Chapter 2: Access Control Matrix

Slides:

Advertisements

Similar presentations

Credit hours: 4 Contact hours: 50 (30 Theory, 20 Lab) Prerequisite: TB143 Introduction to Personal Computers.

Advertisements

Information Flow and Covert Channels November, 2006.

1 1 -Access Control Foundational Results. 2 2 Preliminaries Undecidability The Halting Problem The Turing Machine.

1 Access Control Matrix CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 9, 2004.

April 6, 2004ECS 235Slide #1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe Defaults –Economy of Mechanism –Complete Mediation.

Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least.

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #3-1 Chapter 3: Foundational Results Overview Harrison-Ruzzo-Ullman result –Corollaries.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

590J Lecture 21: Access Control (contd). Review ● Recall: – Protection system is a description of conditions under which a system is secure – P is the.

1 Chapter 4 Threads Threads: Resource ownership and execution.

CMSC 414 Computer (and Network) Security Lecture 10 Jonathan Katz.

Chapter 5. Operations on Multiple R. V.'s 1 Chapter 5. Operations on Multiple Random Variables 0. Introduction 1. Expected Value of a Function of Random.

1 Access Control Matrix CSSE 442 Computer Security Larry Merkle, Rose-Hulman Institute March 16, 2007.

Chapter 7 – Registers and Register Transfers Part 1 – Registers, Microoperations and Implementations Logic and Computer Design Fundamentals.

C o n f i d e n t i a l Developed By Nitendra NextHome Subject Name: Data Structure Using C Title: Overview of Data Structure.

Csci5233 computer security & integrity 1 Access Control Matrix.

IS-2150/TEL-2810: Introduction of Computer Security1 September 7, 2005 Introduction to Computer Security Access Control Matrix Take-grant model.

ECE509 Cyber Security : Concept, Theory, and Practice Access Control Matrix Spring 2014.

Chapter 2: Access Control Matrix

Chapter 1 Overview of Database Concepts Oracle 10g: SQL

1 Chapter 1 Overview of Database Concepts. 2 Chapter Objectives Identify the purpose of a database management system (DBMS) Distinguish a field from a.

ISA Access Control ISA 562 Internet Security Theory & Practice.

Chapter 1Introduction to Oracle9i: SQL1 Chapter 1 Overview of Database Concepts.

Slide #2-1 Chapter 2: Access Control Matrix Overview Access Control Matrix Model Protection State Transitions –Commands –Conditional Commands.

Slide #3-1 Chapter 3: Foundational Results Overview Harrison-Ruzzo-Ullman result –Corollaries.

Chapter 10: Rights, User, and Group Administration.

Slide #2-1 Access Control Matrix and Safety Results CS461/ECE422 Computer Security I, Fall 2009 Based on slides provided by Matt Bishop for use with Computer.

Access Control in Practice CS461/ECE422 Fall 2010.

BSA206 Database Management Systems Lecture 2: Introduction to Oracle / Overview of Database Concepts.

Access Control: Policies and Mechanisms Vinod Ganapathy.

1/30/20161 Computer Security Access Control Matrix.

2/1/20161 Computer Security Foundational Results.

July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #2-1 Chapter 2: Access Control Matrix Overview Access Control Matrix Model.

November 1, 2004Introduction to Computer Security © 2004 Matt Bishop Slide #2-1 Chapter 2: Access Control Matrix Overview Access Control Matrix Model Protection.

1 IS 2150 / TEL 2810 Introduction to Security James Joshi Assistant Professor, SIS Lecture 3 September 13, 2007 Mathematical Review Security Policies.

September 10, 2012Introduction to Computer Security © 2004 Matt Bishop Slide #2-1 Chapter 2: Access Control Matrix Overview Access Control Matrix Model.

