chapter_04 - CSE 425, Introduction to Computer Security...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: CSE 425, Introduction to Computer Security Chapter 4. Access Control 2008 by Wayne R. Dyksen. All Rights Reserved. 4-1 Michigan State University Department of Computer Science and Engineering Security Engineering Chapter 4. Access Control by Ross Anderson Professor Wayne Dyksen Department of Computer Science and Engineering Michigan State University Spring 2008 CSE 425, Introduction to Computer Security 4-2 4.1 Introduction Access Control Center Of Gravity Of Computer Science. Where Security Engineering Meets Computer Science. 4-3 Access Control Control Access ...to Resources Programs Files Devices Etc by Principals . Subjects Processes Computers Etc Dont forget about things like Manage Print Queue Shutdown System Change System Time Add Users Etc 4-4 AC Architecture Questions Access Controls: Where? Could you put them? Should you put them? Do people put them? Hardware Operating System Middleware Applications 4-5 Aside: Onion Layer Illustration 4-6 Application ACs Application Implements Some ACs Itself Uses Other ACs of Lower Levels Lower Levels May Not Understand Needs May Not Support Needs Examples Course Registration System On-Line Banking System Etc Hardware Operating System Middleware Applications CSE 425, Introduction to Computer Security Chapter 4. Access Control 2008 by Wayne R. Dyksen. All Rights Reserved. 4-2 Michigan State University Department of Computer Science and Engineering 4-7 Application ACs E.g., RegSys 425 (Hypothetical Course Registration System) Implements Users (Faculty, Advisors, Students) Courses, Sections Course Enrollment Limits Etc Access Controls Advisor to Entire Department (Only) Faculty to Own Courses (Only) Student to Own Schedule (Only) Enrollment in a Particular Course Etc Wintel Windows SQL Server RegSys 425 4-8 Middleware ACs Middleware Implements Some ACs Itself Uses Other ACs of Lower Levels Lower Levels May Not Understand Needs May Not Support Needs Examples Course Registration System On-Line Banking System Etc Hardware Operating System Middleware Applications 4-9 Middleware ACs E.g., SQL Implements Data Types Tables Relationships Etc Access Controls Table Access (Reading, Writing, Appending) Data Type Consistency Etc Wintel Windows SQL Server RegSys 425 4-10 Operating System ACs Operating System Implements Some ACs Itself Uses Other ACs of Lower Levels Lower Levels May Not Understand Needs May Not Support Needs Examples Program Execution File / Device Access Etc Hardware Operating System Middleware Applications 4-11 Operating System ACs E.g., Windows Implements Program Execution File Access Etc...
View Full Document

Page1 / 26

chapter_04 - CSE 425, Introduction to Computer Security...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online