14 - Chapter 14: Identity What is identity Multiple names...

Info iconThis preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon
July 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #15-1 Chapter 14: Identity What is identity Multiple names for one thing Different contexts, environments Pseudonymity and anonymity
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
July 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #15-2 Overview Files and objects Users, groups, and roles Certificates and names Hosts and domains State and cookies Anonymity
Background image of page 2
July 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #15-3 Identity Principal : a unique entity Identity : specifies a principal Authentication : binding of a principal to a representation of identity internal to the system All access, resource allocation decisions assume binding is correct
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
July 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #15-4 Files and Objects Identity depends on system containing object Different names for one object Human use, eg . file name Process use, eg. file descriptor or handle Kernel use, eg . file allocation table entry, inode
Background image of page 4
July 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #15-5 More Names Different names for one context Human: aliases, relative vs . absolute path names Kernel: deleting a file identified by name can mean two things: Delete the object that the name identifies Delete the name given, and do not delete actual object until all names have been deleted Semantics of names may differ
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
July 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #15-6 Example: Names and Descriptors Interpretation of UNIX file name Kernel maps name into an inode using iterative procedure Same name can refer to different objects at different times without being deallocated Causes race conditions Interpretation of UNIX file descriptor Refers to a specific inode Refers to same inode from creation to deallocation
Background image of page 6
July 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #15-7 Example: Different Systems Object name must encode location or pointer to location rsh , ssh style: host : object URLs: protocol :// host / object Need not name actual object rsh , ssh style may name pointer (link) to actual object URL may forward to another host
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
July 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #15-8 Users Exact representation tied to system Example: UNIX systems Login name: used to log in to system Logging usually uses this name User identification number (UID): unique integer assigned to user Kernel uses UID to identify users One UID per login name, but multiple login names may have a common UID
Background image of page 8
July 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #15-9 Multiple Identities UNIX systems again Real UID: user identity at login, but changeable Effective UID: user identity used for access control
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 05/04/2008 for the course CS 526 taught by Professor Wagstaff during the Fall '07 term at Purdue University-West Lafayette.

Page1 / 69

14 - Chapter 14: Identity What is identity Multiple names...

This preview shows document pages 1 - 10. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online