CSC 482/582: Computer Security

Chapter 3 Data Representation

IS 2150 / TEL 2810 Introduction to Security

Physical Data Model – step-by-step instructions and template

IS 2150 / TEL 2810 Introduction to Security

Working at a Small-to-Medium Business or ISP – Chapter 7

Introduction to Computer Security Lecture 2

Working at a Small-to-Medium Business or ISP – Chapter 7

2. Access Control Matrix Introduction to Computer Security © 2004 Matt Bishop 9/21/2018.

General OS Security: Memory Protection and Access Control

What is a Database and Why Use One?

IS 2150 / TEL 2810 Information Security & Privacy

Chapter 13: Design Principles

CE Operating Systems Lecture 21

Working at a Small-to-Medium Business or ISP – Chapter 7

Computer Security Access Control Matrix

Access Control Lists CSCI Fall 2008 GWU Sources:

IS 2150 / TEL 2810 Introduction to Security

Chapter 1: Introduction

Chapter 28: User Security

IS 2150 / TEL 2810 Introduction to Security

Computer Security Foundations

Outline Motivation Access Control Matrix Model

Computer Security: Art and Science, 2nd Edition

IS 2150 / TEL 2810 Information Security & Privacy

Chapter 2: Access Control Matrix

FILE SECURITY AND ACCESS CONTROL

IS 2150 / TEL 2810 Introduction to Security

Computer Security Damian Gordon.

Chapter 4: Security Policies

Computer Security Access Control Mechanisms

IS 2150 / TEL 2810 Introduction to Security

IS 2150 / TEL 2810 Introduction to Security

Presentation transcript:

Chapter 2: Access Control Matrix Overview Access Control Matrix Model Protection State Transitions Commands Conditional Commands Introduction to Computer Security © 2004 Matt Bishop

Overview State of a system: the collection of the current values of all memory locations, all secondary storage, and all registers and other components of the system; Protection state of system: describes current settings, values of system relevant to protection;

Access Control Matrix Describes protection state precisely; Describes rights of each subject with respect to every other entity; State transitions change elements of matrix; http://slideplayer.com/4728910/15/images/11/Extended+Access+Control+Matrix.jpg

Description objects (entities) Subjects S = { s1,…,sn } o1 … om s1 … sn Subjects S = { s1,…,sn } Objects O = { o1,…,om } ∪ S Rights R = { r1,…,rk } Entries A[si, oj]  R A[si, oj] = { rx, …, ry } means subject si has rights rx, …, ry over object oj

ACM – Process vs Files Processes p1, p2; Files f, g Rights r, w, x, a, o f g p1 p2 rwo r rwxo w a ro

ACM – Hosts in a LAN host names A B C own ftp ftp, nfs, mail, own ftp, mail

ACM – Computer Program Functions: inc_ctr, dec_ctr, manager Variable: counter Rights +, –, call counter inc_ctr dec_ctr - + manager call

State Transitions https://i.pinimg.com/originals/37/28/6d/37286de12e2123c03c6f2ac1cc7341db.gif

State Transitions |– : represents transition Xi |–  Xi+1: command  moves system from state Xi to Xi+1 Xi |– * Y: a sequence of commands moves system from state Xi to Y

Primitive Operations create subject s; create object o destroy subject s; destroy object o enter r into A[s, o] delete r from A[s, o]

Primitive Operations create subject sn; sn

Primitive Operations create object on on

Primitive Operations destroy subject sd; sd

Primitive Operations destroy object od od

Primitive Operations enter r into A[s, o] Adds r rights for subject s over object o o s r

Primitive Operations delete r from A[s, o] Removes r rights from subject s over object o o s r

Creating File Process p creates file f with r permission command create•file(p, f) create file f; enter own into A[p, f]; enter r into A[p, f]; end

Creating Process command spawn•process(p, q) create process q; enter own into a[p, q]; enter r into a[p, q]; enter r into a[q, p]; end

Mono-Operational Commands Single primitive operation in this command command make•owner(p, g) enter own into a[p, g]; end

Conditional Commands command grant•read•file•1(p, f, q) if own in A[p, f] then enter r into A[q, f]; end

Multiple Conditions command grant•read•file•2(p, f, q) if own in A[p, f] and c in A[p, q] then enter r into A[q, f]; enter w into A[q, f]; end