lecture 2 access control matrix
play

Lecture 2: Access Control Matrix January 6, 2011 Lecture 2, Slide 1 - PowerPoint PPT Presentation

Jan 18, 2023 •26 likes •346 views

Outline Modeling What is an access control matrix? Some examples Formal model Propagating rights What Next? Lecture 2: Access Control Matrix January 6, 2011 Lecture 2, Slide 1 ECS 235B, Foundations of Information and Computer Security

  1. Outline Modeling What is an access control matrix? Some examples Formal model Propagating rights What Next? Lecture 2: Access Control Matrix January 6, 2011 Lecture 2, Slide 1 ECS 235B, Foundations of Information and Computer Security January 6, 2011

  2. Outline Modeling What is an access control matrix? Some examples Formal model Propagating rights What Next? 1 Modeling 2 What is an access control matrix? 3 Some examples Boolean expressions for database control History for program execution control 4 Formal model Primitive operations Types of commands 5 Propagating rights Copy and own Attenuation of privilege 6 What Next? Lecture 2, Slide 2 ECS 235B, Foundations of Information and Computer Security January 6, 2011

  3. Outline Modeling What is an access control matrix? Some examples Formal model Propagating rights What Next? Models Abstract irrelevant details of entity or process being modeled Allows you to focus on aspects that are of interest If done correctly , results from analyzing the model apply to entity or process Assumption: nothing you omit affects the application of the results Lecture 2, Slide 3 ECS 235B, Foundations of Information and Computer Security January 6, 2011

  4. Outline Modeling What is an access control matrix? Some examples Formal model Propagating rights What Next? Protection State Protection state of system describes current settings, values relevant to protection Access control matrix representation of protection state Describes protection state precisely Matrix describing rights of subjects (rows) over objects (columns) State transitions change elements of matrix Subject is active entities (processes, users, etc .) Object has 2 meanings: Passive entity ( not a subject) Any entity acting passively (so can be a subject) Context tells you which sense is used Lecture 2, Slide 4 ECS 235B, Foundations of Information and Computer Security January 6, 2011

  5. Outline Modeling What is an access control matrix? Some examples Formal model Propagating rights What Next? Description • Subjects S = { s 1 , . . . , s n } • Objects O = { o 1 , . . . , o m } • Rights R = { r 1 , . . . , r k } • Entries A [ s i , o j ] ⊆ R • A [ s i , o j ] = { r x , . . . , r y } means subject s i has rights r x , . . . , r y over object o j Lecture 2, Slide 5 ECS 235B, Foundations of Information and Computer Security January 6, 2011

  6. Outline Modeling What is an access control matrix? Some examples Formal model Propagating rights What Next? Access Control Matrix for System Processes p , q Files f , g Rights r , w , x , a , o Rights are merely symbols; interpretation depends on system Example: on UNIX, r means “read” for file and “list” for directory f g p q p rwo r rwxo w q a ro r rwxo Lecture 2, Slide 6 ECS 235B, Foundations of Information and Computer Security January 6, 2011

  7. Outline Modeling What is an access control matrix? Some examples Formal model Propagating rights What Next? Access Control Matrix for Program Procedures inc ctr , dec ctr , manage Variable counter Rights +, − , x , call counter inc ctr dec ctr manage + inc ctr dec ctr − manage call call call Lecture 2, Slide 7 ECS 235B, Foundations of Information and Computer Security January 6, 2011

  8. Outline Modeling What is an access control matrix? Some examples Formal model Propagating rights What Next? Boolean expressions for database control Access Control Matrix for Database Access control matrix shows allowed access to database fields Subjects have attributes Verbs define type of access Rules associated with objects, verb pair Subject attempts to access object Rule for object, verb evaluated Result controls granting, denying access Lecture 2, Slide 8 ECS 235B, Foundations of Information and Computer Security January 6, 2011

  9. Outline Modeling What is an access control matrix? Some examples Formal model Propagating rights What Next? Boolean expressions for database control Boolean Expressions and Access Subject annie : attributes role (artist), groups (creative) Verb paint : default 0 (deny unless explicitly granted) Object picture : Rule is paint : ‘artist’ in subject.role and ‘creative’ in subject.groups and time.hour ≥ 0 and time.hour < 5 Lecture 2, Slide 9 ECS 235B, Foundations of Information and Computer Security January 6, 2011

  10. Outline Modeling What is an access control matrix? Some examples Formal model Propagating rights What Next? Boolean expressions for database control Example: ACM at 3 a.m. and 10 a.m. At 3 a.m., time condition met; At 10 a.m., time condition not ACM is: met; ACM is Lecture 2, Slide 10 ECS 235B, Foundations of Information and Computer Security January 6, 2011

