SlideShare une entreprise Scribd logo

Access Control Management

Conferencias FIST
Conferencias FIST
Technologie
1  sur  24
Télécharger pour lire hors ligne
Conferencia FIST Mayo/Madrid 2008 @ Sponsored by: Access Control Management Vicente Aceituno, 2008
About me Vice president of the ISSA Spain chapter. www.issa-spain.org Vice president of the FIST Conferences association. www.fistconference.org Author of a number of articles: Google: vaceituno wikipedia Director of the ISM3 Consortium The consortium promotes ISM3, an ISMS standard www.ism3.com 2
The other side 3
Access Control Authentication Authorization Auditing Enough? 4
Yes…questions User Account vs User Credential ID. Information about the user. Proof of: Ownership: Password vs Criptographic Key Personality: Human? Older than 18? A Woman? From Barcelona? 5
Authentication Proofs of identity, personality and ownership: What I know: Passwords What I have: Tokens What I am: Eyes, Fingerprints, etc What I like: What I can do: Maths in German anyone? What I think: (values) 6
Authorization Permission of access to resources Credential x Resources x Actions 7
The hidden side Authentication: Real Time Authentication of Credentials vs Granting and Delivery of Credentials to People. Proof of Identity, or Are you who you were? Proof of Personality. Authorization: Real Time Access Grant vs Granting Access Rights to Credentials. 8
Session Work session between user and application Session between processes TCP Transmission session Frame transmission session su (nested session) Software agent session WAP2 session etc… 9
Session – User Account H H 10
Session - Certificate H H H X Y 11
Access Control Management 12
Access Control Management H H 13
Auditing Logs Check ELML 14
ELML Markup Every event can have an eventID. If the event is not logged by the agent of the event, the logger can be identified using a loggerID. The agent of the event can be identified using a sourceID. The agent of the event can stay in different locations, identified using a addressID. The credential used by the source to perform a request can be identified using a credentialID. The resource (subject) of the event is identified using a resourceID. 15
ELML Markup The request (access attempt) performed has a RequestType and a Result. The reason for the Result is stated in the ResultText. The payload contains the information necessary to perform the request. dateTime is the date and time when the request is performed. signature is the digital signature of the event using the credentialID. hash is the digital summary of the event. It is recommended that the hash of the previous event in the Record is used to calculate it. 16
ELML Vocabulary Component Initiate Finalize Freeze Unfreeze Query Change State State Credential create delete block unblock read write Session login logout suspend resume read write Message send listen retain forward read write Repository create delete block unblock read write Interface connect disconnect interrupt continue read write Channel open close hold release read write Service start stop pause resume read write 17
Multiple Credentials 18
Challenges eDNI Weak Passwords / Authentication Identification vs Anonimity Privacy vs Marketing DRM Physical Access SSO Password Synchronization Logs Standarization Expiry Minimum Privilege Work Role – Access Rights Synchronization Identifiying Systems -> Phising 19
Access Control http://identity20.com/media/OSCON2005/ http://www.cerias.purdue.edu/weblogs/spa f/general/post-30/ 20
Access Control Identification Authentication Access Granting Authorization Auditing 21
Access Control 22
Creative Commons Attribution-NoDerivs 2.0 You are free: •to copy, distribute, display, and perform this work Under the following conditions: Attribution. You must give the original author credit. No Derivative Works. You may not alter, transform, or build upon this work. For any reuse or distribution, you must make clear to others the license terms of this work. Any of these conditions can be waived if you get permission from the author. Your fair use and other rights are in no way affected by the above. This work is licensed under the Creative Commons Attribution-NoDerivs License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nd/2.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA. 23
@ with the sponsorship of: THANK YOU 24 www.fistconference.org

Recommandé

Access Control Privileges Management for Risk Areas
Access Control Privileges Management for Risk AreasAccess Control Privileges Management for Risk Areas
Access Control Privileges Management for Risk AreasMahsa Teimourikia
 
Access Management for Cloud and Mobile
Access Management for Cloud and MobileAccess Management for Cloud and Mobile
Access Management for Cloud and MobileForgeRock
 
Events Logging Markup Language
Events Logging Markup LanguageEvents Logging Markup Language
Events Logging Markup LanguageConferencias FIST
 
#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...
#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...
#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...Paris Open Source Summit
 
