Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-1
Access Control Matrix
• Overview
• Access Control Matrix Model
– Boolean Expre...
2
Access Control and Authorization
• Access control is a process to determine “Who
does what to what,” based on a policy.
...
Access Operations
• Unix
read read from a file list directory contents
write write to a file create or rename a file in a ...
Access Operations
• Windows NT
Permissions of Windows New Technology File System
(NTFS)
– read
– write
– execute
– delete
...
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-5
Overview
• Protection state of system
– Describes current settings, values of ...
Protection State
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-6
Protection State
• Consider the set of possible protection
states P
• Some subset consists of exactly
those states in whic...
• Characterizing the states in Q is the
function of a security policy
• Preventing the system from entering a state
in is ...
Access Control Matrix
An example
Alice --- {execute} {execute, read}
Bob {read,write} {execute} {execute,read,write}
bill....
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-10
Description
objects (entities)
subjects
s1
s2
…
sn
o1 … om s1 … sn
• Subjects...
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-11
Example 1
• Processes p, q
• Files f, g
• Rights r, w, x, a, o
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-12
Example 2
• Procedures inc_ctr, dec_ctr, manage
• Variable counter
• Rights +...
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-13
Boolean Expression Evaluation
• ACM controls access to database fields
– Subj...
Access Control by Boolean
Expression Evaluation
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-14
Access Control by Boolean
Expression Evaluation
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-15
Access Control by Boolean
Expression Evaluation
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-16
Access Control by Boolean
Expression Evaluation
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-17
Access Control by Boolean
Expression Evaluation
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-18
Access Controlled by History
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-19
Access Controlled by History
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-20
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-21
ACM of Database Queries
Oi = { objects referenced in query i }
f(oi) = { read...
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-22
Query 2
From last slide:
f(oi) = { read } for oj in Oi, if |∪j =1,…,i Oj| > 1...
But Query 3
From last slide:
f(oi) = { read } for oj in Oi, if |∪j=1,…,i Oj| > 1
f(oi) = ∅ for oj in Oi, otherwise
3. O3 =...
Access Controlled by History
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-24
Access Control Matrix
Capabilities
If the access rights are kept with the subjects then
these are the subject’s access rig...
Protection State Transitions
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-26
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-27
State Transitions
• Change the protection state of system
• |– represents tra...
Primitive Commands
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-28
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-29
Primitive Operations
• create subject s; create object o
– Creates new row, c...
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-30
Create Subject
• Precondition: s ∉ S
• Primitive command: create subject s
• ...
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-31
Create Object
• Precondition: o ∉ O
• Primitive command: create object o
• Po...
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-32
Add Right
• Precondition: s ∈ S, o ∈ O
• Primitive command: enter r into a[s,...
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-33
Delete Right
• Precondition: s ∈ S, o ∈ O
• Primitive command: delete r from ...
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-34
Destroy Subject
• Precondition: s ∈ S
• Primitive command: destroy subject s
...
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-35
Destroy Object
• Precondition: o ∈ O
• Primitive command: destroy object o
• ...
Protection State Commands
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-36
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-37
Creating File
• Process p creates file f with r and w
permission
command crea...
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-38
Mono-Operational Commands
• Make process p the owner of file g
command make•o...
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-39
Conditional Commands
• Let p give q r rights over f, if p owns f
command gran...
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-40
Multiple Conditions
• Let p give q r and w rights over f, if p owns
f and p h...
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-41
Copy Right
• Allows possessor to give rights to another
• Often attached to a...
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-42
Own Right
• Usually allows possessor to change entries
in ACM column
– So own...
Principle of Attenuation Privilege
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-43
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-44
Attenuation of Privilege
• Principle says you can’t give rights you do
not po...
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-45
Key Points
• Access control matrix simplest abstraction
mechanism for represe...
Access Control Matrix
Access rights can be kept with the
• subjects or the
• objects.
IFETCE/M.E CSE/CS7202-NIS/Unit 1 Sli...
Access Control Matrix
Access control lists (ACL)
An ACL stores the access rights to an object with
the object itself.
ACL ...
Access Control Matrix
Access control lists (ACL)
Management of access rights can be cumbersome.
Therefore users are placed...
Upcoming SlideShare
Loading in …5
×

