Presentation is loading. Please wait.

Presentation is loading. Please wait.

Slide #2-1 Chapter 2: Access Control Matrix Overview Access Control Matrix Model Protection State Transitions –Commands –Conditional Commands.

Published byGeraldine Willis Modified over 8 years ago

Similar presentations

Presentation on theme: "Slide #2-1 Chapter 2: Access Control Matrix Overview Access Control Matrix Model Protection State Transitions –Commands –Conditional Commands."— Presentation transcript:

1 Slide #2-1 Chapter 2: Access Control Matrix Overview Access Control Matrix Model Protection State Transitions –Commands –Conditional Commands

2 Slide #2-2 Overview Protection state of system –The state of a system is the collection of the current values of all memory locations, secondary storage, registers, and other components of the system Access control matrix –Describes protection state precisely –Matrix describing rights of subjects –State transitions change elements of matrix

3 Slide #2-3 Description objects (entities) subjects s1s2…sns1s2…sn o 1 … o m s 1 … s n Subjects S = { s 1,…,s n } Objects O = { o 1,…,o m } Rights R = { r 1,…,r k } Entries A[s i, o j ]   R A[s i, o j ] = { r x, …, r y } means subject s i has rights r x, …, r y over object o j

4 Slide #2-4 Example 1 Processes p, q Files f, g Rights r, w, x, a, o fgpq prworrwxow qarorrwxo

5 Slide #2-5 Example 2 Procedures inc_ctr, dec_ctr, manage Variable counter Rights +, –, call counterinc_ctrdec_ctrmanage inc_ctr + dec_ctr – manage callcall call

6 Slide #2-6 State Transitions Change the protection state of system |– represents transition –X i |–  X i+1 : command  moves system from state X i to X i+1 –X i |– * X i+1 : a sequence of commands moves system from state X i to X i+1 Commands often called transformation procedures

7 Slide #2-7 Primitive Operations (HRU model) create subject s; create object o –Creates new row, column in ACM; creates new column in ACM destroy subject s; destroy object o –Deletes row, column from ACM; deletes column from ACM enter r into A[s, o] –Adds r rights for subject s over object o delete r from A[s, o] –Removes r rights from subject s over object o

8 Slide #2-8 Creating File Process p creates file f with r and w permission command createfile(p,f) create object f; enter own into A[p,f]; enter r into A[p,f]; enter w into A[p,f]; end

9 Slide #2-9 Mono-Operational Commands Make process p the owner of file g command makeowner(p,g) enter own into A[p,g]; end Mono-operational command –Single primitive operation in this command

10 Slide #2-10 Conditional Commands Let p give q r rights over f, if p owns f command grantreadfile1(p,f,q) if own in A[p,f] then enter r into A[q,f]; end Mono-conditional command –Single condition in this command

11 Slide #2-11 Multiple Conditions Let p give q w rights over f, if p owns f and p has c rights over q command grantwritefile2(p,f,q) if own in A[p,f] and c in A[p,q] then enter w into A[q,f]; end

12 Slide #2-12 Key Points Access control matrix simplest abstraction mechanism for representing protection state Transitions alter protection state 6 primitive operations alter matrix –Transitions can be expressed as commands composed of these operations and, possibly, conditions

13 Slide # 2-13 Postcript In our model a computer system is represented by a family of states: the set of all reachable states must be a subset of the set of secure states, if the system is to be secure.

14 Slide # 2-14 Security – Leaking rights Let R be the set of generic (primitive) rights of the system, r e R and let A be the ACM. Definitions 1.If r  R is added to an element of A not already containing r, then r is said to be leaked. 2.Let s 0 be the initial protection state. a. If a system can never leak the right r  R then the system is safe with respect to r. b. If a system can leak r  R then the system is called unsafe with respect to r.

15 Slide # 2-15 Safe vs secure We use the term safe to refer to the (abstract) model. Secure is used when referring to implementations. So a secure implementations must be modeled on a safe system.

16 Slide # 2-16 Foundation theorems The model we have discussed is called the Harrison- Ruzzo-Ruzzo (HRU) model. Safety question Does there exist an algorithm for determining whether a given protection system (with initial state s 0 ) is safe with respect to a generic right r ?