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NGWorteks
 
Pennington - Defending Against Targeted Ransomware with MITRE ATT&CK
Pennington - Defending Against Targeted Ransomware with MITRE ATT&CKPennington - Defending Against Targeted Ransomware with MITRE ATT&CK
Pennington - Defending Against Targeted Ransomware with MITRE ATT&CKAdam Pennington
 
The Potential of Blockchain in Higher Education
The Potential of Blockchain in Higher EducationThe Potential of Blockchain in Higher Education
The Potential of Blockchain in Higher EducationJohn Domingue
 
Computer_Hacking_for_Beginners_Kevin_James_complex.pdf
Computer_Hacking_for_Beginners_Kevin_James_complex.pdfComputer_Hacking_for_Beginners_Kevin_James_complex.pdf
Computer_Hacking_for_Beginners_Kevin_James_complex.pdfxererenhosdominaram
 

Recommandé

Access Control Privileges Management for Risk Areas
Access Control Privileges Management for Risk AreasAccess Control Privileges Management for Risk Areas
Access Control Privileges Management for Risk AreasMahsa Teimourikia
 
Access Management for Cloud and Mobile
Access Management for Cloud and MobileAccess Management for Cloud and Mobile
Access Management for Cloud and MobileForgeRock
 
Events Logging Markup Language
Events Logging Markup LanguageEvents Logging Markup Language
Events Logging Markup LanguageConferencias FIST
 
#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...
#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...
#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...Paris Open Source Summit
 
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NGWorteks
 
Pennington - Defending Against Targeted Ransomware with MITRE ATT&CK
Pennington - Defending Against Targeted Ransomware with MITRE ATT&CKPennington - Defending Against Targeted Ransomware with MITRE ATT&CK
Pennington - Defending Against Targeted Ransomware with MITRE ATT&CKAdam Pennington
 
The Potential of Blockchain in Higher Education
The Potential of Blockchain in Higher EducationThe Potential of Blockchain in Higher Education
The Potential of Blockchain in Higher EducationJohn Domingue
 
Computer_Hacking_for_Beginners_Kevin_James_complex.pdf
Computer_Hacking_for_Beginners_Kevin_James_complex.pdfComputer_Hacking_for_Beginners_Kevin_James_complex.pdf
Computer_Hacking_for_Beginners_Kevin_James_complex.pdfxererenhosdominaram
 
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other WorldsCIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other WorldsCloudIDSummit
 
Shoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 ProviderShoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 ProviderForgeRock
 
PCI OWASP Course Storyboard
PCI OWASP Course StoryboardPCI OWASP Course Storyboard
PCI OWASP Course StoryboardJim Piechocki
 
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...Adam Pennington
 
VII Jornadas eMadrid "Education in exponential times". "Blockchains and their...
VII Jornadas eMadrid "Education in exponential times". "Blockchains and their...VII Jornadas eMadrid "Education in exponential times". "Blockchains and their...
VII Jornadas eMadrid "Education in exponential times". "Blockchains and their...eMadrid network
 
Iiw2007b Madsen 01
Iiw2007b Madsen 01Iiw2007b Madsen 01
Iiw2007b Madsen 01Paul Madsen
 
Mashing Up with User-centric Identity
Mashing Up with User-centric IdentityMashing Up with User-centric Identity
Mashing Up with User-centric Identitykkjjkevin03
 
Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Kaliya "Identity Woman" Young
 
The Implications of OpenID
The Implications of OpenIDThe Implications of OpenID
The Implications of OpenIDSimon Willison
 
Self-Sovereign-Identity.pptx
Self-Sovereign-Identity.pptxSelf-Sovereign-Identity.pptx
Self-Sovereign-Identity.pptxSanketKulkarni94
 
Open Identity - getting to know your users
Open Identity - getting to know your usersOpen Identity - getting to know your users
Open Identity - getting to know your usersPayPal
 
Thesis
ThesisThesis
ThesisJeremy Clark
 
OpenID and decentralised social networks
OpenID and decentralised social networksOpenID and decentralised social networks
OpenID and decentralised social networksSimon Willison
 
Self-Sovereign Identity for the Decentralized Web Summit
Self-Sovereign Identity for the Decentralized Web SummitSelf-Sovereign Identity for the Decentralized Web Summit
Self-Sovereign Identity for the Decentralized Web SummitKaliya "Identity Woman" Young
 
ABCs of Security in the Cloud Webinar
ABCs of Security in the Cloud WebinarABCs of Security in the Cloud Webinar
ABCs of Security in the Cloud WebinarSalesforce Developers
 
