Dynamic Access Control Matrices in Computer Security

ecs 235b module 4 access control matrix n.w
1 / 31
Embed
Share

Explore the dynamic nature of access control matrices in computer security, understanding how subjects, objects, and rights are managed. Learn about examples, UNIX/Linux access controls, and boolean expression evaluation for database field access.

  • Security
  • Access Control
  • Computer
  • Matrices
  • UNIX/Linux
rayaanacharya
dore_ani Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. ECS 235B Module 4 Access Control Matrix Module 4 ECS 235B, Foundations of Computer and Information Security 1

  2. Description objects (entities) Subjects S = { s1, , sn } Objects O = { o1, , om } Rights R = { r1, , rk } Entries A[si, oj] R A[si, oj] = { rx, , ry } means subject si has rights rx, , ry over object oj o1 oms1 sn s1 s2 subjects sn Module 4 ECS 235B, Foundations of Computer and Information Security 2

  3. Example 1 Processes p, q Files f, g Rights r, w, x, a, o f g p q p rwo r rwxo w q a ro r rwxo Module 4 ECS 235B, Foundations of Computer and Information Security 3

  4. Example 2 Host names telegraph, nob, toadflax Rights own, ftp, nfs, mail telegraph nob toadflax telegraph nob toadflax own ftp ftp ftp, mail, nfs, own ftp, nfs, mail ftp, mail ftp, mail, nfs, own Module 4 ECS 235B, Foundations of Computer and Information Security 4

  5. Example 3 Procedures inc_ctr, dec_ctr, manage Variable counter Rights +, , call counterinc_ctr inc_ctr + dec_ctr manager dec_ctr manage call call call Module 4 ECS 235B, Foundations of Computer and Information Security 5

  6. UNIX/Linux Access Controls Files A is ~bishop/a.out (0755, or rwxr-xr-x) B is /etc/passwd (0644, or rw-r--r--) H is /home/bishop (0711, or rwx--x--x) S is /bin/su (4711, or s--rwx--x--x) A bishop zheng root B S H rwxo r x rwxo rx r x x rwx rwo rwxo rwx Module 4 ECS 235B, Foundations of Computer and Information Security 6

  7. UNIX/Linux Access Controls Access control matrices are dynamic: After bishop executes chmod 700 /home/bishop: Same as chmod u=rwx,g-rwx,o-rwx /home/bishop A bishop muwei root B S H rwxo r x rwxo r x rwx rwo rwxo rwx Module 4 ECS 235B, Foundations of Computer and Information Security 7

  8. Boolean Expression Evaluation ACM controls access to database fields Subjects have attributes Verbs define type of access Rules associated with objects, verb pair Subject attempts to access object Rule for object, verb evaluated, grants or denies access Module 4 ECS 235B, Foundations of Computer and Information Security 8

  9. Example Subject annie Attributes role (artist), group (creative) Verb paint Default 0 (deny unless explicitly granted) Object picture Rule: paint: artist in subject.role and creative in subject.groups and time.hour 0 and time.hour 4 Module 4 ECS 235B, Foundations of Computer and Information Security 9

  10. ACM at 3AM and 10AM At 3AM, time condition met ACM is: At 10AM, time condition not met ACM is: picture picture annie annie paint Module 4 ECS 235B, Foundations of Computer and Information Security 10

  11. History Problem: what a process has accessed may affect what it can access now Example: procedure in a web applet can access other procedures depending on what procedures it has already accessed S set of static rights associated with procedure C set of current rights associated with each executing process When process calls procedure, rights are S C Module 4 ECS 235B, Foundations of Computer and Information Security 11

  12. Example Program // This routine has no filesystem access rights // beyond those in a limited, temporary area procedure helper_proc() return sys_kernel_file sys_kernel_file contains system kernel // But this has the right to delete files program main() sys_load_file(helper_proc) tmp_file = helper_proc() sys_delete_file(tmp_file) tmp_file is in limited area that helper_proc() can access Module 4 ECS 235B, Foundations of Computer and Information Security 12

  13. Before helper_proc Called Static rights of program sys_kernel_filetmp_file main delete delete helper_proc delete When program starts, current rights: sys_kernel_filetmp_file main delete delete helper_proc delete process delete delete Module 4 ECS 235B, Foundations of Computer and Information Security 13

