Beruflich Dokumente
Kultur Dokumente
Arun Anoop M
AP-CSE
MESCE
02/16/15
Topic
Introduction
Access Control Matrix
Access Control List (ACL)
Capability List (C-List)
The confused deputy
Comparison between ACL and C-List
Summary
02/16/15
Introduction
Access control matrix is a model of system resources
protection.
It was first proposed by Butler W. Lampson , an
American computer scientist, in 1971.
For access control system, it likes using locked doors.
The doors can be opened by anyone who owns the right
keys. Another example is checking the movie ticket at a
theatre. Viewers with the valid tickets are allowed to pass
the door and watch the movie.
The derivative forms of access control matrix such as
access control list (ACL) and capability list (C-list) are
better applied.
02/16/15
A schematic view
A user requests access operations for
objects/resources.
The reference monitor checks request
validity and return either granting access
or denying access.
Access
Request
02/16/15
Reference
Monitor
ARUN ANOOP M,AP,CSE,MESCE
Grant/ Deny
r = read
Corresponding to table 1, there are three users (Bob, Alice, and Sam)
and one program (Acct. program) as subjects. They are aligned in row
order.
For column alignment, there are five objects that comprise OS,
accounting Program, accounting data, insurance data, and payroll data.
The accounting program performs as both subject and object. This
approach protects accounting data from corruption or changing by other
programs. If other subjects attempt to modify account data, that attempt
will be rejected.
Alice and Bob are still being able to read and execute the account
program (original orARUN
fallacious)
without corrupting it in any
02/16/15
ANOOP M,AP,CSE,MESCE
6
circumstances.
02/16/15
02/16/15
10
02/16/15
11
12
Confused Deputy
A deputy is a program that acts on behalf of users or
subjects.
Here compiler is a program that acts on behalf of Alice.
One of the known deputies is compiler. Compiler, a
program that transforms source code into a binary form,
must act as a deputy for many users.
This act causes a classical security problem which is
called confused deputy.
A confused deputy is a deputy that is inappropriately
manipulated.
This confused deputy problem is commonly found in
computer systems.
02/16/15
13
w = write
x = execute
- = not allowed
14
02/16/15
16
02/16/15
17
Thank you
02/16/15
18