chapter_04 - CSE 425 Introduction to Computer Security...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: CSE 425, Introduction to Computer Security Chapter 4. Access Control © 2008 by Wayne R. Dyksen. All Rights Reserved. 4-1 Michigan State University Department of Computer Science and Engineering Security Engineering Chapter 4. Access Control by Ross Anderson Professor Wayne Dyksen Department of Computer Science and Engineering Michigan State University Spring 2008 CSE 425, Introduction to Computer Security 4-2 4.1 Introduction Access Control… • …Center Of Gravity Of Computer Science. • …Where Security Engineering Meets Computer Science. 4-3 Access Control Control Access • ...to Resources … – Programs – Files – Devices – Etc… • …by Principals . – Subjects – Processes – Computers – Etc… Don’t forget about things like… • Manage Print Queue • Shutdown System • Change System Time • Add Users • Etc… 4-4 AC Architecture Questions Access Controls: Where? • Could you put them? • Should you put them? • Do people put them? Hardware Operating System Middleware Applications 4-5 Aside: Onion Layer Illustration 4-6 Application AC’s • Application – Implements Some AC’s Itself – Uses Other AC’s of Lower Levels • Lower Levels – May Not “Understand” Needs – May Not Support Needs • Examples – Course Registration System – On-Line Banking System – Etc… Hardware Operating System Middleware Applications CSE 425, Introduction to Computer Security Chapter 4. Access Control © 2008 by Wayne R. Dyksen. All Rights Reserved. 4-2 Michigan State University Department of Computer Science and Engineering 4-7 Application AC’s • E.g., RegSys 425 (Hypothetical Course Registration System) • Implements – Users (Faculty, Advisors, Students) – Courses, Sections – Course Enrollment Limits – Etc… • Access Controls – Advisor to Entire Department (Only) – Faculty to Own Courses (Only) – Student to Own Schedule (Only) – Enrollment in a Particular Course – Etc… Wintel Windows SQL Server RegSys 425 4-8 Middleware AC’s • Middleware – Implements Some AC’s Itself – Uses Other AC’s of Lower Levels • Lower Levels – May Not “Understand” Needs – May Not Support Needs • Examples – Course Registration System – On-Line Banking System – Etc… Hardware Operating System Middleware Applications 4-9 Middleware AC’s • E.g., SQL • Implements – Data Types – Tables – Relationships – Etc… • Access Controls – Table Access (Reading, Writing, Appending) – Data Type Consistency – Etc… Wintel Windows SQL Server RegSys 425 4-10 Operating System AC’s • Operating System – Implements Some AC’s Itself – Uses Other AC’s of Lower Levels • Lower Levels – May Not “Understand” Needs – May Not Support Needs • Examples – Program Execution – File / Device Access – Etc… Hardware Operating System Middleware Applications 4-11 Operating System AC’s • E.g., Windows • Implements – Program Execution – File Access – Etc…...
View Full Document

This note was uploaded on 07/25/2008 for the course CSE 331 taught by Professor M.mccullen during the Spring '08 term at Michigan State University.

Page1 / 26

chapter_04 - CSE 425 Introduction to Computer Security...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online