Chepter 4 (Cont.)
Access Control - The prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner
Access Control Requirements
- reliable input
- fine and coarse specifications
- least privilege
- separation of duty
- open and closed policies
- policy combinations, conflict resolution
- administrative policies
Access Control Elements
- subject = entity that can access objects
- object = access controlled resource
- access right = way in which subject accesses an object
ACCESS CONTROL MATRIX - Access Control Matrix or Access Matrix is an abstract, formal security model of protection state in computer systems, that characterizes the rights of each subject with respect to every object in the system
Access control List
- access control list (ACL) is a list of permissions attached to an object. The list specifies who or what is allowed to access the object and what operations are allowed to be performed on the object.
File System Security
¨in Linux everything as a file
¤e.g. memory, device-drivers, named pipes, and
¨other system resources
¤hence why filesystem security is so important
¨I/O to devices is via a “special” file
¤e.g. /dev/cdrom
¨have other special files like named pipes
¤a conduit between processes / programs
Users and Groups
- user-account (user)
¤represents someone capable of using files
¤associated both with humans and processes
¤represents someone capable of using files
¤associated both with humans and processes
- group-account (group)
¤is a list of user-accounts
¤users have a main group
¤may also belong to other groups
¤is a list of user-accounts
¤users have a main group
¤may also belong to other groups
- users & groups are not files
File Permissions
- files have two owners: a user & a group
- each with its own set of permissions
- with a third set of permissions for otherpermissions are to read/write/execute in order
- set using chmod command
- files have two owners: a user & a group
- each with its own set of permissions
- with a third set of permissions for otherpermissions are to read/write/execute in order
- set using chmod command
Chepter 5: Security in Networks
- Computer Networks = A computing network is a computing environment with more than one independent processors
- Network resources:
1. Computers
2. Operating system
3. Programs
4. Processes
5. People
1. Computers
2. Operating system
3. Programs
4. Processes
5. People
- network can provide logical interface function:
1. Sending messages
2. Receiving messages
3. Executing program
4. Obtaining status information
5. Obtaining status information on other network users and their status
1. Sending messages
2. Receiving messages
3. Executing program
4. Obtaining status information
5. Obtaining status information on other network users and their status
- Basic terminology:
1. Node - Single computing system in a network.
2. Host - A single computing system's processor.
3. Link - A connection between two hosts.
4. Topology - The pattern of links in a network.
- Network Topology:
1. Bus Topology
2. Star Topology
3. Ring Topology
4. Mesh Topology
- Open Systems Interconnection (OSI)
- Networks as System:
- Single System - Single set of security policies associated with each computing system.
- Each system concerned with:
-Operating system enforces its owns security policies.
- Advantages of Computing Networks:
1. Resource sharing
2. Increased reliability
3. Distributing the workload
4 Expandability