CSE 190 -- Lecture 1 -- Mar 30

Assignment 1: write down the ideal access control policy for your "home" -- dorm room, apartment, whatever. Give the objects -- check book, credit cards, diary, pets, etc -- and the types of access. For example, I would allow you to pet my cat, but not chase around the house or light him on fire. And while I don't want anyone to have access to my diary (other than myself), I would prefer that you were able to burned it rather than actually read it. Due before class Friday.

Reading for next time: Permissive Action Links

Reading for next Monday: The Orange book (you can skim through this)

Topics covered:

  • Authentication vs Authorization
  • Access control matrix
  • Access Permissions vs Capabilities
  • Unix access control:
  • Filesystem access control
  • I/O Descriptors as transferrable capabilities. See the sendmsg(3N) syscall, and <socket.h>, in particular, the structure 
    /*
 * Message header for recvmsg and sendmsg calls.
 */
struct msghdr {
        caddr_t msg_name;               /* optional address */
        int     msg_namelen;            /* size of address */
        struct  iovec *msg_iov;         /* scatter/gather array */
        int     msg_iovlen;             /* # elements in msg_iov */
        caddr_t msg_accrights;          /* access rights sent/received */
        int     msg_accrightslen;
};
    (On Linux machines, this structure is in <linux/socket.h>)
  • Capability-based OSes. Hydra. Amoeba.
    • [ CSE home | CSE talks | bsy's home page | webster i/f | yahoo | hotbot | lycos | altavista | pgp key svr | spam | commerce ]
    picture of bsy

    bsy+cse190@cse.ucsd.edu, last updated Wed Apr 15 13:42:06 PDT 1998.

    email bsy

    Don't make me hand over my privacy keys!