eng
competition

Text Practice Mode

Access Control

created May 23rd 2020, 18:45 by Muath Nasr


1


Rating

413 words
18 completed
00:00
Controlling Accesses to Resources TCB ­ sees a request for a resource, how does it decide whether it should be granted? Authentication establishes the source of a request Authorization or access control answers the question if a certain source of a request is allowed to read the file. Subject who owns a resource should be able to control access to it ­ this is not always true.
here are some systems that will not allow sensitive data to be shared. Controlling Accesses to Resources Access control is basically about who is allowed access to resources. There are two parts to access control: 1. Decide who should have access to certain resources (this is called an access control policy) 2. Enforcement ­ only accesses defined by the access control policy are granted. Complete mediation ­ no one should be able to bypass access control and gain access to the TCB. Complete mediation is essential for successful enforcement. Access Control Matrix (ACM) An access control matrix contains the information relevant to access control. ACM: row correspond to sources of the request : users/subjects/groups columns correspond to resources that need to be protected
ACM[U,O] ­­ U=user, O=object, state captured is who has access to the resources of the system
Data Confidentiality Quiz Confidentiality is about disclosure of data. So the owner of a file should control who has read access to the file Determining Access Quiz An access control policy can define positive access: granting access to subjects. If a user belongs to a specific group with access rights to an object, but the user is denied access rights to that object, then the negative access rights will take precedence. The user will be denied access. Discretionary Access Control In DAC access to a resource is at the discretion of its owner. An example: Alice is owner of FOO. She grants read access to Bob but does not allow him to propagate this access.
This will not stop a third party from accessing the file. Bob can copy the file into another file and share that with the third party. Implementing Access Control Using an ACM The matrix is large, but sparse. Most resources are not usually shared amongst a lot of people. We represent it in the system as: Access Control List (ACL) Columns: for an object Oi ….[(ui1,rights1),(ui2, rights2), ...]
Capability List (C­List) Rows: for a user Ui ….[ (Oi1, rights1),(Oi2,rights2),...] C­List­ there will be one for each user. ACL are for objects
 

saving score / loading statistics ...