1 / 9

ITIS 3200: Introduction to Information Security and Privacy

ITIS 3200: Introduction to Information Security and Privacy. Dr. Weichao Wang. Chapter 2: A concrete example: Access Control Matrix First introduced in OS and databases Describe allowed access using a matrix Protection state of the system

lytlea
Download Presentation

ITIS 3200: Introduction to Information Security and Privacy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ITIS 3200:Introduction to Information Security and Privacy Dr. Weichao Wang

  2. Chapter 2: A concrete example: Access Control Matrix • First introduced in OS and databases • Describe allowed access using a matrix • Protection state of the system • Describe the protection state by characterizing rights of each subject over objects. • We are especially interested in state transitions that will affect the protection states.

  3. Access control matrix model • Objects O: the set of protected entities • Subjects S: the set of active objects that can perform actions (process or user) • Rights R: the full right set. For every pair (s, o), a subset of rights is granted. • The set of protection states is represented by (S, O, A) • Some subjects can also be objects • An example

  4. Access control matrix model (continued) • The meaning of rights depends on system and objects involved • The access control matrix can model a large system containing multiple machines, or a programming language at the micro level • The matrix can also contain functions to determine rights (mutual access)

  5. Protection state transitions • Operations will lead to changes of states, and updates in access control matrix • State Xi will change to state X(i+1) under command c(i+1) • A command may have multiple parameters and lead to multiple state transitions (share a folder in a OS)

  6. Primitive command • Create subject s • Create object o • Enter right r into a[s, o] • Delete right r from a[s, o] • Destroy subject s • Destroy object o

  7. Primitive commands can be combined into commands • System usually does not directly call primitive commands, but through another level of wrapper • A command invoking only one primitive is called mono-operational command • Conditional commands do not support negation

  8. Examples of commands Command create-file (p, f) // process p creates a file f create object f; enter own into a[p, f]; enter read into a[p, f]; enter write into a[p, f]; End Command grant-read-file (p, f, q) // process p grants read if r in a[p, f] and owner in a[p, f] // right on file f to q then enter r into a[q, f]; end

  9. Some concepts that we need to understand: • Protection state and access control matrix • State transition caused by operations and command • Access control matrix is not used directly because of space requirements.

More Related