Читать книгу The Official (ISC)2 SSCP CBK Reference - Mike Wills - Страница 123

Privileges: What Subjects Can Do with Objects

Оглавление

The next key ingredient to access control is to define the privileges that subjects can have with respect to objects. A privilege is a type of action that the subject can perform upon the subject, such as:

 Read data from the object.

 Write data into the object.

 Delete the object.

 Read or inspect metadata associated with the object.

 Modify the metadata associated with the object.

 Load the object into memory and execute it as a program.

 Extend or alter the system resources (such as storage space) allocated to the object.

 Copy the object from one location to another.

 Move the object from one location to another.

 Read or inspect the security data associated with the object.

 Modify the security data associated with the object.

 Verify the existence of the object.

It is true that some of those privileges can be thought of as aggregates of others: Copying a file requires one to be able to read it, as well as create another instance of it someplace else; moving a file further requires the privilege of deleting the file after it has been copied. Verifying that a file is in fact on a given storage device requires read access to another object (the device's directory structure), as well as interpretation of metadata about the object. It is also true that not all commercial operating systems or access control systems provide this level of granularity. Organizations need to look at their information security classification needs as part of deciding how to establish privileges and relate them to subjects and to objects to make effective use of access control as part of their information security posture.

The privilege of being able to confirm or deny the existence of an object within a given system is frequently used for user logon systems, in which a failure of a subject to provide a valid user ID and password should not result in confirmation that the user ID is legitimate. Some operating systems, such as Windows, also implement features that can hide certain classes of files (by file type or location) from certain classes of users, both to declutter a user's view of folder trees and to protect systems resources from prying eyes. Organizations with more stringent (higher) security needs often make extensive use of this privilege to deny reconnaissance attempts to discover the presence of lucrative information assets, to infer knowledge about processes within the system, or to gain insight into a possible pathway to other objects.

This brings me to define identity management as the set of processes that are used to create identities within a system, provision those identities across all elements of the system as required, assign and manage privileges to those identities, revoke privileges, and finally retire or delete an identity once it is no longer needed. Access control uses this information about identities and privileges as its standards by which to adjudicate each access request or attempt.

However, before you can learn about identity management, you need to look at how the security classification of the various information assets should drive the way you use access control to deliver those various levels of protection.

The Official (ISC)2 SSCP CBK Reference

Подняться наверх