Access control matrix

IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-1
Access Control Matrix
•Overview
•Access Control Matrix Model
–Boolean Expression Evaluation
–History
•Protection State Transitions
–Commands
–Conditional Commands
•Special Rights
–Principle of Attenuation of Privilege

2
Access Control and Authorization
•Access control is a process to determine “Who
does what to what,” based on a policy.
•It is controlling access of who gets in and out
of the system and who uses what resources,
when, and in what amounts.
•Access control is restricting access to a system
or system resources based on something other
than the identity of the user
IFETCE/M.E CSE/CS7202-NIS/Unit 1

Access Operations
•Unix
read read from a file list directory contents
write write to a file create or rename a file in a directory
execute execute a (program) file search the directory
file directory
Access rights specific to a file are changed by my
modifying the file’s entry in its directory
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-3

Access Operations
•Windows NT
Permissions of Windows New Technology File System
(NTFS)
–read
–write
–execute
–delete
–change permission
–change ownership
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-4

IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-5
Overview
•Protection state of system
–Describes current settings, values of system
relevant to protection
•Access control matrix
–Describes protection state precisely
–Matrix describing rights of subjects
–State transitions change elements of matrix

Protection State
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-6

Protection State
•Consider the set of possible protection
states P
•Some subset consists of exactly
those states in which the system is
authorized to reside
•Whenever the system state is in Q, the
system is secure
•When the current state is in , the
system is not secure
Slide #2-7

•Characterizing the states in Q is the
function of a security policy
•Preventing the system from entering a state
in is the function of a security
mechanism
Protection State (Cont’d)
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-8

Access Control Matrix
An example
Alice --- {execute} {execute, read}
Bob {read,write} {execute} {execute,read,write}
bill.doc edit.exe fun.com
•Access control matrix
•Describes protection state precisely
•Matrix describing rights of subjects
•State transitions change elements of matrix
Slide #2-9

IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-10
Description
objects (entities)
s
u
b
j
e
c
t
s
s
1
s
2
…
s
n
o
1
… o
m
s
1
… s
n
•Subjects S = { s
1
,…,s
n
}
•Objects O = { o
1
,…,o
m
}
•Rights R = { r
1
,…,r
k
}
•Entries A[s
i
, o
j
] Í R
•A[s
i
, o
j
] = { r
x
, …, r
y
}
means subject s
i
has rights
r
x
, …, r
y
over object o
j

IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-11
Example 1
•Processes p, q
•Files f, g
•Rights r, w, x, a, o

IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-12
Example 2
•Procedures inc_ctr, dec_ctr, manage
•Variable counter
•Rights +, –, call
counterinc_ctrdec_ctrmanage
inc_ctr+
dec_ctr–
manage call call call

IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-13
Boolean Expression Evaluation
•ACM controls access to database fields
–Subjects have attributes
–Verbs define type of access
–Rules associated with objects, verb pair
•Subject attempts to access object
–Rule for object, verb evaluated, grants or denies
access

Access Control by Boolean
Expression Evaluation
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-14

Access Control by Boolean
Expression Evaluation
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-15

Access Control by Boolean
Expression Evaluation
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-16

Access Control by Boolean
Expression Evaluation
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-17

Access Control by Boolean
Expression Evaluation
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-18

Access Controlled by History
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-19

Access Controlled by History
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-20

IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-21
ACM of Database Queries
O
i
= { objects referenced in query i }
f(o
i
) = { read }for o
j
Î O
i
, if |È
j = 1,…,i
O
j
| < 2
f(o
i
) = Æ for o
j
Î O
i
, otherwise
1. O
1
= { Celia, Leonard, Matt} and no previous query set,
so:
A[asker, Celia, Leonard, Matt] = { read }
and query can be answered

IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-22
Query 2
From last slide:
f(o
i
) = { read }for o
j
in O
i
, if |È
j = 1,…,i
O
j
| > 1
f(o
i
) = Æ for o
j
in O
i
, otherwise
2.O
2
= { Matt} but | O
2
È O
1
| = 2 so
A[asker, (Holly,Leonard)] = read
and query can be answered

But Query 3
From last slide:
f(o
i
) = { read }for o
j
in O
i
, if |È
j = 1,…,i
O
j
| > 1
f(o
i
) = Æ for o
j
in O
i
, otherwise
3.O
3
= { Matt} but |O
3
È O
2
È O
1
| = 1 so
A[asker, (Holly, Leonard,Matt)] = Æ
and query cannot be answered
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-23

Access Controlled by History
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-24

Access Control Matrix
Capabilities
If the access rights are kept with the subjects then
these are the subject’s access rights.
Every subject is given a capability.
Alice’s capability: edit.exe: execute; fun.com: execute, read
Bob’s capability: bill.doc: read, write; edit.exe: execute;
fun.com: execute, read, write
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-25

Protection State Transitions
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-26

IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-27
State Transitions
•Change the protection state of system
•|– represents transition
–X
i
|–
t
X
i+1
: command t moves system from state
X
i
to X
i+1
–X
i
|–
*
X
i+1
: a sequence of commands moves
system from state X
i
to X
i+1
•Commands often called transformation
procedures

