Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 2: Access Control Matrix

Published byUtami Iskandar Modified over 5 years ago

Similar presentations

Presentation on theme: "Chapter 2: Access Control Matrix"— Presentation transcript:

1 Chapter 2: Access Control Matrix
Overview Access Control Matrix Model Protection State Transitions Commands Conditional Commands November 1, 2004 Introduction to Computer Security © 2004 Matt Bishop

2 Introduction to Computer Security
Overview Protection state of system Describes current settings, values of system relevant to protection Access control matrix Describes protection state precisely Matrix describing rights of subjects State transitions change elements of matrix November 1, 2004 Introduction to Computer Security © 2004 Matt Bishop

3 Introduction to Computer Security
Description Subjects S = { s1,…,sn } Objects O = { o1,…,om } Rights R = { r1,…,rk } Entries A[si, oj]  R A[si, oj] = { rx, …, ry } means subject si has rights rx, …, ry over object oj objects (entities) subjects s1 s2 sn o1 … om s1 … sn November 1, 2004 Introduction to Computer Security © 2004 Matt Bishop

4 Introduction to Computer Security
Example 1 Processes p, q Files f, g Rights r, w, x, a, o f g p q p rwo r rwxo w q a ro r rwxo November 1, 2004 Introduction to Computer Security © 2004 Matt Bishop

5 Introduction to Computer Security
Example 2 Procedures inc_ctr, dec_ctr, manage Variable counter Rights +, –, call counter inc_ctr dec_ctr manage inc_ctr + dec_ctr – manage call call call November 1, 2004 Introduction to Computer Security © 2004 Matt Bishop

6 Introduction to Computer Security
State Transitions Change the protection state of system |– represents transition Xi |–  Xi+1: command  moves system from state Xi to Xi+1 Xi |– * Xi+1: a sequence of commands moves system from state Xi to Xi+1 Commands often called transformation procedures November 1, 2004 Introduction to Computer Security © 2004 Matt Bishop

7 Introduction to Computer Security
Primitive Operations create subject s; create object o Creates new row, column in ACM; creates new column in ACM destroy subject s; destroy object o Deletes row, column from ACM; deletes column from ACM enter r into A[s, o] Adds r rights for subject s over object o delete r from A[s, o] Removes r rights from subject s over object o November 1, 2004 Introduction to Computer Security © 2004 Matt Bishop

8 Introduction to Computer Security
Creating File Process p creates file f with r and w permission command create•file(p, f) create object f; enter own into A[p, f]; enter r into A[p, f]; enter w into A[p, f]; end November 1, 2004 Introduction to Computer Security © 2004 Matt Bishop

9 Mono-Operational Commands
Make process p the owner of file g command make•owner(p, g) enter own into A[p, g]; end Mono-operational command Single primitive operation in this command November 1, 2004 Introduction to Computer Security © 2004 Matt Bishop

10 Introduction to Computer Security
Conditional Commands Let p give q r rights over f, if p owns f command grant•read•file•1(p, f, q) if own in A[p, f] then enter r into A[q, f]; end Mono-conditional command Single condition in this command November 1, 2004 Introduction to Computer Security © 2004 Matt Bishop

11 Introduction to Computer Security
Multiple Conditions Let p give q r and w rights over f, if p owns f and p has c rights over q command grant•read•file•2(p, f, q) if own in A[p, f] and c in A[p, q] then enter r into A[q, f]; enter w into A[q, f]; end November 1, 2004 Introduction to Computer Security © 2004 Matt Bishop

12 Introduction to Computer Security
Key Points Access control matrix simplest abstraction mechanism for representing protection state Transitions alter protection state 6 primitive operations alter matrix Transitions can be expressed as commands composed of these operations and, possibly, conditions November 1, 2004 Introduction to Computer Security © 2004 Matt Bishop

Download ppt "Chapter 2: Access Control Matrix"

Similar presentations

1 1 -Access Control - 2 - Foundational Results. 2 2 Preliminaries Undecidability The Halting Problem The Turing Machine.

1 1 -Access Control Foundational Results. 2 2 Preliminaries Undecidability The Halting Problem The Turing Machine.
1 Access Control Matrix CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 9, 2004.

1 Access Control Matrix CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 9, 2004.
Authentication James Walden Northern Kentucky University.

Authentication James Walden Northern Kentucky University.
April 6, 2004ECS 235Slide #1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe Defaults –Economy of Mechanism –Complete Mediation.

April 6, 2004ECS 235Slide #1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe Defaults –Economy of Mechanism –Complete Mediation.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #3-1 Chapter 3: Foundational Results Overview Harrison-Ruzzo-Ullman result –Corollaries.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #3-1 Chapter 3: Foundational Results Overview Harrison-Ruzzo-Ullman result –Corollaries.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
590J Lecture 21: Access Control (contd). Review ● Recall: – Protection system is a description of conditions under which a system is secure – P is the.

590J Lecture 21: Access Control (contd). Review ● Recall: – Protection system is a description of conditions under which a system is secure – P is the.
CMSC 414 Computer (and Network) Security Lecture 10 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 10 Jonathan Katz.
1 Access Control Matrix CSSE 442 Computer Security Larry Merkle, Rose-Hulman Institute March 16, 2007.

1 Access Control Matrix CSSE 442 Computer Security Larry Merkle, Rose-Hulman Institute March 16, 2007.
LESSON 17 PREPARED BY MANJU. database A database is a collection of related information Access is the Microsoft Office database program that enables you.

LESSON 17 PREPARED BY MANJU. database A database is a collection of related information Access is the Microsoft Office database program that enables you.
1 September 14, 2006 Lecture 3 IS 2150 / TEL 2810 Introduction to Security.

1 September 14, 2006 Lecture 3 IS 2150 / TEL 2810 Introduction to Security.
Csci5233 computer security & integrity 1 Access Control Matrix.

Csci5233 computer security & integrity 1 Access Control Matrix.
IS-2150/TEL-2810: Introduction of Computer Security1 September 7, 2005 Introduction to Computer Security Access Control Matrix Take-grant model.

IS-2150/TEL-2810: Introduction of Computer Security1 September 7, 2005 Introduction to Computer Security Access Control Matrix Take-grant model.
ECE509 Cyber Security : Concept, Theory, and Practice Access Control Matrix Spring 2014.

ECE509 Cyber Security : Concept, Theory, and Practice Access Control Matrix Spring 2014.
Chapter 2: Access Control Matrix

Chapter 2: Access Control Matrix
ISA 562 1 Access Control ISA 562 Internet Security Theory & Practice.

ISA Access Control ISA 562 Internet Security Theory & Practice.
Slide #2-1 Chapter 2: Access Control Matrix Overview Access Control Matrix Model Protection State Transitions –Commands –Conditional Commands.

Slide #2-1 Chapter 2: Access Control Matrix Overview Access Control Matrix Model Protection State Transitions –Commands –Conditional Commands.
Slide #3-1 Chapter 3: Foundational Results Overview Harrison-Ruzzo-Ullman result –Corollaries.

Slide #3-1 Chapter 3: Foundational Results Overview Harrison-Ruzzo-Ullman result –Corollaries.
CE01000-3 Operating Systems Lecture 21 Operating Systems Protection with examples from Linux & Windows.

CE Operating Systems Lecture 21 Operating Systems Protection with examples from Linux & Windows.
Lesson 11-1 Matrix Basics and Augmented Matrices Objective: To learn to solve systems of linear equation using matrices.

Lesson 11-1 Matrix Basics and Augmented Matrices Objective: To learn to solve systems of linear equation using matrices.

Similar presentations

Ads by Google