Computer%20Security%20Access%20Control%20Matrix

1
Computer SecurityAccess Control Matrix
2
States of a Computer System

• The state of a system is the collection of
  current values of all
• components of the system memory locations,
  secondary
• storage, registers etc.
• Protection states are those states that have to
  be protected.
• .P set of all protection states of the system
• .Q set of all authorized protection states
• The system is not secure if the current state is
  in P -Q
• A security policy characterizes the states in Q
• A security mechanism prevents the system entering
• a state in P -Q

3
Access Control Matrix Model

• This is used to describe the protection states.
• It characterizes the rights of each subject of
  the
• system (entity/process) regarding the objects of
  the
• system (entities/processes) in terms of a matrix.

4
Butler-Lampson Model

• This describes the rights of users s (subjects)
  over
• files o (objects) by a matrix A whose rows are
  indexed
• by the subjects and whose columns are indexed by
• the objects.
• The rights belong to a set R.
• Each entry as,o of matrix A belongs to the set
  R, and
• is the right of user s over file o.

5
Butler-Lampson Model

• In this model set of protection states P is a
  set of
• triples in (S,O,A),
• where S is the set of users, O the set of files
  and A the
• Access Control Matrix.
• The set of rights R (the entries in M) depends on
  the
• application.

6
Examples of ACMs

• file 1 file 2
  process 1 process 2
• process 1 R, W, O R R,
  W, E, O W
• process 2 A R, O
  R R, W, E, O
• Here R Read, Wright, Own, Append, Execute
• process 1 can read/write file 1, read file 2,
  communicate
• with process 2 by writing to it, etc.

7
Examples rights on a LAN

• host names telegraph nob
  toadflex
• telegraph own ftp
  ftp
• nob ftp,
  nfs, amil own ftp, nfs, mail
  
• toadflex ftp,
  mail ftp, nfs, amil own
• Here R ftp, mail, nfs, own , where
• ftp the right to access the File Transfer
  Protocol
• mail the right to send/receive using the Simple
  Mail Transfer Protocol (SMTP)
• nfs the right to access file systems using the
  Network File System protocol

8
Examples rights in a program

• host names counter inc_ctr dec_ctr
  manager
• inc_ctr
• dec_ctr -
• manager call
  call call
• Here inc_ctr increases a counter and dec_ctr
  decreases it.
• R , -, call

9
Other examples

• Access Control by Boolean expression evaluation
• Access Control by History
• See textbook

10
Protection State Transitions

• Initial state of the system X0 (S0,O0,A0 )
• Transitions t1, t2,
• Corresponding states X1, X2,
• We use the notation
• Xi - ti1 Xi1
• to indicate the state transition from Xi to Xi1
• X - Y
• indicates that starting at X, after a series of
• transitions the system enters state Y.

11
Protection State Transitions

• Xi - ci1 (pi1,1 ,, pi1,m) Xi1
• Indicates that the transition is caused by the
  command
• ci1 on the parameters pi1,1 ,, pi1,m.

12
The Harrison-Ruzzo-Ullman Model

• This is based on a set of primitive commands.
• create subject s
• create object o
• Enter right r into as,o
• Delete right r from as,o
• destroy subject s
• destroy object o

13
The Harrison-Ruzzo-Ullman Model

• Example
• command create file (p,f)
• create object f
• enter right own into a(p,f)
• enter right r into a(p,f)
• enter right w into a(p,f)
• end

14
The Harrison-Ruzzo-Ullman Model

• Example conditional commands
• Suppose process p wants to give process q the
  right to read file f
• command grantreadfile1(p,f,q)
• if own in ap,f
• then
• enter r into aq,f
• end

15
The Harrison-Ruzzo-Ullman Model

• Example conditional commands using and
• Suppose process p wants to give process q the
  right to read file f
• command grantreadfile2(p,f,q)
• if r in ap,f and c in ap,f
• then
• enter r into a(q,f)
• end
• See textbook for other examples.

16
Copying and owning

• Rights
• copy right (grant right) augments existing
  rights
• own right
• The copy right allows its possessor to grant
  rights (this right is
• often considered a flag attachment hence flag
  right)
• The own right allows its possessor to add or
  delete privileges to
• themselves.

17
Copying

• Example
• Suppose process p has right r over object f ,
  and let c be a copy
• right.
• The following command allows p to copy r over f
  to another process q only if p has copy right
  over f .
• command grantr(p,f,q)
• if r in ap,f and c in ap,f
• then
• enter r into a(q,f)
• end

18
Attenuation of privilege

• The Principle of Attenuation of Privilege says
  that
• a subject may not give rights it does not possess
  to another subject.