Access Control List vs CapabilityListLeave a comment Go to comments In Access Control List (ACL) each object has a list of (action, user-list) tuple. Show  table 1: Access Matrix For example, in the above diagram File1 & File2 would have following ACL: File1: ( (read, {user1}), (write, {user2}) ) File2: ( (read, {user1}), (write, {}) ) On the other hand, in the capability list system which is a counter-part of ACL system, a user is associated with a list of (action, object-list) tuple. For example, for user1, capability list would be : User1: ( (read, {file1,file2}), (write, {}) ) User2: ( (read, { }), (write, {file1} ) ) While same access matrix can be represented in both ACL and capability list, in this note we will first understand some subtle differences of these two representation and try to find out why ACL is better in Object Centric perspective. In order to evaluate this, we would introduce few administrative actions that has to be carried out in a access control model. Worth to mention that ACL and Capability List is just different representations of Raw Access Matrix and they does not denote new type of Access Control model, although over time, ACL has been evolved due to its effectiveness in system having large number of object (ex. OpenStack Swift). Add user: A access control model should be capable to adding new user. Remove user: A user should have to be removed when needed from the access control system. Add object: New object or new resource may have to be added. Remove object: An existing object could be removed from the system. We are leaving adding andremoving permission from our discussion which is not necessary to compare between ACL and Capability list. Now,lets see what happens when these actions are carried out in both ACL and Capability System. Table2: Administrative Action (adding/removing of user/object) vs Required Changes in ACL / Capability System In a ACL system, when a user is being added, it may require that the newly created user gain some privileges on existing objects instantly or later. For example, we assume the worst case such that in a ACL based system, a user is added and it gets read, write action on each existing object. The situation is shown in following figure. So, the ACL list would be changed as following: File1: { (read,[user1, user3]), (write, [user2, user3])} File2: { (read,[user1, user3]), (write, [user3])} So, the point to make here is that in ACL based System, on adding / removing a user, there may be a changed required in the ACL of existing object. On the other hand, similarity, in the capability system, there may be a change required in the Capability list of existing user on addition or removal of an object. The situation is shown in Table2. Now, from figure 2, we can speculate that if a system has fewer user centric operations (ex. add user, remove user, change in user’s privilege label) and more object centric operation (ex. add object, remove object) ACL is good for it, because in this case ACL required less changethan its corresponding Capability list. An excellent example of it is the reason why OpenStack Object Storage (Swift) uses ACL for maintain its Access Control. Swift is build for storing a large number of objects which require large number of object centric operation and less number of user centric operation. To make ACL more powerful swift uses ACL with Role instead of ACL with user-identity. That means, while in our given example, we have used user’s identity in the ACL list, Swift uses user’s rolesin its ACL. A Role based ACL is shown in following figure. Note that here Role is used just as a way to group users. Role based ACL used in Swift. Where Capability List is Good fit: So, we understand where and when ACL is good choice. On the contrary of the previousexplanation, is Capability modela good fit in the system where more user centric action is required? The answer is NO. I explain it in terms of enterprise system. because, Capability model cannot address following issues which are very required in real system: 1. Many users in an organization get same level of privileges because of his /her position in the organization. In Capability Based system it means duplication of same capability list for many users. 2. In enterprise system, a user privilege level may change frequently (ex. user may get promoted). This is hard to manage in capability list. 3. many many others. The point is that in the Enterprise system, there are many other user related actions ( ex. delegation, Separation of duty, etc) which cannot be supported by Capability List. To keep our focus on, we would not talk about User Centric Access Control models (ex. RBAC, DAC etc). Rather, now we would check some of the ACL System. Like this:Like Loading... Categories: Access control Concepts What is Access Control ListAccess Control List (ACL) refers to the permissions attached to an object that specifies which users are granted access to that object. Furthermore, it also specifies the operations the users can perform using that object. A file system ACL contains entries that specify individual user or group rights to specific system objects such as programs, processes, files, and programs. These entries are called access control entries (ACEs) in the Microsoft Windows NT, OpenVMS, UNIX, and Mac OS X operating systems. Moreover, each system object has a security attribute to recognize its ACL. Networking ACLs provide rules that apply to port numbers or IP addresses available on a host. The list consists of hosts that have permission to use the services. Furthermore, individual servers and routers can have network ACLs. It is possible to configure ACL to control both inbound and outbound traffic. Therefore, it works similar to a firewall. Furthermore, SQL based systems such as ERP (Enterprise Resource Planning) and Content Management Systems contain ACL models in their administration modules. What is Access Control MatrixAccess control Matrix allows implementing protection model. This matrix contains rows and columns. Rows represent the domain. It can be a user, process or a procedure domain. Columns, on the other hand, represent the objects or resources. An expel Access Control Matrix is as follows. Each entry in the matrix represents access right information. In the entry access (Di, Oj), Di represents a process in the domain while Oj represents an object or the resource. According to the above matrix, a process in domain 1 can read File 1. A process in domain 2 can take printouts, and a process in domain 3 can execute File 3. Moreover, a process in domain 4 can write to File 2. This is how the Access Control Matrix operates. Domain 3: Security Engineering (Engineering and Management of Security)Eric Conrad, ... Joshua Feldman, in CISSP Study Guide (Third Edition), 2016 Access Control MatrixAn access control matrix is a table that defines access permissions between specific subjects and objects. A matrix is a data structure that acts as a table lookup for the operating system. For example, Table 4.1 is a matrix that has specific access permissions defined by user and detailing what actions they can enact. User rdeckard has read/write access to the data file as well as access to the data creation application. User etyrell can read the data file and still has access to the application. User rbatty has no access within this data access matrix. Table 4.1. User Access Permissions
The rows of Table 4.1 show the capabilities of each subject; each row is called a capability list. The columns of Table 4.1 show the ACL for each object or application. View chapterPurchase book Read full chapter URL:https://www.sciencedirect.com/science/article/pii/B9780128024379000047 1. An access control matrix, and its access control list and capability list representationsSource publication +21 A generalized temporal role based access control model for developing secure systems
A key issue in computer system security is to protect information against unauthorized access. Emerging workflow-based applications in healthcare, manufacturing, the financial sector, and e-commerce inherently have complex, time-based access control requirements. To address the diverse security needs of these applications, a Role Based Access Contr... |
