11 acl: default permission and abbreviations subject not in acl has no rights over the file if many...
TRANSCRIPT
![Page 1: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/1.jpg)
11
ACL: Default Permission and Abbreviations
Subject not in ACL has no rights over the file If many subjects have similar rights, may
use groups or wildcards in ACL to ‘merge’ identical columns
Example: UNICOS entries are (user, group, rights) If user is in group, has rights over file
(holly, bant, r) ‘*’ is wildcard for user, group
(holly, *, r): holly can read file regardless of her group (*, fleep, w): anyone in group fleep can write file
![Page 2: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/2.jpg)
22
ACL:Default Permission and Abbreviation
Example: UNIX Three classes of users: owner, group, all
others
![Page 3: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/3.jpg)
33
ACL Abbreviations Augment abbreviated lists with ACLs
Intent is to shorten ACL without losing the granularity
Example IBM AIX ACL overrides base permission Denial takes precedence
![Page 4: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/4.jpg)
44
Permissions in IBM AIXattributes:
base (traditional UNIX) permissions
owner(bishop): rw-
group(sys): r--
others: ---
extended permissions enabled
specify rw- u:holly [override]
permit -w- u:heidi, g=sys [Add]
permit rw- u:matt
deny -w- u:holly, g=faculty [Remove right]
![Page 5: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/5.jpg)
55
ACL Modification and Privileged Users
Who can modify ACL? Creator is given owner rights that allows this System R provides a grant modifier (like a
copy flag) allowing a right to be transferred, so ownership not needed
Do ACLs apply to privileged users (root)? In Solaris abbreviations at root are ignored,
but full-blown ACL entries still apply
![Page 6: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/6.jpg)
66
Revocation Problems How do you remove subject’s rights to a file?
Owner deletes rights from subject’s entry in ACL, or removes subject’s entry if there are no rights left
What if owner was not the provider?Depends on system System R restores protection state to what it was
before right was given More complicated than it seems to be Suppose Alice gives Bob a right and Bob then gives it to
Mallory, and now Alice revokes Bob’s right? Or Suppose Charlie has also given Mallory his right?
![Page 7: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/7.jpg)
77
Windows NT ACLsSets of rights Basic:
read, write, execute, delete, change permission, take ownership
Generic: no access, read (read/execute), change
(read/write/execute/delete), full control (all), special access (assign any basic
rights) Directory:
no access, read (read/execute files in
directory), list, add, add and read, change (create, add, read, execute,
write files; delete subdirectories), full control, special access
![Page 8: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/8.jpg)
88
Windows NT ACLs (cont.) User not in file’s ACL nor in any group
named in file’s ACL: deny access ACL entry denies user access: deny access Take union of rights of all ACL entries
giving user access: user has this set of rights over file
![Page 9: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/9.jpg)
99
Semantics of Capability
Like a bus ticket Mere possession indicates rights that subject has
over object Object identified by capability (as part of the
token) Name may be a reference, location, or something else
The key challenge is to prevent process/user from altering capabilities
Otherwise a subject can augment its capabilities at will
![Page 10: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/10.jpg)
10
Implementation of Capability Tagged architecture
Bits protect individual words Paging/segmentation protections
Like tags, but put capabilities in a read-only segment or page
Cryptography Associate with each capability a cryptographic
checksum enciphered using a key known to OS
When process presents capability, OS validates checksum
![Page 11: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/11.jpg)
1111
Revocation of Rights Scan all C-lists, remove relevant capabilities
Far too expensive! (return your tickets?) Use indirection
Each object has entry in a global object table Names in capabilities name the entry, not the
object To revoke, zap the entry in the table Can have multiple entries for a single object to allow
control of different sets of rights and/or groups of users for each object
Example: Amoeba: owner requests server change random number in server table
All capabilities for that object now invalid Re-issue tickets and invalidate old tickets
![Page 12: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/12.jpg)
1212
ACLs vs. Capabilities They are equivalent:
1. Given a subject, what objects can it access, and how?2. Given an object, what subjects can access it, and how? ACLs answer second easily; C-Lists, answer the first
