Computer Science 111: Operating Systems

Access Control and Trust

Security Model

Goals:

Privacy

Integrity

Work Needs to be Done

Non-Goals

Basic Technique - Access Control List

Simplified Access Control - the Unix Model

Special User Group Everybody
setuid setgid sticky rwx rwx rwx

Sidebar: Why is there a rwx for the user? What good is marking a file unreadable for the creator?

Reply: The use of the user bits are voluntary, serve as reminder bits to the user. Likewise, in the traditional ACL POA bit combinations, there are many useless combinations, likewise there are some combinations of the UNIX permissions that are pointless.

Access Control Lists

Role-Based Access Control

Capabilities

Building Capabilities

Software Security

The Big Picture: You must have a trusted computing base.  Kind of like bootstrapping, you have to start somewhere and trust some code and some programmers.  From there you can be paranoid with all other code and software, but you have to have a core base of software that you just trust.

Contributors:
Dominique Moreno
Sean Moon
Ryan Evans
Yangmun Choi

Valid HTML 4.01 Transitional