15 - Chapter 15: Access Control Mechanisms Access control...

Info iconThis preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon
July 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #15-1 Chapter 15: Access Control Mechanisms Access control lists Capabilities Locks and keys Secret sharing Ring-based access control Propagated access control lists
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
July 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #15-2 Overview Access control lists Capability lists Locks and keys Rings-based access control Propagated access control lists
Background image of page 2
July 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #15-3 Access Control Lists Columns of access control matrix file1 file2 file3 Andy rx r rwo Betty rwxo r Charlie rx rwo w ACLs: file1: { (Andy, rx) (Betty, rwxo) (Charlie, rx) } file2: { (Andy, r) (Betty, r) (Charlie, rwo) } file3: { (Andy, rwo) (Charlie, w) }
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
July 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #15-4 Default Permissions Normal: if not named, no rights over file Principle of Fail-Safe Defaults If many subjects, may use groups or wildcards in ACL UNICOS: entries are ( user , group , rights ) If user is in group , has rights over file ‘*’ is wildcard for user , group (holly, *, r): holly can read file regardless of her group (*, gleep, w): anyone in group gleep can write file
Background image of page 4
July 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #15-5 Abbreviations ACLs can be long … so combine users UNIX: 3 classes of users: owner, group, rest rwx rwx rwx rest group owner Ownership assigned based on creating process Some systems: if directory has setgid permission, file group owned by group of directory (SunOS, Solaris)
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
July 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #15-6 ACLs + Abbreviations Augment abbreviated lists with ACLs Intent is to shorten ACL ACLs override abbreviations Exact method varies Example: IBM AIX Base permissions are abbreviations, extended permissions are ACLs with user, group ACL entries can add rights, but on deny, access is denied
Background image of page 6
July 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #15-7 Permissions in IBM AIX attributes: base permissions owner(bishop): rw- group(sys): r-- others: --- extended permissions enabled specify rw- u:holly permit -w- u:heidi, g=sys permit rw- u:matt deny -w- u:holly, g=faculty
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
July 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #15-8 ACL Modification Who can do this? Creator is given own right that allows this System R provides a grant modifier (like a copy flag) allowing a right to be transferred, so ownership not needed Transferring right to another modifies ACL
Background image of page 8
Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #15-9 Privileged Users Do ACLs apply to privileged users ( root )? Solaris: abbreviated lists do not, but full-blown
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 05/04/2008 for the course CS 526 taught by Professor Wagstaff during the Fall '07 term at Purdue University-West Lafayette.

Page1 / 40

15 - Chapter 15: Access Control Mechanisms Access control...

This preview shows document pages 1 - 10. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online