Access Control - Resources
Saltzer and Schroeder Principles
A masterpiece.
The Protection of Information in Computer Systems, . Saltzer and Schroeder, Communications of the ACM 17, 7 (July 1974).
Although this paper is very old, it is striking that many of the ideas in the introduction (Section I-A) are still valid today. The following was written 50 years ago. It could very well have been written today.
In practice, producing a system at any level of functionality ... that actually does prevent all ... unauthorized acts has proved to be extremely difficult. ... Even in systems designed and implemented with security as an important objective, design and implementation flaws provide paths that circumvent the intended access constraints. Design and construction techniques that systematically exclude flaws are the topic of much research activity, but no complete method applicable to the construction of large general-purpose systems exists yet....
In the absence of such methodical techniques, experience has provided some useful principles that can guide the design and contribute to an implementation without security flaws. Here are eight examples of design principles that apply particularly to protection mechanisms.
I encourage everyone to read Section I-A-3: Design principles. Design principle 'C' is the core of access control today:
Complete mediation: Every access to every object must be checked for authority...
Example application
A superstar team of security and privacy experts has published in January 2024 an extremely insightful paper for analyzing (and strongly criticing) a technology being advocated by many police and intelligence agencies around the world for combating crime. They built many of their criticisms precisely on the fact that the proposed technology is in contrast with several of the design principles by Saltzer and Schroeder (first subsection of "CSS cannot be deployed safely").
Bugs in our pockets: the risks of client-side scanning Journal of Cybersecurity, January 2024.
Several other topics covered in our course are mentioned in their analysis. A really wonderful read also for everyone interested in privacy.
Access Control and ACL
- Linux file permissions explained
- Linux permissions: SUID, SGID, and sticky bit
- Windows Access Control Overview Warning: this is a huge and complex topic, with terminology often incoherent.
- How a process can change its account:
- Sudo Command in Linux. This site has a very nice Linux administration guide.
- A general, high-level discussion of the many flavors and facets of access control can be found in "Authentication, Authorisation & Accountability, Section 3 - Authorization" Knowledgebase – CyBOK v1.1.
Authentication
- ChatGPT: where are accounts defined in Linux and in Windows?
- ChatGPT: which are the predefind account groups in Linux and in Windows?
Active Directory and LDAP
- An Introduction to Manual Active Directory Querying with Dsquery and Ldapsearch
- All Active Directory attributes
- Using Lightweight Directory Access Protocol The topics in this section describe the steps a typical Lightweight Directory Access Protocol (LDAP) client application follows to interact with an LDAP server.
- Attacking Active Directory: 0 to 0.9 Nice description of many Windows topics, not necessarily related to attacks, including Active Directory, User Management, Access Rights and so on.