1 / 18

Computer Security Access Control Matrix

Computer Security Access Control Matrix. States of a Computer System. The state of a system is the collection of current values of all components of the system: memory locations, secondary storage, registers etc. Protection states are those states that have to be protected.

chavi
Télécharger la présentation

Computer Security Access Control Matrix

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer SecurityAccess Control Matrix

  2. States of a Computer System The state of a system is the collection of current values of all components of the system: memory locations, secondary storage, registers etc. Protection states are those states that have to be protected. • .P = set of all protection states of the system • .Q = set of all authorized protection states • The system is not secure if the current state is in P -Q • A security policy characterizes the states in Q • A security mechanism prevents the system entering a state in P -Q

  3. Access Control Matrix Model This is used to describe the protection states. It characterizes the rights of each subject of the system (entity/process) regarding the objects of the system (entities/processes) in terms of a matrix.

  4. Butler-Lampson Model This describes the rights of users s (subjects) over files o (objects) by a matrix A whose rows are indexed by the subjects and whose columns are indexed by the objects. The rights belong to a set R. Each entry a[s,o] of matrix A belongs to the set R, and is the right of user s over file o.

  5. Butler-Lampson Model In this model set of protection states P is a set of triples in (S,O,A), where S is the set of users, O the set of files and A the Access Control Matrix. The set of rights R (the entries in M) depends on the application.

  6. Examples of ACMs file 1 file 2 process 1 process 2 process 1 R, W, O R R, W, E, O W process 2 A R, O R R, W, E, O Here R = { Read, Wright, Own, Append, Execute } process 1 can read/write file 1, read file 2, communicate with process 2 by writing to it, etc.

  7. Examples: rights on a LAN host names telegraph nob toadflex telegraph own ftp ftp nob ftp, nfs, amil own ftp, nfs, mail toadflex ftp, mail ftp, nfs, amil own Here R = { ftp, mail, nfs, own }, where ftp = the right to access the File Transfer Protocol mail = the right to send/receive using the Simple Mail Transfer Protocol (SMTP) nfs = the right to access file systems using the Network File System protocol

  8. Examples: rights in a program host names counter inc_ctr dec_ctr manager inc_ctr + dec_ctr - manager call call call Here inc_ctrincreases a counter and dec_ctr decreases it. R = { +, -, call }

  9. Other examples • Access Control by Boolean expression evaluation • Access Control by History See textbook

  10. Protection State Transitions Initial state of the system: X0 = (S0,O0,A0 ) Transitions: t1, t2, … Corresponding states: X1, X2, … We use the notation: Xi├─ti+1 Xi+1 to indicate the state transition from Xito Xi+1 X├─* Y indicates that starting at X, after a series of transitions the system enters state Y.

  11. Protection State Transitions Xi├─ci+1(pi+1,1 ,…, pi+1,m) Xi+1 Indicates that the transition is caused by the command ci+1on the parameters pi+1,1 ,…, pi+1,m.

  12. The Harrison-Ruzzo-Ullman Model This is based on a set of primitive commands. • create subject s • create object o • Enter right r into a[s,o] • Delete right r from a[s,o] • destroy subject s • destroy object o

  13. The Harrison-Ruzzo-Ullman Model Example command create•file(p,f) create object f ; enter right owninto a(p,f); enter right r into a(p,f); enter right winto a(p,f); end

  14. The Harrison-Ruzzo-Ullman Model Example –conditional commands Suppose process p wants to give process q the right to read file f command grant•read•file1•(p,f,q) if ownin a[p,f] then enter rinto a[q,f]; end

  15. The Harrison-Ruzzo-Ullman Model Example –conditional commands using and Suppose process p wants to give process q the right to read file f command grant•read•file2•(p,f,q) if rin a[p,f] and cin a[p,f] then enter rinto a(q,f); end See textbook for other examples.

  16. Copying and owning Rights • copy right(grant right) – augments existing rights • own right The copy right allows its possessor to grant rights (this right is often considered a flag attachment –hence flag right) The own right allows its possessor to add or delete privileges to themselves.

  17. Copying Example Suppose process p has right r over object f , and let c be a copy right. The following command allows p to copy r over f to another process q only if p has copy right over f . command grant•r(p,f,q) if rin a[p,f] and cin a[p,f] then enter rinto a(q,f); end

  18. Attenuation of privilege The Principle of Attenuation of Privilege says that • a subject may not give rights it does not possess to another subject.

More Related