Mark Vandenwauver

How role based access control is implemented in SESAME

The authors share their experiences with implementing a scheme that enforces role-based access control in a distributed heterogeneous computing environment. This work was done in the framework of the EC RACE project SESAME (Secure European System in A Multivendor Environment). The SESAME project relies on the work done by ECMA (European Computer Manufacturers Association) to represent the credentials of the users, and it fully supports a GSS (group support system) API to help the application developers. We conclude that enforcing such a scheme is realistic and that writing applications that benefit from the advantages of role-based access control is very feasible. We have built several demonstration applications.

Role Based Access Control in Distributed Systems

With the recent success of the Internet, security has become a real issue. One of the main goals of security can be outlined as defining an mechanism to control the access to files and applications. Over the last years, we have been implementing such a scheme that enforces a role based access control mechanism in a distributed computing environment. This work was done in the framework of the EC-RACE project SESAME. At the same time, there was a lot of work done by ECMA (European Computer Manufacturers Association) to represent the users’ credentials. Our conclusion is that enforcing such a scheme is both realistic and renders the whole system more manageable and auditable.

Why enterprises need more than firewalls and intrusion detection systems

At the approach of the next millenium, enterprises are facing a lot of challenges and have to decide in which direction their communication networks will evolve. At the moment we see a large shift towards using global intranets and extranets. Most of the time it is also necessary to connect these networks to the Internet. During the consultancy work we provided in this area we concluded that although there are good tools available to protect these intranets from external attackers, perfect security could not be obtained. Therefore we started the TACK project to illustrate this by working out attacks that could be launched at any intranet. In these attacks we use the technology that is on the one hand rendering the Internet extremely successful but on the other hand facilitates the work for attackers. This paper summarizes the results of this project. We conclude that fundamentally no intranet can be made completely secure.

Overview of authentication protocols

In recent years, many organizations have shifted their computing facilities from central mainframes (accessed from simple terminals via serial lines) to servers accessed from personal computers via a local area network (LAN). The switch to LANs removed some old problems and introduced some new problems. Although many of the new problems are not particularly to do with security, this paper only considers security problems.

A Uniform Approach to Securing Unix Applications Using SESAME

Existing proposals for adding cryptographic security mechanisms to Unix have secured numerous individual applications, but none provide a comprehensive uniform approach. As a consequence an ad-hoc approach is required to fully secure a Unix environment resulting in a lack of interoperability, duplication of security services, excessive administration and maintenance, and a greater potential for vulnerabilities. SESAME is a comprehensive security architecture, compatible with Kerberos. In particular, SESAME provides single or mutual authentication using either Kerberos or public-key cryptography, confidentiality and integrity protection of data in transit, role based access control, rights delegation, multi-domain support and an auditing service. Because of SESAMEs comprehensive range of security services, and because it scales well, SESAME is well suited for securing potentially all Unix applications in a uniform manner.

Setting up a secure Web server and clients on an intranet

The paper discusses the practical issues that arise when securing the access to the World Wide Web (WWW). A brief overview of the different protocols that are proposed to secure the WWW is given and the current status of the U.S. export regulations is reviewed. An attack on SSL 2.0 is detailed which exploits some of the weaknesses in this protocol. The setup of a secure server with access control is explained. At the client side, existing solutions to provide export browsers with strong cryptography are evaluated, and the authors also introduce some improvements. Finally, the performance of the secure system is evaluated and compared to that of the regular HTTP connection.

An Implementation of a Secure Version of NFS Including RBAC

The NFS protocol provides transparent remote access to shared file systems across networks. It is very popular particularly in Unix networks where it is probably the most common distributed file system technology. NFS however is rarely used outside closed protected networks, because its security is notoriously weak. In 1998 Sun Microsystems released what is considered the first attempt at providing comprehensive security to NFS: a security flavour called RPCSEC GSS based on Kerberos V5 and the GSS-API. The main benefit of this version over previous versions is that for the first time each NFS file access call could be protected. This paper outlines our efforts to secure NFS producing a security solution with even greater functionality. The major new functionality is that users may optionally use an access control system based on role based access control (RBAC). RBAC allows users to log in, be provided with a role, and use this to transparently access their remote files through secure NFS. There are also other advantages provided, for example security for the mount protocol and the option of public-key technology for authentication and key distribution. NFS has been secured with SESAME V4 and the practicality and performance of this mechanism has been demonstrated by modifying the Linux kernel and NFS utilities.

Secure Internet Technologies

This chapter continues the theme of the previous chapter in discussing a number of recent network security proposals. The previous chapter focussed on the security architectures and comprehensive technologies for providing network security infrastructure. This chapter discusses technologies that focus on particular applications, or components of the network. In some cases the solutions are complete (in that they provide both application and security services), in others they provide a component that can be added to an application. Specifically, this chapter discusses PEM, PGP, S/MIME, SSL, SSH, IPSEC and CDSA.

Comparison of the Security Solutions

This chapter attempts to compare the security solutions that have been reviewed in the previous chapters. Comparison of security solutions can be difficult because the designers had different motives, and aimed at solving particular requirements. The solutions are therefore compared in a number of different ways [8]: 1. Categorizing the type of solution; 2. Positioning in the networking model; 3. Security services provided; 4. Cryptographic primitives used; 5. Applications and availability; 6. Standardization.

Security Services and Cryptography

The origin of the word cryptology lies in ancient Greek. The word cryptology is made up of two components: kryptos, which means hidden and logos, which means word. Cryptology is as old as writing itself, and has been used for thousands of years to safeguard military and diplomatic communications. For example, the famous Roman emperor Julius Caesar used a cipher to protect the messages to his troops. Within the field of cryptology one can see two separate divisions: cryptography and cryptanalysis. The cryptographer seeks methods to ensure the safety and security of data communications while the cryptanalyst tries to undo the former’s work by breaking these systems.