INLS 187 - PowerPoint PPT Presentation

1 / 9
About This Presentation
Title:

INLS 187

Description:

Any questions about material so far? Need copies of ... AFS has Access Control Lists. Other examples? (discussion) Mandatory Access Control. Modeled on secret, ... – PowerPoint PPT presentation

Number of Views:25
Avg rating:3.0/5.0
Slides: 10
Provided by: BB16
Learn more at: http://ils.unc.edu
Category:
Tags: inls

less

Transcript and Presenter's Notes

Title: INLS 187


1
INLS 187
  • September 22, 2004
  • Authority and Privilege

2
Housekeeping
  • Any questions about material so far?
  • Need copies of Linux live CDs?
  • Next assignment details on class website
  • Loose ends
  • Dont log passwords or usernames
  • Let Google do your password guessing ?
  • Any interesting security news? (5 min)

3
Pop Quiz
  • UNC requires that any device attached to the
    campus Ethernet network must have its MAC address
    registered and associated with an ONYEN. Is
    this
  • An identification policy?
  • An authentication policy?
  • An authorization, or access control policy?
  • Some other kind of policy?

4
Authorization
  • Windows user rights
  • group membership (not like UNIX groups)
  • Restricted user
  • User
  • Power user
  • Administrator
  • UNIX normal user or root (UID 0)
  • root has all possible privilege
  • Others basically use file access rules
  • Special mechanisms increase/decrease authority

5
UNIX Privilege (basic)
  • setUID / setGID attribute on program file,
    program runs with specified user/group ID
  • If setUID root, runs with all privileges
  • If setUID / setGID non-root, can use the files
    accessible by that user/group ID
  • E.g., mail program typically setGID mail
  • Your mailbox typically allows r/w by group mail
  • The mail program can write to your mailbox
  • chroot sandbox (hard to administer)
  • Mount w/ restrictions (r/o, no setUID)

6
Why Talk About This?
  • A security policy specifies what should and
    should not happen
  • The security mechanisms of each system make it
    happen (or not)
  • Knowing how the tools work may influence the
    design of your policy (or vice versa, but
    expensive)

7
Back to Access Control
  • Discretionary access control (DAC) owner sets
    access
  • Mandatory access control (MAC) owner cannot
    change (except by use of privilege)

8
Discretionary Access Control
  • Windows Properties -gt Security
  • UNIX chmod command (note UNIX can also chgrp
    chown)
  • AFS has Access Control Lists
  • Other examples? (discussion)

9
Mandatory Access Control
  • Modeled on secret, top secret, etc.
  • User not allowed to change classification
  • Whole different set of read/write rules
  • Lower level information may be read by higher
    level user, but not vice versa
  • Lower level information may be written to higher
    level object, but not vice versa
  • Finance? Health care? Personnel data? Other
    examples? (discussion)
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "INLS 187" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!