Computer%20Security%20Access%20Control%20Matrix - PowerPoint PPT Presentation

About This Presentation
Title:

Computer%20Security%20Access%20Control%20Matrix

Description:

Copying and owning. Rights. copy right (grant right) augments existing rights. own right. The copy right allows its possessor to grant rights (this right is ... – PowerPoint PPT presentation

Number of Views:97
Avg rating:3.0/5.0
Slides: 19
Provided by: mikebur
Learn more at: http://www.cs.fsu.edu
Category:

less

Transcript and Presenter's Notes

Title: Computer%20Security%20Access%20Control%20Matrix


1
Computer SecurityAccess Control Matrix
2
States of a Computer System
  • The state of a system is the collection of
    current values of all
  • components of the system memory locations,
    secondary
  • storage, registers etc.
  • Protection states are those states that have to
    be protected.
  • .P set of all protection states of the system
  • .Q set of all authorized protection states
  • The system is not secure if the current state is
    in P -Q
  • A security policy characterizes the states in Q
  • A security mechanism prevents the system entering
  • a state in P -Q

3
Access Control Matrix Model
  • This is used to describe the protection states.
  • It characterizes the rights of each subject of
    the
  • system (entity/process) regarding the objects of
    the
  • system (entities/processes) in terms of a matrix.

4
Butler-Lampson Model
  • This describes the rights of users s (subjects)
    over
  • files o (objects) by a matrix A whose rows are
    indexed
  • by the subjects and whose columns are indexed by
  • the objects.
  • The rights belong to a set R.
  • Each entry as,o of matrix A belongs to the set
    R, and
  • is the right of user s over file o.

5
Butler-Lampson Model
  • In this model set of protection states P is a
    set of
  • triples in (S,O,A),
  • where S is the set of users, O the set of files
    and A the
  • Access Control Matrix.
  • The set of rights R (the entries in M) depends on
    the
  • application.

6
Examples of ACMs
  • file 1 file 2
    process 1 process 2
  • process 1 R, W, O R R,
    W, E, O W
  • process 2 A R, O
    R R, W, E, O
  • Here R Read, Wright, Own, Append, Execute
  • process 1 can read/write file 1, read file 2,
    communicate
  • with process 2 by writing to it, etc.

7
Examples rights on a LAN
  • host names telegraph nob
    toadflex
  • telegraph own ftp
    ftp
  • nob ftp,
    nfs, amil own ftp, nfs, mail
  • toadflex ftp,
    mail ftp, nfs, amil own
  • Here R ftp, mail, nfs, own , where
  • ftp the right to access the File Transfer
    Protocol
  • mail the right to send/receive using the Simple
    Mail Transfer Protocol (SMTP)
  • nfs the right to access file systems using the
    Network File System protocol

8
Examples rights in a program
  • host names counter inc_ctr dec_ctr
    manager
  • inc_ctr
  • dec_ctr -
  • manager call
    call call
  • Here inc_ctr increases a counter and dec_ctr
    decreases it.
  • R , -, call

9
Other examples
  • Access Control by Boolean expression evaluation
  • Access Control by History
  • See textbook

10
Protection State Transitions
  • Initial state of the system X0 (S0,O0,A0 )
  • Transitions t1, t2,
  • Corresponding states X1, X2,
  • We use the notation
  • Xi - ti1 Xi1
  • to indicate the state transition from Xi to Xi1
  • X - Y
  • indicates that starting at X, after a series of
  • transitions the system enters state Y.

11
Protection State Transitions
  • Xi - ci1 (pi1,1 ,, pi1,m) Xi1
  • Indicates that the transition is caused by the
    command
  • ci1 on the parameters pi1,1 ,, pi1,m.

12
The Harrison-Ruzzo-Ullman Model
  • This is based on a set of primitive commands.
  • create subject s
  • create object o
  • Enter right r into as,o
  • Delete right r from as,o
  • destroy subject s
  • destroy object o

13
The Harrison-Ruzzo-Ullman Model
  • Example
  • command create file (p,f)
  • create object f
  • enter right own into a(p,f)
  • enter right r into a(p,f)
  • enter right w into a(p,f)
  • end

14
The Harrison-Ruzzo-Ullman Model
  • Example conditional commands
  • Suppose process p wants to give process q the
    right to read file f
  • command grantreadfile1(p,f,q)
  • if own in ap,f
  • then
  • enter r into aq,f
  • end

15
The Harrison-Ruzzo-Ullman Model
  • Example conditional commands using and
  • Suppose process p wants to give process q the
    right to read file f
  • command grantreadfile2(p,f,q)
  • if r in ap,f and c in ap,f
  • then
  • enter r into a(q,f)
  • end
  • See textbook for other examples.

16
Copying and owning
  • Rights
  • copy right (grant right) augments existing
    rights
  • own right
  • The copy right allows its possessor to grant
    rights (this right is
  • often considered a flag attachment hence flag
    right)
  • The own right allows its possessor to add or
    delete privileges to
  • themselves.

17
Copying
  • Example
  • Suppose process p has right r over object f ,
    and let c be a copy
  • right.
  • The following command allows p to copy r over f
    to another process q only if p has copy right
    over f .
  • command grantr(p,f,q)
  • if r in ap,f and c in ap,f
  • then
  • enter r into a(q,f)
  • end

18
Attenuation of privilege
  • The Principle of Attenuation of Privilege says
    that
  • a subject may not give rights it does not possess
    to another subject.
Write a Comment
User Comments (0)
About PowerShow.com