Unit 4-2 Discretionary Access [Compatibility Mode]

Unit 4-2 Discretionary Access [Compatibility Mode] -...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: 12/19/2010 Unit 4: Discretionary Access Control Part 2 Click Here To Start Audio Subject and Objects Subject - Explicitly Control Process Object - Data Store Both have security attributes (clearance vs. label) Subjects can create objects or children (subjects) Implementing Access Controls Revoking Privileges Is Always an Issue Capabilities - Token-based Access Control Lists - Object Based ACLs are the clear winner. 1 12/19/2010 Directory Access Control File Access Options Ownership Objects are “owned” by users. Ownership can be transferred. Over-ride ownership Group Ownership 2 12/19/2010 Access Control Matrix Bishop, Figure 2-1 Processes are Rows Subjects/Objects are Columns Rights (own, read, write, execute) are entries.. Very Flexible Model Extended to Database Access via “verbs”. Protection States Mathematical Basis is Required for Modeling. States are convenient for computer models. Basic Theory ◦ Define a Secure State (Initial Condition) ◦ Restrict Transformations to Prevent moving to Insecure States Important Rights Copy (Grant) Right -> “Grant” Rights to another user. Own -> Change Privileges for yourself. Attenuation of Privilege - “A subject may not give rights it does not possess to another.” Basis of Formal Models of Chapter 3 ◦ Take/Grant, Schematic Protection Model 3 ...
View Full Document

Page1 / 3

Unit 4-2 Discretionary Access [Compatibility Mode] -...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online