CS283 - Lecture 6 - Part 1 - Additional Topics - Identity

CS283 - Lecture 6 - Part 1 - Additional Topics - Identity -...

Info icon This preview shows pages 1–8. Sign up to view the full content.

View Full Document Right Arrow Icon
12/05/09 CS283-172/Fall06/GWU/Vora/Identity All Slides from Bishop's Slide Set 1 GWU CS 172/283 Autumn 2009 All slides from Bishop’s slide set Lecture 6 Part 1 - Additional Topics - Identity
Image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
2 Identity Principal : a unique entity Identity : specifies a principal Authentication : the binding of a principal to a representation of identity that is internal to the system All access and resource allocation decisions assume the binding is correct Identity is used for access control and accountability; the latter requires logging and auditing, i.e. history GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 06 – Part 1- Rev 20091103
Image of page 2
3 Users Exact representation of a user is tied to the system Example: UNIX systems Login name: is used to log in to the OS Logging processes usually use this name User identification number (UID): is a unique integer assigned to user The OS kernel uses UID to identify users There is one UID per login name, but multiple login names may have a common UID GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 06 – Part 1- Rev 20091103
Image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
4 Multiple Identities UNIX systems (cont’d) Real UID: the user identity at login, but it is changeable Effective UID: the user identity used for access control Setuid changes the effective UID Saved UID: the UID before the last change of UID This allows a user, for example, to work with elevated privileges, drop them, reclaim them later Audit/Login UID: a user identity used to track the original UID The Audit/Login UID cannot be altered; it is used to tie actions to login identity GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 06 – Part 1- Rev 20091103
Image of page 4
5 Groups Are used to share access privileges among users First model: alias for set of principals Processes are assigned to groups Processes stay in those groups for their lifetime This model represents a static identity Second model: principals can change groups Rights associated with a user’s old group are discarded; rights associated with the new group are added Dynamic identity GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 06 – Part 1- Rev 20091103
Image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
6 Roles Group with membership that is tied to function Rights granted are consistent with the rights needed to perform function Roles are based on the second model of groups Example: Data General/UX User root does not have administration functionality System administrator privileges are contained in the sysadmin role Network administration privileges are contained in the netadmin role Users can assume either role as needed GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 06 – Part 1- Rev 20091103
Image of page 6
7 Naming and Certificates Certificates are issued to a principal The principal is uniquely identified to avoid confusion A Problem: names may be ambiguous Does the name “Matt Bishop” refer to: The author of the textbook?
Image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 8
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern