UMBC CMSC 482 - Access Control (42 pages)

Previewing pages 1, 2, 3, 20, 21, 40, 41, 42 of 42 page document View the full content.
View Full Document

Access Control



Previewing pages 1, 2, 3, 20, 21, 40, 41, 42 of actual document.

View the full content.
View Full Document
View Full Document

Access Control

32 views


Pages:
42
School:
University of Maryland, Baltimore County
Course:
Cmsc 482 - COMPUTER SECURITY
COMPUTER SECURITY Documents

Unformatted text preview:

Access Control Our working definition Computer security deals with the prevention and detection of unauthorised actions by users of a computer system Computer systems control access to data and shared resources like memory printers etc more often for reasons of integrity than for confidentiality Access control is at the core of computer security MT5104 Computer Security Acces s Control 1 Background Computer systems and their use have changed over the last decades Traditional multi user operating systems provide generic services to a wide variety of users and do not know about the meaning of the files they handle Modern PC operating systems support individual users in performing their job Access operations are complex and application specific Users are not interested in the lower level details of the execution of their programs It is often difficult to map high level security requirements to low level security controls MT5104 Computer Security Acces s Control 2 The Agenda for Today Terminology for access control Basic access control structures ACLs capabilities etc New paradigms Mathematical concepts partial orderings and lattices Exercises and further reading MT5104 Computer Security Acces s Control 3 A Model for Access Control principal do operation reference monitor object source request guard resource Lampson et al Authentication in Distributed Systems Theory and Practice ACM ToCS 1992 MT5104 Computer Security Acces s Control 4 Authentication and Authorisation If s is a statement authentication answers the question Who said s with a principal Thus principals make statements this is what they are for Likewise if o is an object authorisation answers the question Who is trusted to access o with a principal MT5104 Computer Security Acces s Control 5 Principals and Subjects Principal and subject are both used to denote the active entity in an access operation The word principal has many different meanings and is the source of much confusion Principals are subjects in



View Full Document

Access the best Study Guides, Lecture Notes and Practice Exams

Loading Unlocking...
Login

Join to view Access Control and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Access Control and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?