CSE 127 Lecture 11: L11 11/6/18

Security policy: set of allowed actions in a system. Security mechanism: part of system responsible for implementing security policy. Policies will be formulated according to our model! Also: apps, site domains, peripherals, hw blocks, etc. Also: system calls, apis, web dom, etc. Ex: user may have privileges to provision new users on the system! On a per object basis, identifies which subjects can access the object and what they"re allowed to do (objet-centric) Each access to object is checked against object"s acl. Some kind of unforgeable token that represents permission for a subject to perform a particular action. Subject-centric: access control is associated w/ subjects in the system. Ex: movie ticket (can give ticket to anyone else to see the movie) We can enforce access control on action target! Acms can get very complex as subjects, objects, and ops grow . Assign roles to subjects & control access to objects based on role.