Lecture 20101124
Lecture 20101124Lecture 20101124
Lecture 20101124Anderson Liang
 
dna-identity-crisis-cloud-web
dna-identity-crisis-cloud-webdna-identity-crisis-cloud-web
dna-identity-crisis-cloud-webRavi Venkat
 
The Best Practices of Symantec Code Signing - RapidSSLonline
The Best Practices of Symantec Code Signing - RapidSSLonlineThe Best Practices of Symantec Code Signing - RapidSSLonline
The Best Practices of Symantec Code Signing - RapidSSLonlineRapidSSLOnline.com
 
Strong Authentication in Web Application #SCS III
Strong Authentication in Web Application #SCS IIIStrong Authentication in Web Application #SCS III
Strong Authentication in Web Application #SCS IIISylvain Maret
 
Introduction to Blockchain and BitCoin New Business Opportunties
Introduction to Blockchain and BitCoin New Business OpportuntiesIntroduction to Blockchain and BitCoin New Business Opportunties
Introduction to Blockchain and BitCoin New Business OpportuntiesValue Amplify Consulting
 
Seguridad en Open Solaris
Seguridad en Open SolarisSeguridad en Open Solaris
Seguridad en Open SolarisConferencias FIST
 
Seguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceSeguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceConferencias FIST
 

Contenu connexe

Similaire à Access Control Management

CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other WorldsCIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other WorldsCloudIDSummit
 
Shoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 ProviderShoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 ProviderForgeRock
 
PCI OWASP Course Storyboard
PCI OWASP Course StoryboardPCI OWASP Course Storyboard
PCI OWASP Course StoryboardJim Piechocki
 
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...Adam Pennington
 
VII Jornadas eMadrid "Education in exponential times". "Blockchains and their...
VII Jornadas eMadrid "Education in exponential times". "Blockchains and their...VII Jornadas eMadrid "Education in exponential times". "Blockchains and their...
VII Jornadas eMadrid "Education in exponential times". "Blockchains and their...eMadrid network
 
Iiw2007b Madsen 01
Iiw2007b Madsen 01Iiw2007b Madsen 01
Iiw2007b Madsen 01Paul Madsen
 
Mashing Up with User-centric Identity
Mashing Up with User-centric IdentityMashing Up with User-centric Identity
Mashing Up with User-centric Identitykkjjkevin03
 
Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Kaliya "Identity Woman" Young
 
The Implications of OpenID
The Implications of OpenIDThe Implications of OpenID
The Implications of OpenIDSimon Willison
 
Self-Sovereign-Identity.pptx
Self-Sovereign-Identity.pptxSelf-Sovereign-Identity.pptx
Self-Sovereign-Identity.pptxSanketKulkarni94
 
Open Identity - getting to know your users
Open Identity - getting to know your usersOpen Identity - getting to know your users
Open Identity - getting to know your usersPayPal
 
OpenID and decentralised social networks
OpenID and decentralised social networksOpenID and decentralised social networks
OpenID and decentralised social networksSimon Willison
 
Self-Sovereign Identity for the Decentralized Web Summit
Self-Sovereign Identity for the Decentralized Web SummitSelf-Sovereign Identity for the Decentralized Web Summit
Self-Sovereign Identity for the Decentralized Web SummitKaliya "Identity Woman" Young
 
ABCs of Security in the Cloud Webinar
ABCs of Security in the Cloud WebinarABCs of Security in the Cloud Webinar
ABCs of Security in the Cloud WebinarSalesforce Developers
 
dna-identity-crisis-cloud-web
dna-identity-crisis-cloud-webdna-identity-crisis-cloud-web
dna-identity-crisis-cloud-webRavi Venkat
 
The Best Practices of Symantec Code Signing - RapidSSLonline
The Best Practices of Symantec Code Signing - RapidSSLonlineThe Best Practices of Symantec Code Signing - RapidSSLonline
The Best Practices of Symantec Code Signing - RapidSSLonlineRapidSSLOnline.com
 
Strong Authentication in Web Application #SCS III
Strong Authentication in Web Application #SCS IIIStrong Authentication in Web Application #SCS III
Strong Authentication in Web Application #SCS IIISylvain Maret
 
Introduction to Blockchain and BitCoin New Business Opportunties
Introduction to Blockchain and BitCoin New Business OpportuntiesIntroduction to Blockchain and BitCoin New Business Opportunties
Introduction to Blockchain and BitCoin New Business OpportuntiesValue Amplify Consulting
 

Similaire à Access Control Management (20)

CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other WorldsCIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
 
Shoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 ProviderShoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 Provider
 
PCI OWASP Course Storyboard
PCI OWASP Course StoryboardPCI OWASP Course Storyboard
PCI OWASP Course Storyboard
 
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
 
VII Jornadas eMadrid "Education in exponential times". "Blockchains and their...
VII Jornadas eMadrid "Education in exponential times". "Blockchains and their...VII Jornadas eMadrid "Education in exponential times". "Blockchains and their...
VII Jornadas eMadrid "Education in exponential times". "Blockchains and their...
 