  11. Outline Modeling What is an access control matrix? Some examples Formal model Propagating rights What Next? History for program execution control Executing Downloaded Programs Downloaded programs may access system in unauthorized ways Example: Download Trojan horse that modifies configuration, control files Condition access rights upon the rights of previously executed code ( i.e. , history) Each piece of code has set of static rights Executing process has set of current rights When piece of code runs, its rights are set of current rights ∩ set of static rights Lecture 2, Slide 11 ECS 235B, Foundations of Information and Computer Security January 6, 2011

  12. Outline Modeling What is an access control matrix? Some examples Formal model Propagating rights What Next? History for program execution control Example Programs main runs, loads helper proc and runs it // This routine has no filesystem access rights // beyond those in a limited, temporary area procedure helper proc () return sys kernel file ; // But this has the right to delete files program main () sys load file ( helper proc ); file = helper proc (); sys delete file ( file ); sys kernel file is system kernel tmp file file in limited, temporary area helper proc can access Lecture 2, Slide 12 ECS 235B, Foundations of Information and Computer Security January 6, 2011

  13. Outline Modeling What is an access control matrix? Some examples Formal model Propagating rights What Next? History for program execution control Accesses Initial static rights: sys kernel file tmp file main delete delete delete helper proc Program starts; its rights are those of main : sys kernel file tmp file delete delete main helper proc delete delete delete process After helper proc called, process loses right to delete kernel: sys kernel file tmp file delete delete main helper proc delete delete process Lecture 2, Slide 13 ECS 235B, Foundations of Information and Computer Security January 6, 2011

  14. Outline Modeling What is an access control matrix? Some examples Formal model Propagating rights What Next? State Transitions Represent changes to the protection state of the system ⊢ represents transition X i ⊢ τ X i +1 : command τ moves system from state X i to state X i +1 X i ⊢ ∗ X i +1 : a sequence of commands moves system from state X i to state X i +1 Commands sometimes called transformation procedures Lecture 2, Slide 14 ECS 235B, Foundations of Information and Computer Security January 6, 2011

  15. Outline Modeling What is an access control matrix? Some examples Formal model Propagating rights What Next? Primitive operations Primitive Operations create subject s ; create object o Creates new row, column in ACM; creates new column in ACM destroy subject s ; destroy object o Deletes row, column from ACM; deletes column from ACM enter r into A [ s , o ] Adds r rights for subject s over object o delete r from A [ s , o ] Removes r rights from subject s over object o Lecture 2, Slide 15 ECS 235B, Foundations of Information and Computer Security January 6, 2011

  16. Outline Modeling What is an access control matrix? Some examples Formal model Propagating rights What Next? Primitive operations create subject Precondition: s / ∈ S Primitive command: create subject s Postconditions: S ′ = S ∪ { s } , O ′ = O ∪ { s } ( ∀ y ∈ O ′ )[ A ′ [ s , y ] = ∅ ], ( ∀ x ∈ S ′ )[ A ′ [ x , s ] = ∅ ] ( ∀ x ∈ S )( ∀ y ∈ O )[ A ′ [ x , y ] = A [ x , y ]] Lecture 2, Slide 16 ECS 235B, Foundations of Information and Computer Security January 6, 2011

  17. Outline Modeling What is an access control matrix? Some examples Formal model Propagating rights What Next? Primitive operations create object Precondition: o / ∈ O Primitive command: create object o Postconditions: S ′ = S , O ′ = O ∪ { o } ( ∀ x ∈ S ′ )[ A ′ [ x , o ] = ∅ ] ( ∀ x ∈ S )( ∀ y ∈ O )[ A ′ [ x , y ] = A [ x , y ]] Lecture 2, Slide 17 ECS 235B, Foundations of Information and Computer Security January 6, 2011

  18. Outline Modeling What is an access control matrix? Some examples Formal model Propagating rights What Next? Primitive operations enter Precondition: s ∈ S , o ∈ O Primitive command: enter r into A [ s , o ] Postconditions: S ′ = S , O ′ = O A ′ [ s , o ] = A [ s , o ] ∪ { r } ( ∀ x ∈ S )( ∀ y ∈ O ′ − { o } )[ A ′ [ x , y ] = A [ x , y ]] ( ∀ x ∈ S − { s } )( ∀ y ∈ O ′ )[ A ′ [ x , y ] = A [ x , y ]] Lecture 2, Slide 18 ECS 235B, Foundations of Information and Computer Security January 6, 2011

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

April 3: Access Control Matrix Overview Access Control Matrix Model Boolean Expression

April 3: Access Control Matrix Overview Access Control Matrix Model Boolean Expression