easily. The second question in the past was most used;
thus ACL-based systems are more common But today some operations need to answer the
first question (e.g., in incident response)
![Page 13: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/13.jpg)
1313
Locks and KeysAssociate lock with object and key with subject
Key controls what the subject can access and how Subject presents key; if it corresponds to any of the
locks on the object, access is granted This is flexible
Can change either locks or keys
ACL C-List
Locks/Keys
![Page 14: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/14.jpg)
1414
Cryptographic Implementation Enciphering key is lock; deciphering key is
key Encipher object o; store Ek (o) Use subject’s key k to compute Dk (Ek (o)) Any of n can access o: store
o = (E1 (o), …, En (o)) Requires consent of all n to access o: store
o = (E1(E2(…(En(o))…))
![Page 15: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/15.jpg)
15
Requirements & Concepts Some basic requirements of access control:
Avoid disclosing sensitive data to unauthorized users (Confidential)
Provide sensitive information to authorized users (Available)
Reliable and dependable (Integrity preserving) Scalable and expandable (long life)
Some key concepts in Access control systems: Separation of duties Least privilege Need-to-know Need-to-share (a contemporary buzz-phrase) Handle with care
15
![Page 16: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/16.jpg)
16
What to protect?: Information classification
Based on risk of content released to mal-actors
Example the US government classification Unclassified Confidential Secret Top secret
16
![Page 17: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/17.jpg)
17
Kinds of Access Control
Preventive Access controls Avoid having unwanted actions/events by blocking ability to do them.
Detective Identify unwanted actions or events after they occur.
Corrective Remedy circumstances that enabled the unwanted activity. Return to state prior to it.
Directive Dictated by higher authority: laws, regulations, or organization policy
Deterrent Prescribe punishment for noncompliance
Recovery Restore lost computing resources or capabilities.
Compensating Reinforce or replace controls that are unavailable
17
![Page 18: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/18.jpg)
18
3 Types of Access Control
Administrative separation of duties, dual control, etc
Physical fences, alarms, badges, CCTV, etc
Technical antivirus, antis-spam, logs, etc
Further examples in ISC2 book show how controls map to access control types.
18
![Page 19: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/19.jpg)
19
Steps in Accessing Systems Authentication
Use a unique identifier– user ID, Account number, PIN
3 main datum used for authentication Something requester know
Passwords Pass-phrases
Something the requester is Biometrics Physical characteristics
Something the requester has Tokens (one-time passwords, time synchronized token) Smart Cards USB Tokens
Authorization Accounting
19
![Page 20: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/20.jpg)
20
Using Tokens & Smartcards for Authentication Asynchronous Token – challenge/response
Synchronous Time / event based One-time password or hashed values Authentication server knows value from the token
Smart Cards Contact or Contact-less
20
![Page 21: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/21.jpg)
21
Using Biometrics for Authentication
Have false (rejection, acceptance) rates. Crossover = they are equal, both tunable to
need. Some static biometrics
Fingerprint or palm print Hand Geometry Retina
Some Dynamic biometrics Face /gesture Recognition Keystrokes Voice pattern
21
![Page 22: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/22.jpg)
22
Identity Management
What is Identity management? Set of technologies to manage user identity information.
When is it needed? For manual service provisioning Manage sophisticated and complex environments To comply with regulations
What are the major challenges? Reliability of user profiles Consistency of user profiles across different systems/devices Scalability by supporting data volumes and peaks
More details in IC3 book
22
![Page 23: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/23.jpg)
23
Identity Management: benefits and technologies
Benefits Increase productivity Reduce head-counting
Technologies In systems that support identity management and
manage data consistently and efficiently across systems within an organization
Directories Web Access Management Password Management Legacy single sign-on’s
23
![Page 24: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/24.jpg)
24
Single Sign-on
How they work One user ID and password for multiple
application servers through an authentication server.
