Access Control

From
Revision as of 12:30, 1 December 2004 by 217.231.46.193 (talk)
Jump to navigation Jump to search

Who and what has access to which resource has to be controled on every IT System.


Introduction

Controlled are issues like

  • access to files
  • access to memory
  • execution of programs
  • sharing data with other principals

Access is controlled at different levels:

  • application
  • middleware
  • operating system
  • hardware

The complexity of administering Access Control is growing complexity.


Hardware Protection

Protection Problem: preventing one process from interfering with another

Confinement Problem: preventing programs communicating outwards through other than authorized channels (e.g. memory overwriting)


Intel 80x86 (Pentium) Processors

8088/8086: any running program controlled the whole machine
80286: protected segment addressing and rings, operating systems could run proper
80386: built-in virtual memory and large memory segments, treated as a 32-bit flat-address machine

Rings

  • process in ring 0 (kernel) manages privilege level of other processes
  • ring 1, 2 usually system processes (e.g. win32 subsys, virtual DOS)
  • ring 3 user programs
  • gates between rings for executing code at an other level


Other Procssors

Acorn Risc Machine (ARM)

  • most commonly licensed to third-party vendors of embedded systems
  • 32-bit processor
  • separate banks of registers for user and system processes
  • hardware protection can be customized

Security Processors

  • hardware security support for cryptography and access control
  • authorized state
  • password covered memory access

s.o.


Operating Systems

Groups and Roles

Access Control Lists

Capabilities

Understands

Problems

problem if any level doesn’t controll access