{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

02 - Chapter 2 Access Control Matrix Overview Access...

Info icon This preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
July 1, 2004 Computer Security: Art and Science © 2002-2004 Matt Bishop Slide #2-1 Chapter 2: Access Control Matrix • Overview Access Control Matrix Model Boolean Expression Evaluation – History Protection State Transitions – Commands Conditional Commands Special Rights Principle of Attenuation of Privilege
Image of page 1

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
July 1, 2004 Computer Security: Art and Science © 2002-2004 Matt Bishop Slide #2-2 Overview Protection state of system – Describes current settings, values of system relevant to protection Access control matrix – Describes protection state precisely – Matrix describing rights of subjects – State transitions change elements of matrix
Image of page 2
July 1, 2004 Computer Security: Art and Science © 2002-2004 Matt Bishop Slide #2-3 Description objects (entities) subjects s 1 s 2 s n o 1 o m s 1 s n Subjects S = { s 1 ,…, s n } Objects O = { o 1 ,…, o m } Rights R = { r 1 ,…, r k } Entries A [ s i , o j ] R A [ s i , o j ] = { r x , …, r y } means subject s i has rights r x , …, r y over object o j
Image of page 3

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
July 1, 2004 Computer Security: Art and Science © 2002-2004 Matt Bishop Slide #2-4 Example 1 • Processes p , q • Files f , g • Rights r , w , x , a , o f g p q p rwo r rwxo w q a ro r rwxo
Image of page 4
July 1, 2004 Computer Security: Art and Science © 2002-2004 Matt Bishop Slide #2-5 Example 2 • Procedures inc_ctr , dec_ctr , manage • Variable counter • Rights + , , call counter inc_ctr dec_ctr manage inc_ctr + dec_ctr manage call call call
Image of page 5

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
July 1, 2004 Computer Security: Art and Science © 2002-2004 Matt Bishop Slide #2-6 Boolean Expression Evaluation ACM controls access to database fields – Subjects have attributes – Verbs define type of access – Rules associated with objects, verb pair Subject attempts to access object – Rule for object, verb evaluated, grants or denies access
Image of page 6
July 1, 2004 Computer Security: Art and Science © 2002-2004 Matt Bishop Slide #2-7 Example Subject annie Attributes role (artist), groups (creative) Verb paint Default 0 (deny unless explicitly granted) Object picture – Rule: paint: ‘artist’ in subject.role and ‘creative’ in subject.groups and time.hour 0 and time.hour < 5
Image of page 7

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
July 1, 2004
Image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}