CS283 - Lecture 4 - Part 1 - AccessControlMatrix

CS283 - Lecture 4 - Part 1 - AccessControlMatrix - Lecture...

Info iconThis preview shows pages 1–7. Sign up to view the full content.

View Full Document Right Arrow Icon
Lecture 4 – Part 1 - Access Control Matrix GWU CS 172/283 Autumn 2009 Sources: Memon’s notes, Brooklyn Poly ishop’s Text, Chapter 2 Bishop s Text, Chapter 2 Bishop’s slides, Chapter 2
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Protection State The state of the system is the collection of all current values of all memory locations, secondary storage, registers and other components of the system. The subset of this collection that deals with protection is the rotection state f the system. protection state of the system. Execution of a command changes the protection state. Ideally, given an authorized state, a set of authorized commands keeps the system in (another) authorized state GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 04 – Part 1- Rev 20090929 2
Background image of page 2
Access Control Matrix (ACM) An Access Control Matrix is a table in which – each row represents a subject, ach column represents an object and – each column represents an object, and – each entry is the set of access rights for that subject to that object. ACM entry can also be a function that determines rights. gt s – E.g. one subject may not be able to access an object when another subject is already writing modifying it GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 04 – Part 1- Rev 20090929 3
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Description objects (entities) •S u b jects S = { s ,…, s } cts s 1 s 2 o 1 o m s 1 s n 1 n Objects O = { o 1 ,…, o m } Rights R = { r 1 ,…, r k } ntries subje c Entries A [ s i , o j ] R A [ s i , o j ] = { r x , …, r y } means subject s i has rights r x , …, r y over object o j s n GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 04 – Part 1- Rev 20090929 4
Background image of page 4
Example 1 Consider system with two files and two processes. Set of rights is - r,w,x,a,o (read, write, execute, append, own). File 1 File 2 Process 1 Process 2 rocess 1 wo wxo Process 1 r,w,o r r,w,x,o w Process 2 a r,o r Can get very large and hence inefficient in general purpose scenarios – seldom used. GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 04 – Part 1- Rev 20090929 5
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Example 2 Procedures inc_ctr , dec_ctr , manage Variable counter ights all Rights + , , call counter inc_ctr dec_ctr manage inc_ctr + dec_ctr manage call call call GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 04 – Part 1- Rev 20090929 6
Background image of page 6
Image of page 7
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 26

CS283 - Lecture 4 - Part 1 - AccessControlMatrix - Lecture...

This preview shows document pages 1 - 7. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online