02.pdf yang berisi akses kontrol pada keamanan informasi
adiwahyucandrakusuma1
7 views
12 slides
Oct 27, 2025
Slide 1 of 12
1
2
3
4
5
6
7
8
9
10
11
12
About This Presentation
02.pdf yang berisi akses kontrol pada keamanan informasi
Slide Content
November 1, 2004 Introduction to Computer Security
© 2004 Matt Bishop
Slide #2-1
Chapter 2: Access Control Matrix
•Overview
•Access Control Matrix Model
•Protection State Transitions
–Commands
–Conditional Commands
© 2004 Matt Bishop
Slide #2-1
Chapter 2: Access Control Matrix
•Overview
•Access Control Matrix Model
•Protection State Transitions
–Commands
–Conditional Commands
November 1, 2004 Introduction to Computer Security
© 2004 Matt Bishop
Slide #2-2
Overview
•Protection state of system
–Describes current settings, values of system
relevant to protection
•Access control matrix
–Describes protection state precisely
–Matrix describing rights of subjects
–State transitions change elements of matrix
© 2004 Matt Bishop
Slide #2-2
Overview
•Protection state of system
–Describes current settings, values of system
relevant to protection
•Access control matrix
–Describes protection state precisely
–Matrix describing rights of subjects
–State transitions change elements of matrix
November 1, 2004 Introduction to Computer Security
© 2004 Matt Bishop
Slide #2-3
Description
objects (entities)
subjects
s
1
s
2
…
s
n
o
1
… o
m
s
1
… s
n
•Subjects S = { s
1
,…,s
n
}
•Objects O = { o
1
,…,o
m
}
•Rights R = { r
1
,…,r
k
}
•Entries A[s
i
, o
j
] ⊆ R
•A[s
i
, o
j
] = { r
x
, …, r
y
}
means subject s
i
has rights
r
x
, …, r
y
over object o
j
© 2004 Matt Bishop
Slide #2-3
Description
objects (entities)
subjects
s
1
s
2
…
s
n
o
1
… o
m
s
1
… s
n
•Subjects S = { s
1
,…,s
n
}
•Objects O = { o
1
,…,o
m
}
•Rights R = { r
1
,…,r
k
}
•Entries A[s
i
, o
j
] ⊆ R
•A[s
i
, o
j
] = { r
x
, …, r
y
}
means subject s
i
has rights
r
x
, …, r
y
over object o
j
November 1, 2004 Introduction to Computer Security
© 2004 Matt Bishop
Slide #2-4
Example 1
•Processes p, q
•Files f, g
•Rights r, w, x, a, o
f g p q
p rwo r rwxo w
q a ro r rwxo
© 2004 Matt Bishop
Slide #2-4
Example 1
•Processes p, q
•Files f, g
•Rights r, w, x, a, o
f g p q
p rwo r rwxo w
q a ro r rwxo
November 1, 2004 Introduction to Computer Security
© 2004 Matt Bishop
Slide #2-5
Example 2
•Procedures inc_ctr, dec_ctr, manage
•Variable counter
•Rights +, –, call
counterinc_ctrdec_ctrmanage
inc_ctr+
dec_ctr–
manage call call call
© 2004 Matt Bishop
Slide #2-5
Example 2
•Procedures inc_ctr, dec_ctr, manage
•Variable counter
•Rights +, –, call
counterinc_ctrdec_ctrmanage
inc_ctr+
dec_ctr–
manage call call call
November 1, 2004 Introduction to Computer Security
© 2004 Matt Bishop
Slide #2-6
State Transitions
•Change the protection state of system
•|– represents transition
–X
i |–
τ X
i+1: command τ moves system from
state X
i to X
i+1
–X
i |–
*
X
i+1: a sequence of commands moves
system from state X
i to X
i+1
•Commands often called transformation
procedures
© 2004 Matt Bishop
Slide #2-6
State Transitions
•Change the protection state of system
•|– represents transition
–X
i |–
τ X
i+1: command τ moves system from
state X
i to X
i+1
–X
i |–
*
X
i+1: a sequence of commands moves
system from state X
i to X
i+1
•Commands often called transformation
procedures
November 1, 2004 Introduction to Computer Security
© 2004 Matt Bishop
Slide #2-7
Primitive Operations
•create subject s; create object o
–Creates new row, column in ACM; creates new column in ACM
•destroy subject s; destroy object o
–Deletes row, column from ACM; deletes column from ACM
•enter r into A[s, o]
–Adds r rights for subject s over object o
•delete r from A[s, o]
