CS283 - Lecture 4 - Part 1 - AccessControlMatrix

CS283 - Lecture 4 - Part 1 - AccessControlMatrix - Lecture...

Info iconThis preview shows pages 1–8. Sign up to view the full content.

View Full Document Right Arrow Icon
GWU CS 172/283 Autumn 2009 Sources: Memon’s notes, Brooklyn Poly Bishop’s Text, Chapter 2 Bishop’s slides, Chapter 2 Lecture 4 – Part 1 - Access Control Matrix
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 04 – Part 1- Rev 20090929 2 Protection State The state of the system is the collection of all current values of all memory locations, secondary storage, registers and other components of the system. The subset of this collection that deals with protection is the protection state of the system. Execution of a command changes the protection state. Ideally, given an authorized state, a set of authorized commands keeps the system in (another) authorized state
Background image of page 2
GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 04 – Part 1- Rev 20090929 3 Access Control Matrix (ACM) An Access Control Matrix is a table in which each row represents a subject, each column represents an object, and each entry is the set of access rights for that subject to that object. ACM entry can also be a function that determines rights. E.g. one subject may not be able to access an object when another subject is already writing modifying it
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 04 – Part 1- Rev 20090929 4 Description objects (entities) subjects s 1 s 2 s n o 1 o m s 1 s n Subjects S = { s 1 ,…, s n } Objects O = { o 1 ,…, o m } Rights R = { r 1 ,…, r k } Entries A [ s i , o j ] R A [ s i , o j ] = { r x , …, r y } means subject s i has rights r x , …, r y over object o j
Background image of page 4
GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 04 – Part 1- Rev 20090929 5 Example 1 Consider system with two files and two processes. Set of rights is - r,w,x,a,o (read, write, execute, append, own). Can get very large and hence inefficient in general purpose scenarios – seldom used. File 1 File 2 Process 1 Process 2 Process 1 r,w,o r r,w,x,o w Process 2 a r,o r r,w,x,o
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 04 – Part 1- Rev 20090929 6 Example 2 Procedures inc_ctr , dec_ctr , manage Variable counter Rights + , , call counter inc_ctr dec_ctr manage inc_ctr + dec_ctr manage call call call
Background image of page 6
GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 04 – Part 1- Rev 20090929
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 8
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 26

CS283 - Lecture 4 - Part 1 - AccessControlMatrix - Lecture...

This preview shows document pages 1 - 8. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online