1. Authentication is the process of verifying that "you are who you are talking about", while authorization is the process of verifying that "you can do what you are doing". This does not mean that authorization requires authentication, an anonymous proxy can be authorized to a limited set of actions.
2. The current common access control policies include mandatory access control policies, autonomous access control policies, role-based access control policies, as well as the task-based access control policies that are often used in large-scale business systems mentioned in Chapter 1, and With fine-grained access control, attribute-based access control policies appear.
3. In the access control model, first define the subject, object, and object request, and then define the relationship between them, which is used to express how the subject has restricted access to the object resources. Therefore, the core of access control is authorization strategy. In the traditional access control model, it can be divided into three models according to different access control strategies: discretionary access control model (DAC), mandatory access control model (MAC) and role-based Access control model (RBAC), with the emergence of distributed systems, new computing model systems and other massive resource environments, new models such as attribute-based access control (ABAC) have emerged, which are more concerned than traditional models Fine-grained attribute factors on the subject and object.
4. Common access control mechanisms include Access Control Lists (ACL)-based access control mechanisms, capability-based access control mechanisms, tag-based access control mechanisms, context-based access control mechanisms, and so on.
5. Multi-level security refers to a mechanism that supports users and resources with different permissions to access the system at the same time, while ensuring that both users and resources can only access the information they have access to.
6.
BLP model
The Bell-LaPadula model (BLP) is a state machine model used to implement access control in government and military applications. BLP was originally designed to standardize the multi-level security (MLS) strategy of the US Department of Defense. The system that uses the BLP model is called a multi-level security system because users who use this system have different permissions, and the data processed by the system has different classifications.
BLP data and user security levels are divided into the following security levels
: Unclassified,
Restricted,
Confidential,
Secret, and
Top Secret
The BLP model focuses on the confidentiality of data and controlled access to confidential information. If all the access modes of the subject to the object comply with the security policy, the state of the system is defined as " safe ". In order to determine whether a specific access mode is allowed, the system needs to compare the permission of the subject with the level of the object (more precisely, the security level formed by the combination of data level and data separation).
BLP has three security attributes:
- Simple Security Property: It specifies that subjects with a given security level cannot read objects with higher security levels.
- *Property (star Property): stipulates that the subject of a given security level cannot write to any object with a lower security level.
- Discretionary Security Property: Use an access matrix to specify discretionary access control.
In the presence of trusted subjects, the BLP model may generate information flow from highly confidential documents to low-secret documents. The trusted subject is not restricted by the * attribute , but must prove that it is trustworthy in terms of security policy. This security model is aimed at access control and is described as: "read down, write up". Information flows from the bottom up
In the BLP model, users can only create content at their own security level or higher (for example, secret researchers can create secret or top-secret files, but cannot create public files; they cannot write down). On the contrary, users can only view content at their own security level or a lower security level (for example, secret researchers can view public or secret files, but cannot view top-secret files; they cannot read them).
2. Biba model
The Biba model is an integrity access control model proposed by KJ Biba in 1977, and it is also a mandatory access control model.
The Biba model solves the problem of data integrity in the system . It does not care about the security level and confidentiality. The Biba model uses integrity levels to prevent data from flowing from any integrity level to a higher integrity level. Information can only flow from top to bottom in the system.
Biba provides this protection through 3 main rules:
- Simple integrity axiom: the subject cannot read data from a lower integrity level (referred to as "cannot read down").
- *Integrity Axiom: Subjects cannot write data to objects at a higher integrity level (referred to as "cannot write upwards").
- Calling attributes: The subject cannot request (call) the services of a subject with a higher integrity level.
Reference materials:
https://zhuanlan.zhihu.com/p/34722589
https://zh.wikipedia.org/wiki/Bell%E2%80%93LaPadula%E6%A8%A1%E5%9E%8B#cite_note-1
https://blog.csdn.net/ajian005/article/details/8490082