Access Control Technology for Data Security Protection

Data as an important carrier of information, its security issues in information security occupies a very important position. In order to be able to use the data safely and controlably, a variety of technical means are needed as a guarantee. These technical means generally include access control technology, encryption technology, data backup and recovery technology, system restoration technology and other technical means. This article focuses on access control technology, and other related technologies will be published in a follow-up article.

Data as an important carrier of information, its security issues in information security occupies a very important position. The confidentiality, availability, controllability and integrity of data are the main research contents of data security technology. Data confidentiality theory is based on cryptography, and availability, controllability and integrity of the data security is an important guarantee, no latter to provide technical support, and then strong encryption algorithm is also difficult to ensure data security. And data security is closely related to the technology are the following, each related but different.

1, access control: the technology is mainly used to control the user can enter the system and access to the system users can read and write data sets;
2, data flow control: the technology and user access to the distribution of data related to the data from the mandate to unauthorized diffusion range;
3, inference control: this technique can be used to protect the statistical database, the query to prevent confidential information by an inference query sequence designed;
4, data encryption: this technique is used to protect confidential information It is exposed when unauthorized transmission or storage;
5, data protection: the technology used to prevent accidental or malicious data has been destroyed, to ensure data integrity and availability.

In the above technology, access control technology occupies an important position, where 1), 2), 3) belong to the access control category. Access control technology mainly involves security model, control strategy, control strategy implementation, authorization and audit. The security model is the theoretical basis of access control, other technology is to achieve the security model of technical support.

1. Safety model

The security goal of an information system is to control and manage the subject’s access to the object through a set of rules, which are called security policies, and security policies that respond to the security requirements of information systems. The security model is the basis for the development of a security strategy. The security model refers to a formal approach to accurately describe the important aspects of security (confidentiality, integrity and availability) and its relationship to system behavior. The main purpose of establishing a security model is to improve the understanding of the key security requirements for successful implementation, as well as to find security strategies for confidentiality and integrity. The security model is an important basis for building system protection and an important basis for establishing and evaluating a secure operating system The

Since the 1970s, Denning, Bell, Lapadula and others have done a lot of theoretical research on information security, especially since the US Department of Defense issued a trusted computer evaluation standard “TCSEC” since 1985, the system security model has been extensively studied , And in a variety of systems to achieve a variety of security models. These models can be divided into two categories: one is the information flow model; the other is the access control model.

The information flow model mainly focuses on the control of the information transmission process between objects, which is a deformation of the access control model. It does not verify the subject’s access to the object, but tries to control the flow of information from one object to another, forcing it to determine whether the access operation is based on the security attributes of the two objects. The difference between the information flow model and the access control model is very small, but the access control model can not help the system to discover the hidden channel, and the information flow model can find the hidden channel in the system and find the corresponding countermeasures through the analysis of the information flow. The information flow model is an event or trail based model whose focus is the behavior that the system user sees. Although the information flow model has an advantage in the theoretical analysis of information security, so far, the information flow model can only provide less help and guidance for the concrete realization.

The access control model is a security system that describes the security system from the perspective of access control, mainly for the subject’s access to the object and its security control. Access Control The security model typically includes principals, objects, and reference monitors for access and verification of subsystems and control entities that identify and validate these entities. Often access control can be divided into autonomous access control (DAC) and mandatory access control (MAC). The autonomous access control mechanism allows the owner of the object to develop a protection policy for that object. Normally the DAC defines which entities are targeted to which objects can perform by authorizing the list (or access control list ACL). So it is very flexible to adjust the strategy. Because of its ease of use and scalability, autonomous access control mechanisms are often used in commercial systems. The current mainstream operating systems, such as UNIX, Linux and Windows operating systems provide autonomous access control. One of the biggest problems with autonomous access control is that the subject has too much authority to disclose information inadvertently and can not prevent the Trojan horse from attacking. The mandatory access control system assigns different security attributes to the subject and object, and these security attributes are not easily modified as ACLs. The system determines whether the subject can access the object by comparing the security attributes of the subject and the object. Mandatory access control can prevent Trojan horses and users from abuse, with higher security, but the cost of implementation is also greater, generally used in the security level requires relatively high military. With the continuous development and change of security requirements, autonomous access control and mandatory access control can not fully meet the demand, the researchers proposed a number of autonomous access control and mandatory access control alternative models, such as raster-based access control, rule-based access Control, role-based access control models, and task-based access control. One of the most notable is role-based access control (RBAC). The basic idea is to have a set of user sets and role sets in which a user is designated as a suitable role to access the system resources; in another environment, the user can be designated as another The role of access to additional network resources, each role has its corresponding permissions, the role of security control strategy is the core, can be layered, there is partial order, reflexive, transmission, anti-symmetry and other relations. Command-based access control has significant advantages over autonomous access control and mandatory access control: first, it is actually a policy-independent access control technology. Second, role-based access control has the ability to manage itself. In addition, role-based access control also facilitates the implementation of security policies for the entire organization or organization’s network information system. At present, role-based access control has been implemented in many security systems. For example, in the SmartSec (see “Implementation of the Document Security Encryption System”), server-side user management uses role-based access control to provide user management, security policy management, and so on A lot of convenience.

