CSE 120 Lecture Notes - Lecture 15: Access Control List, File Descriptor, Public-Key Cryptography

48 views4 pages
Back to Protection
Problem w/ Protection Matrix: VERY inefficient
- Many cells would be empty!
Efficient Representations
Access Control Lists - column view
-for any column that is EMPTY, we don’t show it
-associated w/ resource (i.e. for EACH resource, there is a control list for it)
-if name on the list, OK to access, else NO access!
-like a “registry” (big book w/ people’s names recorded)
-the OS tells a process what it is allowed to do for a given domain
Con: can be inefficient!: must lookup on EACH access
Pro: Revocation - I don’t want a user to access this resource anymore (i.e. revoke access)
- Revocation is easy! Just remove name from the list
- But is it fast?
Capability Lists - row view
-for any row that is EMPTY, don’t show it
-look at things on a “row-by-row” basis
-associated with each domain
-Like a “key”/ticket; if you have it, you get access!
Pro: Efficient access, just produce capability!
Con: Revocation is hard - cannot revoke access once gone!
UNIX Protection
-each file has a set of perms (for owner, group, and world) → an access control list!
-perms for each group (r/w/x)
-protection domain: a user account! (i.e.UID)
-other user accounts can access the same domain!
-when process opens file, CHECK perms
-If you have permission, open() returns a file descriptor (aka a capability!)
Extending Protection in UNIX
-SETUID() - allows a user to change “domains”
-Note: UNIX cannot express “append” access
-Approach: provide a program to append
-SETUID bit - if anyone has permission to execute the file, when the file is executed, the user
runs in owner’s domain
Computer Security
Protecting computer systems:
- Contents
- Operation
Unlock document

This preview shows page 1 of the document.
Unlock all 4 pages and 3 million more documents.

Already have an account? Log in

Get OneClass Notes+

Unlimited access to class notes and textbook notes.

YearlyBest Value
75% OFF
$8 USD/m
Monthly
$30 USD/m
You will be charged $96 USD upfront and auto renewed at the end of each cycle. You may cancel anytime under Payment Settings. For more information, see our Terms and Privacy.
Payments are encrypted using 256-bit SSL. Powered by Stripe.