{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

15 - Chapter 15 Access Control Mechanisms Access control...

Info iconThis preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon
July 1, 2004 Computer Security: A rt and Science Slide #15-1 Chapter 15: Access Control  Mechanisms Access control lists Capabilities Locks and keys Secret sharing Ring-based access control Propagated access control lists
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
July 1, 2004 Computer Security: A rt and Science Slide #15-2 Overview Access control lists Capability lists Locks and keys Rings-based access control Propagated access control lists
Background image of page 2
July 1, 2004 Computer Security: A rt and Science Slide #15-3 Access Control Lists Columns of access control matrix   file1 file2 file3 Andy rx r rwo Betty rwxo r Charlie rx rwo w ACLs: file1: { (Andy, rx) (Betty, rwxo) (Charlie, rx) } file2: { (Andy, r) (Betty, r) (Charlie, rwo) } file3: { (Andy, rwo) (Charlie, w) }
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
July 1, 2004 Computer Security: A rt and Science Slide #15-4 Default Permissions Normal: if not named,  no  rights over file Principle of Fail-Safe Defaults If many subjects, may use groups or  wildcards in ACL UNICOS: entries are ( user group rights ) If  user  is in  group , has rights over file ‘*’ is wildcard for  user group (holly, *, r): holly can read file regardless of her group (*, gleep, w): anyone in group gleep can write file
Background image of page 4
July 1, 2004 Computer Security: A rt and Science Slide #15-5 Abbreviations ACLs can be long … so combine users UNIX: 3 classes of users: owner, group, rest rwx  rwx  rwx rest group owner Ownership assigned based on creating process Some systems: if directory has setgid permission, file group owned by  group of directory (SunOS, Solaris)
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
July 1, 2004 Computer Security: A rt and Science Slide #15-6 ACLs + Abbreviations Augment abbreviated lists with ACLs Intent is to shorten ACL ACLs override abbreviations Exact method varies Example: IBM AIX Base permissions are abbreviations, extended permissions are  ACLs with user, group ACL entries can add rights, but on deny, access is denied
Background image of page 6
July 1, 2004 Computer Security: A rt and Science Slide #15-7 Permissions in IBM AIX attributes: base permissions owner(bishop): rw- group(sys): r-- others: --- extended permissions enabled specify rw- u:holly permit -w- u:heidi, g=sys permit rw- u:matt deny -w- u:holly, g=faculty
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
July 1, 2004 Computer Security: A rt and Science Slide #15-8 ACL Modification Who can do this? Creator is given  own  right that allows this System R provides a  grant  modifier (like a  copy flag) allowing a right to be transferred, so  ownership not needed Transferring right to another modifies ACL
Background image of page 8
July 1, 2004 Computer Security: A rt and Science Slide #15-9 Privileged Users Do ACLs apply to privileged users ( root )?
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}