computer security access control mechanisms
Download
Skip this Video
Download Presentation
Computer Security Access Control Mechanisms

Loading in 2 Seconds...

play fullscreen
1 / 20

Computer Security Access Control Mechanisms - PowerPoint PPT Presentation


  • 102 Views
  • Uploaded on

Computer Security Access Control Mechanisms. States of a Computer System. The state of a system is the collection of current values of all components of the system: memory locations, secondary storage, registers etc. Protection states are those states that have to be protected.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Computer Security Access Control Mechanisms' - clinton-fletcher


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
states of a computer system
States of a Computer System

The state of a system is the collection of current values of all

components of the system: memory locations, secondary

storage, registers etc.

Protection states are those states that have to be protected.

  • .P = set of all protection states of the system
  • .Q = set of all authorized protection states
  • The system is not secure if the current state is in P -Q
  • A security policy characterizes the states in Q
  • A security mechanism prevents the system entering

a state in P -Q

access control matrix model
Access Control Matrix Model

This is used to describe the protection states.

It characterizes the rights of each subject of the

system (entity/process) regarding the objects of the

system (entities/processes) in terms of a matrix.

butler lampson model
Butler-Lampson Model

This describes the rights of users s (subjects) over

files o (objects) by a matrix A whose rows are indexed

by the subjects and whose columns are indexed by

the objects.

The rights belong to a set R.

Each entry a[s,o] of matrix A is a subset of the set R, and is the set of rights of user s over file o.

butler lampson model1
Butler-Lampson Model

The set of protection states P of a system is represented by a set of triples in (S,O,A),

where S is the set of users, O the set of files and A the

Access Control Matrix.

The set of rights R (the entries in A) depends on the

application.

examples of acms
Examples of ACMs

file 1 file 2 process 1 process 2

process 1 read, write read read, write, write

own execute, own

process 2 append read, own read read, write

execute, own

Here R = { read, wright, own, append, execute }

process 1 can read/write file 1, read file 2, communicate with process 2 by writing to it, etc.

examples rights on a lan
Examples: rights on a LAN

host names telegraph nob toadflex

telegraph own ftp ftp

nob ftp,nfs,mail,own ftp,nfs,mail

toadflex ftp,mail ftp,nfs,mail,own

Here R = { ftp, mail, nfs, own }, where

ftp = the right to access the File Transfer Protocol

mail = the right to send/receive using the Simple Mail Transfer Protocol (SMTP)

nfs = the right to access file systems using the Network File System protocol

examples rights in a program to synchronize events
Examples: rights in a program to synchronize events

host names counter inc_ctrdec_ctr manager

inc_ctr+

dec_ctr-

manager call callcall

Here

R = { +, -, call } (+,- represent the ability to add or subtract and call is the ability to invoke a procedure)

inc_ctrincreases a counter and dec_ctrdecreases it

manager calls the functions inc_ctr and dec_ctr

other examples
Other examples
  • Access Control by Boolean expression evaluation
  • Access Control by History

See textbook

protection state transitions
Protection State Transitions

Initial state of the system: X0 = (S0,O0,A0 )

Transitions: t1, t2, …

Corresponding states: X1, X2, …

We use the notation:

Xi ├─ ti+1 Xi+1

to indicate the state transition ti+1 moves the system from Xito Xi+1

X ├─* Y

indicates that starting at X, after a series of transitions the system enters state Y.

protection state transitions1
Protection State Transitions

Xi├─ci+1(pi+1,1 ,…, pi+1,m) Xi+1

indicates that the transition is caused by the command

ci+1 with parameters pi+1,1 ,…, pi+1,m.

the harrison ruzzo ullman model
The Harrison-Ruzzo-Ullman Model

This is based on a set of primitive commands.

  • create subject s

[precondition: sS

postcondition: S’ = S  { s }, O’ = O, no rights are assigned to s, all other rights are not affected ]

  • create object o

[precondition: oO

postcondition: S’= S, O’ = O  { o }, no rights are assigned to o all other rights are not affected ]

the harrison ruzzo ullman model1
The Harrison-Ruzzo-Ullman Model
  • Enter right r into a[s,o]

[precondition: sS, oO

postcondition: S’ = S, O’ = O, a’ [s,o] = a [s.o] { r }, no other rights are affected ]

  • Delete right r from a[s,o]

[precondition: sS, oO

postcondition: S’ = S, O’ = O, a’ [s,o] = a [s.o]- { r }, no other rights are affected ]

the harrison ruzzo ullman model2
The Harrison-Ruzzo-Ullman Model
  • destroy subject s

[precondition: sS

postcondition: S’ = S - { s }, O’= O, a’ [s,o]=  for all oO, no other rights are affected ]

  • destroy object o

[precondition: oO

postcondition: S’ = S, O’ = O - { o }, a’ [s,o] =  for all sS, no other rights are affected ]

the harrison ruzzo ullman model3
The Harrison-Ruzzo-Ullman Model

Example

command create•file(p,f)

create object f ;

enter right owninto a [p,f];

enter right r into a [p,f];

enter right winto a [p,f];

end

the harrison ruzzo ullman model4
The Harrison-Ruzzo-Ullman Model

Example –conditional commands

Suppose process p wants to give process q the right to read file f

command grant•read•file1•(p,f,q)

if ownin a [p,f]

then

enter rinto a [q,f];

end

the harrison ruzzo ullman model5
The Harrison-Ruzzo-Ullman Model

Example –conditional commands using and

Suppose process p wants to give process q the right to read file f

command grant•read•file2•(p,f,q)

if rin a[p,f] and cin a[p,f]

then

enter rinto a[q,f];

end

See textbook for other examples.

copying and owning
Copying and owning

Rights

  • copy right(grant right) – augments existing rights
  • own right

The copy right allows its possessor to grant rights (this right is

often considered a flag attachment –hence flag right)

The own right allows its possessor to add or delete privileges to

themselves.

copying
Copying

Example

Suppose process p has right r over object f , and let c be a copy

right.

The following command allows p to copy r over f to another process q only if p has copy right over f .

command grant•r(p,f,q)

if rin a[p,f] and cin a[p,f]

then

enter rinto a[q,f];

end

attenuation of privilege
Attenuation of privilege

The Principle of Attenuation of Privilege says that

  • a subject may not give rights it does not possess to another subject.
ad