Benefits Efficient log-on process Users may create stronger passwords No need for many passwords
Major Drawback A compromised password allows intruder into
all resources of owner of that account
24
![Page 25: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/25.jpg)
25
Single Sign-on: Kerberos
25
1. Authenticate me Give me a ticket
3. Authorize me Use the ticket for s
![Page 26: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/26.jpg)
26
Single Sign-on – Kerberos and SESAME
Kerberos Key Distribution Center serves two functions Authentication Server (AS) Ticket Granting Server (TGS)
Kerberos Issues Security depends on careful implementation and maintenance Lifetime for authentication credentials should be as short as feasible
using time stamps to minimize the threat of replayed credentials The KDC must be physically secured, it could be a point of single
failure Redundancy is recommended The KDC should be hardened and not allow any non-Kerberos activity
SESAME Stands for Secure European System for applications in a multi-vendor
environment Developed to address some of the Kerberos weaknesses Supports SSO Improves key management by using both Symmetric and Asymmetric
keys
26
![Page 27: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/27.jpg)
27
Directory Service and Security Domains
Directory Services Applications that provide hierarchical means to
organize and manage information about network users and resources and to retrieve the information by name association
Security Domains Set of Objects that a Subject in an information
system is allowed to access Hierarchical domain relationship Equivalence classes of subjects
27
![Page 28: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/28.jpg)
28
Access Control & Assurance
Mechanisms to assure that access control mechanisms are in place and in good standing: Audit Trail analysis and monitoring
a record of system activities Assessment tools
Audit tools cover a wide spectrum of cost, complexity, etc and must be tailored to the goals of the audit
28
![Page 29: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/29.jpg)
29
Access control matrix
objects (entities)
subj
ects
s1
s2
…
sn
o1 … om s1 … sn
Subjects S = { s1,…,sn }
Objects O = { o1,…,om }
Rights R = { r1,…,rk }
Entries A [si, oj] R
A [si, oj] = { rx, …, ry } means subject si has rights
rx, …, ry over object oj
Describes protection state preciselyMatrix describing rights of subjectsState transitions change elements of matrix
![Page 30: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/30.jpg)
30
ACM at 3AM and 10AM
… picture …
… A
lice
…
paint
At 3AM, time conditionmet; ACM is:
… picture …
… A
lice
…
At 10AM, time conditionnot met; ACM is:
![Page 31: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/31.jpg)
31
AC by History and Inference
Database:name position age salaryAlice teacher 45 $40,000Bob aide 20 $20,000Cathy principal37 $60,000Dilbert teacher 50 $50,000Eve teacher 33 $50,000
Queries:1.sum(salary, “position = teacher”) = 140,0002.sum(salary, “age < 40 & position = teacher”) should not be answered (can deduce Eve’s salary)
![Page 32: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/32.jpg)
32
ACM of Database Queries
Oi = { objects referenced in query i }
f(oi) = permission set of query i
f(oi) = {read} for oj Oi, if |j = 1,…,iOj| < 2
f(oi) = for oj Oi, otherwise
O1 = { Alice, Dilbert, Eve } and no previous query set, so: A[asker, Alice] = f(Alice) = { read } A[asker, Dilbert] = f(Dilbert) = { read} A[asker, Eve] = f(Eve) = { read }
and the query can be answered
![Page 33: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/33.jpg)
33
But Query 2
f(oi) = { read } for oj in Oi, if | j = 1,…,iOj| <2
f(oi) = for oj in Oi, otherwise
2. O2 = { Alice, Dilbert } but | O2 O1 | = 2 so
A[asker, Alice] = f(Alice) = A[asker, Dilbert] = f(Dilbert) = and query cannot be answered
![Page 34: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/34.jpg)
34
State Transitions
Change the protection state of system Xi is a state of the ACM at time i |– represents transition
Xi |– Xi+1: command moves system from state Xi to Xi+1
Xi |– * Xi+1: a sequence of commands moves system from state Xi to Xi+1
Commands often called transformation procedures, because the transform the state of the access control matrix
![Page 35: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/35.jpg)
35
Primitive Operations
create subject s, create object o Creates new row, column in ACM; creates new
column in ACM destroy subject s, destroy object o
Deletes row, column from ACM; deletes column from ACM
enter r into A[s, o] Adds r rights for subject s over object o