April 3: Access Control Matrix Overview Access Control Matrix Model Boolean Expression Evaluation History April 3, 2017 ECS 235B Spring Quarter 2017 Slide #1 Overview Protection state of system Describes current settings,

310 views • 13 slides
Lecture #1 Course overview Basics of security Access control matrix Primitive

Lecture #1 Course overview Basics of security Access control matrix Primitive

Lecture #1 Course overview Basics of security Access control matrix Primitive operations and commands Miscellaneous points January 12, 2009 ECS 235B Winter Quarter 2009 Slide #1-1 Matt Bishop, UC Davis Course Overview:

560 views • 18 slides
Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions Protection objects : system resources for which protection is

576 views • 21 slides
Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of Access Control Discretionary acces control Mandatory access control Real systems: Unix Access Control Model Access control Access

817 views • 47 slides
I f Information Security ti S it CS 526 Lecture 20 UMIP &amp; IFEDAC CS526 Spring 2009/Lecture

I f Information Security ti S it CS 526 Lecture 20 UMIP &amp; IFEDAC CS526 Spring 2009/Lecture

I f Information Security ti S it CS 526 Lecture 20 UMIP &amp; IFEDAC CS526 Spring 2009/Lecture 20 1 Access Control Check Access Control Check Given an access request, return an access control decision based on the policy allow / deny

517 views • 40 slides
Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control? How Is Access Determined? Who Determines Access? Forms of Access Control SELinux Booleans iptables File Access Control Lists Apache Access Control

711 views • 36 slides
Lecture 5: Media Access Control CSE 123: Computer Networks Chris Kanich Quiz 1 today Lecture 5

Lecture 5: Media Access Control CSE 123: Computer Networks Chris Kanich Quiz 1 today Lecture 5

Lecture 5: Media Access Control CSE 123: Computer Networks Chris Kanich Quiz 1 today Lecture 5 Overview Methods to share physical media: multiple access Fixed partitioning Random access Channelizing mechanisms

264 views • 8 slides
1 General Access Control General Access Control Control of access to memory relatively easy:

1 General Access Control General Access Control Control of access to memory relatively easy:

Role of Access Control Before closing back doors we need to close front doors Access control: determines access to files &amp; processes in OS Fall 2008 We will return to these themes throughout the course Fall 2008 CS

512 views • 6 slides
SYSTEM DIAGRAMS Door Entry &amp; Access Control ACCESS CONTROL ACCESS CONTROL Allowing

SYSTEM DIAGRAMS Door Entry &amp; Access Control ACCESS CONTROL ACCESS CONTROL Allowing

SYSTEM DIAGRAMS Door Entry &amp; Access Control ACCESS CONTROL ACCESS CONTROL Allowing residents / staff access to site areas Main entrance Vehicle entrances Pedestrian entrances Gate / Barrier entrance Bin / Bike / Refuge

336 views • 14 slides
CSE 543 - Computer Security Lecture 14 - Access Control October 11, 2007 URL:

CSE 543 - Computer Security Lecture 14 - Access Control October 11, 2007 URL:

CSE 543 - Computer Security Lecture 14 - Access Control October 11, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Access Control System Protection Domain

663 views • 25 slides
Access Control Matrix Model January 14, 2014 Slide 1 ECS 235B, Foundations of Information and

Access Control Matrix Model January 14, 2014 Slide 1 ECS 235B, Foundations of Information and

Outline Modeling What is an ACM? Some examples Formal model Propagating rights What Next? Decidability of security Access Control Matrix Model January 14, 2014 Slide 1 ECS 235B, Foundations of Information and Computer Security January

921 views • 43 slides
Access Control Matrix and Safety Results CS461/ECE422 Computer Security I, Fall 2009 Based on

Access Control Matrix and Safety Results CS461/ECE422 Computer Security I, Fall 2009 Based on

Access Control Matrix and Safety Results CS461/ECE422 Computer Security I, Fall 2009 Based on slides provided by Matt Bishop for use with Computer Security: Art and Science Slide #2-1 Plus HRU examples from Ravi Sandhu Reading Chapter 2

564 views • 32 slides
Overview Basic Principles Access Control Methodologies Controls Access Control Designs

Overview Basic Principles Access Control Methodologies Controls Access Control Designs

Overview Basic Principles Access Control Methodologies Controls Access Control Designs Access Control Administration Accountability Chapter 2 Access Control Models Identification and Authentication Methods Lecturer:

708 views • 9 slides
Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control

Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control

Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control Introduction to Computer Security Access control, contd Announcements intermission Stephen McCamant Capability-based access control University

380 views • 7 slides
Module 18: Protection Goals of Protection Domain of Protection Access Matrix

