Scribd Logo
Fazer o upload

Bem-vindo(a) ao Scribd!

  • "Access Control": Keamanan Komputer

    Enviado por

    Gven Riot
    243 visualizações40 páginas
    fg

    Título original

    02 Acces Control

    Direitos autorais

    © © All Rights Reserved

    Formatos disponíveis

    PPT, PDF, TXT ou leia online no Scribd

    Você considera este documento útil?

    Este conteúdo é inapropriado?

    Denunciar este documento
    fg

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato PPT, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    243 visualizações40 páginas

    "Access Control": Keamanan Komputer

    Enviado por

    Gven Riot
    fg

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato PPT, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    de 40

    Access Control

    Keamanan Komputer
    Puji Hartono
    2010
    Pembahasan
    Pengertian access control
    Model Access Control
    DAC
    Role based
    Mandatory
    Metode Access Control
    Terpusat
    Terdistribusi
    Identifikasi dan Autentifikasi
    You know
    You have
    You are
    Autentifikasi vs Access Control
    Identifikasi memastikan
    keabsahan user
    Acces control mengatur
    wewenang
    Contoh Access Control (1)
    Contoh:



    4
    Access Control Policy
    for son Edward
    Allowed access:
    House
    Disallowed access:
    Automobile

    Contoh Access Control (2)
    Contoh:



    5
    Access Control Policy
    for son Edward
    Allowed access:
    House
    Disallowed access:
    Automobile

    Contoh Access Control (3)
    Contoh:




    6
    Access Control policy
    Allowed access:
    House:
    Disallowed access:
    Automobile

    Problem!
    Unauthorized access

    Contoh Access Control (4)
    Contoh:




    7
    Correct Access Control
    Policy for son Edward
    Allowed access:
    House
    Kitchen
    Disallowed access:
    Automobile
    Car key

    Access Control (1)
    Close your front door before remove backdoor
    Access control: menjamin bahwa seluruh akses ke
    objek hanya bisa dilakukan oleh yang berhak
    Melindungi terhadap insiden dan ancaman
    berbahaya pada data dan program dengan
    menerapkan aturan baca-tulis-eksekusi
    Untuk itu dibutuhkan:
    Identidikasi dan autentifikasi yang benar
    Hak akses terjaga dari perubahan


    8
    Access Control (2)
    Access Control requirement
    Cannot be bypassed
    Enforce least-privilege and need-to-know
    restrictions
    Enforce organizational policy

    9
    Access Control (3)
    Beberapa definisi :
    Resource/objek: Memory, file, directory, hardware
    resource, software resources, external devices, etc.
    Subjects: entitas yang melakukan akses ke resource
    User, owner, program, etc.
    Access mode: jenis akses
    Read, write, execute
    10
    subject
    request
    reference
    monitor
    allow/deny
    object
    Access Control (4)
    Access control components:
    Access control policy: specifies the authorized accesses
    of a system
    Access control mechanism: implements and enforces
    the policy
    Separation of components allows to:
    Define access requirements independently from
    implementation
    Compare different policies
    Implement mechanisms that can enforce a wide range
    of policies
    11
    Access Control (5)
    Close vs Open System
    12
    Closed system Open System
    Dissallowed
    accesses
    Access requ. Access requ.
    Exists Rule?
    Exists Rule?
    Access
    permitted
    Access
    denied
    Access
    denied
    Access
    permitted

    Allowed
    accesses
    yes no
    yes no
    (minimum privilege) (maximum privilege)
    Model Access Control
    Model-model access control
    DAC (Discretionary Access Control)
    Role based
    Mandatory

    Discretionary Access Control (1)
    Access control berdasarkan
    Identitas user
    Rule access control
    Sistem administrasi yang umum: berdasarkan
    kepemilikan
    Users can protect what they own
    Owner dapat memberikan hak akses objek miliknya
    kepada subjek lain
    Owner dapat mendefinisikan hak akses yang diberikan
    kepada subjek lain

    Discretionary Access Control (2)
    Access Matrix Model
    File 1 File 2 File 3 File n
    User 1 {r,w} {w} {r,w}
    User 2 {w} {w} {r,w}
    User 3 {r} {w}

    User k {r} {r} {r,w} {r} {w}
    16
    Discretionary Access Control (4)
    Employee
    Blacks Employee
    Brown: read, write
    Black, Brown: read, write
    Brown
    Black
    Read Employee
    REJECTED!
    Black is not allowed
    To access Employee
    DAC dan Trojan horse
    Employee
    Blacks Employee
    Brown: read, write
    Black, Brown: read, write Brown
    Black
    Word
    Processor
    TH
    Inserts Trojan Horse
    Into shared program
    Uses shared program
    Reads
    Employee
    Copies
    Employee
    To Blacks
    Employee
    Discretionary Access Control (5)
    DAC dan Trojan horse
    Discretionary Access Control (6)
    Kelebihan dan kekurangan
    Kelebihan
    Intuitif
    Mudah diimplementasika
    Kekurangan
    Inherent vulnerability (contoh: trojan horse)
    Perlunya pemeliharaan ACL/Capability lists
    Perlunya pemeliharaan grant/revoke


