Access Control

From
Revision as of 15:08, 30 November 2004 by 141.20.195.236 (talk)
Jump to navigation Jump to search

Who and what has access to which resource has to be controled on every IT System.


Introduction

Controled are issues like

  • access to files
  • access to memory
  • execution of programs
  • sharing datas with other principals

Access is controled at different levels:

  • application
  • middleware
  • operating system
  • hardware

The complexity of administering Access Control is growing complexity.


Hardware Protection

Protection Problem: preventing one process to interfere with another

Confinement Problem: preventing programs communication outwards through other than authorized channels (e.g. memory overwriting)


Intel 80x86 (Pentium) Processors

8088/8086: any running program controlled the whole machine
80286: protected segment addressing and rings, operating systems could run proper
80386: built-in virtual memory and large memory segments, treated as a 32-bit flat-address machine

Rings

  • process in ring 0 (kernel) manages privilege level of other processes
  • ring 1, 2 usually system processes (e.g. win32 subsys, virtual DOS)
  • ring 3 user programs
  • gates between rings for executing code at an other level


Other Procssors

Acorn Risc Machine (ARM)

  • most commonly to third-party vendors of embedded systems licensed
  • 32-bit processor
  • separat banks of registers for user and system processes
  • hardware protection can be customized

Security Processors

  • hardware security support for cryptography and access control
  • authorized state
  • password covered memory access

s.o.


Operating Systems

Groups and Roles

Access Control Lists

Capabilities

Understands

Problems

problem if any level doesn’t controle access