set319 - Access Control Cunsheng Ding HKUST, Hong Kong,...

Info iconThis preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Access Control Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP4631 - L19 ¡ C. Ding - COMP4631 - L19 ¡ Agenda of this Lecture • The basic concepts of access control , ACLs , capabilities , etc. • Two approaches to access control C. Ding - COMP4631 - L19 ¡ Agenda of this Lecture • The basic concepts of access control , ACLs , capabilities , etc. • Two approaches to access control • Further reading An Example • I, the owner of the home directory, have total control over all files in all directories and subdirectories. • Everyone else can read all files in “Public_html”, but should not do other operations on the files in this subdirectory. C. Ding - COMP4631 - L19 ¡ cding Public_html private Question : How do I do the access controls? C. Ding - COMP4631 - L19 ¡ Access Control • Computer security : it deals with the prevention and detection of unauthorized actions. • Computer systems control access to data and shared resources, like memory, printers, etc, primarily for reasons of integrity , not so much for confidentiality . • Access control is at the core of computer security. Subjects and Objects • Terminology for access control : ◊ subject : active entity --- user or process ◊ object : passive entity --- file or resource ◊ access operation : read, write, ... • Subjects and objects provide a different focus of control (first design principle ) ◊ What is the subject allowed to do? (1st approach) ◊ What may be done with an object? (2nd approach) C. Ding - COMP4631 - L19 ¡ The Two Approaches in Practice • Traditionally, multi-user operating systems manage files and resources, i.e. objects. • Access control takes the 2nd approach. • Application-oriented IT systems, like database management systems, offer services directed to the end user and may well control the actions of subjects. • Access control takes the 1st approach. C. Ding - COMP4631 - L19 ¡ The Fundamental Model of Access Control C. Ding - COMP4631 - L19 ¡ Subject Access request 4 ecurity reference monitor Object The security reference monitor will check the access control policy and will grant or reject the request. Real World Examples ? Access Operations and Access Rights C. Ding - COMP4631 - L19 ¡ Access Operations • Access operations: No uniform definition. They differ from system to system. • Examples: basic memory access , method calls in an object-oriented system....
View Full Document

Page1 / 34

set319 - Access Control Cunsheng Ding HKUST, Hong Kong,...

This preview shows document pages 1 - 10. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online