacker may impersonate someone in an organization and make phone calls to employees of that organization requesting passwords for use in maintenance operations.
Examples of Social Engineering Attacks:
E-mails to employees from a cracker requesting their passwords to validate the organizational database after a network intrusion has occurred.
E-mails to employees from a cracker requesting their passwords because work has to be done over the weekend on the system.
E-mails or phone calls from a cracker impersonating an official who is conducting an investigation for the organization and requires passwords for the investigation.
Dumpster Diving
Dumpster diving involves the acquisition of information that is discarded by an individual or organization.
Discarded information may include technical manuals, password lists, telephone numbers, credit card numbers and organization charts.
In order for information to be treated as a trade secret, it must be adequately protected and not revealed to any unauthorized individuals.
Password Guessing
Because passwords are the most commonly used mechanism to authenticate users to an information system, obtaining passwords is a common and effective attack approach.
Trojan Horses and Malware
A Trojan is a type of malware that is designed to gain access to a computer by disguising itself as a legitimate file or program. Trojans can be used to steal personal information, install other forms of malware, or take control of a victim’s machine.
Trojan horses hide malicious code inside a host program that seems to do something useful.
Once these programs are executed, the virus, worm, or other type of malicious code hidden in the Trojan horse program is released to attack the workstation, server or network or to allow unauthorized access to those devices.
Trojans are common tools used to create back doors into the network for later exploitation by crackers.
Active Attacks
An active attack is a network exploit in which attacker attempts to make changes to data on the target or data en route to the target.
Reasons for Cyber Attacks
Information Theft and Manipulation
Financial Loss
Damaging the Reputation
Creating Chaos and Disruption
Demanding Ransom
Business Disruption
Achieving Military Objectives
Propagating Religious Beliefs
Types of Cyber Attacks
Denial of service (DDoS)
Malware Attack
Man in the Middle
Phishing
Eavesdropping
SQL injection
Password Attack
Social Engineering
Types of Computer Security
Cybersecurity
Network Security
Application Security
Information Security
Operational Security
Disaster Recovery and Business Continuity
End-user Education
Biometrics
An alternative to using passwords for authentication in logical or technical access control is biometrics.
Biometrics is based on the Type 3 authentication mechanism — something you are.
Biometrics Measurement
Three main performance measures in biometrics:
False rejection rate (FRR) or Type I Error: The percentage of valid subjects that are falsely rejected.(fails to grant access to an authorized person.)
False acceptance rate (FAR) or Type II Error: The percentage of invalid subjects that are falsely accepted.(unauthorised persons are incorrectly accepted.)
Crossover error rate (CER): The percentage at which the FRR equals the FAR. The smaller the CER, the better the device is performing.(describes the overall accuracy of a biometric system.Also known as equal error rate)
In addition to the accuracy of the biometric systems, other factors must be considered, including enrollment time, throughput rate, and acceptability.
Enrollment time
Enrollment time is the time that it takes to initially register with a system by providing samples of the biometric characteristic to be evaluated.
Throughput rate
The throughput rate is the rate at which the system processes and identifies or authenticates individuals. (The rate at which a biometric device can scan and authenticate subjects.)
Acceptable throughput rates are in the range of 10 subjects per minute.
Acceptability
Acceptability refers to considerations of privacy, invasiveness and psychological and physical comfort when using the system. Cultural issues: the acceptability denotes the way how. users perceive the biometric system and interact with it. Acceptability is highly dependent of the culture of users.
For example, a concern with retina scanning systems might be the exchange of body fluids on the eyepiece. Another concern would be disclosing the retinal pattern, which could reveal changes in a person’s health, such as diabetes or high blood pressure.
Biometric characteristics
Biometric characteristics that are used to uniquely authenticate an individual’s identity:
Fingerprints
Retina scans
Iris scans
Hand geometry
Voice
Handwritten signature dynamics
Iris scans — A video camera remotely captures iris patterns and characteristics. CER values are around 0.5\%.