17 Slide # 2-17 Theorem 1 There exists an algorithm that will determine whether a given mono-operational protection system with initial protection state s 0 is safe with respect to a generic right. Proof: A mono-operational command invokes a single primitive operation.

18 Slide # 2-18 Theorem 2 It is undecidable whether a given state of a given protection system is safe wrt a generic right. Proof –next Chapter.

Download ppt "Slide #2-1 Chapter 2: Access Control Matrix Overview Access Control Matrix Model Protection State Transitions –Commands –Conditional Commands."

Similar presentations

Recognising Languages We will tackle the problem of defining languages by considering how we could recognise them. Problem: Is there a method of recognising.

Recognising Languages We will tackle the problem of defining languages by considering how we could recognise them. Problem: Is there a method of recognising.
1 1 -Access Control - 2 - Foundational Results. 2 2 Preliminaries Undecidability The Halting Problem The Turing Machine.

1 1 -Access Control Foundational Results. 2 2 Preliminaries Undecidability The Halting Problem The Turing Machine.
1 Access Control Matrix CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 9, 2004.

1 Access Control Matrix CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 9, 2004.
6/12/2015 9:14 PM Lecture 2: Access Control James Hook CS 591: Introduction to Computer Security.

6/12/2015 9:14 PM Lecture 2: Access Control James Hook CS 591: Introduction to Computer Security.
April 6, 2004ECS 235Slide #1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe Defaults –Economy of Mechanism –Complete Mediation.

April 6, 2004ECS 235Slide #1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe Defaults –Economy of Mechanism –Complete Mediation.
Reasons for Protection n Prevent users from accessing information they shouldn’t have access to. n Ensure that each program component uses system resources.

Reasons for Protection n Prevent users from accessing information they shouldn’t have access to. n Ensure that each program component uses system resources.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #3-1 Chapter 3: Foundational Results Overview Harrison-Ruzzo-Ullman result –Corollaries.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #3-1 Chapter 3: Foundational Results Overview Harrison-Ruzzo-Ullman result –Corollaries.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
590J Lecture 21: Access Control (contd). Review ● Recall: – Protection system is a description of conditions under which a system is secure – P is the.

590J Lecture 21: Access Control (contd). Review ● Recall: – Protection system is a description of conditions under which a system is secure – P is the.
CMSC 414 Computer (and Network) Security Lecture 10 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 10 Jonathan Katz.
1 Access Control Matrix CSSE 442 Computer Security Larry Merkle, Rose-Hulman Institute March 16, 2007.

1 Access Control Matrix CSSE 442 Computer Security Larry Merkle, Rose-Hulman Institute March 16, 2007.
Dr. Kalpakis CMSC 621, Advanced Operating Systems. Fall 2003 URL: Security & Protection.

Dr. Kalpakis CMSC 621, Advanced Operating Systems. Fall 2003 URL: Security & Protection.
Dr. Kalpakis CMSC 621, Advanced Operating Systems. Security & Protection.

Dr. Kalpakis CMSC 621, Advanced Operating Systems. Security & Protection.
1 September 14, 2006 Lecture 3 IS 2150 / TEL 2810 Introduction to Security.

1 September 14, 2006 Lecture 3 IS 2150 / TEL 2810 Introduction to Security.
CH14 – Protection / Security. Basics Potential Violations – Unauthorized release, modification, DoS External vs Internal Security Policy vs Mechanism.

CH14 – Protection / Security. Basics Potential Violations – Unauthorized release, modification, DoS External vs Internal Security Policy vs Mechanism.
Csci5233 computer security & integrity 1 Access Control Matrix.

Csci5233 computer security & integrity 1 Access Control Matrix.
IS-2150/TEL-2810: Introduction of Computer Security1 September 7, 2005 Introduction to Computer Security Access Control Matrix Take-grant model.

IS-2150/TEL-2810: Introduction of Computer Security1 September 7, 2005 Introduction to Computer Security Access Control Matrix Take-grant model.
ECE509 Cyber Security : Concept, Theory, and Practice Access Control Matrix Spring 2014.

ECE509 Cyber Security : Concept, Theory, and Practice Access Control Matrix Spring 2014.
Chapter 2: Access Control Matrix

Chapter 2: Access Control Matrix

Similar presentations

Ads by Google