DOC PREVIEW
Pitt IS 2150 - Access Control Matrix

This preview shows page 1-2-3-18-19-37-38-39 out of 39 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 39 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 39 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 39 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 39 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 39 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 39 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 39 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 39 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 39 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

September 7, 2005Protection SystemSlide 3Access Control Matrix ModelAccess Control MatrixSlide 6Boolean Expression EvaluationAccess Restriction FacilityAccess Controlled by HistorySlide 10Solution: Query Set Overlap Control (Dobkin, Jones & Lipton ’79)Slide 12State TransitionsPrimitive commands (HRU)Create SubjectCreate ObjectAdd RightDelete RightDestroy SubjectDestroy ObjectSystem commands using primitive operationsConditional CommandsAttenuation of privilegeFundamental questionsWhat is a secure system?Safety Problem: formallyDecidability Results (Harrison, Ruzzo, Ullman)Slide 28What is the implication?Take-Grant Protection ModelSlide 31Take-Grant Protection Model: SharingAny two subjects with tg-path of length 1 can share rightsSlide 34Other definitionsBridgeTheorem: Can_share(α,x,y,G0) (for subjects)What about objects? Initial, terminal spansTheorem: Can_share(α,x,y,G0)IS-2150/TEL-2810: Introduction of Computer Security 1September 7, 2005September 7, 2005Introduction to Introduction to Computer SecurityComputer SecurityAccess Control MatrixAccess Control MatrixTake-grant modelTake-grant modelIS-2150/TEL-2810: Introduction of Computer Security 2Protection SystemProtection SystemState of a systemState of a systemCurrent values of memory locations, registers, secondary storage, etc.other system componentsProtection state (P)Protection state (P)A system state that is considered secureA protection system A protection system Describes the conditions under which a system is secure (in a protection state)Consists of two parts:A set of generic rightsA set of commandsState transitionState transitionOccurs when an operation (command) is carried outIS-2150/TEL-2810: Introduction of Computer Security 3Protection SystemProtection SystemSubject (S: set of all subjects)Subject (S: set of all subjects)Active entities that carry out an action/operation on other entities; Eg.: users, processes, agents, etc.Object (O: set of all objects)Object (O: set of all objects)Eg.:Processes, files, devicesRight (R: set of all rights)Right (R: set of all rights)An action/operation that a subject is allowed/disallowed on objectsAccess Matrix A: a[s, o] ⊆RSet of Protection States: (S, O, A)Set of Protection States: (S, O, A)IS-2150/TEL-2810: Introduction of Computer Security 4Access Control Matrix ModelAccess Control Matrix ModelAccess control matrix Access control matrix Describes the protection state of a system.Characterizes the rights of each subjectElements indicate the access rights that subjects have on objectsACM is an abstract modelACM is an abstract modelRights may vary depending on the object involvedACM is implemented primarily in two waysACM is implemented primarily in two waysCapabilities (rows)Access control lists (columns)IS-2150/TEL-2810: Introduction of Computer Security 5Access Control MatrixAccess Control Matrixs3 r s1f1 f2 f3 f4 f5 f6s2s3o, r, wo, r, wo, r, wo, r, wo, r, wo, r, wr r r r w f1f2f3f4f6s2s1 o, r, w s2 r s1 o, r, w s3 r s3 o, r, wf5s2 o, r, w s3 r s1 w s3 o, r, wf5 w s1f2 o, r, w f3 o, r, wf2 r s2f1 o, r, w f5 o, r, wf3 r s3f4 o, r, wf2 r f5 r f6 o, r, wo: ownr: readw:writeAccess MatrixAccess Control ListCapabilitieso, r, wIS-2150/TEL-2810: Introduction of Computer Security 6Access Control MatrixAccess Control MatrixHostnames Telegraph Nob ToadflaxTelegraph own ftp ftpNob ftp, nsf, mail, own ftp, nfs, mailToadflax ftp, mail ftp, nsf, mail, ownCounter Inc_ctr Dcr_ctr ManagerInc_ctr +Dcr_ctr -manager Call Call Call•telegraph is a PC with ftp client but no server•nob provides NFS but not to Toadfax•nob and toadfax can exchange mailIS-2150/TEL-2810: Introduction of Computer Security 7Boolean Expression EvaluationBoolean Expression EvaluationACM controls access to database fieldsACM controls access to database fieldsSubjects have attributes (name, role, groups)Verbs define type of access/possible actionsRules associated with (objects, verb) pairSubject attempts to access objectSubject attempts to access objectRule for object, verb evaluated, grants or denies accessCan be converted to Access Control Can be converted to Access Control MatrixMatrixIS-2150/TEL-2810: Introduction of Computer Security 8Access Restriction FacilityAccess Restriction FacilityName Role Groups ProgramsMatt Programmer Sys, hack Compilers,EditorsHolly Artist User,CreativeEditors, paintdrawHeidi Chef, gardenerAcct.,CreativeEditors, kitchenVerbs DefaultRuleRead 1Write,Paint,Temp_ctl0Name RulesRecipes Write: ‘creative’ in subject.groupOverpass Write: ‘artist’ in subject.role or ‘garderner’ in subject.role.shellrct Write: ‘hack’ in subject.group and time.hour < 4 and time.hour >0Oven.dev read: 0; temp_ctl: ‘kitechen’ in subject.programs and ‘chef’ in subject.roleRecipes Overpass .shellrct Oven.devMatt Read Read Read, writeHolly Read, write Read, write ReadHeidi Read, write Read, write Read Temp_ctlIS-2150/TEL-2810: Introduction of Computer Security 9Access Controlled by HistoryAccess Controlled by HistoryStatistical databases need to Statistical databases need to answer queries on groupsprevent revelation of individual recordsQuery-set-overlap controlQuery-set-overlap controlPrevent an attacker to obtain individual piece of information using a set of queries CA parameter r (=2) is used to determine if a query should be answeredName Position Age SalaryCelia Teacher 45 40KHeidi Aide 20 20KHolly Principal 37 60KLeonard Teacher 50 50KMatt Teacher 33 50KIS-2150/TEL-2810: Introduction of Computer Security 10Access Controlled by HistoryAccess Controlled by HistoryQuery 1:Query 1:sum_salary(position = teacher) Answer: 140KQuery 2:Query 2:count(age < 40 & position = teacher) Can be answeredQuery 3:Query 3:sum_salary(age > 40 & position = teacher) Should not be answered as Matt’s salary can be deducedCan be represented as an ACMCan be represented as an ACMName Position Age SalaryCelia Teacher 45 40KLeonard Teacher 50 50KMatt Teacher 33 50KName Position Age SalaryCelia Teacher 45 40KLeonard Teacher 50 50KName Position Age SalaryMatt Teacher 33 50KIS-2150/TEL-2810: Introduction of Computer Security 11Solution: Query Set Overlap Control (Dobkin, Jones & Solution: Query Set Overlap Control (Dobkin, Jones & Lipton ’79)Lipton ’79)Query valid if intersection of query Query valid if intersection of query coverage and each


View Full Document

Pitt IS 2150 - Access Control Matrix

Documents in this Course
QUIZ

QUIZ

8 pages

Assurance

Assurance

40 pages

Load more
Download Access Control Matrix
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Access Control Matrix and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Access Control Matrix 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?