access control privilege how does your code manage who has access to what? authorization ...
TRANSCRIPT
Access ControlAccess Control
privilege
How does your code manage whohas access to what?
authorization
permission
Two OS models:
Unix
Windows
Access Control in Unix/LinuxAccess Control in Unix/Linux
can ____ resources (files)
Every user …
has a unique UID (positive integer)
belongs to one or more groups
Every file/resource …
other possibilities:sticky bit, setUID, setGID
stores permissions for owner, group & world
potential permissions are _______
User 0 -- ______
The sticky bitThe sticky bitOne bit of file/dir permission is dedicated as the sticky bit.
Such bits are no longer used for files
Some directories have the “sticky bit” property
Example:
Any user can write to such a directory.If you create new files, you are the owner andhave wr permission and the world has r permission.
Processes in UnixProcesses in UnixExecuting a file initiates process execution.
process permissions normally derive from the owner
any created file has permissions determined by umask
To ______ permissions …
execute a process from an owner with lesser privilege
A forked process/thread inherits permissions.
To ________ permissions …
setUID, setGIDsetUID, setGIDIf the setUID bit is set on an executable file, then when
the file executes it assumes the permissions of thefile’s owner for the duration of this file’s execution.
The rule is not to elevate privilege any more than necessary.
EUID executing file’s owner
Access Control in WindowsAccess Control in WindowsWhen a user is authenticated, Windows produces
an access token containing: the user’s _____
a list of group SIDs – one _____ per group
A special kind of token (impersonation token) can be grantedto services when they are authorized.
A copy of the access token is attached to every processand thread the user executes.
Windows ResourcesWindows ResourcesMany objects are thought of as resources:
files / directories
registry keys
Permissions vary by resource type.
shared memory
job objects (processes)
mutexes, named pipes, semaphores
printers
active directory objects
ACLsACLsDiscretionary Access Control List (DACL)
– every resource has one- DACL is a list of Access Control Entry (ACE)
Access Control Entry (ACE) contains1) 2) 3)
An object can have both explicit and inherited ACEs.
Algorithm for authorizing:follow the DACL for the first ACE to ALLOW or DENYmatching one of the SIDs in the access token
ACEs are ordered by explicit collection before inherited andfollowing inheritance tree.Within each collection all DENY precede all ALLOW
Example
Authorization requests:
xFile
xParent
xGParent
inherits from
inherits from
SID2X-DENY
SID2R-DENY
SID5R-DENY
SID5X-DENY
SID3W-ALLOW
SID2R-ALLOW
SID4W-ALLOW
SID3W-DENY
SID4X-ALLOW
Write to xFile access token: SID3 & SID4Write to xFile access token: SID2 & SID4Read from xFile access token: SID2 & SID5
Execute from xFile access token: SID2, SID3, SID4 & SID5
File Permissions in WindowsFile Permissions in WindowsFull control – read, write, modify, execute,
change attributes/permissionsand/or take ownership
Modify– read, write, modify, execute and/orchange attributes
Read & execute – display file content, viewattributes/owner/permissions and/orexecute
Read – display file content and/or viewattributes/owner/permissions
Write – write file content, append to file and/orread/change file attributes
Windows advantages: - finer user granularity (Administrator & operator groups) - ACE’s can specify many groups, not just one - allows for variation in permissions by object type
Windows disadvantage: - complexity
Other Access Control SystemsOther Access Control Systems
Programming languages may or may not provide full access
network security – see CS455
Web access control?
cookies