Iiw2007b Madsen 01
Iiw2007b Madsen 01Iiw2007b Madsen 01
Iiw2007b Madsen 01
 
Mashing Up with User-centric Identity
Mashing Up with User-centric IdentityMashing Up with User-centric Identity
Mashing Up with User-centric Identity
 
Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon
 
The Implications of OpenID
The Implications of OpenIDThe Implications of OpenID
The Implications of OpenID
 
Self-Sovereign-Identity.pptx
Self-Sovereign-Identity.pptxSelf-Sovereign-Identity.pptx
Self-Sovereign-Identity.pptx
 
Open Identity - getting to know your users
Open Identity - getting to know your usersOpen Identity - getting to know your users
Open Identity - getting to know your users
 
Thesis
ThesisThesis
Thesis
 
OpenID and decentralised social networks
OpenID and decentralised social networksOpenID and decentralised social networks
OpenID and decentralised social networks
 
Self-Sovereign Identity for the Decentralized Web Summit
Self-Sovereign Identity for the Decentralized Web SummitSelf-Sovereign Identity for the Decentralized Web Summit
Self-Sovereign Identity for the Decentralized Web Summit
 
ABCs of Security in the Cloud Webinar
ABCs of Security in the Cloud WebinarABCs of Security in the Cloud Webinar
ABCs of Security in the Cloud Webinar
 
Lecture 20101124
Lecture 20101124Lecture 20101124
Lecture 20101124
 
dna-identity-crisis-cloud-web
dna-identity-crisis-cloud-webdna-identity-crisis-cloud-web
dna-identity-crisis-cloud-web
 
The Best Practices of Symantec Code Signing - RapidSSLonline
The Best Practices of Symantec Code Signing - RapidSSLonlineThe Best Practices of Symantec Code Signing - RapidSSLonline
The Best Practices of Symantec Code Signing - RapidSSLonline
 
Strong Authentication in Web Application #SCS III
Strong Authentication in Web Application #SCS IIIStrong Authentication in Web Application #SCS III
Strong Authentication in Web Application #SCS III
 
Introduction to Blockchain and BitCoin New Business Opportunties
Introduction to Blockchain and BitCoin New Business OpportuntiesIntroduction to Blockchain and BitCoin New Business Opportunties
Introduction to Blockchain and BitCoin New Business Opportunties
 

Plus de Conferencias FIST

Seguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceSeguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceConferencias FIST
 
Las Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseLas Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseConferencias FIST
 
Evolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiEvolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiConferencias FIST
 
El Information Security Forum
El Information Security ForumEl Information Security Forum
El Information Security ForumConferencias FIST
 
Inseguridad en Redes Wireless
Inseguridad en Redes WirelessInseguridad en Redes Wireless
Inseguridad en Redes WirelessConferencias FIST
 
Mas allá de la Concienciación
Mas allá de la ConcienciaciónMas allá de la Concienciación
Mas allá de la ConcienciaciónConferencias FIST
 
Riesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloRiesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloConferencias FIST
 
Demostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseDemostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseConferencias FIST
 

Plus de Conferencias FIST (20)

Seguridad en Open Solaris
Seguridad en Open SolarisSeguridad en Open Solaris
Seguridad en Open Solaris
 
Seguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceSeguridad en Entornos Web Open Source
Seguridad en Entornos Web Open Source
 
Spanish Honeynet Project
Spanish Honeynet ProjectSpanish Honeynet Project
Spanish Honeynet Project
 
Seguridad en Windows Mobile
Seguridad en Windows MobileSeguridad en Windows Mobile
Seguridad en Windows Mobile
 
SAP Security
SAP SecuritySAP Security
SAP Security
 
Que es Seguridad
Que es SeguridadQue es Seguridad
Que es Seguridad
 
Network Access Protection
Network Access ProtectionNetwork Access Protection
Network Access Protection
 
