1. March 2005 1R. Smith - University of St Thomas - Minnesota QMCS 490 - Class Today Perimeters inside computersPerimeters inside computers Protection inside computersProtection inside computers DiagrammingDiagramming Access control ‘styles’Access control ‘styles’

2. March 2005 2R. Smith - University of St Thomas - Minnesota Perimeters inside computers What happens when you run the same program several times at once? (cmd)What happens when you run the same program several times at once? (cmd) –Is it “all the same program” or not? –What stays the same, what changes? Difference between different processes, usersDifference between different processes, users –“Subjects” and “Objects”

3. March 2005 3R. Smith - University of St Thomas - Minnesota Protections inside computers The challenge Two people share a computerTwo people share a computer –How can one person keep the other from accessing their stuff? –“Access Control” - Be specific Permissions vs PrivilegesPermissions vs Privileges Admins versus usersAdmins versus users

4. March 2005 4R. Smith - University of St Thomas - Minnesota Potential access control goals Prevent access when not neededPrevent access when not needed Allow read access to shared dataAllow read access to shared data –Choice of the data’s owner Let independent groups share read/write access to a set of files/resourcesLet independent groups share read/write access to a set of files/resources Apply the “right” permissions when new files are createdApply the “right” permissions when new files are created (hardcore) Prevent some types of sharing(hardcore) Prevent some types of sharing

5. March 2005 5R. Smith - University of St Thomas - Minnesota Diagramming internal protections Processes and resourcesProcesses and resources Flow possible vs flow allowedFlow possible vs flow allowed –“Discretionary” access control Privilege levelsPrivilege levels Relationships between different software componentsRelationships between different software components

6. March 2005 6R. Smith - University of St Thomas - Minnesota Access Control “Styles” Unix versus Windows Per user: Coarse vs fine grainedPer user: Coarse vs fine grained Creating/controlling group accessCreating/controlling group access Compact versus detailedCompact versus detailed Permissions: read/write/exec/search/setuidPermissions: read/write/exec/search/setuid Notion of privileged programs vs usersNotion of privileged programs vs users Setting defaultsSetting defaults Restricting “chunks” of the file systemRestricting “chunks” of the file system

7. March 2005 7R. Smith - University of St Thomas - Minnesota Creative Commons License This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by- sa/3.0/us/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA.