cse443-lecture-13-accesscontrol

cse443-lecture-13-accesscontrol - Access Control CMPSC 443...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Access Control CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjae ger/cse443-s12/
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Page CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Access Control • Describe the permissions available to computing processes – Originally, all permissions were available • Clearly, some controls are necessary – Prevent bugs in one process from breaking another • But, what should determine access? 2
Background image of page 2
Page CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Permissions for Processes • What permissions should be granted to. .. – An editor process? – An editor process that you run? – An editor process that someone else runs? – An editor process that contains malware? – An editor process used to edit a password fle? Q : How do we determine/describe the permissions available to processes? Q : How are they enForced? Q : How might they change over time? 3
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Page CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Protection System • Any “system” that provides resources to multiple subjects needs to control access among them – Operating system – Servers • Consists of: Protection state • Description of permission assignments (i.e., policy) • Determines how security goals are met Enforcement mechanism • Enforce protection state on “system” 4
Background image of page 4
Page CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Protection State • Describes the conditions under which the system is secure – Secrecy – Integrity – Availability • Described in terms of Subjects : Users and processes Objects : Files and sockets Operations : Read and write 5
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Page CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Access Matrix O 1 O 2 O 3 S 1 Y Y N S 2 N Y N S 3 N Y Y • Subjects • Objects • Operations • Can determine – Who can access an object? – What objects can be accessed by a subject? – What operations a subject can perform on an object? 6
Background image of page 6
Page CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Access Matrix Policy • Suppose the private key fle For J is object O 1 – Only J can read • Suppose the public key fle For J is object O 2 – All can read, only J can modiFy • Suppose all can read and write From object O 3 • What ʼ s the access matrix? 7 O 1 O 2 O 3 J ? ? ? S 2 ? ? ? S 3 ? ? ?
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Page CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Access Control Lists O 1 O 2 O 3 S 1 Y Y N S 2 N Y N S 3 N Y Y • System stores – Which operations can subjects perform – For each object Advantage : Makes you think about how to protect each object – Also, easier to con±ne subjects as we ʼ ll discuss later Disadvantage : Cannot tell what permissions a particular subject has without looking at each object – Process always uses all of its permissions, as we ʼ ll discuss later 8
Background image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

Page1 / 29

cse443-lecture-13-accesscontrol - Access Control CMPSC 443...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online