Lecture10

Lecture10 - TEL2813/IS2820 Security Management...

Info iconThis preview shows pages 1–11. Sign up to view the full content.

View Full Document Right Arrow Icon
    TEL2813/IS2820  Security Management Systems/Evaluations    Lecture 11 April 7, 2005
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
    Access control matrix File 1 File 2 File 3 File n write write write User m read write read write read Objects Subjects
Background image of page 2
    Two implementation concepts Access control list (ACL) Store column of matrix with the resource Capability User holds a “ticket” for each resource Two variations store row of matrix with user unforgeable ticket in user space
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
    Unix Developed at AT&T Bell Labs Single monolithic kernel Kernel mode File system, device drivers, process  management User programs run in user mode networking
Background image of page 4
    Unix  Identification and authentication Users have username Internally identified with a user ID (UID) Username to UID info in /etc/passwd Super UID = 0  can access any file Every user belong to a group – has GID Passwords to authenticate in /etc/passwd   Shadow file /etc/shadow
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
    Unix file security Each file has owner and group Permissions set by owner Read, write, execute Owner, group, other Represented by vector of four octal values Only owner, root can change permissions This privilege cannot be delegated or shared
Background image of page 6
    Unix File Permissions File type, owner, group, others drwx------ 2 jjoshi isfac 512 Aug 20 2003 risk management lrwxrwxrwx 1 jjoshi isfac 15 Apr 7 09:11 risk_m->risk management -rw-r--r-- 1 jjoshi isfac 1754 Mar 8 18:11 words05.ps -r-sr-xr-x 1 root bin 9176 Apr 6 2002 /usr/bin/rs -r-sr-sr-x 1 root sys 2196 Apr 6 2002 /usr/bin/passwd File type: regular -, directory d, symlink l, device b/c, socket s, fifo f/p Permission: r, w, x, s or S (set.id), t (sticky) While accessing files Process EUID compared against the file UID GIDs are compared; then Others are tested
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
    Effective user id (EUID) Each process has three Ids Real user ID        (RUID) same as the user ID of parent (unless changed) used to determine which user started the process  Effective user ID   (EUID) from set user ID bit on the file being executed, or sys call determines the permissions for process Saved user ID      (SUID) Allows restoring previous EUID Similarly we have  Real group ID, effective group ID, 
Background image of page 8
    IDs/Operations Root can access any file Fork and Exec Inherit three IDs,  except exec of file with setuid bit Setuid system calls   seteuid(newid) can set EUID to Real ID or saved ID, regardless of current EUID Any ID, if EUID=0 Related calls: setuid, seteuid, setreuid
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
    Setid bits on executable Unix  file Three setid bits Setuid set EUID of process to ID of file owner Setgid 
Background image of page 10
Image of page 11
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 08/27/2010 for the course IS 2813 taught by Professor Jameskoshi during the Spring '06 term at Webber.

Page1 / 83

Lecture10 - TEL2813/IS2820 Security Management...

This preview shows document pages 1 - 11. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online