CS283 - Lecture 4 - Part 2 - AccessControlLists

CS283 - Lecture 4 - Part 2 - AccessControlLists - Lecture 4...

Info icon This preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
GWU CS 172/283 Autumn 2009 Sources: Memon’s notes, Brooklyn Poly Bishop’s Text, Chapter 15 Bishop’s slides, Chapter 15 Text by Pfleeger and Pfleeger, Chapter 4 Lecture 4 – Part 2 - Access Control Lists
Image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 04 – Part 2- Rev 20090929 2 Access Control Mechanisms Access Control Matrix Access Control List Capability based access control Lock and Key based access control. Rings-based access control
Image of page 2
GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 04 – Part 2- Rev 20090929 3 Access Control Lists Instead of using ACM, Access Control List (ACL) . Essentially store each column of ACM with the object it represents. Definition: Let S be set of subjects and R the set of rights of a system. An access control list l is a set of pairs l = {(s, r): s S, r R} Let acl be a function that determines the access control list associated with a particular object o. Acl(o) = {(s i , r i ) : 1 i n} means that subject s i may access o using any right in r i .
Image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 04 – Part 2- Rev 20090929 4 Access Control Lists: example Columns of access control matrix file1 file2 file3 Andy rx r rwo Betty rwxo r Charlie rx rwo w ACLs: file1: { (Andy, rx) (Betty, rwxo) (Charlie, rx) } file2: { (Andy, r) (Betty, r) (Charlie, rwo) } file3: { (Andy, rwo) (Charlie, w) }
Image of page 4
GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 04 – Part 2- Rev 20090929 5 Abbreviated ACL’s Although same amount of storage, it is now distributed. To further reduce storage, one can abbreviate ACL’s as in UNIX. One can also assign default access to groups of subjects as well as specific rights to individual subjects. Two ways of doing this: 1) What is not prohibited is permitted 2) What is not permitted is prohibited. Latter always better!!
Image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 04 – Part 2- Rev 20090929 6 Default Permissions Normal: if not named, no rights over file Principle of Fail-Safe Defaults If many subjects, may use groups or wildcards in ACL UNICOS: entries are ( user , group , rights ) If user is in group , has rights over file ‘*’ is wildcard for user , group (holly, *, r): holly can read file regardless of her group (*, gleep, w): anyone in group gleep can write file
Image of page 6
GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 04 – Part 2- Rev 20090929 7 Accessing Files User not in file’s ACL nor in any group named in file’s ACL: deny access ACL entry denies user access: deny access Take union of rights of all ACL entries giving user access: user has this set of rights over file
Image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 04 – Part 2- Rev 20090929 8 Example - File Protection in Unix UNIX - allow read, write, execute, delete to each of the individual groups - owner, group, world .
Image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern