Principles of Operating Systems



                   Notes         Access control is concerned with determining the allowed activities of legitimate users, mediating
                                 every attempt by a user to access a resource in the system. A given information technology
                                 (IT) infrastructure can implement access control systems in many places and at different levels.
                                 Operating  systems  use  access  control  to  protect  files  and  directories.  Database  management
                                 systems DBMS apply access control to regulate access to tables and views. Most commercially
                                 available  application  systems  implement  access  control,  often  independent  of  the  operating
                                 systems and/or DBMSs on which they are installed.

                                 The objectives of an access control system are often described in terms of protecting system
                                 resources  against  inappropriate  or  undesired  user  access.  From  a  business  perspective,  this
                                 objective could just as well be described in terms of the optimal sharing of information. After
                                 all, the main objective of IT is to make information available to users and applications. A greater
                                 degree of sharing may get in the way of resource protection; in reality, a well-managed and
                                 effective  access  control  system  actually  facilitates  sharing.  A  sufficiently  fine-grained  access
                                 control mechanism can enable selective sharing of information where, in its absence, sharing
                                 may be considered too risky altogether.
                                 8.3.1 Concepts

                                 This section introduces some of the concepts that are commonly used in the access  control
                                 research community and are also used throughout this document.
                                    •  Object: An entity that contains or receives information. Access to an object potentially
                                      implies access to the information it contains. Examples of objects are records, fields (in a
                                      database record), blocks, pages, segments, files, directories, directory trees, process, and
                                      programs, as well as processors, video displays, keyboards, clocks, printers, and network
                                      nodes. Devices such as electrical switches, disc drives, relays, and mechanical components
                                      connected to a computer system may also be included in the category of objects.
                                    •  Subject: An active entity, generally in the form of a person, process, or device that causes
                                      information to flow through objects (see below) or changes the system state.
                                    •  Operation: An active process invoked by a subject; for example, when an automatic teller
                                      machine (ATM) user enters a card and correct personal identification number (PIN), the
                                      control program operation on the user’s behalf is a process, but the subject can initiate
                                      more than one operation-deposit, withdrawal, balance inquiry, etc.
                                    •  Permission (privilege): An authorization to perform some action on the system. In most
                                      computer security literature, the term permission refers to some combination of objects
                                      and operations. A particular operation used on two different objects represents two distinct
                                      permissions, and similarly, two different operations applied to a single object represent
                                      two distinct permissions. For example, a bank teller may have permissions to execute debit
                                      and credit operations on customer records through transactions, while an accountant may
                                      have of accounting data.
                                    •  Access Control List (ACL): A list associated with an object that specifies all the subjects
                                      that can access the object, along with their rights to the object. Each entry in the list is a
                                      pair (subject, set of rights). An ACL corresponds to a column of the access control matrix
                                      (described next). ACLs are frequently implemented directly or as an approximation in
                                      modern operating systems.
                                    •  Access Control Matrix: A table in which each row represents a subject, each column represents
                                      an object, and each entry is the set of access rights for that subject to that object. In general,
                                      the access control matrix is sparse—most subjects do not have access rights to most objects.
                                      Therefore, different representations have been proposed. The access control matrix can be
                                      represented as a list of triples, having the form <subject, rights, object>. Searching a large
                                      number of these triples is inefficient enough that this implementation is seldom used. Rather,
                                      the matrix is typically subdivided into columns (ACLs) or rows (capabilities).



        272                               LOVELY PROFESSIONAL UNIVERSITY