    Discretionary Access Control (7)
    Contoh implementasi
    Access control pada sistem unix, ms windows
    dll






    Discretionary Access Control (8)
    Access control pada sistem
    database:
    User
    Database/tabel
    Privledge

    Non-DAC (1)
    Disebut juga role based
    Motivasi
    Multi-user systems
    Multi-application systems
    Permissions are associated with roles
    Role-permission assignments are persistent v.s.
    user-permission assignments
    Intuitive: competency, authority and
    responsibility
    Non-DAC (2)
    Express organizational policies
    Separation of duties
    Delegation of authority
    Flexible: easy to modify to meet new security
    requirements
    Supports
    Least-privilege
    Separation of duties
    Data abstraction

    Non-DAC (3)
    Roles
    User group: collection of user with possibly different
    permissions
    Role: mediator between collection of users and
    collection of permissions
    RBAC independent from DAC and MAC (they may
    coexist)
    RBAC is policy neutral: configuration of RBAC
    determines the policy to be enforced


    Non-DAC (4)


    .
    .
    U
    Users
    R
    Roles
    P
    Permissions
    .
    S
    Sessions
    User
    assignment
    Permission
    assignment
    User: human beings
    Role: job function (title)
    Permission: approval of a mode
    of access
    Always positive
    Abstract representation
    Can apply to single object
    or to many
    Non-DAC (5)
    Contoh sederhana: Akses PC

    Users Roles Resources
    research
    marketing
    admin
    Server 1
    Server 3
    Server 2
    Non-DAC (6)
    Contoh sederhana: Facebook

    Non-DAC (7)
    Contoh sederhana: Facebook

    Mandatory AC (1)
    Sistem memutuskan bagaimana data akan di share
    (mandatory)
    Ciri-2 Mandatory Access Control (MAC)
    Menentukan tingkat sensitivitas alias label
    Setiap obyek diberikan label sensitivitas dan hanya
    dapat diakses oleh user yang sudah memperoleh
    klarifikasi di level tsb
    Hanya administrator yang diperbilehkan mengganti
    level obyek, bukan pemilik obyek
    Dipakai oleh system dimana keamanan adalah sangat
    critical

    Mandatory AC (2)
    Sulit diprogram konfigurasi serta implementasinya
    Performa berkurang
    Bergantung pada system untuk akses control
    Sebagai contoh: Bila suatu file diklasifikasikan sebagai
    rahasia, MAC akan mencegah setiap orang untuk
    menuliskan informasi rahasia atau sangat rahasia
    kedalam file tersebut
    Seluruh output, spt print job, flopy disk, media magnetic
    lainnyaharus dilabel tingkat sensitivisme nya.
    Mandatory AC (3)
    Contoh pelabelan objek

    Mandatory AC (4)
    Contoh: Publikasi di Wordpress

    Metodhologi access control (1)
    Terpusat. Contoh: VPN remote site, remote
    login di sistem Unix
    Terdistribusi. Contoh: NIS


    Identification, Authentifications (1)
    Identifikasi dan autentifikasi
    Merupakan kunci utama dalam acces control
    Identifikasi
    Memastikan apakah user tersebut boleh
    mengakses ke sistem
    Contoh: form login berisi username
    Autentifikasi
    Verifikasi apakah user yang mengaku berhak
    tersebut benar-benar valid


    Metode Authentifications
    Metode Autentifikasi
    Something you know?
    Contoh: Password, PIN
    Something you have?
    Contoh: Kartu magnetic
    Something you are?
    Contoh: Biometric



    Password (1)
    Password ideal
    Seseuatu yang anda ketahui
    Sesuatu yang tidak diketahui orang lain
    Sesuatu yang sulit ditebak
    Jumlah karakter cukup panjang
    Terdapat kombinasi huruf kecil, huruf besar,
    angka dan karakter
    Contoh: P0kem0N



    Password (2)
    Password ideal
    Seseuatu yang anda ketahui
    Sesuatu yang tidak diketahui orang lain
    Sesuatu yang sulit ditebak



    Biometrics (1)
    Fingerprint
    Menggunakan pola minutia
    yang khas tiap orang
    Proses
    Ekstrak minutia
    Compare minutia


    Biometrics (2)
    Handgeometri
    Menggunakan pola geometris
    tangan yang khas tiap orang
    Proses
    Ekstrak
    Compare


    Biometrics (3)
    Iris Scan
    Menggunakan pola iris mata
    yang khas tiap orang
    Proses
    Ekstrak
    Compare


    Something you have
    Something you have
    Kartu magnetik
    SmartCard
    RFID




    Kartu magnetik Smart Card
    RFID transmiter

    Você também pode gostar