CS283 - Lecture 6 - Part 1 - Additional Topics - Identity

CS283 - Lecture 6 - Part 1 - Additional Topics - Identity -...

Info iconThis preview shows pages 1–8. Sign up to view the full content.

View Full Document Right Arrow Icon
12/05/09 CS283-172/Fall06/GWU/Vora/Identity All Slides from Bishop's Slide Set 1 GWU CS 172/283 Autumn 2009 All slides from Bishop’s slide set Lecture 6 Part 1 - Additional Topics - Identity
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2 Identity Principal : a unique entity Identity : specifies a principal Authentication : the binding of a principal to a representation of identity that is internal to the system All access and resource allocation decisions assume the binding is correct Identity is used for access control and accountability; the latter requires logging and auditing, i.e. history GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 06 – Part 1- Rev 20091103
Background image of page 2
3 Users Exact representation of a user is tied to the system Example: UNIX systems Login name: is used to log in to the OS Logging processes usually use this name User identification number (UID): is a unique integer assigned to user The OS kernel uses UID to identify users There is one UID per login name, but multiple login names may have a common UID GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 06 – Part 1- Rev 20091103
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
4 Multiple Identities UNIX systems (cont’d) Real UID: the user identity at login, but it is changeable Effective UID: the user identity used for access control Setuid changes the effective UID Saved UID: the UID before the last change of UID This allows a user, for example, to work with elevated privileges, drop them, reclaim them later Audit/Login UID: a user identity used to track the original UID The Audit/Login UID cannot be altered; it is used to tie actions to login identity GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 06 – Part 1- Rev 20091103
Background image of page 4
5 Groups Are used to share access privileges among users First model: alias for set of principals Processes are assigned to groups Processes stay in those groups for their lifetime This model represents a static identity Second model: principals can change groups Rights associated with a user’s old group are discarded; rights associated with the new group are added Dynamic identity GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 06 – Part 1- Rev 20091103
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
6 Roles Group with membership that is tied to function Rights granted are consistent with the rights needed to perform function Roles are based on the second model of groups Example: Data General/UX User root does not have administration functionality System administrator privileges are contained in the sysadmin role Network administration privileges are contained in the netadmin role Users can assume either role as needed GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 06 – Part 1- Rev 20091103
Background image of page 6
7 Naming and Certificates Certificates are issued to a principal The principal is uniquely identified to avoid confusion A Problem: names may be ambiguous Does the name “Matt Bishop” refer to: The author of the textbook? A programmer in Australia?
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 8
This is the end of the preview. Sign up to access the rest of the document.

This document was uploaded on 12/05/2009.

Page1 / 31

CS283 - Lecture 6 - Part 1 - Additional Topics - Identity -...

This preview shows document pages 1 - 8. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online