Chapter 2 - Access control matrix Flashcards
What does the concepts of state and protection state encompass?
The state of a system is quite simply the collection/sum if all the current values in all memory locations, registries, and other components of the system, e.g., the current user.
Two possible states are:
Alice using the system to write in Microsoft Word
Bob using the system to play Habbo
The protection states is a subset of all the possible states on the system and is concerned with the protection/safety state of the system.
What is a Access Control Matrix?
An Access Control Matrix (ACM) is a tool describing the current protection state of the system through a matrix representation. The main advantage of ACMs is their ability to express the relationships between all subjects and objects on the system in a precise and easy to grasp manner. This makes ACMs useful for expressing protection states on any system.
What are the basic ACM commands?
ACM has several basic commands used for ACM manipulation:
enter r into A[s, o] //Enters the right r into the ACM at the location [s o]
delete r from A[s, o] //Removes the right r from the ACM at the location [s o]
create subject s
create object o
destroy subject s
What is the own right? What is the copy right? What is the principle of attenuation of privilege?
The own right is a special right usually given to the subject which created an object. The owner can give all sorts of access to other subjects.
If a given subject S1 has the copy right rc (read_copy) on an object O1, then S1 can grant read access the subject S2. If the owner of the file grants a copy right on read to another subject then it cannot control which other subjects that are given read access to the object in question.
The principle of attenuation of privilege states that no one subject may grant a right to another subject if does not have that right itself. In short, subject S1 cannot give read access on object O1 to subject S2 if S1 cannot read O1 itself.