Access Control 1. Given Credit Where It Is Due Most of the lecture notes are based on slides by Dr. Daniel M. Zimmerman at CALTECH Some slides are from.

Slides:



Advertisements
Similar presentations
Access Control 1. Given Credit Where It Is Due Most of the lecture notes are based on slides by Dr. Daniel M. Zimmerman at CALTECH Some slides are from.
Advertisements

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Lakshmi Narayana Gupta Kollepara 10/26/2009 CSC-8320.
8.2 Discretionary Access Control Models Weiling Li.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
Database Management System
DGC Paris Community Authorization Service (CAS) and EDG Presentation by the Globus CAS team & Peter Kunszt, WP2.
19: Protection1 PROTECTION Protection is the mechanism for controlling access to computer resources. Security concerns the physical integrity of the system.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
Introduction to Databases CIS 5.2. Where would you find info about yourself stored in a computer? College Physician’s office Library Grocery Store Dentist’s.
Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.
Authorization. Authorization: Two Meanings Determining permission Is principal P permitted to perform action A on object U? Adding permission P is now.
CMSC 414 Computer (and Network) Security Lecture 10 Jonathan Katz.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 4: Access Control.
SE571 Security in Computing
Distributed Computer Security 8.2 Discretionary Access Control Models - Liang Zhao.
Lecture 7 Access Control
Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.
Present by Napasakorn Sukjay Poom Samaharn
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz.
CS-550 (M.Soneru): Protection and Security - 2 [SaS] 1 Protection and Security - 2.
Naming Chapter 5. n Most of the lecture notes are based on slides by Prof. Jalal Y. Kawash at Univ. of Calgary n Some slides are from Brennen Reynolds.
Configuring File Services Lesson 6. Skills Matrix Technology SkillObjective DomainObjective # Configuring a File ServerConfigure a file server4.1 Using.
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
Protection.
Access Control and Privilege Management
Chapter 7: WORKING WITH GROUPS
1 A pattern language for security models Eduardo B. Fernandez and Rouyi Pan Presented by Liping Cai 03/15/2006.
Distributed computer security 8.2 Discretionary Access Control Models -Ranjitha Shivarudraiah.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 4 – Access Control.
G53SEC 1 Access Control principals, objects and their operations.
Views Lesson 7.
CE Operating Systems Lecture 21 Operating Systems Protection with examples from Linux & Windows.
Prepared By Prepared By : VINAY ALEXANDER ( विनय अलेक्सजेंड़र ) PGT(CS),KV JHAGRAKHAND.
WP3 Authorization and R-GMA Linda Cornwall WP3 workshop 2-4 April 2003.
Lecture 18 Page 1 CS 111 Online OS Use of Access Control Operating systems often use both ACLs and capabilities – Sometimes for the same resource E.g.,
1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.
Introduction to Access Control and Trust Management Daniel Trivellato.
Constraints Lesson 8. Skills Matrix Constraints Domain Integrity: A domain refers to a column in a table. Domain integrity includes data types, rules,
Access Control Lesson Introduction ●Understand the importance of access control ●Explore ways in which access control can be implemented ●Understand how.
Discretionary Access Control Models Adith Srinivasan.
Computer Security: Principles and Practice
Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.
CSC 8320 Advanced Operating System Discretionary Access Control Models Presenter: Ke Gao Instructor: Professor Zhang.
Protection & Security Greg Bilodeau CS 5204 October 13, 2009.
Database Management Systems.  Instructor: Yrd. Doç. Dr. Cengiz Örencik   Course material.
M2M Service Layer – DM Server Security Group Name: OMA-BBF-oneM2M Adhoc Source: Timothy Carey, Meeting Date:
Security. Digital Signatures Digital Signatures Using MD.
Constraints Advanced Database Systems Dr. AlaaEddin Almabhouh.
PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
Database System Implementation CSE 507
Access Control Model SAM-5.
Tactic 1: Adopt Least Privilege
Protection and Security
Chapter 14: Protection Modified by Dr. Neerja Mhaskar for CS 3SH3.
Chapter 14: System Protection
Chapter 14: Protection.
Computer Data Security & Privacy
CE Operating Systems Lecture 21
OS Access Control Mauricio Sifontes.
Chapter 14: Protection.
Advanced Database Concepts: Reports & Views
Access Control.
Access Control Dr. X Parenthesis: before we dive deeper into crypto, we will explore and old but still valid security principle, access controls.
Presentation transcript:

Access Control 1

Given Credit Where It Is Due Most of the lecture notes are based on slides by Dr. Daniel M. Zimmerman at CALTECH Some slides are from Prof. Kenneth Chiu at SUNY Binghamton I have modified them and added new slides 2

3 Access Control Once a client and a server have established a secure channel, the client can issue requests to the server Requests can only be carried out if the client has sufficient access rights The verification of access rights is access control, and the granting of access rights is authorization These two terms are often used interchangeably

4 The Basic Model for Access Control This model is generally used to help understand the various issues involved in access control The subject issues requests to access the object, and protection is enforced by a reference monitor that knows which subjects are allowed to issue which requests

5 Access Control Matrix The access control matrix is a matrix with each subject represented by a row, and each object represented by a column The entry M[s, o] lists the operations that subject s may carry out on object o Of course, we don’t really want to implement it as a matrix in any system of reasonable size, because there would be a whole lot of wasted space… ?

6 Access Control Matrix There are two main approaches that are used instead of an actual matrix: Each object can maintain a list, the access control list, of the access rights of subjects that want to access that object - this effectively distributes the matrix column- wise, leaving out empty entries Each subject can maintain a list of capabilities for each object - this effectively distributes the matrix row-wise, leaving out empty entries Of course, capabilities can’t be totally maintained by the subjects - they must be given to the subjects by some other trusted entity (like the reference monitor)

7 Access Control Lists vs. Capabilities

Access Matrix

Access Control List

Capability Lists

11 Protection Domains ACLs and capabilities help to efficiently implement the access control matrix, but can still become quite cumbersome A protection domain is a set of (object, access rights) pairs, where each pair specifies for a given object exactly what operations can be carried out By associating a protection domain with each request, we can cut down on redundant information in access control lists

12 Protection Domains One approach to using protection domains is to construct groups of users Another approach is to use roles instead of groups Roles: head of a department, manager of a project, member of a personnel search committee

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.