Notes for January 30, 1998

1.	Greetings and felicitations!

a.	Reading: Pfleeger, pp.228-253; Garfinkel & Spafford, pp. 71Ç137

2.	Puzzle

a.	You need to tell the author of the software about it, or report it to the vendor.

3.	Biometrics

a.	Depend on physical characteristics

b.	Examples: pattern of typing (remarkably effective), retinal scans, etc.

4.	Location

a.	Bind user to some location detection device (human, GPS)

b.	Authenticate by location of the device

5.	Notion of Ñprivilegeæ

a.	Identity

b.	Functionality

c.	Granularity

6.	Privilege in OSes

a.	None (original IBM OS; protect with password, or anyone can read it)

b.	Fence, base and bounds registers; relocation

c.	Tagged architectures

d.	Memory management based schemes: segmentation, paging, and paged segmentation

[ ended here ]

7.	 User identification

a.	Go through UNIX idea of Ñrealæ, Ñeffectiveæ, Ñsavedæ, Ñauditæ

b.	Go through notion of Ñroleæ accounts; cite Secure Xenix, DG, etc.

c.	Go through PPNs (TOPS-10) and groups

d.	Review least privilege

8.	Privilege in Languages

a.	Nesting program units

a.	Temporary upgrading of privileges

9.	Different forms of access control

a.	UNIX method

b.	ACLs:  describe, revocation issue

c.	MULTICS rings: (b1, b2) access bracket - can access freely; (b2, b3) call bracket - can call 
segment through gate; so (4, 6, 9) as example

d.	Capabilities: file descriptors in UNIX