access control lists
play

Access Control Lists Don Porter 1 COMP 790: OS Implementation - PowerPoint PPT Presentation

Apr 05, 2024 •399 likes •622 views

COMP 790: OS Implementation Access Control Lists Don Porter 1 COMP 790: OS Implementation Background (1) If everything in Unix is a file Everything in Windows is an object Why not files? Not all OS abstractions make sense as

  1. COMP 790: OS Implementation Access Control Lists Don Porter 1

  2. COMP 790: OS Implementation Background (1) • If everything in Unix is a file… – Everything in Windows is an object • Why not files? – Not all OS abstractions make sense as a file • Examples: – Eject button on an optical drive – Network card

  3. COMP 790: OS Implementation Windows object model • Everything, including files, is represented as a generic OS object • New object types can be created/extended with arbitrary methods beyond just open/read/write/etc. • Objects are organized into a tree-like hierarchy • Try out Windows object explorer (winobj) – Sysinternals.net

  4. COMP 790: OS Implementation Background (2) • A big goal for Windows NT and 2000 was centralizing workstation administration at companies/etc. – Create a user account once, can log onto all systems – Vs. creating different accounts on 100s of systems • Active Directory: a Domain server that stores user accounts for the domain – Log on to a workstation using an AD account – Ex: CS\porter – Domain CS, user id porter – Used by CS department today, centralizes user management

  5. COMP 790: OS Implementation Active Directory • Centralized store of users, printers, workstations, etc. • Each machine caches this info as needed – Ex., once you log in, the machine caches your credentials

  6. COMP 790: OS Implementation Big Picture • OSes need a “language” to express what is allowed and what isn’t • Access Control Lists are a common way to do this • Structure: “Allowed|Denied: Subject Verb Object”

  7. COMP 790: OS Implementation Unix permissions as ACLs -rw-------@ 1 porter staff 151841 Nov 10 08:45 win2kacl.pdf • Allowed|Denied: Subject Verb Object • Allowed: porter read win2kacl.pdf • Allowed: porter write win2kacl.pdf • Denied: staff read win2kacl.pdf • Denied: other * win2kacl.pdf

  8. COMP 790: OS Implementation Fine-grained ACLs • Why have subjects other than users/groups? – Not all of my programs are equally trusted – Web browser vs. tax returns – Want to run some applications in a restricted context • Still want a unified desktop and file system – Don’t want to log out and log in for different applications • Real goal: Associate a restricted context with a program

  9. COMP 790: OS Implementation Why different verbs/objects • Aren’t read, write, and execute good enough? • Example: Changing passwords – Yes, you read and write the password file – But not directly (since I shouldn’t be able to change other passwords) – Really, the administrator gives a trusted utility/service permission to write entries – And gives you permission to call a specific service function (change password) with certain arguments (namely your own user id/pass)

  10. COMP 790: OS Implementation Fine-grained access control lists • Keep user accounts and associated permissions – But let users create restricted subsets of their permissions • In addition to files, associate ACLs with any object – ACLs can be very long, with different rules for each user/context • And not just RWX rules – But any object method can have different rules

  11. COMP 790: OS Implementation Big picture • ACLs are written in terms of enterprise-wide principals – Users in AD – Objects that may be system local or on a shared file system – Object types and verbs usually in AD as well • ACLs are associated with a specific object, such as a file

  12. COMP 790: OS Implementation Complete! • Assertion: Any security policy you can imagine can be expressed using ACLs – Probably correct • Challenges: – Correct enforcement of ACLs – Efficient enforcement of ACLs – Updating ACLs – Correctly writing the policies/ACLs in the first place

  13. COMP 790: OS Implementation Correct enforcement • Strategy: All policies are evaluated by a single function • Implement the evaluation function once – Audit, test, audit, test until you are sure it looks ok • Keep the job tractable by restricting the input types • All policies, verbs, etc. have to be expressed in a way that a single function can understand – Shifts some work to application developer