Module 18: Protection Goals of Protection Domain of Protection Access Matrix

Module 18: Protection Goals of Protection Domain of Protection Access Matrix Implementation of Access Matrix Revocation of Access Rights Capability-Based Systems Language-Based Protection Silberschatz, Galvin, and Gagne

314 views • 16 slides
Module 18: Protection Goals of Protection Domain of Protection Access Matrix

Module 18: Protection Goals of Protection Domain of Protection Access Matrix

Module 18: Protection Goals of Protection Domain of Protection Access Matrix Implementation of Access Matrix Revocation of Access Rights Capability-Based Systems Language-Based Protection Operating System Concepts 18.1

355 views • 19 slides
CMPE 646: VLSI Design Verification and Test Course: CMPE 646: VLSI Design Verification and Test,

CMPE 646: VLSI Design Verification and Test Course: CMPE 646: VLSI Design Verification and Test,

CMPE 646: VLSI Design Verification and Test Course: CMPE 646: VLSI Design Verification and Test, Fall 2006. 3 credits. Course Instructor: Dr. Jim Plusquellic, Professor of Computer Science &amp; Electrical Engineering Office: ECS 212,

760 views • 3 slides
Update on TopHat &amp; measurement system interconnection Jordan Aug e , Timur Friedman, Thomas

Update on TopHat &amp; measurement system interconnection Jordan Aug e , Timur Friedman, Thomas

The internet of measurements The OneLab context Update on TopHat &amp; measurement system interconnection Jordan Aug e , Timur Friedman, Thomas Bourgeau (UPMC) ISMA2011 - 3rd AIMS workshop February 9-11, San Diego, CA OneLab

657 views • 32 slides
Behavioral Programming: A Broader and More Detailed Take on Semantic GP Krzysztof Krawiec 1

Behavioral Programming: A Broader and More Detailed Take on Semantic GP Krzysztof Krawiec 1

Behavioral Programming: A Broader and More Detailed Take on Semantic GP Krzysztof Krawiec 1 Una-May OReilly 2 1 Institute of Computing Science Poznan University of Technology, Poland 2 CSAIL, Massachusetts Institute of Technology, Cambridge, MA

310 views • 14 slides
Tuning numerical parameters of algorithms: sampling and stochasticity handling Z. Yuan, T. St

Tuning numerical parameters of algorithms: sampling and stochasticity handling Z. Yuan, T. St

Tuning numerical parameters of algorithms: sampling and stochasticity handling Z. Yuan, T. St utzle, M. Birattari, M. Montes de Oca IRIDIA, CoDE, Universit e Libre de Bruxelles Brussels, Belgium zyuan@ulb.ac.be iridia.ulb.ac.be/~zyuan

810 views • 50 slides
Lecture 5 Standard Input and Output 3. HardwareandSoftw are 4. HighLevel Languages 5.

Lecture 5 Standard Input and Output 3. HardwareandSoftw are 4. HighLevel Languages 5.

1. Introduction 2. BinaryRepresentation Lecture 5 Standard Input and Output 3. HardwareandSoftw are 4. HighLevel Languages 5. Standard inputand output Many programs have the form: 6. Operators, expression and statem ents 7. M

584 views • 3 slides
Security models Bj orn Victor Security models p.1/14 Harrison-Ruzzo-Ullman (HRU)

Security models Bj orn Victor Security models p.1/14 Harrison-Ruzzo-Ullman (HRU)

Information Technology Security models Bj orn Victor Security models p.1/14 Harrison-Ruzzo-Ullman (HRU) Information Technology Subjects S , objects O , access matrix M , access rights A : enforcement: read, write, execute, append,. .

371 views • 14 slides
Orthogonal matrices, change of basis, rank Math Tools for Neuroscience (NEU 314) Spring 2016

Orthogonal matrices, change of basis, rank Math Tools for Neuroscience (NEU 314) Spring 2016

Orthogonal matrices, change of basis, rank Math Tools for Neuroscience (NEU 314) Spring 2016 Jonathan Pillow Princeton Neuroscience Institute &amp; Psychology. Lecture 6 (Thursday 2/18) accompanying notes/slides todays topics

307 views • 13 slides
Linear Algebra Review (with a Small Dose of Optimization) Hristo Paskov CS246 Outline Basic

Linear Algebra Review (with a Small Dose of Optimization) Hristo Paskov CS246 Outline Basic

Linear Algebra Review (with a Small Dose of Optimization) Hristo Paskov CS246 Outline Basic definitions Subspaces and Dimensionality Matrix functions: inverses and eigenvalue decompositions Convex optimization Vectors and

408 views • 39 slides

More recommend