Fingerprints Fingerprint characteristics are captured and stored. Typical CERs are 4-5\%.
Retina scans — The eye is placed approximately two inches from a camera and an invisible light source scans the retina for blood vessel patterns. CERs are approximately 1.4\%.
Hand geometry
Cameras capture three-dimensional hand characteristics. CERs are approximately 2\%. IR Recognition Systems.
Voice — Sensors capture voice characteristics, including throat vibrations and air pressure, when the subject speaks a phrase. CERs are in the range of 10\%.
Handwritten signature dynamics — The signing characteristics of an individual making a signature are captured and recorded. Typical characteristics including writing pressure and pen direction. CERs are not published at this time.
Other types of biometric characteristics include facial and palm scans.
The CIA triad
Confidentiality, Integrity and Availability. The CIA triad is a common model that forms the basis for the development of security systems.
They are used for finding vulnerabilities and methods for creating solutions.
CIA Triad - Confidentiality
Same Key
Plaintext Encryption Ciphertext Decryption Plaintext
How Hashing Ensures Data Integrity
CIA Triad - Integrity
Modifications are not made to data by unauthorized personnel or processes.
Data must not be changed in transit, and steps must be taken to ensure data cannot be altered by unauthorized people
Unauthorized modifications are not made to data by authorized personnel or processes.
The data is internally and externally consistent — the internal information is consistent both among all sub-entities and with the real-world, external situation.
CIA Triad - Availability
Availability ensures the reliable and timely access to cloud data or cloud computing resources by the appropriate personnel.
Availability guarantees that the systems are functioning properly when needed.
Guarantees that the security services of the cloud system are in working order.
Threat against availability – Example: denial-of-service attack
The reverse of Confidentiality, Integrity and Availability (CIA) is Disclosure, Alteration and Destruction (DAD)
Virtualization Security
VM security by Firewall, anti-virus and anti-spyware
Anti-virus Anti-Spyware
Inbound/Internet Traffic Inbound/Internet Traffic
Inbound/Internet Traffic Firewall
Outbound traffic Cloud
Protecting VM Workloads
Initial Hardening
Ongoing Security Measures
Creation Time
Patch Management
Vulnerability Scanning
Detection & Response
Operations
Policies & Desired State
Network Security
Identity & Access Management
Backup & Business Continuity
Hardening
Remove unnecessary software
Remove unneeded services
Alter default accounts
Use the principle of least privilege
Apply updates
Implement logging and auditing
Virtual Threats
Inherent threats to all computerized systems (such as denial-of-service attacks), are also the general threats to virtualized systems.
Other threats and vulnerabilities, however, are unique to virtual machines.
Many VM vulnerabilities stem from the fact that a vulnerability in one VM system can be exploited to attack other VM systems or the host systems, as multiple virtual machines share the same physical hardware.
Vulnerabilities in Virtualized Environments
Shared Clipboard
Keystroke Logging
VM Monitoring from the Host
Virtual Machine Monitoring from another VM
Virtual Machine Backdoors
Virtual Machine Monitoring from the Host
Because all network packets coming from or going to a VM pass through the host, the host may be able to affect the VM by the following:
Starting, stopping, pausing and restart VMs
Monitoring and configuring resources available to the VMs: CPU, memory, disk and network usage of VMs
Adjusting the number of CPUs, amount of memory, amount and number of virtual disks and number of virtual network interfaces available to a VM
Monitoring the applications running inside the VM
Viewing, copying and modifying data stored on the VM’s virtual disks
Virtual Machine Monitoring from another VM
Usually, VMs should not be able to directly access one another’s virtual disks on the host.
However, if the VM platform uses a virtual hub or switch to connect the VMs to the host, then intruders may be able to use a hacker technique known as “ARP poisoning” to redirect packets going to or from the other VM for sniffing.
