CSE 120 Lecture Notes - Lecture 15: Access Control List, File Descriptor, Public-Key Cryptography
48 views4 pages
Back to Protection
Problem w/ Protection Matrix: VERY inefficient
- Many cells would be empty!
Access Control Lists - column view
-for any column that is EMPTY, we don’t show it
-associated w/ resource (i.e. for EACH resource, there is a control list for it)
-if name on the list, OK to access, else NO access!
-like a “registry” (big book w/ people’s names recorded)
-the OS tells a process what it is allowed to do for a given domain
Con: can be inefficient!: must lookup on EACH access
Pro: Revocation - I don’t want a user to access this resource anymore (i.e. revoke access)
- Revocation is easy! Just remove name from the list
- But is it fast?
Capability Lists - row view
-for any row that is EMPTY, don’t show it
-look at things on a “row-by-row” basis
-associated with each domain
-Like a “key”/ticket; if you have it, you get access!
Pro: Efficient access, just produce capability!
Con: Revocation is hard - cannot revoke access once gone!
-each file has a set of perms (for owner, group, and world) → an access control list!
-perms for each group (r/w/x)
-protection domain: a user account! (i.e.UID)
-other user accounts can access the same domain!
-when process opens file, CHECK perms
-If you have permission, open() returns a file descriptor (aka a capability!)
Extending Protection in UNIX
-SETUID() - allows a user to change “domains”
-Note: UNIX cannot express “append” access
-Approach: provide a program to append
-SETUID bit - if anyone has permission to execute the file, when the file is executed, the user
runs in owner’s domain
Protecting computer systems: