1 Access Control Matrix CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 9, 2004.

Slides:



Advertisements
Similar presentations
Access Control CS461/ECE422 Fall Reading Material Chapter 4 through section 4.5 Chapters 23 and 24 – For the access control aspects of Unix and.
Advertisements

Access Control Intro, DAC and MAC System Security.
Authentication James Walden Northern Kentucky University.
1 Overview CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 8, 2004.
1 Confidentiality Policies CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 18, 2004.
1 Design Principles CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 13, 2004.
April 6, 2004ECS 235Slide #1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe Defaults –Economy of Mechanism –Complete Mediation.
19: Protection1 PROTECTION Protection is the mechanism for controlling access to computer resources. Security concerns the physical integrity of the system.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
1 Integrity Policies CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 22, 2004.
590J Lecture 21: Access Control (contd). Review ● Recall: – Protection system is a description of conditions under which a system is secure – P is the.
Chapter 14: Protection.
1 Access Control Matrix CSSE 442 Computer Security Larry Merkle, Rose-Hulman Institute March 16, 2007.
1 Access Control Mechanisms CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 20, 2004.
Lecture 7 Access Control
CS-550 (M.Soneru): Protection and Security - 2 [SaS] 1 Protection and Security - 2.
Chapter 3 Controlling Files. Chapter 3 Overview The file system and file access rights Executable files Computer viruses and malware Policies for file.
Csci5233 computer security & integrity 1 Access Control Matrix.
ECE509 Cyber Security : Concept, Theory, and Practice Access Control Matrix Spring 2014.
Chapter 2: Access Control Matrix
1 A pattern language for security models Eduardo B. Fernandez and Rouyi Pan Presented by Liping Cai 03/15/2006.
ISA Access Control ISA 562 Internet Security Theory & Practice.
14.1 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts Chapter 14: Protection Goals of Protection Principles of Protection Domain of Protection.
Chapter 14 Protection Bernard Chen Spring Goal of Protection Protection was originally conceived as an adjunct to multiprogramming operation.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Access Control.
Slide #2-1 Chapter 2: Access Control Matrix Overview Access Control Matrix Model Protection State Transitions –Commands –Conditional Commands.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 4 – Access Control.
Silberschatz, Galvin and Gagne  Operating System Concepts Chapter 18: Protection Goals of Protection Objects and Domains Access Matrix Implementation.
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Chapter 14: Protection.
CE Operating Systems Lecture 21 Operating Systems Protection with examples from Linux & Windows.
Slide #2-1 Access Control Matrix and Safety Results CS461/ECE422 Computer Security I, Fall 2009 Based on slides provided by Matt Bishop for use with Computer.
Access Control: Policies and Mechanisms Vinod Ganapathy.
Chapter 14: Protection Silberschatz, Galvin and Gagne ©2005 Operating System Concepts – 7 th Edition, Apr 11, 2005 Goals of Protection Operating.
Privilege Management Chapter 22.
Computer Security: Principles and Practice
1/30/20161 Computer Security Access Control Matrix.
June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #13-1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe.
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #2-1 Chapter 2: Access Control Matrix Overview Access Control Matrix Model.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Access Control.
What is the difference between authentication and authorization? Authorization is usually explained using the ___________________ model.
November 1, 2004Introduction to Computer Security © 2004 Matt Bishop Slide #2-1 Chapter 2: Access Control Matrix Overview Access Control Matrix Model Protection.
June 1, 2004© Matt Bishop [Changed by Hamid R. Shahriari] Slide #13-1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe.
Slide #13-1 Design Principles CS461/ECE422 Computer Security I Fall 2008 Based on slides provided by Matt Bishop for use with Computer Security: Art and.
September 10, 2012Introduction to Computer Security © 2004 Matt Bishop Slide #2-1 Chapter 2: Access Control Matrix Overview Access Control Matrix Model.
Saurav Karmakar. Chapter 14: Protection  Goals of Protection  Principles of Protection  Domain of Protection  Access Matrix  Implementation of Access.
Chapter 14: Protection Modified by Dr. Neerja Mhaskar for CS 3SH3.
Chapter 14: System Protection
Chapter 14: Protection.
2. Access Control Matrix Introduction to Computer Security © 2004 Matt Bishop 9/21/2018.
Chapter 14: Protection.
Chapter 14: Protection.
Chapter 13: Design Principles
CE Operating Systems Lecture 21
Chapter 14: Protection.
Computer Security Access Control Matrix
Chapter 14: Protection.
Chapter 14: Protection.
Chapter 14: Protection.
Chapter 14: Protection.
Operating System Concepts
Outline Motivation Access Control Matrix Model
Computer Security: Art and Science, 2nd Edition
Chapter 2: Access Control Matrix
Chapter 14: Protection.
Chapter 14: Protection.
Computer Security Access Control Mechanisms
Chapter 2: Access Control Matrix
Presentation transcript:

1 Access Control Matrix CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 9, 2004

2 Acknowledgements Many of these slides came from Matt Bishop, author of Computer Security: Art and Science

3 Chapter 2: Access Control Matrix Overview Access Control Matrix Model Special Rights Principle of Attenuation of Privilege

4 Overview Protection state of system Describes current settings, values of system relevant to protection Access control matrix Describes protection state precisely Matrix describing rights of subjects (processes and users) State transitions change elements of matrix

5 Description objects (entities) subjects s1s2…sns1s2…sn o 1 … o m s 1 … s n Subjects S = { s 1,…,s n } Objects O = { o 1,…,o m } Rights R = { r 1,…,r k } Entries A[s i, o j ]   R A[s i, o j ] = { r x, …, r y } means subject s i has rights r x, …, r y over object o j

6 Rights Unix r = read w = write x = execute AFS r = read l = list i = insert d = delete w = write k = lock a = administer

7 Example Processes p, q Files f, g Rights r, w, x, a(ppend), o(wn) fgpq prworrwxow qarorrwxo

8 Copy Right Allows possessor to give rights to another Often attached to a right, so only applies to that right r is read right that cannot be copied rc is read right that can be copied Is copy flag copied when giving r rights? Depends on model, instantiation of model

9 Own Right Usually allows possessor to change entries in ACM column So owner of object can add, delete rights for others May depend on what system allows Can’t give rights to specific (set of) users Can’t pass copy flag to specific (set of) users

10 Attenuation of Privilege Principle says you can’t give rights you do not possess Restricts addition of rights within a system Usually ignored for owner Why?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.