Access Control - Integrated Computer Security - Lecture Slides, Slides of Computer Security

These lecture slides are very easy to understand the ntegrated Computer Security system.The major points in these lecture slides are:Access Control, Recommendation, Prevention of Unauthorized, Prevention, Unauthorized Manner, Computer Security, Computer System, Access Control Service, Access Control Principles, Granting

Typology: Slides

2012/2013

Uploaded on 04/25/2013

bageshri
bageshri 🇮🇳

4.3

(24)

175 documents

1 / 19

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Lecture 7
Access Control
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13

Partial preview of the text

Download Access Control - Integrated Computer Security - Lecture Slides and more Slides Computer Security in PDF only on Docsity!

Lecture 7

Access Control

Access Control

  • ITU-T Recommendation X.800 definition:
    • “The prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner.”
  • RFC 2828 defines computer security as:
    • “Measures that implement and assure security services in a computer system, particularly those that assure access control service”.

Access Control Policies

  • dictates
    • what types of access are permitted,
    • under what circumstances,
    • by whom. based on the identity of the requestor and on access rules

based on comparing security labels with clearances

based on the roles and their accesses

Access Control Requirements

  • reliable input
  • support for fine and coarse specifications
  • least privilege
  • separation of duty
  • open and closed policies
  • policy combinations and conflict resolution
  • administrative policies
  • dual control

Discretionary Access Control

  • scheme in which an entity may enable

another entity to access some resource

  • often provided using an access matrix
    • one dimension consists of identified subjects that may attempt data access to the resources
    • the other dimension lists the objects that may be accessed
  • each entry in the matrix indicates the access rights of a particular subject for a particular object

Access Matrix

Authorization

Table

Extended Access Control Matrix

Access Control System Commands

UNIX File Access Control

  • control structures with key information needed for a particular file
  • several file names may be associated with a single inode
  • an active inode is associated with exactly one file
  • file attributes, permissions and control information are sorted in the inode
  • on the disk there is an inode table, or inode list, that contains the inodes of all the files in the file system
  • when a file is opened its inode is brought into main memory and stored in a memory resident inode table

UNIX files are administered using inodes (index nodes)

  • may contain files and/or other directories
  • contains file names plus pointers to associated inodes

directories are structured in a hierarchical tree

Traditional UNIX File Access Control

  • “set user ID”(SetUID)
  • “set group ID”(SetGID)
    • system temporarily uses rights of the file owner / group in addition to the real user’s rights when making access control decisions
    • enables privileged programs to access files / resources not generally accessible

Traditional UNIX File Access Control

  • sticky bit
    • when applied to a directory it specifies that only the owner of any file in the directory can rename, move, or delete that file
  • superuser
    • is exempt from usual access control restrictions
    • has system-wide access

Access Control Lists (ACLs) in UNIX

  • when a process requests access to a file

system object two steps are performed:

  • step 1 : selects the most appropriate ACL
    • owner, named users, owning / named groups, others
  • step 2 : checks if the matching entry contains sufficient permissions