Presentation is loading. Please wait.

Presentation is loading. Please wait.

Outline Motivation Access Control Matrix Model

Published bySonny Hendri Tanuwidjaja Modified over 5 years ago

Similar presentations

Presentation on theme: "Outline Motivation Access Control Matrix Model"— Presentation transcript:

1 Outline Motivation Access Control Matrix Model
Protection State Transitions HRU Model Commands Conditional Commands Basic Safety results

2 Definitions Protection state of system Access control matrix
Describes current settings, values of system relevant to protection Access control matrix Describes protection state precisely Matrix describing rights of subjects State transitions change elements of matrix

3 Description objects (entities) Subjects S = { s1,…,sn }
Objects O = { o1,…,om } Rights R = { r1,…,rk } Entries A[si, oj] R A[si, oj] = { rx, …, ry } means subject si has rights rx, …, ry over object oj objects (entities) subjects s1 s2 sn o1 … om s1 … sn

4 Example 1 Processes p, q Files f, g Rights r, w, x, a, o

5 Example 2 Procedures inc_ctr, dec_ctr, manage Variable counter
Rights +, –, call counter inc_ctr dec_ctr manage inc_ctr + dec_ctr – manage call call call

6 Boolean Expression Evaluation
ACM controls access to database fields Subjects have attributes Verbs define type of access Rules associated with objects, verb pair Subject attempts to access object Rule for object, verb evaluated, grants or denies access

7 Example Subject annie Verb paint Object picture
Attributes role (artist), groups (creative) Verb paint Default 0 (deny unless explicitly granted) Object picture Rule: paint: ‘artist’ in subject.role and ‘creative’ in subject.groups and time.hour ≥ 0 and time.hour < 5

8 ACM at 3AM and 10AM At 3AM, time condition met; ACM is:
not met; ACM is: … picture … … picture … … annie … paint … annie …

9 History Database: Queries: 1.sum(salary, “position=teacher”) = 140,000
2.count(“age < 40 & position = teacher”) = 1 3.sum(salary, “age >= 40 & position = teacher”) should not answer this. Overlap = 2

10 State Transitions Change the protection state of system
|– represents transition Xi |–  Xi+1: command  moves system from state Xi to Xi+1 Xi |– * Xi+1: a sequence of commands moves system from state Xi to Xi+1 Commands often called transformation procedures

11 Example Transitions

12 Example Composite Transition

13 HRU Model Harrison, Ruzzo, and Ullman proved key safety results in 1976 Talked about systems With initial protection state expressed in ACM State transition commands built from a set of primitive operations Applied conditionally.

14 Creating File Process p creates file f with r and w permission
command create•file(p, f) create object f; enter own into A[p, f]; enter r into A[p, f]; enter w into A[p, f]; end

15 Confer Right Example of a mono-conditional command
Also, mono-operational command command confer_r(owner, friend,f) if own in A[owner, f] then enter r into A[friend,f] end

16 Remove Right Example using multiple conditions
command remove_r(owner,exfriend, f) if own in A[owner, f] and r in A[exfriend, f] then delete r from A[exfriend, f] end

17 Copy Right Allows possessor to give rights to another
Often attached to a right, so only applies to that right r is read right that cannot be copied rc is read right that can be copied Is copy flag copied when giving r rights? Depends on model, instantiation of model

18 Attenuation of Privilege
Principle says you can’t give rights you do not possess Restricts addition of rights within a system Usually ignored for owner Why? Owner gives herself rights, gives them to others, deletes her rights.

