Upload
venkatesh
View
233
Download
0
Embed Size (px)
Citation preview
8/7/2019 AUTHORIZATION part1
http://slidepdf.com/reader/full/authorization-part1 1/11
AUTHORIZATION
VENKATESH P
101012004
MS ITM
8/7/2019 AUTHORIZATION part1
http://slidepdf.com/reader/full/authorization-part1 2/11
Authentication vs. Authorization
Authentication� Who goes there?
Restrictions on who (or what) can access system
Authorization�
Are you allowed to do that?
Restrictions on actions of authenticated users
Authorization is a form of access control
Authorization enforced byAccess Control Lists
Capabilities
8/7/2019 AUTHORIZATION part1
http://slidepdf.com/reader/full/authorization-part1 3/11
Lampsons Access Control
Matrix
rx rx r --- ---
rx rx r rw rw
rwx rwx r rw rw
rx rx rw rw rw
OSAccounting
program
Accounting
data
Insurance
data
Payroll
data
Bob
Alice
Sam
Accounting
program
Subjects (users) index the rows
Objects (resources) index the columns
8/7/2019 AUTHORIZATION part1
http://slidepdf.com/reader/full/authorization-part1 4/11
Are You Allowed to Do That?
Access control matrix has all relevant info
But how to manage a large access control (AC)
matrix? Could be 1000s of users, 1000s of resources
Then AC matrix with 1,000,000s of entries
Need to check this matrix before access to any
resource is allowed
Hopelessly inefficient
8/7/2019 AUTHORIZATION part1
http://slidepdf.com/reader/full/authorization-part1 5/11
Capabilities (or C-Lists)
Store access control matrix by row
Example: Capability for Alice is in red
rx rx r --- ---
rx rx r rw rw
rwx rwx r rw rw
rx rx rw rw rw
OSAccounting
programAccounting
data
Insurance
dataPayroll
data
Bob
Alice
Sam
Accounting
program
8/7/2019 AUTHORIZATION part1
http://slidepdf.com/reader/full/authorization-part1 6/11
ACLs vs Capabilities
Access Control List Capability
Note that arrows point in opposite directions!
With ACLs, still need to associate users to filess
f ile1
f ile2
f ile3
f ile1
f ile2
f ile3
r ---r
Alice
Bob
Fred
wr
---
rwr r
Alice
Bob
Fred
r wrw
---r
r
r ---r
8/7/2019 AUTHORIZATION part1
http://slidepdf.com/reader/full/authorization-part1 7/11
Confused Deputy
Two resources
Compiler and BILL file
(billing info)
Compiler can write file
BILL
Alice can invoke
compiler with a debugfilename
Alice not allowed to
write to BILL
Access control matrix
x ---
rx rw
Compiler BILL
Alice
Compiler
8/7/2019 AUTHORIZATION part1
http://slidepdf.com/reader/full/authorization-part1 8/11
ACLs and Confused Deputy
Compiler is deputy acting on behalf of Alice
Compiler is confused
Alice is not allowed to write BILL
Compiler has confused its rights with Alices
Alice BILL
Compiler
8/7/2019 AUTHORIZATION part1
http://slidepdf.com/reader/full/authorization-part1 9/11
Confused Deputy
Compiler acting for Alice is confused
There has been a separation of authority from the
purpose for which it is usedWith ACLs, difficult to avoid this problem
With Capabilities, easier to prevent problem
Must maintain association between authority and
intended purpose
Capabilities make it easy to delegate authority
8/7/2019 AUTHORIZATION part1
http://slidepdf.com/reader/full/authorization-part1 10/11
ACLs vs. Capabilities
ACLs
Good when users manage their own files
Protection is data-oriented
Easy to change rights to a resource Capabilities
o Easy to delegate
o Easy to add/delete users
o Easier to avoid the confused deputy
o More difficult to implement
8/7/2019 AUTHORIZATION part1
http://slidepdf.com/reader/full/authorization-part1 11/11
THANK YOUu