Primitive Commands
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-28

IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-29
Primitive Operations
•create subject s; create object o
–Creates new row, column in ACM; creates new column in ACM
•destroy subject s; destroy object o
–Deletes row, column from ACM; deletes column from ACM
•enter r into A[s, o]
–Adds r rights for subject s over object o
•delete r from A[s, o]
–Removes r rights from subject s over object o

IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-30
Create Subject
•Precondition: s Ï S
•Primitive command: create subject s
•Postconditions:
–S¢ = S È{ s }, O¢ = O È{ s }
–("y Î O¢)[a¢[s, y] = Æ], ("x Î S¢)[a¢[x, s] = Æ]
–("x Î S)("y Î O)[a¢[x, y] = a[x, y]]

IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-31
Create Object
•Precondition: o Ï O
•Primitive command: create object o
•Postconditions:
–S¢ = S, O¢ = O È { o }
–("x Î S¢)[a¢[x, o] = Æ]
–("x Î S)("y Î O)[a¢[x, y] = a[x, y]]

IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-32
Add Right
•Precondition: s Î S, o Î O
•Primitive command: enter r into a[s, o]
•Postconditions:
–S¢ = S, O¢ = O
–a¢[s, o] = a[s, o] È { r }
–("x Î S¢)("y Î O¢ – { o }) [a¢[x, y] = a[x, y]]
–("x Î S¢ – { s })("y Î O¢) [a¢[x, y] = a[x, y]]

IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-33
Delete Right
•Precondition: s Î S, o Î O
•Primitive command: delete r from a[s, o]
•Postconditions:
–S¢ = S, O¢ = O
–a¢[s, o] = a[s, o] – { r }
–("x Î S¢)("y Î O¢ – { o }) [a¢[x, y] = a[x, y]]
–("x Î S¢ – { s })("y Î O¢) [a¢[x, y] = a[x, y]]

IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-34
Destroy Subject
•Precondition: s Î S
•Primitive command: destroy subject s
•Postconditions:
–S¢ = S – { s }, O¢ = O – { s }
–("y Î O¢)[a¢[s, y] = Æ], ("x Î S¢)[a´[x, s] = Æ]
–("x Î S¢)("y Î O¢) [a¢[x, y] = a[x, y]]

IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-35
Destroy Object
•Precondition: o Î O
•Primitive command: destroy object o
•Postconditions:
–S¢ = S, O¢ = O – { o }
–("x Î S¢)[a¢[x, o] = Æ]
–("x Î S¢)("y Î O¢) [a¢[x, y] = a[x, y]]

Protection State Commands
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-36

IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-37
Creating File
•Process p creates file f with r and w
permission
command create•file(p, f)
create object f;
enter own into A[p, f];
enter r into A[p, f];
enter w into A[p, f];
end

IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-38
Mono-Operational Commands
•Make process p the owner of file g
command make•owner(p, g)
enter own into A[p, g];
end
•Mono-operational command
–Single primitive operation in this command

IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-39
Conditional Commands
•Let p give q r rights over f, if p owns f
command grant•read•file•1(p, f, q)
if own in A[p, f]
then
enter r into A[q, f];
end
•Mono-conditional command
–Single condition in this command

IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-40
Multiple Conditions
•Let p give q r and w rights over f, if p owns
f and p has c rights over q
command grant•read•file•2(p, f, q)
if own in A[p, f] and c in A[p, q]
then
enter r into A[q, f];
enter w into A[q, f];
end

IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-41
Copy Right
•Allows possessor to give rights to another
•Often attached to a right, so only applies to
that right
–r is read right that cannot be copied
–rc is read right that can be copied
•Is copy flag copied when giving r rights?
–Depends on model, instantiation of model

IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-42
Own Right
•Usually allows possessor to change entries
in ACM column
–So owner of object can add, delete rights for
others
–May depend on what system allows
•Can’t give rights to specific (set of) users
•Can’t pass copy flag to specific (set of) users

Principle of Attenuation Privilege
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-43

IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-44
Attenuation of Privilege
•Principle says you can’t give rights you do
not possess
–Restricts addition of rights within a system
–Usually ignored for owner
•Why? Owner gives herself rights, gives them to
others, deletes her rights.

IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-45
Key Points
•Access control matrix simplest abstraction
mechanism for representing protection state
•Transitions alter protection state
•6 primitive operations alter matrix
–Transitions can be expressed as commands
composed of these operations and, possibly,
conditions

Access Control Matrix
Access rights can be kept with the
•subjects or the
•objects.
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-46

Access Control Matrix
Access control lists (ACL)
An ACL stores the access rights to an object with
the object itself.
ACL for bill.doc: Bob: read write
ACL for edit.exe: Alice: execute; Bill: execute
ACL for fun.com: Alice: execute, read; Bill: execute, read, write
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-47

Access Control Matrix
Access control lists (ACL)
Management of access rights can be cumbersome.
Therefore users are placed in groups, and derive
access from a user’s group.
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-48

Access control matrix

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

Access control matrix

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32

Slide 33

Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Slide 39

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

Pray For The Peace Of Jerusalem and You Will Prosper

Don_t_Waste_Your_Life_God.....powerpoint

VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf

Fertility awareness methods for women in the society

Chapter 5 Arithmetic Functions Computer Organisation and Architecture

syakira bhasa inggris (1) (1).pptx.......