November 1, 2004Introduction to Computer Security © 2004 Matt Bishop Slide #2-1 Chapter 2: Access Control Matrix Overview Access Control Matrix Model Protection.

Slides:



Advertisements
Similar presentations
1 Access Control. 2 Objects and Subjects A multi-user distributed computer system offers access to objects such as resources (memory, printers), data.
Advertisements

Information Flow and Covert Channels November, 2006.
1 1 -Access Control Foundational Results. 2 2 Preliminaries Undecidability The Halting Problem The Turing Machine.
1 Access Control Matrix CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 9, 2004.
Authentication James Walden Northern Kentucky University.
Maths for Computer Graphics
Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.
April 6, 2004ECS 235Slide #1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe Defaults –Economy of Mechanism –Complete Mediation.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #3-1 Chapter 3: Foundational Results Overview Harrison-Ruzzo-Ullman result –Corollaries.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
590J Lecture 21: Access Control (contd). Review ● Recall: – Protection system is a description of conditions under which a system is secure – P is the.
CMSC 414 Computer (and Network) Security Lecture 10 Jonathan Katz.
1 Access Control Matrix CSSE 442 Computer Security Larry Merkle, Rose-Hulman Institute March 16, 2007.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson.
Table of Contents Matrices - Multiplication Assume that matrix A is of order m  n and matrix B is of order p  q. To determine whether or not A can be.
1 September 14, 2006 Lecture 3 IS 2150 / TEL 2810 Introduction to Security.
CH14 – Protection / Security. Basics Potential Violations – Unauthorized release, modification, DoS External vs Internal Security Policy vs Mechanism.
Copyright © 2007 Pearson Education, Inc. Slide 7-1.
Csci5233 computer security & integrity 1 Access Control Matrix.
IS-2150/TEL-2810: Introduction of Computer Security1 September 7, 2005 Introduction to Computer Security Access Control Matrix Take-grant model.
ECE509 Cyber Security : Concept, Theory, and Practice Access Control Matrix Spring 2014.
Chapter 2: Access Control Matrix
ISA Access Control ISA 562 Internet Security Theory & Practice.
14.1 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts Chapter 14: Protection Goals of Protection Principles of Protection Domain of Protection.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Access Control.
Slide #2-1 Chapter 2: Access Control Matrix Overview Access Control Matrix Model Protection State Transitions –Commands –Conditional Commands.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 4 – Access Control.
Slide #3-1 Chapter 3: Foundational Results Overview Harrison-Ruzzo-Ullman result –Corollaries.
Lesson 11-1 Matrix Basics and Augmented Matrices Objective: To learn to solve systems of linear equation using matrices.
Slide #2-1 Access Control Matrix and Safety Results CS461/ECE422 Computer Security I, Fall 2009 Based on slides provided by Matt Bishop for use with Computer.
Access Control in Practice CS461/ECE422 Fall 2010.
Access Control: Policies and Mechanisms Vinod Ganapathy.
1/30/20161 Computer Security Access Control Matrix.
2/1/20161 Computer Security Foundational Results.
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #2-1 Chapter 2: Access Control Matrix Overview Access Control Matrix Model.
Matrix Multiplication The Introduction. Look at the matrix sizes.
Table of Contents Matrices - Definition and Notation A matrix is a rectangular array of numbers. Consider the following matrix: Matrix B has 3 rows and.
Notes Over 4.2 Finding the Product of Two Matrices Find the product. If it is not defined, state the reason. To multiply matrices, the number of columns.
1 IS 2150 / TEL 2810 Introduction to Security James Joshi Assistant Professor, SIS Lecture 3 September 13, 2007 Mathematical Review Security Policies.
CSE Operating System Principles Protection.
September 10, 2012Introduction to Computer Security © 2004 Matt Bishop Slide #2-1 Chapter 2: Access Control Matrix Overview Access Control Matrix Model.
A rectangular array of numeric or algebraic quantities subject to mathematical operations. The regular formation of elements into columns and rows.
Matrices Rules & Operations.
IS 2150 / TEL 2810 Introduction to Security
Matrices - Addition and Subtraction
Computer Data Security & Privacy
Dr. Ameria Eldosoky Discrete mathematics
Introduction to Computer Security Lecture 2
2. Access Control Matrix Introduction to Computer Security © 2004 Matt Bishop 9/21/2018.
Chapter 13: Design Principles
Computer Security Access Control Matrix
IS 2150 / TEL 2810 Introduction to Security
2. Matrix Algebra 2.1 Matrix Operations.
Matrices Elements, Adding and Subtracting
CSCI N207 Data Analysis Using Spreadsheet
Operating System Concepts
Computer Security Foundations
Outline Motivation Access Control Matrix Model
Computer Security: Art and Science, 2nd Edition
IS 2150 / TEL 2810 Information Security & Privacy
Chapter 2: Access Control Matrix
Chapter 6: Integrity Policies
IS 2150 / TEL 2810 Introduction to Security
Chapter 4: Security Policies
Computer Security Access Control Mechanisms
IS 2150 / TEL 2810 Introduction to Security
Chapter 2: Access Control Matrix
Presentation transcript:

