Notes - MCS
Identification, Authentication and Authorization
Notes - MCS
Identification, Authentication and Authorization
  • Identification, Authentication and Authorization
  • Access Control Models
    • Access types
    • Least privilege principle
    • Access control models
      • Access control kinds
    • Access control kinds
    • Separation of duties
    • Segregation of duties
    • Information flow models
    • Multilevel security
    • Windows mandatory integrity control
    • Clark-Wilson Integrity Model
  • OAuth 2.0 Authorization Framework
    • Goal
    • Roles (RFC 6749)
    • Communication endpoints
    • Application (client)
    • OAuth tokens
    • OAuth flows
      • Code flow
      • Implicit flow
      • Resource owner password flow
      • Client credentials flow
    • Proof Key for Code Exchange (PKCE, RFC 7636)
    • Device authorization grant (RFC 8628)
    • Actual protocol flow
  • Linux Security Mechanisms
    • Mechanisms
    • Linux management privileges
    • Privilege Elevation
    • Capabilities
    • Files extended attributes (xattr)
    • File capabilities
    • Capability transfer across exec
    • Control groups (cgroups)
    • Linux Security Modules (LSM)
    • AppArmor
    • Confinement
  • Authentication Protocols
    • Identity attributes
    • Authentication
    • Authentication interactions
    • Authentication of people
      • Biometrics
      • Token-based OTP generators
      • PAP & CHAP (RFC 1334, 1992, RFC 1994, 1996)
      • S/Key (RFC 2289, 1998)
      • GSM
    • Host authentication
    • Service/server authentication
    • TLS (Transport Layer Security, RFC 8446)
    • SSH (Secure Shell, RFC 4251)
    • Single Sign-On (SSO)
    • Authentication metaprotocols
    • Authentication services
    • Key distribution services
  • PAM (Pluggable Authentication Modules)
    • Motivation
    • PAM
    • PAM APIs
    • Orchestration of PAM actions
    • Module invocation
    • Configuration files
    • PAM orchestration files
    • Scenario 1 – Local authentication
    • Scenario 2 – LDAP auth with local backoff
    • Scenario 3 – MS AD auth with local backoff
  • FIDO and FIDO2 framework
    • FIDO (Fast Identity Online) Alliance
    • Universal 2nd Factor (U2F) protocol
    • WebAuthn
    • Client to Authenticator Protocol (CTAP)
    • Passkeys
  • Authentication with Trusted Third Parties / KDCs
    • Shared-key authentication
    • Key Distribution Center (KDC) concept
    • Kerberos
  • Identity Management
    • Digital Identity
    • Identity Manager (IdM)
    • Identity Provider (IdP)
    • Authoritative source
    • Identity claim
    • Approachs
    • Credential
    • Privacy issues
    • Verifiable credential (VC)
    • Self-Sovereign Identity (SSI)
    • Interoperability
    • eIDAS
  • Anonymity and Privacy
    • Privacy
    • IEEE Digital Privacy Model
    • Privacy with computing technology
    • Privacy and companies
    • Privacy and IAA
    • Identification
    • Authentication
    • Anonymity
    • Microdata privacy issues
    • Microdata privacy enhancing
    • L-Diversity
Powered by GitBook
On this page
  • Addresses information integrity control
  • Terminology
  • Certification and Enforcement
  • Rules
  1. Access Control Models

Clark-Wilson Integrity Model

Addresses information integrity control

  • Uses the notion of transactional data transformations.

  • Separation of duty: transaction certifiers ≠\ne= implementers.

Terminology

Data items

Constrained Data Item (CDI).

  • Can only be manipulated by TPs.

Unconstrained Data Item (UDI).

Integrity policy procedures

  • Integrity Verification Procedure (IVP).

    • Ensures that all CDIs conform to the integrity specification.

  • Transformation Procedure (TP).

    • Well-formed transaction.

      • Take as input a CDI or a UDI and produce a CDI.

    • Must guarantee (via certification) that transforms all possible UDI values to “safe” CDI values.

Certification and Enforcement

Integrity assurance.

  • Certification.

    • Relatively to the integrity policy.

  • Enforcement.

Two sets of rules.

  • Certification Rules (C).

  • Enforcement Rules (E).

Rules

Basic rules

  • C1: when an IVP is executed, it must ensure that all CDIs are valid.

  • C2: for some associated set of CDIs, a TP must transform those CDIs from one valid state to another.

  • E1: the system must maintain a list of certified relations and ensure only TPs certified to run on a CDI change that CDI.

Separation of duty (external consistency)

  • E2: the system must associate a user with each TP and set of CDIs. The TP may access CDIs on behalf of the user if authorized.

  • C3: allowed user-TP-CDI relations must meet “separation of duty” requirements

Identification gathering

  • E3: the system must authenticate every user attempting a TP (on each attempt).

Audit trail

  • C4: all TPs must append to a log enough information to reconstruct operations.

UDI processing

  • C5: a TP taking a UDI as input may only perform valid transactions for all possible values of the UDI. The TP will either accept (convert to CDI) or reject the UDI.

Certification constraints

  • E4: only the certifier of a TP may change the associated list of entities.

Last updated 1 year ago