With the development of the network, the static security model and standard based on Host-Terminal environment can not fully reflect the distributed, dynamic and rapid development of Internet security. For the increasingly serious network security issues and increasingly prominent security needs, “adaptable network security model” and “dynamic security model” came into being. The dynamic network security theory model based on closed-loop control was gradually formed and developed rapidly in the 1990s. In December 1995, the US Department of Defense proposed a dynamic model of information security, that is, the protection-response ) Multi-link protection system, and later known as the PDR model. With the deepening of the application and research of the PDR model, the PDR model is integrated into the two components of Policy and Restore, and the security strategy is centralized.

PDR model is a dynamic security model based on closed-loop control and active defense. Under the control and guidance of the whole security policy, the use of detection tools (such as firewall, system authentication and encryption) Such as vulnerability assessment, intrusion detection systems) to understand and assess the security status of the system, the system adjusted to the “safest” and “risk the lowest” state. Protection, detection, response and recovery to form a complete, dynamic security cycle, under the guidance of security policies to ensure the safety of information.

2. Access control policy

Access control strategy, also known as security policy, is used to control and manage the subject of access to a series of rules, it reflects the information system security needs. The formulation and implementation of security policies are carried out around the relationship between subject, object and security control rules. In the formulation and implementation of security policy, the following principles are followed:

• Minimum Privilege Principle: The principle of minimum privilege is the principle that the subject performs the operation and assigns it to the subject according to the principle of minimizing the rights of the subject. The advantage of the minimum privilege principle is to limit the subject to the maximum extent possible, and to avoid the risk of emergencies, errors and unauthorized use of the subject.
• Minimum Leakage Principle: The minimum leakage principle refers to the principle that the subject is assigned to the subject’s power according to the principle of minimization of the information that the subject needs to know.
• Multi-level security policy: multi-level security policy refers to the main body and the object data flow and authority control in accordance with the security level of top secret, secret, confidential, limited and non-level five to divide. The advantage of multi-level security policy is to avoid the proliferation of sensitive information. An information resource with a security level can only be accessed by a person with a higher security level than he can.

The access control security policy has two implementations: identity-based security policy and rule-based security policy. The two currently used security strategies, they are based on the establishment of authorized acts. In terms of identity, identity-based security policies are equivalent to DAC security policies, and rule-based security policies are equivalent to MAC security policies.

2.1. Identity-based security policy

The purpose of identity-based security policy (IDBACP) is to filter the subject’s access to data or resources, and only those who can pass the certification are likely to use the object resources. Identity-based policies include individual-based and group-based policies. Identity-based security policies are typically implemented using a capability table or an access control list.

2.1.1 based on personal strategy

Person-based policy (INBACP) refers to a user-centric strategy, which consists of a set of lists that define which users can achieve for a particular object and which Operational behavior.

2.1.2 Group-based policies:

Group-based Access Control Policies are extensions based on individual policies, which mean that some users (constituting a security group) are allowed to access the same object using the same access control rules.

