1. 1 Access Control Matrix CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 9, 2004

2. 2 Acknowledgements Many of these slides came from Matt Bishop, author of Computer Security: Art and Science

3. 3 Chapter 2: Access Control Matrix Overview Access Control Matrix Model Special Rights Principle of Attenuation of Privilege

4. 4 Overview Protection state of system Describes current settings, values of system relevant to protection Access control matrix Describes protection state precisely Matrix describing rights of subjects (processes and users) State transitions change elements of matrix

5. 5 Description objects (entities) subjects s1s2…sns1s2…sn o 1 … o m s 1 … s n Subjects S = { s 1,…,s n } Objects O = { o 1,…,o m } Rights R = { r 1,…,r k } Entries A[s i, o j ]   R A[s i, o j ] = { r x, …, r y } means subject s i has rights r x, …, r y over object o j

6. 6 Rights Unix r = read w = write x = execute AFS r = read l = list i = insert d = delete w = write k = lock a = administer

7. 7 Example Processes p, q Files f, g Rights r, w, x, a(ppend), o(wn) fgpq prworrwxow qarorrwxo

8. 8 Copy Right Allows possessor to give rights to another Often attached to a right, so only applies to that right r is read right that cannot be copied rc is read right that can be copied Is copy flag copied when giving r rights? Depends on model, instantiation of model

9. 9 Own Right Usually allows possessor to change entries in ACM column So owner of object can add, delete rights for others May depend on what system allows Can’t give rights to specific (set of) users Can’t pass copy flag to specific (set of) users

10. 10 Attenuation of Privilege Principle says you can’t give rights you do not possess Restricts addition of rights within a system Usually ignored for owner Why?