Systems: Access Control
Topics and Goals
- Lampson’s “gold” standard techniques
- Authentication, Authorization, Audit
- Goal: Identify mechanisms for achieving each
- Goal: Distinguish between authentication & authorization
- Authorization mechanisms
- Goal: Explain different mechanisms
- Goal: Compare & contrast
- Understand a basic logic for reasoning about authorization
“Gold” Standard
- Three core princples for reasoning about secure systems:
- Authentication: Who is it?
- Authorization: What can they do?
- Audit: What happened?
Principles of Access Control
- What are the three components of an access control model?
- How does UNIX compare to AFS?
- How do we interpret an access matrix?
- How does Discretionary access control compare with Mandatory access control?
- When should we use one vs. the other?
- How do access control lists (ACLs) work?
- How do capabilities work?
- ACLs vs. capabilities
- How do they compare in expressive power?
- When should we use one vs. the other?
AAA on the Web
- Authentication
- Certifying public keys
- Why are CAs necessary?
- What trust assumptions do we make about them?
- What is a certificate and how is it used?
- Why are CAs necessary?
-
What is a root key store?
-
What’s the difference between a DV certificate and an EV certificate?
- What happens if a CA is malicious or careless?
- Certifying public keys
- Audit
- What are the key roles in certificate transparency (CT)?
- Why is it important the the logs are append-only?
- What can CT do to improve the PKI and what problems does it not (directly) solve?
- What are the key roles in certificate transparency (CT)?
- Authorization
- Why is web authorization different from authentication?
- What kinds of authorization problems do we need to solve?
- What policy (should) address these problems?