第九讲授权.pptVIP

Access Control school of computer mengbo mengscuec@ Authorization Authentication vs Authorization Authentication ? Who goes there? Restrictions on who (or what) can access system Authorization ? Are you allowed to do that? Restrictions on actions of authenticated users Authorization is a form of access control Authorization enforced by Access Control Lists Capabilities Lampson’s Access Control Matrix Subjects (users) index the rows Objects (resources) index the columns Are You Allowed to Do That? Access control matrix has all relevant info But how to manage a large access control (AC) matrix? Could be 1000’s of users, 1000’s of resources Then AC matrix with 1,000,000’s of entries Need to check this matrix before access to any resource is allowed Hopelessly inefficient Access Control Lists (ACLs) ACL: store access control matrix by column Example: ACL for insurance data is in blue Capabilities (or C-Lists) Store access control matrix by row Example: Capability for Alice is in red ACLs vs Capabilities Note that arrows point in opposite directions! With ACLs, still need to associate users to files Confused Deputy Two resources Compiler and BILL file (billing info) Compiler can write file BILL Alice can invoke compiler with a debug filename Alice not allowed to write to BILL ACL’s and Confused Deputy Compiler is deputy acting on behalf of Alice Compiler is confused Alice is not allowed to write BILL Compiler has confused its rights with Alice’s Confused Deputy Compiler acting for Alice is confused There has been a separation of authority from the purpose for which it is used With ACLs, difficult to avoid this problem With Capabilities, easier to prevent problem Must maintain association between authority and intended purpose Capabilities make it easy to delegate authority ACLs vs Capabilities ACLs Good when users manage their own files Protection is data-oriented Easy to change rights to a resource Capabilities Easy to delegate Easy to add/delete users Easier to avo