2.2. Rule-based security policy

Authorization in rules-based security policies typically relies on sensitivity. In a secure system, data or resources are marked with a security token (Token). On behalf of the user to carry out the process of activities can be obtained with their original security mark. Rule-based security policy in the realization of the system by comparing the user’s security level and the security level of the object resources to determine whether to allow users to access.

3. Access control implementation

Because security policies are composed of a set of rules, how to express and use these rules is the key to achieving access control. As the expression and use of the rules have a variety of ways to choose from, so there are many ways to achieve access control, each way has its advantages and disadvantages, in the specific implementation, according to the actual situation to choose and deal with. Commonly used access control has the following forms.

3.1. Access Control Table

Access Control List (ACL) is a file-centric access list, commonly referred to as an ACL. Its main advantage is to achieve a simple, small impact on system performance. It is currently the majority of operating systems (such as Windows, Linux, etc.) using the access control. At the same time, it is also the information security management system often used in the access control mode. For example, in the software security management system SmartSec, the client provides the “file access control” module is through the ACL way to achieve.

3.2. Access Control Matrix

The Access Control Matrix (ACM) is a method of representing access control rules and authorized user rights through a matrix; that is, what access rights are to each subject for each subject; Words, which subjects can access it to the implementation of this association to describe, to form a control matrix. The implementation of the access control matrix is ​​easy to understand, but it is difficult to find and implement, especially when the user and the file system to manage the file a lot, the control matrix will be a geometric growth, will take up a lot of system resources, Causing a decline in system performance.

3.3. Access Control Capability List

Capability is an important concept in access control, which refers to a valid tag owned by the initiator of the request, which authorizes the label to indicate how the holder can access a particular object. Unlike the ACL-based file, the Access Control Capabilities List (ACCL) is a user-centric access control table.

3.4. Access Control Security Tag List

A security label is a set of security attribute information that is restricted and attached to the subject or object. The meaning of a security label is more extensive and rigorous than that because it actually establishes a strict set of security levels. The Access Control tab (ACSLL: Access Control Security Labels List) is a collection of security attributes that limit user access to object targets.

4. Access control and authorization

Authorization is the owner of the resource or the controller to allow others to access these resources, is to achieve access control of the premise. For simple individuals and less complex groups, we can consider based on individual and group authorization, even if this is done, it may be difficult to manage. When we are faced with a large cross-regional, or even multinational group, how to ensure that legitimate users use the company’s published resources, and legitimate users can not get access control authority, this is a complex issue The

Authorization refers to the object of the subject to a certain power, through this power, the subject can perform some kind of behavior on the object, such as landing, view files, modify data, manage accounts and so on. Authorization refers to the activities of the subject to perform the power granted by the object. Therefore, access control and authorization are inseparable. Authorization is a kind of trust relationship. It is generally necessary to establish a model to describe the relationship in order to ensure the correctness of the authorization. In particular, in the authorization of a large system, there is no trust relationship model to guide, to ensure a reasonable authorization Behavior is almost unthinkable. For example, in the software management system SmartSec, the server-side user management, document flow and other modules of the R & D, is based on the trust model based on the successful development, which can ensure that in complex systems, the document can be correct To flow and use.

5. Access control and audit

Auditing is a necessary supplement to access control and is an important part of access control. The audit will record and monitor what information resources users use, how they use them, and how to use them (what operations are performed). Auditing and monitoring is the last line of defense to achieve system security, at the top of the system. Auditing and monitoring can reproduce the existing processes and issues, which is necessary for accountability and data recovery. Audit tracing is a record of system activity. The record reviews, examines and examines the environment and activities of each event in a sequential manner from the beginning to the end of the event. Auditing tracks system activity and user activity. System activities include activities of the operating system and application processes; user activities include activities in the operating system and in the application. By using appropriate tools and procedures, audit trails can detect activity that violates security policies, issues that affect operational efficiency, and errors in the program. Audit tracking not only helps system administrators to ensure that the system and its resources are protected from unauthorized users, but also provide data recovery assistance. For example, in the SmartSec software security management system, the client’s “File Access Audit Log” module can track a variety of daily activities of users, in particular, to track the user and work related to the various activities, such as what time editing What documents and so on.