Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Security Access Control Mechanisms

Published byTheodor Eskil Nilsen Modified over 5 years ago

Similar presentations

Presentation on theme: "Computer Security Access Control Mechanisms"— Presentation transcript:

1 Computer Security Access Control Mechanisms
7/23/2019

2 States of a Computer System
The state of a system is the collection of current values of all components of the system: memory locations, secondary storage, registers etc. Protection states are those states that have to be protected. .P = set of all protection states of the system .Q = set of all authorized protection states The system is not secure if the current state is in P -Q A security policy characterizes the states in Q A security mechanism prevents the system entering a state in P -Q 7/23/2019

3 Access Control Matrix Model
This is used to describe the protection states. It characterizes the rights of each subject of the system (entity/process) regarding the objects of the system (entities/processes) in terms of a matrix. 7/23/2019

4 Butler-Lampson Model This describes the rights of users s (subjects) over files o (objects) by a matrix A whose rows are indexed by the subjects and whose columns are indexed by the objects. The rights belong to a set R. Each entry a[s,o] of matrix A is a subset of the set R, and is the set of rights of user s over file o. 7/23/2019

5 Butler-Lampson Model The set of protection states P of a system is represented by a set of triples in (S,O,A), where S is the set of users, O the set of files and A the Access Control Matrix. The set of rights R (the entries in A) depends on the application. 7/23/2019

6 Examples of ACMs Here R = { read, wright, own, append, execute }
file file process process 2 process read, write read read, write, write own execute, own process append read, own read read, write execute, own Here R = { read, wright, own, append, execute } process 1 can read/write file 1, read file 2, communicate with process 2 by writing to it, etc. 7/23/2019

7 Examples: rights on a LAN
host names telegraph nob toadflex telegraph own ftp ftp nob ftp,nfs,mail,own ftp,nfs,mail toadflex ftp,mail ftp,nfs,mail,own Here R = { ftp, mail, nfs, own }, where ftp = the right to access the File Transfer Protocol mail = the right to send/receive using the Simple Mail Transfer Protocol (SMTP) nfs = the right to access file systems using the Network File System protocol 7/23/2019

8 Examples: rights in a program to synchronize events
host names counter inc_ctr dec_ctr manager inc_ctr dec_ctr manager call call call Here R = { +, -, call } (+,- represent the ability to add or subtract and call is the ability to invoke a procedure) inc_ctr increases a counter and dec_ctr decreases it manager calls the functions inc_ctr and dec_ctr 7/23/2019

9 Other examples Access Control by Boolean expression evaluation
Access Control by History See textbook 7/23/2019

10 Protection State Transitions
Initial state of the system: X0 = (S0,O0,A0 ) Transitions: t1, t2, … Corresponding states: X1, X2, … We use the notation: Xi ├─ ti+1 Xi+1 to indicate the state transition ti+1 moves the system from Xi to Xi+1 X ├─* Y indicates that starting at X, after a series of transitions the system enters state Y. 7/23/2019

11 Protection State Transitions
Xi ├─ ci+1 (pi+1,1 ,…, pi+1,m) Xi+1 indicates that the transition is caused by the command ci+1 with parameters pi+1,1 ,…, pi+1,m . 7/23/2019

12 The Harrison-Ruzzo-Ullman Model
This is based on a set of primitive commands. create subject s [precondition: sS postcondition: S’ = S  { s }, O’ = O, no rights are assigned to s, all other rights are not affected ] create object o [precondition: oO postcondition: S’= S, O’ = O  { o }, no rights are assigned to o all other rights are not affected ] 7/23/2019

13 The Harrison-Ruzzo-Ullman Model
Enter right r into a[s,o] [precondition: sS, oO postcondition: S’ = S, O’ = O, a’ [s,o] = a [s.o]  { r }, no other rights are affected ] Delete right r from a[s,o] postcondition: S’ = S, O’ = O, a’ [s,o] = a [s.o] - { r }, no other rights are affected ] 7/23/2019

14 The Harrison-Ruzzo-Ullman Model
destroy subject s [precondition: sS postcondition: S’ = S - { s }, O’= O, a’ [s,o]=  for all oO, no other rights are affected ] destroy object o [precondition: oO postcondition: S’ = S, O’ = O - { o }, a’ [s,o] =  for all sS, no other rights are affected ] 7/23/2019