Access control matrix

406 views

Published on

Published in: Design, Business, Technology
  • Be the first to comment

Access control matrix

  1. 1. IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-1 Access Control Matrix • Overview • Access Control Matrix Model – Boolean Expression Evaluation – History • Protection State Transitions – Commands – Conditional Commands • Special Rights – Principle of Attenuation of Privilege
  2. 2. 2 Access Control and Authorization • Access control is a process to determine “Who does what to what,” based on a policy. • It is controlling access of who gets in and out of the system and who uses what resources, when, and in what amounts. • Access control is restricting access to a system or system resources based on something other than the identity of the user IFETCE/M.E CSE/CS7202-NIS/Unit 1
  3. 3. Access Operations • Unix read read from a file list directory contents write write to a file create or rename a file in a directory execute execute a (program) file search the directory file directory Access rights specific to a file are changed by my modifying the file’s entry in its directory IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-3
  4. 4. Access Operations • Windows NT Permissions of Windows New Technology File System (NTFS) – read – write – execute – delete – change permission – change ownership IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-4
  5. 5. IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-5 Overview • Protection state of system – Describes current settings, values of system relevant to protection • Access control matrix – Describes protection state precisely – Matrix describing rights of subjects – State transitions change elements of matrix
  6. 6. Protection State IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-6
  7. 7. Protection State • Consider the set of possible protection states P • Some subset consists of exactly those states in which the system is authorized to reside • Whenever the system state is in Q, the system is secure • When the current state is in , the system is not secure Slide #2-7
  8. 8. • Characterizing the states in Q is the function of a security policy • Preventing the system from entering a state in is the function of a security mechanism Protection State (Cont’d) IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-8
  9. 9. Access Control Matrix An example Alice --- {execute} {execute, read} Bob {read,write} {execute} {execute,read,write} bill.doc edit.exe fun.com • Access control matrix • Describes protection state precisely • Matrix describing rights of subjects • State transitions change elements of matrix Slide #2-9
  10. 10. IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-10 Description objects (entities) subjects s1 s2 … sn o1 … om s1 … sn • Subjects S = { s1,…,sn } • Objects O = { o1,…,om } • Rights R = { r1,…,rk } • Entries A[si, oj] ⊆ R • A[si, oj] = { rx, …, ry } means subject sihas rights rx, …, ry over object oj
  11. 11. IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-11 Example 1 • Processes p, q • Files f, g • Rights r, w, x, a, o
  12. 12. IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-12 Example 2 • Procedures inc_ctr, dec_ctr, manage • Variable counter • Rights +, –, call counter inc_ctr dec_ctr manage inc_ctr + dec_ctr – manage call call call
  13. 13. IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-13 Boolean Expression Evaluation • ACM controls access to database fields – Subjects have attributes – Verbs define type of access – Rules associated with objects, verb pair • Subject attempts to access object – Rule for object, verb evaluated, grants or denies access
  14. 14. Access Control by Boolean Expression Evaluation IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-14
  15. 15. Access Control by Boolean Expression Evaluation IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-15
  16. 16. Access Control by Boolean Expression Evaluation IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-16
  17. 17. Access Control by Boolean Expression Evaluation IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-17
  18. 18. Access Control by Boolean Expression Evaluation IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-18
  19. 19. Access Controlled by History IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-19
  20. 20. Access Controlled by History IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-20
  21. 21. IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-21 ACM of Database Queries Oi = { objects referenced in query i } f(oi) = { read } for oj ∈ Oi, if |∪j =1,…,i Oj| < 2 f(oi) = ∅ for oj ∈ Oi, otherwise 1. O1 = { Celia, Leonard, Matt} and no previous query set, so: A[asker, Celia, Leonard, Matt] = { read } and query can be answered
  22. 22. IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-22 Query 2 From last slide: f(oi) = { read } for oj in Oi, if |∪j =1,…,i Oj| > 1 f(oi) = ∅ for oj in Oi, otherwise 2. O2 = { Matt} but | O2 ∪ O1 | = 2 so A[asker, (Holly,Leonard)] = read and query can be answered
  23. 23. But Query 3 From last slide: f(oi) = { read } for oj in Oi, if |∪j=1,…,i Oj| > 1 f(oi) = ∅ for oj in Oi, otherwise 3. O3 = { Matt} but |O3∪ O2 ∪ O1 | = 1 so A[asker, (Holly, Leonard,Matt)] = ∅ and query cannot be answered IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-23
  24. 24. Access Controlled by History IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-24
  25. 25. Access Control Matrix Capabilities If the access rights are kept with the subjects then these are the subject’s access rights. Every subject is given a capability. Alice’s capability: edit.exe: execute; fun.com: execute, read Bob’s capability: bill.doc: read, write; edit.exe: execute; fun.com: execute, read, write IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-25