19 The Safety Problem Given
initial state protection scheme (HRU commands) Can r appear in a cell that exists in the initial state and does not contain r in the initial state? More specific question might be: can r appear in a specific cell A[s,o] Safety with respect to r

20 Safety of a Specific Access Control System
Is it decidable? Is it computationally feasible? Safety is undecidable in the general HRU model Maps to the Halting problem

21 Safety Results Constraints on HRU help some
Safety for mono-operational systems is decidable but NP-Complete Mono-conditional monotonic HRU is decidable but not interesting Other systems proposed with better results Take-Grant model – decidable in linear time Still an active research area Comparing expressiveness with safety

22 Key Points Access control matrix simplest abstraction mechanism for representing protection state Transitions alter protection state 6 primitive operations alter matrix Transitions can be expressed as commands composed of these operations and, possibly, conditions Early safety proofs build on this HRU model

Download ppt "Outline Motivation Access Control Matrix Model"

Similar presentations

© 2004 Ravi Sandhu www.list.gmu.edu The Safety Problem in Access Control HRU Model Ravi Sandhu Laboratory for Information Security Technology George Mason.

© 2004 Ravi Sandhu The Safety Problem in Access Control HRU Model Ravi Sandhu Laboratory for Information Security Technology George Mason.
© Ravi Sandhu HRU and TAM Ravi Sandhu Laboratory for Information Security Technology George Mason University

© Ravi Sandhu HRU and TAM Ravi Sandhu Laboratory for Information Security Technology George Mason University
Access Control CS461/ECE422 Fall 2011. Reading Material Chapter 4 through section 4.5 Chapters 23 and 24 – For the access control aspects of Unix and.

Access Control CS461/ECE422 Fall Reading Material Chapter 4 through section 4.5 Chapters 23 and 24 – For the access control aspects of Unix and.
1 1 -Access Control - 2 - Foundational Results. 2 2 Preliminaries Undecidability The Halting Problem The Turing Machine.

1 1 -Access Control Foundational Results. 2 2 Preliminaries Undecidability The Halting Problem The Turing Machine.
Access Control Discretionary Access Control Lecture 4 1.

Access Control Discretionary Access Control Lecture 4 1.
1 Access Control Matrix CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 9, 2004.

1 Access Control Matrix CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 9, 2004.
Authentication James Walden Northern Kentucky University.

Authentication James Walden Northern Kentucky University.
Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.

Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.
April 6, 2004ECS 235Slide #1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe Defaults –Economy of Mechanism –Complete Mediation.

April 6, 2004ECS 235Slide #1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe Defaults –Economy of Mechanism –Complete Mediation.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #3-1 Chapter 3: Foundational Results Overview Harrison-Ruzzo-Ullman result –Corollaries.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #3-1 Chapter 3: Foundational Results Overview Harrison-Ruzzo-Ullman result –Corollaries.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
590J Lecture 21: Access Control (contd). Review ● Recall: – Protection system is a description of conditions under which a system is secure – P is the.

590J Lecture 21: Access Control (contd). Review ● Recall: – Protection system is a description of conditions under which a system is secure – P is the.
CMSC 414 Computer (and Network) Security Lecture 10 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 10 Jonathan Katz.
1 Access Control Matrix CSSE 442 Computer Security Larry Merkle, Rose-Hulman Institute March 16, 2007.

1 Access Control Matrix CSSE 442 Computer Security Larry Merkle, Rose-Hulman Institute March 16, 2007.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
CS-550 (M.Soneru): Protection and Security - 2 [SaS] 1 Protection and Security - 2.

CS-550 (M.Soneru): Protection and Security - 2 [SaS] 1 Protection and Security - 2.
LESSON 17 PREPARED BY MANJU. database A database is a collection of related information Access is the Microsoft Office database program that enables you.

LESSON 17 PREPARED BY MANJU. database A database is a collection of related information Access is the Microsoft Office database program that enables you.
1 September 14, 2006 Lecture 3 IS 2150 / TEL 2810 Introduction to Security.

1 September 14, 2006 Lecture 3 IS 2150 / TEL 2810 Introduction to Security.
Csci5233 computer security & integrity 1 Access Control Matrix.

Csci5233 computer security & integrity 1 Access Control Matrix.
IS-2150/TEL-2810: Introduction of Computer Security1 September 7, 2005 Introduction to Computer Security Access Control Matrix Take-grant model.

IS-2150/TEL-2810: Introduction of Computer Security1 September 7, 2005 Introduction to Computer Security Access Control Matrix Take-grant model.

Similar presentations

Ads by Google