Access Control - Distributed Operating Systems - Lecture Slides, Slides of Operating Systems

Distributed Operating Systems course is designed to examine the fundamental principles of distributed systems, and provide students hands-on experience in developing distributed protocols. This lecture includes: Access Control, Basic Model, Access Control Matrix, Access Control List, Capability Lists, Protection Domains, Firewalls, Secure Mobile Code, Distributed Denial of Service

Typology: Slides

2013/2014

Uploaded on 02/01/2014

sailendra
sailendra 🇮🇳

4.3

(19)

113 documents

1 / 23

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Access Control
docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17

Partial preview of the text

Download Access Control - Distributed Operating Systems - Lecture Slides and more Slides Operating Systems in PDF only on Docsity!

Access Control

Access Control

  • Once a client and a server have established a secure channel, the client can issue requests to the server
  • Requests can only be carried out if the client has sufficient access rights
  • The verification of access rights is access control , and the granting of access rights is authorization - These two terms are often used interchangeably

Access Control Matrix

  • The access control matrix is a matrix with each subject represented by a row, and each object represented by a column
  • The entry M[s, o] lists the operations that subject s may carry out on object o
  • Is this matrix a good way to represent access rights
  • Of course, we don’t really want to implement it as a matrix in any system of reasonable size, because there would be a whole lot of wasted space…

Access Control Matrix

  • There are two main approaches that are used instead of an actual matrix: - Each object can maintain a list, the access control list , of the access rights of subjects that want to access that object - this effectively distributes the matrix column-wise, leaving out empty entries - Each subject can maintain a list of capabilities for objects - this effectively distributes the matrix row-wise, leaving out empty entries - Of course, capabilities can’t be totally maintained by the subjects - they must be given to the subjects by some other trusted entity (like the reference monitor)

Access Matrix

Access Control List

Protection Domains

  • ACLs and capabilities help to efficiently implement the access control matrix, but can still become quite cumbersome
  • A protection domain is a set of ( object , access rights ) pairs, where each pair specifies for a given object exactly what operations can be carried out
  • By associating a protection domain with each request, we can cut down on redundant information in access control lists

Protection Domains

  • One approach to using protection domains is to construct groups of users
  • Another approach is to use roles instead of groups
    • Roles: head of a department, manager of a project, member of a personnel search committee

Firewalls - Example

  • Take the idea of an NFS server, which uses UNIX user and group IDs to control access to files
  • This works great on a private network where you can guarantee that none of the machines’ local user and group databases will be tampered with
  • If I tamper with a machine, create a new user with some existing user ID in my password file, and then hop onto the NFS server, I can access all that user’s files and exercise all his rights!

Firewalls

  • A firewall is a special kind of reference monitor that inspects packets traveling into and out of a private network to ensure that they aren’t harmful
  • There are two main types:
    • Packet-filtering gateways inspect only the headers of packets travelling on the network, for example, based on the source and destination addresses
    • Application-level gateways inspect the contents of the packets as well, for example, spam email filters

Secure Mobile Code

Protecting the Host

  • One approach to protecting the host is to build a sandbox , which allows the execution of a downloaded agent to be fully controlled - If the agent attempts to execute an instruction that the host doesn’t like, it can be terminated by the host
  • Implementing a sandbox is nontrivial
  • Probably the best known example is the Java sandbox model

Secure Mobile Code

The Java Sandbox Model

  • The Java sandbox model consists of several components:
    • Class Loaders
    • Byte Code Verifier
    • Security Manager

Secure Mobile Code

The Java Sandbox Model

  • A security manager performs checks at runtime to ensure that mobile code doesn’t break any rules - For instance, downloaded code cannot write to the filesystem unless given special permission to do so
  • In the original Java security model, the security manager was very strict and didn’t distinguish programs from different servers- Java’s current security model is much more flexible

Secure Mobile Code

Playgrounds

  • An alternative model is to designate a single machine on the local network as a playground in which mobile code can run
  • Resources local to the playground are available to code running in the playground, while resources local to other machines are isolated from the playground