Las Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseLas Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática Forense
 
Evolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiEvolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFi
 
El Information Security Forum
El Information Security ForumEl Information Security Forum
El Information Security Forum
 
Criptografia Cuántica
Criptografia CuánticaCriptografia Cuántica
Criptografia Cuántica
 
Inseguridad en Redes Wireless
Inseguridad en Redes WirelessInseguridad en Redes Wireless
Inseguridad en Redes Wireless
 
Mas allá de la Concienciación
Mas allá de la ConcienciaciónMas allá de la Concienciación
Mas allá de la Concienciación
 
Security Metrics
Security MetricsSecurity Metrics
Security Metrics
 
PKI Interoperability
PKI InteroperabilityPKI Interoperability
PKI Interoperability
 
Wifislax 3.1
Wifislax 3.1Wifislax 3.1
Wifislax 3.1
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
 
Riesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloRiesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el Desarrollo
 
Demostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseDemostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis Forense
 
Security Maturity Model
Security Maturity ModelSecurity Maturity Model
Security Maturity Model
 

Dernier

Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 

Dernier (20)

E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 

Access Control Management

  • 1. Conferencia FIST Mayo/Madrid 2008 @ Sponsored by: Access Control Management Vicente Aceituno, 2008
  • 2. About me Vice president of the ISSA Spain chapter. www.issa-spain.org Vice president of the FIST Conferences association. www.fistconference.org Author of a number of articles: Google: vaceituno wikipedia Director of the ISM3 Consortium The consortium promotes ISM3, an ISMS standard www.ism3.com 2
  • 5. Yes…questions User Account vs User Credential ID. Information about the user. Proof of: Ownership: Password vs Criptographic Key Personality: Human? Older than 18? A Woman? From Barcelona? 5
  • 6. Authentication Proofs of identity, personality and ownership: What I know: Passwords What I have: Tokens What I am: Eyes, Fingerprints, etc What I like: What I can do: Maths in German anyone? What I think: (values) 6
  • 7. Authorization Permission of access to resources Credential x Resources x Actions 7
  • 8. The hidden side Authentication: Real Time Authentication of Credentials vs Granting and Delivery of Credentials to People. Proof of Identity, or Are you who you were? Proof of Personality. Authorization: Real Time Access Grant vs Granting Access Rights to Credentials. 8
  • 9. Session Work session between user and application Session between processes TCP Transmission session Frame transmission session su (nested session) Software agent session WAP2 session etc… 9
  • 10. Session – User Account H H 10
  • 15. ELML Markup Every event can have an eventID. If the event is not logged by the agent of the event, the logger can be identified using a loggerID. The agent of the event can be identified using a sourceID. The agent of the event can stay in different locations, identified using a addressID. The credential used by the source to perform a request can be identified using a credentialID. The resource (subject) of the event is identified using a resourceID. 15
  • 16. ELML Markup The request (access attempt) performed has a RequestType and a Result. The reason for the Result is stated in the ResultText. The payload contains the information necessary to perform the request. dateTime is the date and time when the request is performed. signature is the digital signature of the event using the credentialID. hash is the digital summary of the event. It is recommended that the hash of the previous event in the Record is used to calculate it. 16
  • 17. ELML Vocabulary Component Initiate Finalize Freeze Unfreeze Query Change State State Credential create delete block unblock read write Session login logout suspend resume read write Message send listen retain forward read write Repository create delete block unblock read write Interface connect disconnect interrupt continue read write Channel open close hold release read write Service start stop pause resume read write 17
  • 19. Challenges eDNI Weak Passwords / Authentication Identification vs Anonimity Privacy vs Marketing DRM Physical Access SSO Password Synchronization Logs Standarization Expiry Minimum Privilege Work Role – Access Rights Synchronization Identifiying Systems -> Phising 19
  • 23. Creative Commons Attribution-NoDerivs 2.0 You are free: •to copy, distribute, display, and perform this work Under the following conditions: Attribution. You must give the original author credit. No Derivative Works. You may not alter, transform, or build upon this work. For any reuse or distribution, you must make clear to others the license terms of this work. Any of these conditions can be waived if you get permission from the author. Your fair use and other rights are in no way affected by the above. This work is licensed under the Creative Commons Attribution-NoDerivs License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nd/2.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA. 23
  • 24. @ with the sponsorship of: THANK YOU 24 www.fistconference.org