  14. COMP 790: OS Implementation Efficient enforcement • Evaluating a single object’s ACL is no big deal • When context matters, the amount of work grows substantially • Example: The Linux VFS checks permission starting at the current directory (or common parent), and traverses each file in the tree – Why? – To check the permissions that you should be allowed to find this file

  15. COMP 790: OS Implementation Efficiency • In addition to the file system, other container objects create a hierarchy in Windows • Trade-off: Either check permissions from top-down on the entire hierarchy, or propagate updates – Linux: top-down traversal – Alternative: chmod o-w /home/porter • Walk each file under /home/porter and also drop other’s write permission

  16. COMP 790: OS Implementation Efficiency, cont • AD decided the propagating updates was more efficient • Intuition: Access checks are much more frequent than changes – Better to make the common case fast!

  17. COMP 790: OS Implementation Harder than it looks # ls /home/porter drwxr-xr--x porter porter 4096 porter chmod o+r /home/porter/public # chmod o-r porter # ls /home/porter Recursively change all children drwxr-x---x porter porter 4096 porter to o-r. But do you change public?

  18. COMP 790: OS Implementation Issues with propagating • Need to distinguish between explicit and inherited changes to the child’s permissions when propagating – Ex 1: If I take away read permission to my home directory, distinguish those files with an explicit read permission from those just inheriting from the parent – Ex 2: If I want to prevent the administrator from reading a file, make sure the administrator can’t countermand this by changing the ACL on /home

  19. COMP 790: OS Implementation AD’s propagation solution • When an ACL is explicitly changed, mark it as such – Vs. inherited permissions • When propagating, delete and reapply inherited permissions – Leave explicit ACLs alone

  20. COMP 790: OS Implementation Challenge: Policies to ACLs • Assertion: Translating policies to ACLs is hard • Hard to: – Express some policies as ACLs – Write the precise ACL you want – Identify all objects that you want to restrict • Much research around developing policy languages that better balance: human usability and implementation correctness – This system strongly favors implementation correctness

  21. COMP 790: OS Implementation Example Policy • “Don’t let this file leave the computer” • Ideas? – Create a restricted process context that disables network access – Only give read permission to this context • But, what if this process writes the contents to a new file? Or over IPC to an unrestricted process? – Does the ACL propagate with all output? – If so, what if the program has a legitimate need to access other data?

  22. COMP 790: OS Implementation Summary • Basic idea of ACL • How it is used in Windows/AD – How extended for fine granularity • Challenges with hierarchical enforcement, writing policies

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Overview Access control lists Capability lists Locks and keys Rings-based

Overview Access control lists Capability lists Locks and keys Rings-based

Overview Access control lists Capability lists Locks and keys Rings-based access control Propagated access control lists May 31, 2005 ECS 235, Computer and Information Slide #1 Security Access Control Lists Columns

1.24k views • 80 slides
Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control? How Is Access Determined? Who Determines Access? Forms of Access Control SELinux Booleans iptables File Access Control Lists Apache Access Control

711 views • 36 slides
Access Control Lists Don Porter CSE 506 Background (1) If everything in Unix is a file

Access Control Lists Don Porter CSE 506 Background (1) If everything in Unix is a file

Access Control Lists Don Porter CSE 506 Background (1) If everything in Unix is a file Everything in Windows is an object Why not files? Not all OS abstractions make sense as a file Examples: Eject button on an optical drive

908 views • 22 slides
Access Control Lists in Linux & Windows Vasudevan Nagendra & Yaohui Chen Fall 2014:: CSE

Access Control Lists in Linux & Windows Vasudevan Nagendra & Yaohui Chen Fall 2014:: CSE

Fall 2014:: CSE 506:: Section 2 (PhD) Access Control Lists in Linux & Windows Vasudevan Nagendra & Yaohui Chen Fall 2014:: CSE 506:: Section 2 (PhD) Categorization: Access Control Mechanisms Discretionary Access Control (DAC): Owner