15 The Harrison-Ruzzo-Ullman Model
Example command create • file (p,f) create object f ; enter right own into a [p,f] ; enter right r into a [p,f] ; enter right w into a [p,f] ; end 7/23/2019

16 The Harrison-Ruzzo-Ullman Model
Example –conditional commands Suppose process p wants to give process q the right to read file f command grant•read•file1•(p,f,q) if own in a [p,f] then enter r into a [q,f] ; end 7/23/2019

17 The Harrison-Ruzzo-Ullman Model
Example –conditional commands using and Suppose process p wants to give process q the right to read file f command grant•read•file2•(p,f,q) if r in a [p,f] and c in a [p,f] then enter r into a [q,f] ; end See textbook for other examples. 7/23/2019

18 Copying and owning Rights
copy right (grant right) – augments existing rights own right The copy right allows its possessor to grant rights (this right is often considered a flag attachment –hence flag right) The own right allows its possessor to add or delete privileges to themselves. 7/23/2019

19 Copying Example Suppose process p has right r over object f , and let c be a copy right. The following command allows p to copy r over f to another process q only if p has copy right over f . command grant•r(p,f,q) if r in a [p,f] and c in a [p,f] then enter r into a [q,f] ; end 7/23/2019

20 Attenuation of privilege
The Principle of Attenuation of Privilege says that a subject may not give rights it does not possess to another subject. 7/23/2019

Download ppt "Computer Security Access Control Mechanisms"

Similar presentations

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
8.2 Discretionary Access Control Models Weiling Li.

8.2 Discretionary Access Control Models Weiling Li.
1 Access Control Matrix CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 9, 2004.

1 Access Control Matrix CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 9, 2004.
Authentication James Walden Northern Kentucky University.

Authentication James Walden Northern Kentucky University.
Protection. Goals of Protection Operating system consists of a collection of objects, hardware or software Each object has a unique name and can be accessed.

Protection. Goals of Protection Operating system consists of a collection of objects, hardware or software Each object has a unique name and can be accessed.
Bilkent University Department of Computer Engineering

Bilkent University Department of Computer Engineering
April 6, 2004ECS 235Slide #1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe Defaults –Economy of Mechanism –Complete Mediation.

April 6, 2004ECS 235Slide #1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe Defaults –Economy of Mechanism –Complete Mediation.
Reasons for Protection n Prevent users from accessing information they shouldn’t have access to. n Ensure that each program component uses system resources.

Reasons for Protection n Prevent users from accessing information they shouldn’t have access to. n Ensure that each program component uses system resources.
19: Protection1 PROTECTION Protection is the mechanism for controlling access to computer resources. Security concerns the physical integrity of the system.

19: Protection1 PROTECTION Protection is the mechanism for controlling access to computer resources. Security concerns the physical integrity of the system.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
590J Lecture 21: Access Control (contd). Review ● Recall: – Protection system is a description of conditions under which a system is secure – P is the.

590J Lecture 21: Access Control (contd). Review ● Recall: – Protection system is a description of conditions under which a system is secure – P is the.
Chapter 14: Protection.

Chapter 14: Protection.
CMSC 414 Computer (and Network) Security Lecture 10 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 10 Jonathan Katz.
1 Access Control Matrix CSSE 442 Computer Security Larry Merkle, Rose-Hulman Institute March 16, 2007.

1 Access Control Matrix CSSE 442 Computer Security Larry Merkle, Rose-Hulman Institute March 16, 2007.
CS-550 (M.Soneru): Protection and Security - 2 [SaS] 1 Protection and Security - 2.

CS-550 (M.Soneru): Protection and Security - 2 [SaS] 1 Protection and Security - 2.
1 September 14, 2006 Lecture 3 IS 2150 / TEL 2810 Introduction to Security.

1 September 14, 2006 Lecture 3 IS 2150 / TEL 2810 Introduction to Security.
Protection.

Protection.
Csci5233 computer security & integrity 1 Access Control Matrix.

Csci5233 computer security & integrity 1 Access Control Matrix.

Similar presentations

Ads by Google