November 1, 2004Introduction to Computer Security © 2004 Matt Bishop Slide #2-1 Chapter 2: Access Control Matrix Overview Access Control Matrix Model Protection State Transitions –Commands –Conditional Commands

November 1, 2004Introduction to Computer Security © 2004 Matt Bishop Slide #2-2 Overview Protection state of system –Describes current settings, values of system relevant to protection Access control matrix –Describes protection state precisely –Matrix describing rights of subjects –State transitions change elements of matrix

November 1, 2004Introduction to Computer Security © 2004 Matt Bishop Slide #2-3 Description objects (entities) subjects s1s2…sns1s2…sn o 1 … o m s 1 … s n Subjects S = { s 1,…,s n } Objects O = { o 1,…,o m } Rights R = { r 1,…,r k } Entries A[s i, o j ]   R A[s i, o j ] = { r x, …, r y } means subject s i has rights r x, …, r y over object o j

November 1, 2004Introduction to Computer Security © 2004 Matt Bishop Slide #2-4 Example 1 Processes p, q Files f, g Rights r, w, x, a, o fgpq prworrwxow qarorrwxo

November 1, 2004Introduction to Computer Security © 2004 Matt Bishop Slide #2-5 Example 2 Procedures inc_ctr, dec_ctr, manage Variable counter Rights +, –, call counterinc_ctrdec_ctrmanage inc_ctr+ dec_ctr– managecallcallcall

Important Points Access Control Matrix can be used as a model of the static access permissions in any type of access control system. It does not model the rules by which permissions can change in any particular system, and therefore only gives an incomplete description of the system's access control security policy. November 1, 2004Introduction to Computer Security © 2004 Matt Bishop Slide #2-6

November 1, 2004Introduction to Computer Security © 2004 Matt Bishop Slide #2-7 State Transitions Change the protection state of system |– represents transition –X i |–  X i+1 : command  moves system from state X i to X i+1 –X i |– * X i+1 : a sequence of commands moves system from state X i to X i+1 Commands often called transformation procedures

November 1, 2004Introduction to Computer Security © 2004 Matt Bishop Slide #2-8 Primitive Operations create subject s; create object o –Creates new row, column in ACM; creates new column in ACM destroy subject s; destroy object o –Deletes row, column from ACM; deletes column from ACM enter r into A[s, o] –Adds r rights for subject s over object o delete r from A[s, o] –Removes r rights from subject s over object o

November 1, 2004Introduction to Computer Security © 2004 Matt Bishop Slide #2-9 Creating File Process p creates file f with r and w permission command createfile(p, f) create object f; enter own into A[p, f]; enter r into A[p, f]; enter w into A[p, f]; end

November 1, 2004Introduction to Computer Security © 2004 Matt Bishop Slide #2-10 Mono-Operational Commands Make process p the owner of file g command makeowner(p, g) enter own into A[p, g]; end Mono-operational command –Single primitive operation in this command

November 1, 2004Introduction to Computer Security © 2004 Matt Bishop Slide #2-11 Conditional Commands Let p give q r rights over f, if p owns f command grantreadfile1(p, f, q) if own in A[p, f] then enter r into A[q, f]; end Mono-conditional command –Single condition in this command

November 1, 2004Introduction to Computer Security © 2004 Matt Bishop Slide #2-12 Multiple Conditions Let p give q r and w rights over f, if p owns f and p has c rights over q command grantreadfile2(p, f, q) if own in A[p, f] and c in A[p, q] then enter r into A[q, f]; enter w into A[q, f]; end

November 1, 2004Introduction to Computer Security © 2004 Matt Bishop Slide #2-13 Key Points Access control matrix simplest abstraction mechanism for representing protection state Transitions alter protection state 6 primitive operations alter matrix –Transitions can be expressed as commands composed of these operations and, possibly, conditions

Key Points An Access Control Matrix should be thought of only as an abstract model of permissions at a given point in time November 1, 2004Introduction to Computer Security © 2004 Matt Bishop Slide #2-14

Key Points An implementation of it as a two- dimensional array would have excessive memory requirements. Capability-based security and access control lists are categories of concrete access control mechanisms whose static permissions can be modeled using Access Control Matrices. November 1, 2004Introduction to Computer Security © 2004 Matt Bishop Slide #2-15

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.