1k views • 33 slides
Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions Protection objects : system resources for which protection is

576 views • 21 slides
virtual machines 1 last time access control lists user ID and group ID tracking IDs in kernel

virtual machines 1 last time access control lists user ID and group ID tracking IDs in kernel

virtual machines 1 last time access control lists user ID and group ID tracking IDs in kernel delegating naming, authentication to user programs set-user-ID programs: controlled access to priv. functions extremely tricky to write securely

1.3k views • 109 slides
Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of Access Control Discretionary acces control Mandatory access control Real systems: Unix Access Control Model Access control Access

817 views • 47 slides
Access Control Lists Not all OS abstractions make sense as a file Examples: Don Porter

Access Control Lists Not all OS abstractions make sense as a file Examples: Don Porter

12/6/12 Background (1) If everything in Unix is a file Everything in Windows is an object Why not files? Access Control Lists Not all OS abstractions make sense as a file Examples: Don Porter Eject

801 views • 4 slides
virtual machines 1 last time access control lists user and group IDs in processes set-user-ID

virtual machines 1 last time access control lists user and group IDs in processes set-user-ID

virtual machines 1 last time access control lists user and group IDs in processes set-user-ID programs briefmy: time-of-check-to-time-of-use errors capabilities: token to address = permission token might allow getting other tokens can pass

1.24k views • 105 slides
1 General Access Control General Access Control Control of access to memory relatively easy:

1 General Access Control General Access Control Control of access to memory relatively easy:

Role of Access Control Before closing back doors we need to close front doors Access control: determines access to files & processes in OS Fall 2008 We will return to these themes throughout the course Fall 2008 CS

512 views • 6 slides
SYSTEM DIAGRAMS Door Entry & Access Control ACCESS CONTROL ACCESS CONTROL Allowing

SYSTEM DIAGRAMS Door Entry & Access Control ACCESS CONTROL ACCESS CONTROL Allowing

SYSTEM DIAGRAMS Door Entry & Access Control ACCESS CONTROL ACCESS CONTROL Allowing residents / staff access to site areas Main entrance Vehicle entrances Pedestrian entrances Gate / Barrier entrance Bin / Bike / Refuge

336 views • 14 slides
trees 1 are lists enough? for correctness sure want to effjciently access items better

trees 1 are lists enough? for correctness sure want to effjciently access items better

trees 1 are lists enough? for correctness sure want to effjciently access items better than linear time to fjnd something 2 want to represent relationships more naturally inter-item relationships in lists 1 2 3 4 5 List: nodes

1.59k views • 132 slides
Overview Basic Principles Access Control Methodologies Controls Access Control Designs

Overview Basic Principles Access Control Methodologies Controls Access Control Designs

Overview Basic Principles Access Control Methodologies Controls Access Control Designs Access Control Administration Accountability Chapter 2 Access Control Models Identification and Authentication Methods Lecturer:

708 views • 9 slides
Random-access lists, nested data types and numeral systems Bal azs K om uves Falkstenen

Random-access lists, nested data types and numeral systems Bal azs K om uves Falkstenen

Random-access lists, nested data types and numeral systems Bal azs K om uves Falkstenen AB Leipzig, 2016 September 14 Singly linked lists Lists are the functional programmers favourite 1 data structure. very simple

968 views • 20 slides
Mobile Communications Mobile Communications Security Types of Attacks 802.11 Security

Mobile Communications Mobile Communications Security Types of Attacks 802.11 Security

Mobile Communications Mobile Communications Security Types of Attacks 802.11 Security Access Control Lists Access Control Lists GSM Security GSM Security WEP Authentication WPA/WPA2 Encryption 802.1X/EAP

536 views • 43 slides
Mobile Communications Mobile Communications Security Types of Attacks 802.11 Security

Mobile Communications Mobile Communications Security Types of Attacks 802.11 Security

Mobile Communications Mobile Communications Security Types of Attacks 802.11 Security Access Control Lists Access Control Lists GSM Security GSM Security WEP Authentication WPA/WPA2 Encryption 802.1X/EAP

409 views • 15 slides
and Simo Sorce Samba T eam Member Identity Management T eam Red Hat What is OpenStack ?

and Simo Sorce Samba T eam Member Identity Management T eam Red Hat What is OpenStack ?

