csce201-lect6 - CSCE 201 CSCE 201 Introduction to...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: CSCE 201 CSCE 201 Introduction to Information Introduction to Information Security Security Fall 2010 Fall 2010 Access Control Models Access Control Models CSCE 201 - Farkas 2 Reading assignments Reading assignments Required: An Introduction to Computer Security: The NIST Handbook, http://csrc.nist.gov/publications/nistpubs/800-12/handbook.pdf : Chapter 17, LOGICAL ACCESS CONTROL, pages 194 - 207 Microsoft support, Use access control to restrict who can use your files , 2001, 2005, http://www.microsoft.com/windowsxp/using/security/learnmore/accesscontrol.msp Recommended: Sudhakar Govindavajhala and Andrew W. Appel, Windows Access Control Demystied, 2006, http://www.cs.princeton.edu/~appel/papers/winval.pdf Ravi Sandhu, Edward Coyne, Hal Feinstein and Charles Youman, Role- Based Access Control Models, IEEE Computer, Volume 29, Number 2, February 1996 http://www.list.gmu.edu/journals/computer/i94rbac(org).pdf CSCE 201 - Farkas 3 CSCE 201 - Farkas 3 Access Control Models Access Control Models All accesses Discretionary AC Mandatory AC Role-Based AC CSCE 201 - Farkas 4 CSCE 201 - Farkas 4 DAC and Trojan Horse Employee Blacks Employee Brown: read, write Black, Brown: read, write Brown Black Read Employee REJECTED! Black is not allowed To access Employee CSCE 201 - Farkas 5 CSCE 201 - Farkas 5 DAC and Trojan Horse Employee Blacks Employee Brown: read, write Black, Brown: read, write Brown Black Word Processor TH Inserts Trojan Horse Into shared program Uses shared program Reads Employee Copies Employee To Blacks Employee CSCE 201 - Farkas 6 CSCE 201 - Farkas 6 DAC Overview DAC Overview Advantages: Intuitive Easy to implement Disadvantages: Inherent vulnerability (look TH example) Maintenance of ACL or Capability lists Maintenance of Grant/Revoke Limited power of negative authorization Mandatory Access Control Mandatory Access Control ( (review only) CSCE 201 - Farkas 8 Mandatory Access Control Objects: security classification e.g., grades=(confidential, {student-info})e....
View Full Document

This note was uploaded on 12/13/2011 for the course CSCE 201 taught by Professor Staff during the Fall '10 term at South Carolina.

Page1 / 37

csce201-lect6 - CSCE 201 CSCE 201 Introduction to...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online