02 - Chapter 2: Access Control Matrix Overview Access...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
July 1, 2004 Computer Security: Art and Science © 2002-2004 Matt Bishop Slide #2-1 Chapter 2: Access Control Matrix • Overview • Access Control Matrix Model – Boolean Expression Evaluation – History • Protection State Transitions – Commands – Conditional Commands • Special Rights – Principle of Attenuation of Privilege
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
July 1, 2004 Computer Security: Art and Science © 2002-2004 Matt Bishop Slide #2-2 Overview • Protection state of system – Describes current settings, values of system relevant to protection • Access control matrix – Describes protection state precisely – Matrix describing rights of subjects – State transitions change elements of matrix
Background image of page 2
July 1, 2004 Computer Security: Art and Science © 2002-2004 Matt Bishop Slide #2-3 Description objects (entities) subjects s 1 s 2 s n o 1 o m s 1 s n • Subjects S = { s 1 ,…, s n } • Objects O = { o 1 ,…, o m } • Rights R = { r 1 ,…, r k } • Entries A [ s i , o j ] R A [ s i , o j ] = { r x , …, r y } means subject s i has rights r x , …, r y over object o j
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
July 1, 2004 Computer Security: Art and Science © 2002-2004 Matt Bishop Slide #2-4 Example 1 • Processes p , q • Files f , g • Rights r , w , x , a , o f g p q p rwo r rwxo w q a ro r rwxo
Background image of page 4
July 1, 2004 Computer Security: Art and Science © 2002-2004 Matt Bishop Slide #2-5 Example 2 • Procedures inc_ctr , dec_ctr , manage • Variable counter • Rights + , , call counter inc_ctr dec_ctr manage inc_ctr + dec_ctr manage call call call
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
July 1, 2004 Computer Security: Art and Science © 2002-2004 Matt Bishop Slide #2-6 Boolean Expression Evaluation • ACM controls access to database fields – Subjects have attributes – Verbs define type of access – Rules associated with objects, verb pair • Subject attempts to access object – Rule for object, verb evaluated, grants or denies access
Background image of page 6
July 1, 2004 Computer Security: Art and Science © 2002-2004 Matt Bishop Slide #2-7 Example • Subject annie – Attributes role (artist), groups (creative) • Verb paint – Default 0 (deny unless explicitly granted) • Object picture – Rule: paint: ‘artist’ in subject.role and ‘creative’ in subject.groups and time.hour 0 and time.hour < 5
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
July 1, 2004 Computer Security: Art and Science
Background image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 05/04/2008 for the course CS 526 taught by Professor Wagstaff during the Fall '07 term at Purdue University-West Lafayette.

Page1 / 27

02 - Chapter 2: Access Control Matrix Overview Access...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online