Outline for May 4, 2000 1. Greetings and felicitations! 2. MULTICS ring mechanism a. MULTICS rings: used for both data and procedures; rights are REWA b. (b1, b2) access bracket - can access freely; (b3, b4) call bracket - can call segment through gate; so if a's access bracket is (32,35) and its call bracket is (36,39), then assuming permission mode (REWA) allows access, a procedure in: rings 0-31: can access a, but ring-crossing fault occurs rings 32-35: can access a, no ring-crossing fault rings 36-39: can access a, provided a valid gate is used as an entry point rings 40-63: cannot access a c. If the procedure is accessing a data segment d, no call bracket allowed; given the above, assuming permis- sion mode (REWA) allows access, a procedure in: rings 0-32: can access d rings 33-35: can access d, but cannot write to it (W or A) rings 36-63: cannot access d 3. Propagated access control lists 4. Discretionary AC Attacks: Trojan Horse a. overt - example edit a file b. covert - example delete all files c. a type of malicious logic (discuss this) 5. Approaches a. Limited Protection Domain: (sandboxing) b. Name-checking subsystem; catches accesses not in pattern (startup, .asm, .obj) c. Other approaches