Presentation is loading. Please wait.

Presentation is loading. Please wait.

What is the difference between authentication and authorization? Authorization is usually explained using the ___________________ model.

Published byMyron Short Modified over 9 years ago

Similar presentations

Presentation on theme: "What is the difference between authentication and authorization? Authorization is usually explained using the ___________________ model."— Presentation transcript:

1 What is the difference between authentication and authorization? Authorization is usually explained using the ___________________ model.

2 Let O be a set of ____________ (assets). Let S be a set of _______ (users. processes, network nodes, packets, etc.). Let R be a set of possible ____________. An access matrix A is a function O  S   R Example S = {Ole, Lena} O = {OleFile, LenaFile, SharedFile} R = {read, write} A = { read, write } Ø { read } OleFileLenaFileSharedFile Lena Ole In this model a set of protection states is represented by a triple, (S, O, A)

3 gates_wh obama_bh www.fed.govwww.dribble.com Remote Server Access

4 Access to the Members of a Java Class public class Arg { public int fee; private int fi; public void foo() { int fo; int fum; // code missing } public void foo2() { int fo; int fi; // code missing }

5 The same right may mean something different in another context or another system. Example: What does an execute permission mean on a Unix directory? What are typical elements of a set of rights? Special Rights ______ -- most assets have one signified owner. ______ -- A subject with copy permission can grant permissions to other subjects.

6 Changing protection states is an integral part of computation. Potential Changes  create a new subject (S, O, A)(S', O', A') S' = S  {newSubject} and add row for newSubject to A using Ø for new rights  destroy a subject S' = S - {someSubject} and remove someSubject row from A  create a new asset O' = O  {newAsset} and add column for newAsset to A using Ø for new rights  destroy an asset O' = O - {someAsset} and remove someAsset column from A  add a new right (  a'[s,o]  A') [ a'[s,o] = a[s,o]  {newRight} ] and nothing else changes  remove a right (  a'[s,o]  A') [ a'[s,o] = a[s,o] - {someRight} ] and nothing else changes

7 { read, write, own }{ read, write } Ø{ read, own }{ write } { read }{ write, own } { read } { read, write } OleFileLenaFileSharedFile Lena Ole Bubba Daisy A capability is a row of the ACM. An access control list (ACL) is a column of the ACM. ACLs often incorporate group permissions, as well as individual. Vulnerability -- Basing access on subjects allows for “ impersonation. ”

Download ppt "What is the difference between authentication and authorization? Authorization is usually explained using the ___________________ model."

Similar presentations

Protection Goals of Protection Domain of Protection Access Matrix

Protection Goals of Protection Domain of Protection Access Matrix
Access Control 1. Given Credit Where It Is Due Most of the lecture notes are based on slides by Dr. Daniel M. Zimmerman at CALTECH Some slides are from.

Access Control 1. Given Credit Where It Is Due Most of the lecture notes are based on slides by Dr. Daniel M. Zimmerman at CALTECH Some slides are from.
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Lakshmi Narayana Gupta Kollepara 10/26/2009 CSC-8320.

Lakshmi Narayana Gupta Kollepara 10/26/2009 CSC-8320.
Chapter 6 User Protections in OS. csci5233 computer security & integrity (Chap. 6) 2 Outline User-level protections 1.Memory protection 2.Control of access.

Chapter 6 User Protections in OS. csci5233 computer security & integrity (Chap. 6) 2 Outline User-level protections 1.Memory protection 2.Control of access.
8.2 Discretionary Access Control Models Weiling Li.

8.2 Discretionary Access Control Models Weiling Li.
1 Access Control Matrix CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 9, 2004.

1 Access Control Matrix CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 9, 2004.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.

CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
1 Protection and Security Protection = mechanisms used to control access to valued resources: e.g., programs & data stored on computer system. Usually.

1 Protection and Security Protection = mechanisms used to control access to valued resources: e.g., programs & data stored on computer system. Usually.
CMSC 414 Computer and Network Security Lecture 10 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 10 Jonathan Katz.
1 CSE 380 Computer Operating Systems Instructor: Insup Lee and Dianna Xu University of Pennsylvania Fall 2003 Lecture Note: Protection Mechanisms.

1 CSE 380 Computer Operating Systems Instructor: Insup Lee and Dianna Xu University of Pennsylvania Fall 2003 Lecture Note: Protection Mechanisms.
590J Lecture 21: Access Control (contd). Review ● Recall: – Protection system is a description of conditions under which a system is secure – P is the.

590J Lecture 21: Access Control (contd). Review ● Recall: – Protection system is a description of conditions under which a system is secure – P is the.
Authorization. Authorization: Two Meanings Determining permission Is principal P permitted to perform action A on object U? Adding permission P is now.

Authorization. Authorization: Two Meanings Determining permission Is principal P permitted to perform action A on object U? Adding permission P is now.
Chapter 14: Protection.

Chapter 14: Protection.
Chapter 5 Database Application Security Models

Chapter 5 Database Application Security Models
1 Access Control Matrix CSSE 442 Computer Security Larry Merkle, Rose-Hulman Institute March 16, 2007.

1 Access Control Matrix CSSE 442 Computer Security Larry Merkle, Rose-Hulman Institute March 16, 2007.
Access Control CS461/ECE422 Spring 2012. Reading Material Chapter 4 through section 4.5 Chapters 25 and 26 – For the access control aspects of Unix and.

Access Control CS461/ECE422 Spring Reading Material Chapter 4 through section 4.5 Chapters 25 and 26 – For the access control aspects of Unix and.
Distributed Computer Security 8.2 Discretionary Access Control Models - Liang Zhao.

Distributed Computer Security 8.2 Discretionary Access Control Models - Liang Zhao.

Similar presentations

Ads by Google