Page 61 - DCAP516_COMPUTER_SECURITY
P. 61
Unit 5: Access Control Mechanism
privileges of the segment in that ring. Also subject to access constraints the procedures can cross Notes
ring boundaries. In this case, Gate is an entry point for calling segment. A Gatekeeper checks for
arguments and in case there exists any “ring-crossing” fault then the gatekeeper checks arguments
and access and performs other functions that constrain ring crossing.
Figure 5.1: Ring based Access Control
Source: wikipedia
5.8 Propagated Access Control Lists
Propagated Access Control Lists provides the creator of an object with the control over who can
access the object. It is an implementation that is best suited for ORCON Policy. The creator is
kept with PACL and only the creator can change the PACL. When a subject reads the object, the
PACL of the object is associated with the subject. When a subject creates an object, the PACL of
the subject is associated with the object.
The notation PACL means that subject is the originator of the PACL. Only subject can
subject
change that PACL. The notation PACL is associated with the entity. Example: Tom creates a
entity
file “Machine” and Tom wants to control who can read the file. The PACL of the file “machine”
is associated with the PACL of “TOM”. PACL =PACL
machine Tom.
Self Assessment
State whether the following statements are:
7. Propagated Access Control Lists provides the creator of an object with the control over
who can access the object.
8. Multics systems defines a sequence of protection rings numbered from 0 to 65.
9. Ring Based Access Control was introduced by Multics (1964-2000).
10. In its classic form, ACLs support groups or wildcards.
11. The abbreviations of ACLs are ignored when root is the subject in UNIX.
12. Abbreviations of ACL , such as those supported by the Unix OS does not suffer from the
loss of granularity.
LOVELY PROFESSIONAL UNIVERSITY 55