SambaXP 2014 and Simo Sorce Samba T eam Member Identity Management T eam Red Hat What is OpenStack ? OpenStack is a cloud operating system But what is a cloud operating system ? A cloud infrastructure is a collection of

284 views • 26 slides
IN INPU PUT DE T DEVI VICES CES Man aninder nder Kau aur professorm

IN INPU PUT DE T DEVI VICES CES Man aninder nder Kau aur professorm

IN INPU PUT DE T DEVI VICES CES Man aninder nder Kau aur professorm essormaninder@gmail.com aninder@gmail.com www.eazynotes.com 1 Device: is an instrument that performs a simple task. Input: something put into a system.

573 views • 41 slides
182.694 Microcontroller VU Martin Perner SS 2017 Featuring Today: Assembler Programming Weekly

182.694 Microcontroller VU Martin Perner SS 2017 Featuring Today: Assembler Programming Weekly

182.694 Microcontroller VU Martin Perner SS 2017 Featuring Today: Assembler Programming Weekly Training Objective Already done 1.2 Board test 2.1.1 Assembler demo program 2.1.2 Makefile 2.2.1 Logical operations This week 2.2.2

240 views • 20 slides
Chapter 1 Introduction Chapter 1 Objectives Know the difference between computer

Chapter 1 Introduction Chapter 1 Objectives Know the difference between computer

Chapter 1 Introduction Chapter 1 Objectives Know the difference between computer organization and computer architecture. Understand units of measure common to computer systems. Appreciate the evolution of computers. Understand

1.2k views • 73 slides
Federated Identity, SSO and Multifactor Authentication June 23 rd , 2017 Computing Services and

Federated Identity, SSO and Multifactor Authentication June 23 rd , 2017 Computing Services and

Computing Services and Systems Development Federated Identity, SSO and Multifactor Authentication June 23 rd , 2017 Computing Services and Systems Development F EDERATED I DENTITY , SSO AND MFA @ THE U NIVERSITY OF P ITTSBURGH Tony Carra

542 views • 12 slides
Restore von Active Directory mit einer von HP entwickelten Lsung (Recovering from Active

Restore von Active Directory mit einer von HP entwickelten Lsung (Recovering from Active

Restore von Active Directory mit einer von HP entwickelten Lsung (Recovering from Active Directory Disasters) Guido Grillenmeier Senior Consultant Technology Solutions Group Hewlett-Packard Agenda What is a Disaster? Authoritative

363 views • 19 slides
Windows IT Pro & www.goverlan.com Configuration Manager Community Tools Rod Trent

Windows IT Pro & www.goverlan.com Configuration Manager Community Tools Rod Trent

Complete Control with Microsoft SCCM and these tools Brought to you by: Windows IT Pro & www.goverlan.com Configuration Manager Community Tools Rod Trent Engagement, Education, and Conference Director Extra What's New in

356 views • 24 slides
Getting Started with The Azure Data Platform How to Set Up a Fully-Functional Azure Data &

Getting Started with The Azure Data Platform How to Set Up a Fully-Functional Azure Data &

Getting Started with The Azure Data Platform How to Set Up a Fully-Functional Azure Data & Analytics Environment in Just 30-Days 10/21/2020 CONFI DENTI AL | 2020 | 1 Todays Presenter Rob Carek Director, Global Solution Development

349 views • 31 slides

More recommend