34 (1).docx

Full Transcript

Access Control Who issues request What is requested Policies whether to accept request 2 Management steps Authentication Authorization Access requester is called subject/principal which can be a user or non user entity managed by a system as an identity. Reference Monitor, monitor of access policies IdM System Access Control Models Discretionary Access Control (DAC) - The owner of an object defines the access control rules, based on his/her own discretion. Mandatory Access Control (MAC) - A central body sets mandatory access control rules regarding who can access what and under which conditions. Role-Based Access Control (RBAC) - Access control rules are mapped to (centrally defined) roles. Attribute-Based Access Control (ABAC) - Access control rules are based on (centrally defined) entity attributes. Risk-based Access Control (RAC) - Access control rules are mapped to (centrally defined) risk levels of access requests. ⇒ Can work seamlessly with risk-based authentication. - …, hybrid models (like MFA for authentication) FIM is separation of authorization and authentication. Authentication between users and providers and authorization between users and service providers. Users and providers don’t trust each other/users. Usability part of Security CIA triad PAIN – Privacy, Availability, Integrity, Non repudiation Parkerian Hexad – Utility Usefulness NIST Special Publication (SP) 800-27 Engineering Principles for Information Technology Security (A Baseline for Achieving Security), Revision A (2004) 33 principles 4 in security foundations 7 risk based 4 about ease of use (usability) Where possible, base security on open standards for portability and interoperability. Use common language in developing security requirements. Design security to allow for regular adoption of new technology, including a secure and logical technology upgrade process. Strive for operational ease of use. 8 about resilience 6 about reducing vulnerability 4 about network NIST SP 800-160 Vol. 1 Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems (2016): 32 principles 18 about Security Architecture and Design 10 about Security Capability and Intrinsic Behaviors Continuous Protection, Secure Failure and Recovery, Secure Metadata Management, Economic Security, Self-Analysis, Performance Security, Accountability and Traceability, Human Factored Security, Secure Defaults, Acceptable Security 4 about Life Cycle Security NIST SP 800-160 Vol. 1 Rev. 1 Engineering Trustworthy Secure Systems (2022) – “Building trustworthy, secure systems cannot occur in a vacuum with stovepipes for software, hardware, information technology, and the human element (e.g., designers, operators, users, attackers of these systems). Rather, it requires a transdisciplinary approach to protection, a determination across all assets where loss could occur, and an understanding of adversity, including how adversaries attack and compromise systems.” - “Adversities can include attacks from determined and capable adversaries, human errors of omission and commission, accidents and incidents, component faults and failures, abuses and misuses, and natural and human-made disasters.” - “Protective measures that are provided by the human in the system” - Human factors are more spread across the document, rather than in stated principles. OECD Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security (2002): 9 principles - Awareness; Responsibility; Response; Ethics; Democracy; Risk Assessment; Security Design and Implementation; Security Management; Reassessment OECD Recommendation on Digital Security Risk Management for Economic and Social Prosperity (2015): 8 principles - Awareness, skills and empowerment; Responsibility; Human rights and fundamental values; Co-operation; Risk assessment and treatment cycle; Security measures; Innovation; Preparedness and continuity Usability in International Standards : SO 9241 Ergonomics of human-system interaction - ISO 9241-11:2018 Usability Definitions and Concepts: - Usability (narrow sense): “the extent to which a system, product or service can be used by specified users to achieve specified goals with effectiveness, efficiency and satisfaction in a specified context of use” - Effectiveness: “the accuracy and completeness with which users achieve specified goals” - Efficiency: “the resources used in relation to the results achieved” (time, human effort, money and materials) - Satisfaction: “the extent to which the user’s physical, cognitive and emotional responses that result from use of a system, product or service meet user's needs and expectations SO standards (ISO/TC 159/SC 4) - ISO 9241 Ergonomics of human-system interaction - ISO 9241-11:2018 Usability Definitions and Concepts: - Usability + Other outcomes of use = Human-centred quality (Usability in a broader sense) – Accessibility: Meeting the widest range of user needs (e.g., needs of the disabled people) in diverse contexts of use - User experience: “a person’s perceptions and responses that result from the use and/or anticipated use of a system, product or service” (focus more on individual experience) - Satisfaction (in usability) focuses more on collective goals. - Avoidance of harm from use: “negative outcomes that could arise from inappropriate forms of interaction or inappropriate outputs” - One example: “Lack of trust, security or privacy” Security can be argued as part of usability. - Part of effectiveness: A security system is not effective if it does not provide a sufficient level of security. - Part of satisfaction: You will not be satisfied if a security system does not provide a sufficient level of security. - Part of avoidance of harm from use: A security system tries to avoid some security-related harm(s). - ⇒ There is not always a clear cut between the two! In our context, let us remove security from usability so we can talk about the two separately. - Usability (for us) = Usability (ISO sense) – Security Thinking out of the ISO 9241-11:2018 box: - Flexibility / Adaptability / Manageability / Reconfigurability / Scalability / Sustainability / … - A computer system should be flexible enough to adapt to the environment and the users’ needs, easy to manage, easy to set up and (re)configure, easy to scaled up or down, easy to sustain for a longer term, … - Resilience / Robustness / Recoverability / Fault Tolerance / … - A computer system should be resilient and robust enough to attacks, system failures and errors, and can recover easily to support continuity of use, … Security-usability dilemma Security is often NOT what users want , users want their work done and they don’t know what security really means! Security often requires users to make HARD decisions, but they do NOT have enough time or experience! Higher security often requires more computation. ⇒ Higher costs, slower process, more difficult to understand and use, user’s tendency to misuse (intentional or unintentional), … Large systems involve many components and different groups of users. ⇒ Requirements of different components and users may conflict. - Different aspects of security may conflict with each other as well, which further complicate the problem.