Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Access Control Mechanisms CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 20, 2004.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Access Control Mechanisms CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 20, 2004."— Presentation transcript:

1 1 Access Control Mechanisms CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 20, 2004

2 2 Overview Access Control Lists Capability Lists Locks and Keys Ring-Based Access Control

3 3 Access Control Lists Def: Let S be a set of subjects, R a set of rights. An access control list (ACL) l is a set of pairs l = {(s, r): s  S, r  R} We write acl(o) = {(s i, r i ): 1  r  n} to denote that subject s i may access object o using any right in r i

4 4 Example ACL acl(file 1) = {(proc 1, {r, w, own}), (proc 2, {a})} acl(file 2) = {(proc 1, {r}), (proc 2, {r, own})} acl(proc 1) = {(proc 1, {r, w, x, own}), (proc 2, {r})} acl(proc 2) = {(proc 1, {w}), (proc 2, {r, w, x, own})} file 1file 2proc 1proc 2 proc 1r, w, ownrr, w, x, ownw proc 2ar, ownrr, w, x, own

5 5 Abbreviations of ACLs Unix 3 types of users for each file: owner, group, all others 3 types of permission: read, write, execute AFS ability to define access rights for any specific user or group 7 types of permission: read, list, insert, delete, write, lock, administer

6 6 Capabilities Def: Let O be a set of objects, R a set of rights. A capability list c is a set of pairs c = {(o, r): o  O, r  R} We write cap(s) = {(o i, r i ): 1  r  n} to denote that subject s may access object o i using any right in r i

7 7 Example Capability List cap(proc 1) = {(file 1, {r, w, own}), (file 2, {r}), (proc 1, {r, w, x, own}), (proc 2, {w})} cap(proc 2) = {(file 1, {a}), (file 2, {r, own}), (proc 1, {r}), (proc 2, {r, w, x, own})} file 1file 2proc 1proc 2 proc 1r, w, ownrr, w, x, ownw proc 2ar, ownrr, w, x, own

8 8 Locks and Keys Associate a piece of information (the lock) with each object. Associate a second piece of information (the key) with each subject allowed to access the object. May have multiple locks and keys for the same object or-access: provide multiple locks (and keys) and-access: lock multiple times

9 9 Type Checking: a Form of Locks and Keys Unix prevents writing to a directory using normal file operations Might restrict read and write to data, execute to instructions PDP-11 prevents buffer overflow DTEL policy language can enforce type checking

10 10 Sharing Secrets Problem: Need to ensure that at least 3 senior officials agree that country is under attack before launching a counterstrike. Place 10 officials in different parts of the country, each official has a part of the key. How should the key be divided?

11 11 Threshold Schemes Def: A (t, n)-threshold scheme is a cryptographic scheme in which a datum is divided into n parts, any t of which are sufficient to determine the original datum

12 12 Implementing Threshold Schemes Could use locks and keys combinations of or- and and-access could be used Could use polynomial of degree t-1 with n example evaluations requires t values to rederive the polynomial

13 13 Ring-Based Access Control (Multics) Data and procedures occupy different segments Segments have ACLs for r, w, x, a Protection rings: procedure executes in ring r higher rings have fewer privileges

14 14 Access Brackets Each data segment has access bracket (a 1, a 2 ) with a 1  a 2 Assume procedure executing in ring r r  a 1 : all access permitted a 1 < r  a 2 : r, x permitted, but w, a denied a 2 < r: all accesses denied

15 15 Call Brackets Each procedure may have a call bracket (c 1, c 2 ) with c 1  c 2 By convention c 1 = a 2, so may write (a 1, a 2, a 3 ) where (a 1, a 2 ) is access bracket and (a 2, a 3 ) is call bracket Assume procedure executing ring r r < a 1 : access permitted, but ring fault occurs a 1  r  a 2 : all access permitted, no ring fault a 2 < r  a 3 : access permitted through valid gate a 3 < r: all access denied

Download ppt "1 Access Control Mechanisms CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 20, 2004."

Similar presentations

Protection Goals of Protection Domain of Protection Access Matrix

Protection Goals of Protection Domain of Protection Access Matrix
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Understand Database Security Concepts

Understand Database Security Concepts
CSC 405 Introduction to Computer Security

CSC 405 Introduction to Computer Security
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #14-1 Chapter 14: Access Control Mechanisms Access control lists Capabilities.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #14-1 Chapter 14: Access Control Mechanisms Access control lists Capabilities.
1 Access Control Matrix CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 9, 2004.

1 Access Control Matrix CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 9, 2004.
1 Design Principles CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 13, 2004.

1 Design Principles CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 13, 2004.
Protection. Goals of Protection Operating system consists of a collection of objects, hardware or software Each object has a unique name and can be accessed.

Protection. Goals of Protection Operating system consists of a collection of objects, hardware or software Each object has a unique name and can be accessed.
Bilkent University Department of Computer Engineering

Bilkent University Department of Computer Engineering
1999 Chapter 8-Protection Goals of Protection Domain of Protection Access Matrix Implementation of Access Matrix Revocation of Access Rights Capability-Based.

1999 Chapter 8-Protection Goals of Protection Domain of Protection Access Matrix Implementation of Access Matrix Revocation of Access Rights Capability-Based.
Reasons for Protection n Prevent users from accessing information they shouldn’t have access to. n Ensure that each program component uses system resources.

Reasons for Protection n Prevent users from accessing information they shouldn’t have access to. n Ensure that each program component uses system resources.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
1 Pertemuan 04 Pengamanan Akses Sistem Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 04 Pengamanan Akses Sistem Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
May 25, 2004ECS 235Slide #1 Amplifying Allows temporary increase of privileges Needed for modular programming –Module pushes, pops data onto stack module.

May 25, 2004ECS 235Slide #1 Amplifying Allows temporary increase of privileges Needed for modular programming –Module pushes, pops data onto stack module.
Chapter 14: Protection.

Chapter 14: Protection.
July 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #15-1 Chapter 15: Access Control Mechanisms Access control lists Capabilities.

July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #15-1 Chapter 15: Access Control Mechanisms Access control lists Capabilities.
1 Access Control Matrix CSSE 442 Computer Security Larry Merkle, Rose-Hulman Institute March 16, 2007.

1 Access Control Matrix CSSE 442 Computer Security Larry Merkle, Rose-Hulman Institute March 16, 2007.
G22.3250-001 Robert Grimm New York University Protection and the Control of Information Sharing in Multics.

G Robert Grimm New York University Protection and the Control of Information Sharing in Multics.
Lecture 7 Access Control

Lecture 7 Access Control

Similar presentations

Ads by Google