access control and logicnew

《access control and logicnew》由会员上传分享，免费在线阅读，更多相关内容在教育资源-天天文库。

1、AccessControlandLogicMartίnAbadiUniversityofCalifornia,SantaCruzPlan•Introductiontoaccesscontrol•Somelogicalapproaches(algorithms,verification,logicallanguagesandtheories)•Alogicwith“says”fordistributedsystems•SDSI•Binder•AbitonPCCandrelatedideas•AbitonXrML2Theaccesscont

2、rolmodel•Elements:–Objectsorresources–Requests–Sourcesforrequests,calledprincipals–AreferencemonitortodecideonrequestsPrincipalDoReferenceObjectoperationmonitorSourceRequestGuardResource3Authenticationvs.accesscontrol•Accesscontrol(authorization):–IsprincipalAtrustedonst

3、atementS?–IfArequestsS,isSgranted?•Authentication:–WhosaysS?4Anaccesscontrolmatrix[Lampson,1971]objectsfile1file2file3file4principalsuser1rwxrwrxuser2rrxuser3rrx5ImplementingaccesscontrolTwostrategies(oftencombined):ACLsandcapabilities.•ACL:acolumnofanaccesscontrolmatrix

4、,attachedtoanobject.•Capability:(basically)apairofanobjectandanoperation,foragivenprincipal.Itmeansthattheprincipalmayperformtheoperationontheobject.6Theprincipleofcompletemediation•Everyaccesstoeveryobjectischecked.•Thisprinciplecanbeenforcedinseveralways:–TheOSintercep

5、tssomeofthesubject'srequests.Thehardwarecatchesothers.(E.g.,asinUnix.)–Asoftwarewrapper/interpreterinterceptssomeofthesubject'srequests.(E.g.,asintheJVM.)7MoreonACLs•AnACLsayswhichsubjectscanaccessaparticularobject.•Itisacolumnofanaccesscontrolmatrix,typicallymaintained“

6、near”theobjectthatitprotects.•ACLscanbecompact.•ACLscanbeeasytoreview.•Theycanhavenegativeentries(andthenevaluationmaybeorder-depedendent).•Revokingasubjectcanbepainful.8Moreoncapabilities•Analternativeistoassociatecapabilitieswithsubjects.•Thesecapabilitiesformarowofana

7、ccesscontrolmatrixforthesubject.•Capabilitiesareeasytopassaround(sotheyenabledelegation).•Theycanbehardtorevoke.9Implementingcapabilities•Acapabilityidentifiesanoperationonanobject.•Itmeansthattheholdercanperformtheoperationontheobject.•Subjectsshouldnotbeallowedtoforgec

8、apabilities.•Thisleadstoimplementationsofcapabilities:–storedinaprotectedaddressspace,–withspecialtagsw