–Removes r rights from subject s over object o
© 2004 Matt Bishop
Slide #2-7
Primitive Operations
•create subject s; create object o
–Creates new row, column in ACM; creates new column in ACM
•destroy subject s; destroy object o
–Deletes row, column from ACM; deletes column from ACM
•enter r into A[s, o]
–Adds r rights for subject s over object o
•delete r from A[s, o]
–Removes r rights from subject s over object o
November 1, 2004 Introduction to Computer Security
© 2004 Matt Bishop
Slide #2-8
Creating File
•Process p creates file f with r and w
permission
command create•file(p, f)
create object f;
enter own into A[p, f];
enter r into A[p, f];
enter w into A[p, f];
end
© 2004 Matt Bishop
Slide #2-8
Creating File
•Process p creates file f with r and w
permission
command create•file(p, f)
create object f;
enter own into A[p, f];
enter r into A[p, f];
enter w into A[p, f];
end
November 1, 2004 Introduction to Computer Security
© 2004 Matt Bishop
Slide #2-9
Mono-Operational Commands
•Make process p the owner of file g
command make•owner(p, g)
enter own into A[p, g];
end
•Mono-operational command
–Single primitive operation in this command
© 2004 Matt Bishop
Slide #2-9
Mono-Operational Commands
•Make process p the owner of file g
command make•owner(p, g)
enter own into A[p, g];
end
•Mono-operational command
–Single primitive operation in this command
November 1, 2004 Introduction to Computer Security
© 2004 Matt Bishop
Slide #2-10
Conditional Commands
•Let p give q r rights over f, if p owns f
command grant•read•file•1(p, f, q)
if own in A[p, f]
then
enter r into A[q, f];
end
•Mono-conditional command
–Single condition in this command
© 2004 Matt Bishop
Slide #2-10
Conditional Commands
•Let p give q r rights over f, if p owns f
command grant•read•file•1(p, f, q)
if own in A[p, f]
then
enter r into A[q, f];
end
•Mono-conditional command
–Single condition in this command
November 1, 2004 Introduction to Computer Security
© 2004 Matt Bishop
Slide #2-11
Multiple Conditions
•Let p give q r and w rights over f, if p owns
f and p has c rights over q
command grant•read•file•2(p, f, q)
if own in A[p, f] and c in A[p, q]
then
enter r into A[q, f];
enter w into A[q, f];
end
© 2004 Matt Bishop
Slide #2-11
Multiple Conditions
•Let p give q r and w rights over f, if p owns
f and p has c rights over q
command grant•read•file•2(p, f, q)
if own in A[p, f] and c in A[p, q]
then
enter r into A[q, f];
enter w into A[q, f];
end
November 1, 2004 Introduction to Computer Security
© 2004 Matt Bishop
Slide #2-12
Key Points
•Access control matrix simplest abstraction
mechanism for representing protection state
•Transitions alter protection state
•6 primitive operations alter matrix
–Transitions can be expressed as commands
composed of these operations and, possibly,
conditions
© 2004 Matt Bishop
Slide #2-12
Key Points
•Access control matrix simplest abstraction
mechanism for representing protection state
•Transitions alter protection state
•6 primitive operations alter matrix
–Transitions can be expressed as commands
composed of these operations and, possibly,
conditions
Tags
Categories
ScienceDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 7
- Slides 12
- Age 56 days
Related Slideshows
23
Earthquakes_Type of Faults_Science G8.pptx
OctabellFabila1
42 views
15
Quiz #1 Science 10 in the first quarter for jhs
HendrixAntonniAmante
41 views
9
Astronomy history from long ago till doday
ssuserbd9abe
41 views
9
Great history of astronomy from long ago till today
ssuserbd9abe
40 views
20
EARTHQUAKE-DRILL.powerpoint.............
chalobrido8
43 views
9
History of astronomy from old times to the present times
ssuserbd9abe
42 views