  26. 26. Protection State Transitions IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-26
  27. 27. IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-27 State Transitions • Change the protection state of system • |– represents transition – Xi |– τ Xi+1: command τ moves system from state Xi to Xi+1 – Xi |– * Xi+1: a sequence of commands moves system from state Xi to Xi+1 • Commands often called transformation procedures
  28. 28. Primitive Commands IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-28
  29. 29. IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-29 Primitive Operations • create subject s; create object o – Creates new row, column in ACM; creates new column in ACM • destroy subject s; destroy object o – Deletes row, column from ACM; deletes column from ACM • enter r into A[s, o] – Adds r rights for subject s over object o • delete r from A[s, o] – Removes r rights from subject s over object o
  30. 30. IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-30 Create Subject • Precondition: s ∉ S • Primitive command: create subject s • Postconditions: – S′ = S ∪{ s }, O′ = O ∪{ s } – (∀y ∈ O′)[a′[s, y] = ∅], (∀x ∈ S′)[a′[x, s] = ∅] – (∀x ∈ S)(∀y ∈ O)[a′[x, y] = a[x, y]]
  31. 31. IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-31 Create Object • Precondition: o ∉ O • Primitive command: create object o • Postconditions: – S′ = S, O′ = O ∪ { o } – (∀x ∈ S′)[a′[x, o] = ∅] – (∀x ∈ S)(∀y ∈ O)[a′[x, y] = a[x, y]]
  32. 32. IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-32 Add Right • Precondition: s ∈ S, o ∈ O • Primitive command: enter r into a[s, o] • Postconditions: – S′ = S, O′ = O – a′[s, o] = a[s, o] ∪ { r } – (∀x ∈ S′)(∀y ∈ O′ – { o }) [a′[x, y] = a[x, y]] – (∀x ∈ S′ – { s })(∀y ∈ O′) [a′[x, y] = a[x, y]]
  33. 33. IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-33 Delete Right • Precondition: s ∈ S, o ∈ O • Primitive command: delete r from a[s, o] • Postconditions: – S′ = S, O′ = O – a′[s, o] = a[s, o] – { r } – (∀x ∈ S′)(∀y ∈ O′ – { o }) [a′[x, y] = a[x, y]] – (∀x ∈ S′ – { s })(∀y ∈ O′) [a′[x, y] = a[x, y]]
  34. 34. IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-34 Destroy Subject • Precondition: s ∈ S • Primitive command: destroy subject s • Postconditions: – S′ = S – { s }, O′ = O – { s } – (∀y ∈ O′)[a′[s, y] = ∅], (∀x ∈ S′)[a´[x, s] = ∅] – (∀x ∈ S′)(∀y ∈ O′) [a′[x, y] = a[x, y]]
  35. 35. IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-35 Destroy Object • Precondition: o ∈ O • Primitive command: destroy object o • Postconditions: – S′ = S, O′ = O – { o } – (∀x ∈ S′)[a′[x, o] = ∅] – (∀x ∈ S′)(∀y ∈ O′) [a′[x, y] = a[x, y]]
  36. 36. Protection State Commands IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-36
  37. 37. IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-37 Creating File • Process p creates file f with r and w permission command create•file(p, f) create object f; enter own into A[p, f]; enter r into A[p, f]; enter w into A[p, f]; end
  38. 38. IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-38 Mono-Operational Commands • Make process p the owner of file g command make•owner(p, g) enter own into A[p, g]; end • Mono-operational command – Single primitive operation in this command
  39. 39. IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-39 Conditional Commands • Let p give q r rights over f, if p owns f command grant•read•file•1(p, f, q) if own in A[p, f] then enter r into A[q, f]; end • Mono-conditional command – Single condition in this command
  40. 40. IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-40 Multiple Conditions • Let p give q r and w rights over f, if p owns f and p has c rights over q command grant•read•file•2(p, f, q) if own in A[p, f] and c in A[p, q] then enter r into A[q, f]; enter w into A[q, f]; end
  41. 41. IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-41 Copy Right • Allows possessor to give rights to another • Often attached to a right, so only applies to that right – r is read right that cannot be copied – rc is read right that can be copied • Is copy flag copied when giving r rights? – Depends on model, instantiation of model
  42. 42. IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-42 Own Right • Usually allows possessor to change entries in ACM column – So owner of object can add, delete rights for others – May depend on what system allows • Can’t give rights to specific (set of) users • Can’t pass copy flag to specific (set of) users
  43. 43. Principle of Attenuation Privilege IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-43
  44. 44. IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-44 Attenuation of Privilege • Principle says you can’t give rights you do not possess – Restricts addition of rights within a system – Usually ignored for owner • Why? Owner gives herself rights, gives them to others, deletes her rights.
  45. 45. IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-45 Key Points • Access control matrix simplest abstraction mechanism for representing protection state • Transitions alter protection state • 6 primitive operations alter matrix – Transitions can be expressed as commands composed of these operations and, possibly, conditions
  46. 46. Access Control Matrix Access rights can be kept with the • subjects or the • objects. IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-46
  47. 47. Access Control Matrix Access control lists (ACL) An ACL stores the access rights to an object with the object itself. ACL for bill.doc: Bob: read write ACL for edit.exe: Alice: execute; Bill: execute ACL for fun.com: Alice: execute, read; Bill: execute, read, write IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-47
  48. 48. Access Control Matrix Access control lists (ACL) Management of access rights can be cumbersome. Therefore users are placed in groups, and derive access from a user’s group. IFETCE/M.E CSE/CS7202-NIS/Unit 1 Slide #2-48

×