Additional Cloud Security Services
Authentication
Authorization
Auditing
Accountability
Authentication
The testing or reconciliation of evidence of a user’s identity.
It establishes the user’s identity and ensures that users are who they claim to be.
Example: The computer system authenticates the user by verifying that the password corresponds to the individual presenting the user ID.
Authorization
Refers to rights and privileges granted to an individual or process that enable access to computer resources and information assets.
Once a user’s identity and authentication are established, authorization levels determine the extent of system rights a user can hold.
Auditing
A system audit is a one-time or periodic event to evaluate security.
Monitoring refers to an ongoing activity that examines either the system or the users, such as intrusion detection.
These methods can be employed by the cloud customer, the cloud provider, or both.
Audit Events
IT auditors typically audit the following functions:
System and transaction controls
Systems development standards
Backup controls
Data library procedures
Data center security
Contingency plans
Audit trail or log – A set of records that collectively provide documentary evidence of processing, used to aid in tracing from original transactions forward to related records and reports, and / or backward from records and reports to their component source transactions.
Audit logs should record the following:
The transaction’s date and time
Who processed the transaction
At which terminal the transaction was processed
Various security events relating to the transaction
In addition, an auditor should examine the audit logs for the following:
Amendments to production jobs
Production job reruns
Computer operator practices
All commands directly initiated by the user
All identification and authentication attempts
Files and resources accessed
Accountability
The ability to determine the actions and behaviors of a single individual within a cloud system and to identify that particular individual.
Audit trails and logs support accountability and can be used to conduct postmortem studies in order to analyze historical events and the individuals or processes associated with those events.
Accountability is related to the concept of nonrepudiation, wherein an individual cannot successfully deny the performance of an action.
Access Control
Access control is intrinsically tied to identity management and is necessary to preserve the confidentiality, integrity and availability of cloud data.
POLICIES related to access control;
Controls
Controls are implemented to mitigate risk and reduce the potential for loss.
Two important control concepts are separation of duties and the principle of least privilege.
Separation of duties requires an activity or process to be performed by two or more entities for successful completion.
Thus, the only way that a security policy can be violated is if there is collusion among the entities.
For example, in a financial environment, the person requesting that a cheque be issued for payment should not also be the person who has authority to sign the cheque.
Least privilege means that the entity that has a task to perform should be provided with the minimum resources and privileges required to complete the task for the minimum necessary period of time.
Control measures can be administrative, logical (also called technical) and physical in their implementation.
Administrative controls include policies and procedures, security awareness training, background checks, work habit checks, a review of vacation history and increased supervision.
Logical or technical controls involve the restriction of access to systems and the protection of information. Examples of these types of controls are encryption, smart cards, access control lists and transmission protocols.
Physical controls incorporate guards and building security in general, such as the locking of doors, the securing of server rooms or laptops, the protection of cables, the separation of duties and the backing up of files.
Controls provide accountability for individuals who are accessing sensitive information in a cloud environment.
Assurance procedures ensure that the control mechanisms correctly implement the security policy for the entire life cycle of a cloud information system.
In general, a group of processes that share access to the same resources is called a protection domain, and the memory space of these processes is isolated from other running processes.
Models for Controlling Access
Controlling access by a subject (an active entity such as an individual or process) to an object (a passive entity such as a file) involves setting up access rules.
These rules can be classified into three categories or models.
Mandatory Access Control
Discretionary Access Control
Nondiscretionary Access Control
Mandatory Access Control
Rule-based access control is a type of mandatory access control because rules determine this access (such as the correspondence of clearance labels to classification labels), rather than the identity of the subjects and objects alone.
Labels : classification on sensitivity of object
Military- unclassified, confidential , secret, top secret
Clearance levels of individuals
Need to know and needed for person’s task
Discretionary Access Control
An access control triple consists of the user, program, and file, with the corresponding access privileges noted for each user.
