Notes for February 2, 1998
[ ended here ]
- Greetings and felicitations!
- Reading: Pfleeger, pp.228-253; Garfinkel & Spafford, pp. 71-137
- Point is that root introduces a security flaw by its existance;
secure systems don't have them
- User identification
- Go through UNIX idea of "real", "effective", "saved", "audit"
- Go through notion of "role" accounts; cite Secure Xenix, DG, etc.
- Go through PPNs (TOPS-10) and groups
- Review least privilege
- Privilege in Languages
- Nesting program units
- Temporary upgrading of privileges
- Different forms of access control
- UNIX method
- ACLs: describe, revocation issue
- MULTICS rings: (b1, b2) access bracket - can access freely; (b2, b3)
call bracket - can call segment through gate; so (4, 6, 9) as example
- Capabilities: file descriptors in UNIX
You can also see this document
in its native format,
in ASCII text.
Send email to
Department of Computer Science
University of California at Davis
Davis, CA 95616-8562
Page last modified on 2/14/98