1 / 16

Computer Security Access Control Matrix

Computer Security Access Control Matrix. States of a Computer System. The state of a system is the collection of current values of all components of the system: memory locations, secondary storage, registers etc Protection states are those states that have to be protected.

Télécharger la présentation

Computer Security Access Control Matrix

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Computer SecurityAccess Control Matrix

  2. States of a Computer System The state of a system is the collection of current values of all components of the system: memory locations, secondary storage, registers etc Protection states are those states that have to be protected. • .P = set of all protection states of the system • .Q = set of all authorized protection states • The system is not secure if the current state is in P - Q • A security policy characterizes the states in Q • A security mechanism prevents the system entering a state in P - Q

  3. Access Control Matrix Model A model used to describe the protection states. It characterizes the rights of each subject of the system (entity/process) regarding the objects of the system (entities/processes) in terms of a matrix.

  4. Butler-Lampson Model This describes the rights of users s (subjects) over files o (objects) by a matrix A whose rows are indexed By the subjects and columns by the objects. The rights belong to a setR. Each entry a[s,o] of A belongs to R, and is the right of user s over file s.

  5. Butler-Lampson Model In this model P is the triple (S,O,A) where S is the set of users, O the set of files, A the Access Control Matrix. R depends on the application.

  6. Examples of ACMs file 1 file 2 process 1 process 2 process 1 R, W, O R R, W, E, O W process 2 A R, O R R, W, E, O Here R = { Read, Wright, Own, Append, Execute } process 1 can read/write file 1, read file 2, communicate with process 2 by writing to it, etc

  7. Examples: rights on a LAN host names telegraph nob toadflex telegraph own ftp ftp nob ftp, nfs, amil own ftp, nfs, mail toadflex ftp, mail ftp, nfs, amil own Here R = { ftp, mail, nfs, own }, where ftp = the right to access the File Transfer Protocol mail = the right to send/receive using the Simple Mail Transfer Protocol (SMTP) nsf = the right to access file systems using the Network File System protocol

  8. Examples: rights in a program host names counter inc_ctr dec_ctr manager inc_ctr + dec_ctr - manager call call call Here inc_ctrincreases a counter and dec_ctr decreases it. R = { +, -, call }

  9. Other examples • Access Control by Boolean expression evaluation • Access Control by History See textbook

  10. Protection State Transitions Initial state of the system X0 = (S0,O0,A0 ) Transitions: t1, t2, … Corresponding states: X1, X2, … We use the notation: Xi├─ti+1Xi+1 to indicate the state transition from Xi to Xi+1 X├─ *Yindicates that starting at X, after a series of transitions the system enters state Y.

  11. Protection State Transitions Xi├─ci+1 (pi+1,1 ,…, pi+1,m)Xi+1 Indicates that the transition is caused by the command ci+1 on the parameters pi+1,1 ,…, pi+1,m.

  12. The Harrison-Ruzzo-Ullman Model This is based on a set of primitive commands. • create subject s • create object o • enter r into a[s,o] • delete r from a[s,o] • destroy subject s • destroy object o

  13. The Harrison-Ruzzo-Ullman Model Example. command create•file(p,f) create object f ; enter owninto a(p,f); enter rinto a(p,f); enter winto a(p,f); end

  14. The Harrison-Ruzzo-Ullman Model Example. –conditional commands Suppose process p wants to give process q the right to read file f command grant•read•file1•(p,f,q) if ownin a(p,f) then enter rinto a(q,f); end See textbook for other examples.

  15. Copying and owning Rights • copy right(grant right) – augments existing rights • own right Copy right allows its possessor to grant rights (this right is often considered a flag attachment –hence flag right) Own right allows its possessor to add or delete privileges to themselves.

  16. Attenuation of privilege The Principle of Attenuation of Privilege says that • a subject may not give rights it does not possess to another subject.

More Related