delete r from A[s, o] Removes r rights from subject s over object o
![Page 36: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/36.jpg)
36
Access control requests
Transforms state of the ACM Access control request can be precisely
defined using Pre-conditions Post-conditions
Use notation (from Z) Pre-state without primes Post-state with primes
Example: pre-state - A[alice, file1] is the permission set of Alice to file 1 before a requests, and A’[alice, file1] is a post-state
![Page 37: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/37.jpg)
37
Create Subject – pre and post conditions
Pre-condition: s S Primitive command: create subject s Post-conditions:
S = S { s }, O = O { s } (y O)[a[s, y] = ] (x S)[a[x, s] = ] (x S)(y O)[a[x, y] = a[x, y]]
![Page 38: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/38.jpg)
38
Create Object
Precondition: o O Primitive command: create object o Post-conditions:
S = S, O = O { o } (x S)[a[x, o] = ] (x S)(y O)[a[x, y] = a[x, y]]
![Page 39: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/39.jpg)
39
Add Right
Precondition: s S, o O Primitive command: enter r into a[s, o] Post-conditions:
S = S, O = O a[s, o] = a[s, o] { r } (x S)(y O – { o }) [a[x, y] = a[x, y]] (x S – { s })(y O) [a[x, y] = a[x, y]]
![Page 40: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/40.jpg)
40
Delete Right
Precondition: s S, o O Primitive command: delete r from a[s, o] Postconditions:
S = S, O = O a[s, o] = a[s, o] – { r } (x S)(y O – { o }) [a[x, y] = a[x, y]] (x S – { s })(y O) [a[x, y] = a[x, y]]
![Page 41: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/41.jpg)
41
Destroy Subject
Precondition: s S Primitive command: destroy subject s Postconditions:
S = S – { s }, O = O – { s } (y O)[a[s, y] = ], (x S)[a´[x, s] = ] (x S)(y O) [a[x, y] = a[x, y]]
![Page 42: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/42.jpg)
42
DestroyDestroy Object
Precondition: o O Primitive command: destroy object o Postconditions:
S = S, O = O – { o } (x S)[a[x, o] = ] (x S)(y O) [a[x, y] = a[x, y]]
![Page 43: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/43.jpg)
43
Creating File
Process p creates file f with r and w permissioncommand create•file(p, f)
create object f;enter own into A[p, f];enter r into A[p, f];enter w into A[p, f];
end
![Page 44: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/44.jpg)
44
Mono-Operational Commands
Make process p the owner of file gcommand make•owner(p, g)
enter own into A[p, g];end
Mono-operational command Single primitive operation in this command
![Page 45: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/45.jpg)
45
Conditional Commands
Let p give q r rights over f, if p owns fcommand grant•read•file•1(p, f, q)
if own in A[p, f]then
enter r into A[q, f];end
Mono-conditional command Single condition in this command
![Page 46: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/46.jpg)
46
Multiple Conditions
Let p give q r and w rights over f, if p owns f and p has c rights over qcommand grant•read•file•2(p, f, q)
if own in A[p, f] and c in A[p, q]then
enter r into A[q, f];enter w into A[q, f];
end
![Page 47: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/47.jpg)
47
Copy Right
Allows possessor to give rights to another Often attached to a right, so only applies
to that right r is read right that cannot be copied rc is read right that can be copied
Is copy flag copied when giving r rights? Depends on the model and its instantiation
![Page 48: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/48.jpg)
48
Own Right
Usually allows possessor to change entries in ACM column Owner of an object can add, delete rights for
others May depend on what system allows
Can’t give rights to specific (set of) users Can’t pass copy flag to specific (set of) users
![Page 49: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/49.jpg)
49
Attenuation of Privilege
You cannot give rights you do not possess Restricts addition of rights within a system Usually ignored for owner
Why? Owner gives him/herself rights, gives them to others, deletes rights.
![Page 50: 11 ACL: Default Permission and Abbreviations Subject not in ACL has no rights over the file If many subjects have similar rights, may use groups or wildcards](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649e3f5503460f94b30446/html5/thumbnails/50.jpg)
50
Main Points
ACM simple mechanism for representing protection states
Transitions alter protection state Six primitive operations can alter the matrix
Transitions can be expressed as commands composed of these operations and, possibly, conditions