Authorization. Authorization: Two Meanings Determining permission Is principal P permitted to perform action A on object U? Adding permission P is now.

Slides:



Advertisements
Similar presentations
Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
Advertisements

Access Control 1. Given Credit Where It Is Due Most of the lecture notes are based on slides by Dr. Daniel M. Zimmerman at CALTECH Some slides are from.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Decentralized User Authentication in a Global File System Max Meisterhans - Seminar in Distributed Computing WS 05/06.
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Lakshmi Narayana Gupta Kollepara 10/26/2009 CSC-8320.
Prime’ Senior Project. Presentation Outline What is Our Project? Problem Definition What does our system do? How does the system work? Implementation.
A RELOAD Usage for Distributed Conference Control (DisCo) – update – draft-knauf-p2psip-disco-00 draft-knauf-p2psip-disco-00 Alexander Knauf, Gabriel Hege,
How to Succeed with Active Directory Robert Williams, PhD CEO Secure Logistix Corporation.
8.2 Discretionary Access Control Models Weiling Li.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.
Building Global HEP Systems on Kerberos Matt Crawford Fermilab Computer Security.
 Single sign-on o Centralized and federated passport o Federated Liberty Alliance and Shibboleth  Authorization o Who can access which resource o ACM.
 Authentication o Something you know (password) o Something you have (smartcard) o Something about you (iris scan)  Password authentication o To protect.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
19: Protection1 PROTECTION Protection is the mechanism for controlling access to computer resources. Security concerns the physical integrity of the system.
Application Layer At long last we can ask the question - how does the user interface with the network?
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Lecture 7 Access Control
Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.
Authorization and Policy. Is principal P permitted to perform action A on object O? – Authorization system will provide yes/no answer Authorization.
Authentication and authorization Access control consists of two steps, authentication and authorization. Subject Do operation Reference monitor Object.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Understanding Active Directory
Securing Access in a Heterogeneous Network Environment Providing Interoperability between Microsoft Windows 2000 and Heterogeneous Networks Securing Authentication.
CS-550 (M.Soneru): Protection and Security - 2 [SaS] 1 Protection and Security - 2.
Grid Monitoring By Zoran Obradovic CSE-510 October 2007.
Additional SugarCRM details for complete, functional, and portable deployment.
Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation.
Week 2 File Systems & Unix Commands. File System Hierarchy.
CS426Fall 2010/Lecture 191 Computer Security CS 426 Lecture 19 Discretionary Access Control.
DEMIGUISE STORAGE An Anonymous File Storage System VIJAY KUMAR RAVI PRAGATHI SEGIREDDY COMP 512.
Cognos TM1 Satya Mobile:
Presented by Amlan B Dey.  Access control is the traditional center of gravity of computer security.  It is where security engineering meets computer.
Distributed computer security 8.2 Discretionary Access Control Models -Ranjitha Shivarudraiah.
© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.
What is a Distributed File System?? Allows transparent access to remote files over a network. Examples: Network File System (NFS) by Sun Microsystems.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
Course materials may not be reproduced in whole or in part without the prior written permission of IBM. 5.1 © Copyright IBM Corporation 2008 DB2 9 Fundamentals.
1 Vigil : Enforcing Security in Ubiquitous Environments Authors : Lalana Kagal, Jeffrey Undercoffer, Anupam Joshi, Tim Finin Presented by : Amit Choudhri.
Communicating Security Assertions over the GridFTP Control Channel Rajkumar Kettimuthu 1,2, Liu Wantao 3,4, Frank Siebenlist 1,2 and Ian Foster 1,2,3 1.
Page 1 Active Directory and DNS Lecture 2 Hassan Shuja 09/14/2004.
Windows Role-Based Access Control Longhorn Update
Permissions Lesson 13. Skills Matrix Security Modes Maintaining data integrity involves creating users, controlling their access and limiting their ability.
IIS and.Net security -Vasudha Bhat. What is IIS? Why do we need IIS? Internet Information Services (IIS) is a Web server, its primary job is to accept.
Key Management. Authentication Using Public-Key Cryptography  K A +, K B + : public keys Alice Bob K B + (A, R A ) 1 2 K A + (R A, R B,K A,B ) 3 K A,B.
Access Control Lesson Introduction ●Understand the importance of access control ●Explore ways in which access control can be implemented ●Understand how.
Discretionary Access Control Models Adith Srinivasan.
Security. Digital Signatures Digital Signatures Using MD.
Access Control 1. Given Credit Where It Is Due Most of the lecture notes are based on slides by Dr. Daniel M. Zimmerman at CALTECH Some slides are from.
LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►
What is the difference between authentication and authorization? Authorization is usually explained using the ___________________ model.
4.1 An Introduction to Matrices Katie Montella Mod. 6 5/25/07.
A rectangular array of numeric or algebraic quantities subject to mathematical operations. The regular formation of elements into columns and rows.
Secure Connected Infrastructure
Protection and Security
Affinity Depending on the application and client requirements of your Network Load Balancing cluster, you can be required to select an Affinity setting.
Computer Data Security & Privacy
Matrix Operations.
Chapter 14: Protection.
Computer Security Distributed System Security
Matrices Elements, Adding and Subtracting
OS Access Control Mauricio Sifontes.
Access Control.
Dynamic Exchange of Capabilities Between Mobile Agents
Presentation transcript:

Authorization

Authorization: Two Meanings Determining permission Is principal P permitted to perform action A on object U? Adding permission P is now permitted to perform action A on object U In this course, we use the first sense

Access Control Who is permitted to perform which actions on what objects? Access Control Matrix (ACM) Columns indexed by principal Rows indexed by objects Elements are arrays of permissions indexed by action In practice, ACMs are abstract objects

Instantiations of ACMs Access Control Lists (ACLs) For each object, list principals and actions permitted on that object Corresponds to rows of ACM Example: Kerberos admin system

Instantiations of ACMs Capabilities For each principal, list objects and actions permitted for that principal Corresponds to columns of ACM Example: Kerberos restricted proxies The Unix file system is an example of…?

Problems Permissions may need to be determined dynamically Time System load Relationship with other objects Security status of host

Problems Distributed nature of systems may aggravate this ACLs need to be replicated or centralized Capabilities don’t, but they’re harder to revoke Approaches GAA Agent-based authorization

Agent-Based Authorization When object created on a host H, agent Q created along with it Agents distributed to clients Either directly, or through agent server Client on host G instantiates agent for principal P, submits it to H as

Agent-Based Authorization Relieves scaling issues with ACLs Q is typically mobile code and data Needs to be integrity-protected May be confidentiality-protected Agent environment on H must be trusted

Revocation in Agent-Based Systems Timeout-based Harder for malicious agents Hosts must send RCLs to other hosts and/or principals Must maintain their own RCL to restrict or deny incoming agents

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.