  14. After helper_proc Called Process rights are intersection of static, previous current rights: sys_kernel_filetmp_file main delete delete helper_proc delete process delete Module 4 ECS 235B, Foundations of Computer and Information Security 14

  15. State Transitions Change the protection state of system represents transition Xi Xi+1: command moves system from state Xi to Xi+1 Xi *Y: a sequence of commands moves system from state Xi to Y Commands often called transformation procedures Module 4 ECS 235B, Foundations of Computer and Information Security 15

  16. Primitive Operations create subjects; create object o Creates new row, column in ACM; creates new column in ACM destroy subjects; destroy object o Deletes row, column from ACM; deletes column from ACM enterrintoA[s, o] Adds r rights for subject s over object o deleterfromA[s, o] Removes r rights from subject s over object o Module 4 ECS 235B, Foundations of Computer and Information Security 16

  17. Create Subject Precondition: s S Primitive command: create subjects Postconditions: S = S { s }, O = O { s } ( y O ) [A [s, y] = ], ( x S ) [A [x, s] = ] ( x S)( y O) [A [x, y] = A[x, y]] Module 4 ECS 235B, Foundations of Computer and Information Security 17

  18. Create Object Precondition: o O Primitive command: create objecto Postconditions: S = S, O = O { o } ( x S ) [A [x, o] = ] ( x S)( y O) [A [x, y] = A[x, y]] Module 4 ECS 235B, Foundations of Computer and Information Security 18

  19. Add Right Precondition: s S, o O Primitive command: enterrintoA[s, o] Postconditions: S = S, O = O A [s, o] = A[s, o] { r } ( x S )( y O { o }) [A [x, y] = A[x, y]] ( x S { s })( y O ) [A [x, y] = A[x, y]] Module 4 ECS 235B, Foundations of Computer and Information Security 19

  20. Delete Right Precondition: s S, o O Primitive command: deleterfromA[s, o] Postconditions: S = S, O = O A [s, o] = A[s, o] { r } ( x S )( y O { o }) [A [x, y] = A[x, y]] ( x S { s })( y O ) [A [x, y] = A[x, y]] Module 4 ECS 235B, Foundations of Computer and Information Security 20

  21. Destroy Subject Precondition: s S Primitive command: destroysubjects Postconditions: S = S { s }, O = O { s } ( y O ) [A [s, y] = ], ( x S ) [A [x, s] = ] ( x S )( y O ) [A [x, y] = A[x, y]] Module 4 ECS 235B, Foundations of Computer and Information Security 21

  22. Destroy Object Precondition: o O Primitive command: destroyobjecto Postconditions: S = S, O = O { o } ( x S ) [A [x, o] = ] ( x S )( y O ) [A [x, y] = A[x, y]] Module 4 ECS 235B, Foundations of Computer and Information Security 22

  23. Creating File Process p creates file f with r and w permission command create file(p, f) create object f; enter own into A[p, f]; enter r into A[p, f]; enter w into A[p, f]; end Module 4 ECS 235B, Foundations of Computer and Information Security 23

  24. Mono-Operational Commands Make process p the owner of file g command make owner(p, g) enter own into A[p, g]; end Mono-operational command Single primitive operation in this command Module 4 ECS 235B, Foundations of Computer and Information Security 24

  25. Conditional Commands Let p give qr rights over f, if p owns f command grant read file 1(p, f, q) if own in A[p, f] then enter r into A[q, f]; end Mono-conditional command Single condition in this command Module 4 ECS 235B, Foundations of Computer and Information Security 25

  26. Biconditional Commands (and) Let p give qr and w rights over f, if p owns f and p has c rights over q command grant read file 2(p, f, q) if own in A[p, f] and c in A[p, q] then enter r into A[q, f]; enter w into A[q, f]; end Module 4 ECS 235B, Foundations of Computer and Information Security 26

  27. There Is No or Let p give qr and w rights over f, if p owns f or p has c rights over q command grant read file 3(p, f, q) if own in A[p, f] then enter r into A[q, f]; enter w into A[q, f]; end command grant read file 4(p, f, q) if c in A[p, q] then enter r into A[q, f]; enter w into A[q, f]; end grant read file 3(p, f, q); grant read file 4(p, f, q) Module 4 ECS 235B, Foundations of Computer and Information Security 27

