Access Control: Difference between revisions

From
Jump to navigation Jump to search
No edit summary
No edit summary
Line 5: Line 5:




Controled are issues like
Controlled are issues like


*access to files
*access to files
*access to memory
*access to memory
*execution of programs
*execution of programs
*sharing datas with other principals
*sharing data with other principals


Access is controled at different levels:
Access is controlled at different levels:


*application
*application
Line 26: Line 26:


Protection Problem:
Protection Problem:
preventing one process to interfere with another
preventing one process from interfering with another


Confinement Problem:
Confinement Problem:
preventing programs communication outwards through other than
preventing programs communicating outwards through other than
authorized channels (e.g. memory overwriting)
authorized channels (e.g. memory overwriting)


Line 60: Line 60:
Acorn Risc Machine (ARM)
Acorn Risc Machine (ARM)


*most commonly to third-party vendors of embedded systems licensed
*most commonly licensed to third-party vendors of embedded systems
*32-bit processor
*32-bit processor
*separat banks of registers for user and system processes
*separate banks of registers for user and system processes
*hardware protection can be customized
*hardware protection can be customized


Line 83: Line 83:
==Problems==
==Problems==


problem if any level doesn’t controle access
problem if any level doesn’t controll access

Revision as of 12:30, 1 December 2004

Who and what has access to which resource has to be controled on every IT System.


Introduction

Controlled are issues like

  • access to files
  • access to memory
  • execution of programs
  • sharing data with other principals

Access is controlled at different levels:

  • application
  • middleware
  • operating system
  • hardware

The complexity of administering Access Control is growing complexity.


Hardware Protection

Protection Problem: preventing one process from interfering with another

Confinement Problem: preventing programs communicating outwards through other than authorized channels (e.g. memory overwriting)


Intel 80x86 (Pentium) Processors

8088/8086: any running program controlled the whole machine
80286: protected segment addressing and rings, operating systems could run proper
80386: built-in virtual memory and large memory segments, treated as a 32-bit flat-address machine

Rings

  • process in ring 0 (kernel) manages privilege level of other processes
  • ring 1, 2 usually system processes (e.g. win32 subsys, virtual DOS)
  • ring 3 user programs
  • gates between rings for executing code at an other level


Other Procssors

Acorn Risc Machine (ARM)

  • most commonly licensed to third-party vendors of embedded systems
  • 32-bit processor
  • separate banks of registers for user and system processes
  • hardware protection can be customized

Security Processors

  • hardware security support for cryptography and access control
  • authorized state
  • password covered memory access

s.o.


Operating Systems

Groups and Roles

Access Control Lists

Capabilities

Understands

Problems

problem if any level doesn’t controll access

Retrieved from "https://sarwiki.informatik.hu-berlin.de/index.php?title=Access_Control&oldid=482"