Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 2: Access Control Matrix

Published byAnne-Lise Slettebakk Modified over 5 years ago

Similar presentations

Presentation on theme: "Chapter 2: Access Control Matrix"— Presentation transcript:

1 Chapter 2: Access Control Matrix
Overview Access Control Matrix Model Protection State Transitions Commands Conditional Commands Introduction to Computer Security © 2004 Matt Bishop

2 Overview State of a system: the collection of the current values of all memory locations, all secondary storage, and all registers and other components of the system; Protection state of system: describes current settings, values of system relevant to protection;

3 Access Control Matrix Describes protection state precisely;
Describes rights of each subject with respect to every other entity; State transitions change elements of matrix;

4 Description objects (entities) Subjects S = { s1,…,sn }
o1 … om s1 … sn Subjects S = { s1,…,sn } Objects O = { o1,…,om } ∪ S Rights R = { r1,…,rk } Entries A[si, oj]  R A[si, oj] = { rx, …, ry } means subject si has rights rx, …, ry over object oj

5 ACM – Process vs Files Processes p1, p2; Files f, g
Rights r, w, x, a, o f g p1 p2 rwo r rwxo w a ro

6 ACM – Hosts in a LAN host names A B C own ftp ftp, nfs, mail, own
ftp, mail

7 ACM – Computer Program Functions: inc_ctr, dec_ctr, manager
Variable: counter Rights +, –, call counter inc_ctr dec_ctr - + manager call

8 State Transitions

9 State Transitions |– : represents transition
Xi |–  Xi+1: command  moves system from state Xi to Xi+1 Xi |– * Y: a sequence of commands moves system from state Xi to Y

10 Primitive Operations create subject s; create object o
destroy subject s; destroy object o enter r into A[s, o] delete r from A[s, o]

11 Primitive Operations create subject sn; sn

12 Primitive Operations create object on on

13 Primitive Operations destroy subject sd; sd

14 Primitive Operations destroy object od od

15 Primitive Operations enter r into A[s, o]
Adds r rights for subject s over object o o s r

16 Primitive Operations delete r from A[s, o]
Removes r rights from subject s over object o o s r

17 Creating File Process p creates file f with r permission
command create•file(p, f) create file f; enter own into A[p, f]; enter r into A[p, f]; end

18 Creating Process command spawn•process(p, q) create process q;
enter own into a[p, q]; enter r into a[p, q]; enter r into a[q, p]; end

19 Mono-Operational Commands
Single primitive operation in this command command make•owner(p, g) enter own into a[p, g]; end

20 Conditional Commands command grant•read•file•1(p, f, q)
if own in A[p, f] then enter r into A[q, f]; end

21 Multiple Conditions command grant•read•file•2(p, f, q)
if own in A[p, f] and c in A[p, q] then enter r into A[q, f]; enter w into A[q, f]; end

Download ppt "Chapter 2: Access Control Matrix"

Similar presentations

Credit hours: 4 Contact hours: 50 (30 Theory, 20 Lab) Prerequisite: TB143 Introduction to Personal Computers.

Credit hours: 4 Contact hours: 50 (30 Theory, 20 Lab) Prerequisite: TB143 Introduction to Personal Computers.
Information Flow and Covert Channels November, 2006.

Information Flow and Covert Channels November, 2006.
1 1 -Access Control - 2 - Foundational Results. 2 2 Preliminaries Undecidability The Halting Problem The Turing Machine.

1 1 -Access Control Foundational Results. 2 2 Preliminaries Undecidability The Halting Problem The Turing Machine.
1 Access Control Matrix CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 9, 2004.

1 Access Control Matrix CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 9, 2004.
April 6, 2004ECS 235Slide #1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe Defaults –Economy of Mechanism –Complete Mediation.

April 6, 2004ECS 235Slide #1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe Defaults –Economy of Mechanism –Complete Mediation.
Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least.

Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #3-1 Chapter 3: Foundational Results Overview Harrison-Ruzzo-Ullman result –Corollaries.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #3-1 Chapter 3: Foundational Results Overview Harrison-Ruzzo-Ullman result –Corollaries.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
590J Lecture 21: Access Control (contd). Review ● Recall: – Protection system is a description of conditions under which a system is secure – P is the.

590J Lecture 21: Access Control (contd). Review ● Recall: – Protection system is a description of conditions under which a system is secure – P is the.
1 Chapter 4 Threads Threads: Resource ownership and execution.

1 Chapter 4 Threads Threads: Resource ownership and execution.
CMSC 414 Computer (and Network) Security Lecture 10 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 10 Jonathan Katz.
Chapter 5. Operations on Multiple R. V.'s 1 Chapter 5. Operations on Multiple Random Variables 0. Introduction 1. Expected Value of a Function of Random.

Chapter 5. Operations on Multiple R. V.'s 1 Chapter 5. Operations on Multiple Random Variables 0. Introduction 1. Expected Value of a Function of Random.
1 Access Control Matrix CSSE 442 Computer Security Larry Merkle, Rose-Hulman Institute March 16, 2007.

1 Access Control Matrix CSSE 442 Computer Security Larry Merkle, Rose-Hulman Institute March 16, 2007.
Chapter 7 – Registers and Register Transfers Part 1 – Registers, Microoperations and Implementations Logic and Computer Design Fundamentals.

Chapter 7 – Registers and Register Transfers Part 1 – Registers, Microoperations and Implementations Logic and Computer Design Fundamentals.
C o n f i d e n t i a l Developed By Nitendra NextHome Subject Name: Data Structure Using C Title: Overview of Data Structure.

C o n f i d e n t i a l Developed By Nitendra NextHome Subject Name: Data Structure Using C Title: Overview of Data Structure.
Csci5233 computer security & integrity 1 Access Control Matrix.

Csci5233 computer security & integrity 1 Access Control Matrix.
IS-2150/TEL-2810: Introduction of Computer Security1 September 7, 2005 Introduction to Computer Security Access Control Matrix Take-grant model.

IS-2150/TEL-2810: Introduction of Computer Security1 September 7, 2005 Introduction to Computer Security Access Control Matrix Take-grant model.
ECE509 Cyber Security : Concept, Theory, and Practice Access Control Matrix Spring 2014.

ECE509 Cyber Security : Concept, Theory, and Practice Access Control Matrix Spring 2014.
Chapter 2: Access Control Matrix

Chapter 2: Access Control Matrix

Similar presentations

Ads by Google