  28. General Form command name of command(parameters) if conditions (if many, separate with and) then list of commands or primitive operations to be executed; end Only one if, and it must come before any primitive operations or subcommands When there is an if, no commands may follow it (but there can be commands in the body of the if) There is no else Module 4 ECS 235B, Foundations of Computer and Information Security 28

  29. Copy Flag and Right Allows possessor to give rights to another Often attached to a right (called a flag), so only applies to that right r is read right that cannot be copied rc is read right that can be copied Is copy flag copied when giving r rights? Depends on model, instantiation of model Module 4 ECS 235B, Foundations of Computer and Information Security 29

  30. Own Right Usually allows possessor to change entries in ACM column So owner of object can add, delete rights for others May depend on what system allows Can t give rights to specific (set of) users Can t pass copy flag to specific (set of) users Module 4 ECS 235B, Foundations of Computer and Information Security 30

  31. Attenuation of Privilege Principle says you can t increase your rights, or give rights you do not possess Restricts addition of rights within a system Usually ignored for owner Why? Owner gives herself rights, gives them to others, deletes her rights. Module 4 ECS 235B, Foundations of Computer and Information Security 31

Related


Unlocking New Potentials With An Eminent Speaker at ACM

Unlocking New Potentials With An Eminent Speaker at ACM

Akhil1
Sound System Hire Sydney — CR Lighting and Audio ( 61 2 9560 0300)

Sound System Hire Sydney — CR Lighting and Audio ( 61 2 9560 0300)

CRLighting
Benefits of Audio Visual Rentals in Business Event Planning

Benefits of Audio Visual Rentals in Business Event Planning

aayun
Discover Top-Quality Behringer Microphones in Sydney at CR Lighting and Audio (

Discover Top-Quality Behringer Microphones in Sydney at CR Lighting and Audio (

CRLighting
The Role of Audio Visual Technology in Education

The Role of Audio Visual Technology in Education

aayun
Enhancing Peer Review Quality Through Double-Blind Reviewing in ACM Conferences

Enhancing Peer Review Quality Through Double-Blind Reviewing in ACM Conferences

adele
Symbolic Equations with Deep Learning by Shirley Ho at ACM Learning Event

Symbolic Equations with Deep Learning by Shirley Ho at ACM Learning Event

murray
Audio-Visual Co-production Agreement Between South Africa and Kenya

Audio-Visual Co-production Agreement Between South Africa and Kenya

romilly
Multimedia Data Representations in Networking

Multimedia Data Representations in Networking

brent
The Difference Between Audio and Visual Aids

The Difference Between Audio and Visual Aids

tariq
Utilizing Instructional Aids in Teaching Pakistan Studies: Enhancing Learning Through Visual and Audio-Visual Materials

Utilizing Instructional Aids in Teaching Pakistan Studies: Enhancing Learning Through Visual and Audio-Visual Materials

bronte
Behringer Microphones in Sydney CR Lighting and Audio

Behringer Microphones in Sydney CR Lighting and Audio

CRLighting
Object-Based Audio Processing

Object-Based Audio Processing

brodie
Comprehensive Overview of Singer Voice Synthesis and Model Structures

Comprehensive Overview of Singer Voice Synthesis and Model Structures

anaiya
Enhancing Voice Telecommunications Accessibility for Individuals with Hearing Loss

Enhancing Voice Telecommunications Accessibility for Individuals with Hearing Loss

czoy
The Sound Pixel Project: Innovative Audio Design and Implementation

The Sound Pixel Project: Innovative Audio Design and Implementation

deel143
Digital Audio and Sound Characteristics in Multimedia

Digital Audio and Sound Characteristics in Multimedia

kaed_7
Self-Supervised Audio-Visual Learning for Segmentation Tasks

Self-Supervised Audio-Visual Learning for Segmentation Tasks

syan
Mobile Application Development Chapter 5: Working with Android Media Player

Mobile Application Development Chapter 5: Working with Android Media Player

daske
Exploring the Secret Lives of Children Through Audio Data Collection

Exploring the Secret Lives of Children Through Audio Data Collection

bogosian_l
Audio Description Guidelines in Modern Languages for Translators and Interpreters

Audio Description Guidelines in Modern Languages for Translators and Interpreters

lkam
Bathymetry Trackline Fitting Techniques at ACM SIGSPATIAL GIS 2009

Bathymetry Trackline Fitting Techniques at ACM SIGSPATIAL GIS 2009

ava_b

More Related Content