When a user within certain limitations has the right to alter the access control to certain objects, this is termed a user-directed discretionary access control.
Nondiscretionary Access Control
A central authority determines which subjects can have access to certain objects based on the organizational security policy.
The access controls might be based on the individual’s role in the organization (role-based) or the subject’s responsibilities and duties (task-based).
Context like location, time of day, access history..
Content like based on information contained in object
Tokens
Tokens, in the form of small, hand-held devices, are used to provide passwords.
Four basic types of tokens:
Static password tokens
Synchronous dynamic password tokens, clock-based
Synchronous dynamic password tokens, counter-based
Asynchronous tokens, challenge-response
Tokens
A static token would be a token that is always the same.
A dynamic token is a token that varies, like Google Authenticator two-factor tokens that change each 10 or whatever seconds.
Static Password Tokens
Owners authenticate themselves to the token by typing in a secret password.
If the password is correct, the token authenticates the owner to an information system.
Static passwords are reusable passwords that may or may not expire. They are typically user-generated and work best when combined with another authentication type, such as a smart card or biometric control. However, reliance solely on static passwords can lead to security vulnerabilities, especially if passwords are weak or exposed through phishing attacks.
When the attacker gets the static password of the user, he can use it within its lifetime.
Many people never change the password.
Then, the attacker can impersonate the user for an unlimited time.
It isn’t much better when an organization changes passwords every month. It still gives the attacker a lot of time to perform malicious actions.
Dynamic Password Tokens
One-time password (also called a dynamic password) should be randomly generated and is used only once.
When this password has already been used, it is useless for the attacker (replay attack is prevented).
The user doesn’t have to manage/remember one-time passwords.
The one-time password is generated by the token and presented to the user if he needs to authenticate.
Synchronous Dynamic Password Tokens, Clock-based
The token generates a new, unique password value at fixed time intervals that is synchronized with the same password on the authentication server (this password is the time of day encrypted with a secret key).
The unique password is entered into a system or workstation along with an owner’s PIN.
The authentication entity in a system or workstation knows an owner’s secret key and PIN and the entity verifies that the entered password is valid and that it was entered during the valid time window.
Synchronous Dynamic Password Tokens, Counter-based
The token increments a counter value that is synchronized with a counter in the authentication server.
The counter value is encrypted with the user’s secret key inside the token and this value is the unique password that is entered into the system authentication server.
The authentication entity in the system or workstation knows the user’s secret key and the entity verifies that the entered password is valid by performing the same encryption on its identical counter value.
Asynchronous Tokens, Challenge-Response
A workstation or system generates a random challenge string, and the owner enters the string into the token along with the proper PIN.
The token performs a calculation on the string using the PIN and generates a response value that is then entered into the workstation or system.
The authentication mechanism in the workstation or system performs the same calculation as the token using the owner’s PIN and challenge string and compares the result with the value entered by the owner. If the results match, the owner is authenticated.
Memory Cards
Memory cards provide nonvolatile storage of information, but they do not have any processing capability.
A memory card stores encrypted passwords and other related identifying information.
A telephone calling card and an ATM card are examples of memory cards.
Smart Cards
Smart cards provide even more capability than memory cards by incorporating additional processing power on the cards.
These credit-card-size devices comprise microprocessor and memory and are used to store digital signatures, private keys, passwords and other personal information.
Single Sign-On (SSO)
Single sign-on (SSO) addresses the cumbersome situation of logging on multiple times to access different resources.
When users must remember numerous passwords and IDs, they might take shortcuts in creating them that could leave them open to exploitation.
In SSO, a user provides one ID and password per work session and is automatically logged on to all the required applications.
SSO can be implemented by using scripts that replay the users’ multiple logins or by using authentication servers to verify a user’s identity and encrypted authentication tickets to permit access to system services.
Enterprise access management (EAM) provides access control management services to Web-based enterprise systems that include SSO.