CS283 - Lecture 4 - Part 4 - AccessControlLocks

CS283 - Lecture 4 - Part 4 - AccessControlLocks - Lecture 4...

Info iconThis preview shows pages 1–7. Sign up to view the full content.

View Full Document Right Arrow Icon
GWU CS 172/283 Autumn 2009 Sources: Memon’s notes, Brooklyn Poly Bishop’s Text, Chapter 15 Bishop’s slides, Chapter 15 Text by Pfleeger and Pfleeger, Chapter 3 Lecture 4 – Part 4 - Lock-Key and Ring-Based Access Control
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 04 – Part 4- Rev 20090929 2 Access Control Mechanisms Access Control Matrix Access Control List Capability based access control Lock and Key based access control. Ring-based access control
Background image of page 2
GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 04 – Part 4- Rev 20090929 3 Access control with Locks and Keys Combines features of ACL’s and capabilities. A piece of information (lock) is associated with the object. Another piece of information (key) is associated with subjects authorized to access the object. This association can be dynamic With ACLs, C-Lists static and must be manually changed, that is, a use or process must interact with the OS to change the ACL Locks and keys on the other hand can change based on system constraints or other factors (without necessarily requiring manual intervention).
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 04 – Part 4- Rev 20090929 4 Cryptographic Implementation of Locks and Keys The enciphering cryptokey is the lock; the deciphering cyrptokey is the key Encipher object o ; store E k ( o ) Use subject’s key k to compute D k ( E k ( o )) Any of n can access o : store o = ( E 1 ( o ), …, E n ( o )) Requires consent of all n to access o : store o = ( E 1 ( E 2 (…( E n ( o ))…)) IBM’s Cryptolope, Intertrust’s Digibox for digital media: encrypt object with key K encrypt K with user’s public key Associated license determines uses rights which are enforced by a “secure viewer”
Background image of page 4
GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 04 – Part 4- Rev 20090929 5 Locks and Keys in IBM 370 Each process is assigned an access key and each page of memory is assigned a storage key and a fetch bit . If the fetch bit is cleared, then only read access allowed. A process with access key 0 can write to any page with fetch bit set. If the storage key matches access key of process then process allowed to write to the page. If no match and access key not 0, then no access allowed.
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 04 – Part 4- Rev 20090929 6 Type checking Type checking controls access based on the type of the subject and object. It is a kind of lock and key access with the pieces of information being the type . The simplest example of type checking is to distinguish instructions from data. Execute operations are allowed only on instructions and read and write operations are allowed only on data (e.g. the DEC PDP11 hardware architecture). One approach to limit the buffer overflow problem is to
Background image of page 6
Image of page 7
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 08/24/2010 for the course CS 211 taught by Professor Staff during the Spring '08 term at George Mason.

Page1 / 39

CS283 - Lecture 4 - Part 4 - AccessControlLocks - Lecture 4...

This preview shows document pages 1 - 7. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online