02 - Chapter 2: Access Control Matrix Overview Access...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
July 1, 2004 Computer Security: Art and Science © 2002-2004 Matt Bishop Slide #2-1 Chapter 2: Access Control Matrix Overview Access Control Matrix Model Boolean Expression Evaluation History Protection State Transitions Commands Conditional Commands Special Rights Principle of Attenuation of Privilege
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
July 1, 2004 Computer Security: Art and Science © 2002-2004 Matt Bishop Slide #2-2 Overview Protection state of system Describes current settings, values of system relevant to protection Access control matrix Describes protection state precisely Matrix describing rights of subjects State transitions change elements of matrix
Background image of page 2
July 1, 2004 Computer Security: Art and Science © 2002-2004 Matt Bishop Slide #2-3 Description objects (entities) subjects s 1 s 2 s n o 1 o m s 1 s n Subjects S = { s 1 ,…, s n } Objects O = { o 1 ,…, o m } Rights R = { r 1 ,…, r k } Entries A [ s i , o j ] R A [ s i , o j ] = { r x , …, r y } means subject s i has rights r x , …, r y over object o j
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
July 1, 2004 Computer Security: Art and Science © 2002-2004 Matt Bishop Slide #2-4 Example 1 Processes p , q Files f , g Rights r , w , x , a , o f g p q p rwo r rwxo w q a ro r rwxo
Background image of page 4
July 1, 2004 Computer Security: Art and Science © 2002-2004 Matt Bishop Slide #2-5 Example 2 Procedures inc_ctr , dec_ctr , manage Variable counter Rights + , , call counter inc_ctr dec_ctr manage inc_ctr + dec_ctr manage call call call
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
July 1, 2004 Computer Security: Art and Science © 2002-2004 Matt Bishop Slide #2-6 Boolean Expression Evaluation ACM controls access to database fields Subjects have attributes Verbs define type of access Rules associated with objects, verb pair Subject attempts to access object Rule for object, verb evaluated, grants or denies access
Background image of page 6
July 1, 2004 Computer Security: Art and Science © 2002-2004 Matt Bishop Slide #2-7 Example Subject annie Attributes role (artist), groups (creative) Verb paint Default 0 (deny unless explicitly granted) Object picture Rule: paint: ‘artist’ in subject.role and ‘creative’ in subject.groups and time.hour 0 and time.hour < 5
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
July 1, 2004 Computer Security: Art and Science
Background image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 27

02 - Chapter 2: Access Control Matrix Overview Access...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online