Computer Security: Principles and Practice, 1/e


Discretionary Access Control (DAC)



Download 7,14 Mb.
bet2/7
Sana10.11.2022
Hajmi7,14 Mb.
#862889
1   2   3   4   5   6   7
Bog'liq
04-AccessControl

Discretionary Access Control (DAC)

  • Traditional method of implementing access control
  • Scheme in which an entity may enable another entity to access some resource
    • i.e. applied by operating system or a database management system
    • Often provided using an access matrix (Lampson’s Access Control Matrix)
        • One dimension consists of identified subjects that may attempt data access to the resources
        • The other dimension lists the objects that may be accessed
    • Each entry in the matrix indicates the access rights of a particular subject for a particular object

Simple Example of an Access Matrix
E.g.
  • User A owns files 1 and 3 and has read and write access rights to those files.
  • User B has read access rights to file 1, etc.

Access Control Lists (ACLs)

  • ACL: store Lampson's access control matrix by column
  • E.g.: ACL for insurance data is in blue
  • ACLs are preferable when:
    • users manage their own files and
    • protection is data oriented.
  • With ACLs, it's also easy to change rights to a particular resource.

rx

rx

r





rx

rx

r

rw

rw

rwx

rwx

r

rw

rw

rx

rx

rw

rw

rw

OS
Accounting
program
Accounting
data
Insurance
data
Payroll
data
Bob
Alice
Sam
Accounting
program

Capabilities (or C-Lists)

  • Store access control matrix by row
  • E.g.: Capability (C-List) for Alice is in red
  • With C-Lists, it is easy to delegate (and sub-delegate and sub-sub-delegate, and so on), and it is easier to add or delete users.

rx

rx

r





rx

rx

r

rw

rw

rwx

rwx

r

rw

rw

rx

rx

rw

rw

rw

OS
Accounting
program
Accounting
data
Insurance
data
Payroll
data
Bob
Alice
Sam
Accounting
program

ACLs vs. Capabilities

  • Note that arrows point in opposite directions…
  • With ACLs, still need to associate users to files

Access Control List (ACL)
Capability (C-List)
file1
file2
file3
file1
file2
file3
r
---
r
Alice
Bob
Fred
w
r
---
rw
r
r
Alice
Bob
Fred
r
w
rw
---
r
r
r
---
r
ACL
C-List
In practice, an access matrix is usually sparse and is implemented by decomposition in one of two ways.
Table 4.1
Authorization Table
for Files in Figure 4.2
  • A data structure that is not sparse
  • More convenient than either ACLs or C-lists
  • Sorting this table by subject is equivalent to a C-List
  • Sorting this table by object is equivalent to an ACL

Each row for one access right of one subject to one resource

A General Model for DAC

  • The model assumes:
    • a set of subjects,
    • a set of objects, and
    • a set of rules that govern the access of subjects to objects.
  • Protection state of a system to be the set of information, at a given point in time, that specifies the access rights for each subject with respect to each object.
  • We can identify three Requirements:
    • representing the protection state,
    • enforcing the access rights,
    • and allowing subjects to alter the protection state in certain ways.

Extend the universe of objects in the access control matrix to the following:
  • Processes: Access rights: ability to delete, stop (block), and wake up a process.
  • Devices: Access rights: ability to read/write, to control and to block/unblock its use.
  • Memory locations or regions: Access rights: ability to read/write certain regions
  • Subjects: Access rights with respect to a subject have to do with the ability to grant or delete access rights of that subject to other objects,
    • subjects can alter the protection state in certain ways

Each entry A[S, X] contains strings, called access attributes, that specify the access rights of subject S to object X.
A
  • Every access by a subject to an object is mediated by the controller for that object,
  • The controller’s decision is based on the current contents of the matrix.
  • Certain subjects have the authority to make specific changes to the access matrix.
  • A request to modify the access matrix is treated as an access to the matrix

Modifying the Access Control

  • Rules are needed to govern the modifications to the access matrix.
  • Thus, we introduce to the access rights:
    • owner’ and
    • control
    • and the concept of a copy flag.
  • These rules deal with 1) transferring, 2) granting, and 3) deleting access rights.
  • Eg. Suppose that the entry α* exists in A[S0, X]. This means that S0 has access right α to object X.
  • Because of the copy flag, S0 can transfer this right, with or without copy flag, to another subject.
    • Rule R1 in the following slide expresses this capability

Table 4.3
Access Control System Commands
(Table is on page 116 in the textbook)
  • Rule R1:
    • α exists in A[S0, X] means that subject S0 has access right α to object X
    • α* (* is the copy flag) means that S0 can transfer this right, with or without copy flag, to another subject (copy flag should be carefully transferred).


  • Rule R2 states that subject S0 can add any access right to A[S, X] for any subject S, if S0 has ‘owner’ access to X.


  • Rule R3 permits S0 to delete any access right from any matrix entry in a row for which S0 has the control right of the subject S or for any matrix entry in a column for which S0 is the owner of the object X.
  • Rule R4 states that S0 can permits the subject S to read that portion of the matrix that it owns or controls.
  • Rule R5 states that any subject can create a new object, which it owns, and can then grant and delete access to the object.
  • Rule R6; the owner of an object can destroy the object, resulting in the deletion of the corresponding column of the access matrix.
  • Rule R7 enables any subject to create a new subject; the creator owns the new subject and the new subject has control access to itself.
  • Rule R8 permits the owner of a subject to delete the row and column (if there are subject columns) of the access matrix designated by that subject.

UNIX File Access Control

    • Control structures with key information needed for a particular file
    • Several file names may be associated with a single inode
    • An active inode is associated with exactly one file; each file is controlled by exactly one inode
    • File attributes, permissions and control information are sorted in the inode
    • On the disk there is an inode table, or inode list, that contains the inodes of all the files in the file system
    • When a file is opened its inode is brought into main memory and stored in a memory resident inode table

UNIX files are administered by the OS using inodes (index nodes)
    • May contain files and/or other directories
    • Contains file names plus pointers to associated inodes


Download 7,14 Mb.

Do'stlaringiz bilan baham:
1   2   3   4   5   6   7




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling

kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha


yuklab olish