CS283 - Lecture 4 - Part 4 - AccessControlLocks

CS283 - Lecture 4 - Part 4 - AccessControlLocks - Lecture 4...

Info iconThis preview shows pages 1–8. Sign up to view the full content.

View Full Document Right Arrow Icon
GWU CS 172/283 Autumn 2009 Sources: Memon’s notes, Brooklyn Poly Bishop’s Text, Chapter 15 Bishop’s slides, Chapter 15 Text by Pfleeger and Pfleeger, Chapter 3 Lecture 4 – Part 4 - Lock-Key and Ring-Based Access Control
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 04 – Part 4- Rev 20090929 2 Access Control Mechanisms Access Control Matrix Access Control List Capability based access control Lock and Key based access control. Rings-based access control
Background image of page 2
GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 04 – Part 4- Rev 20090929 3 Access control with Locks and Keys Combines features of ACL’s and capabilities. A piece of information (lock) associated with the object. Another piece of information (key) associated with subjects authorized to access the object. This can be dynamic ACLs, C-Lists static and must be manually changed Locks and keys can change based on system constraints, other factors (not necessarily manual).
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 04 – Part 4- Rev 20090929 4 Cryptographic Implementation Enciphering key is lock; deciphering key is key – Encipher object o ; store E k ( o ) – Use subject’s key k to compute D k ( E k ( o )) Any of n can access o : store o = ( E 1 ( o ), …, E n ( o )) Requires consent of all n to access o : store o = ( E 1 ( E 2 (…( E n ( o ))…)) IBM’s Cryptolope, Intertrust’s Digibox for digital media: encrypt object with key K encrypt K with user’s public key Associated license determines rights, enforced by “secure viewer”
Background image of page 4
GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 04 – Part 4- Rev 20090929 5 Locks and Keys in IBM 370 Each process assigned access key and each page a storage key and fetch bit . If fetch bit is cleared, only read access allowed. Process with access key 0 can write any page with fetch bit set. If storage key matches access key of process then process allowed to write to page. If no match and access key not 0, then no access allowed.
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 04 – Part 4- Rev 20090929 6 Type checking Type checking controls access based on type of subject and object. It is a kind of lock and key access with the pieces of information being the type. Simplest example of type checking is distinguishing instructions from data. Execute allowed only on instructions and read and write only on data. One approach to limit buffer overflow problem is to mark stack memory as data.
Background image of page 6
Holmblad - Lecture 04 – Part 4- Rev 20090929 7 Buffer overflow Anecdotal notes suggest buffer overflows were known since sixties Take advantage of the lack of array bounds checking in C and C++ (and other languages) to transfer control to malicious code. Despite the fact that this vulnerability is well-known and
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 8
This is the end of the preview. Sign up to access the rest of the document.

This document was uploaded on 10/30/2009.

Page1 / 36

CS283 - Lecture 4 - Part 4 - AccessControlLocks - Lecture 4...

This preview shows document pages 1 - 8. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online