* 6 *

Access control

  1. What is meant by an access control list (ACL)? What can ACLs be used for? Give two examples of ACLs in different contexts. File access e.g. NT, service access like TCP wrappers.
  2. What is meant by two-mode operation in Unix/NT? How does two mode operation help the security of processes? Hardware privilege bit which locks access to special system memory.
  3. Consider the two matrices:
      A = ( 0 1 )    B = ( 0 0 )
          ( 0 0 )        ( 1 0 )
    
    acting on a two-component vector
      v = ( yes )
          ( no  )
    
    Compute ABv and BAv. Suppose we apply this property to an access control system with two security checkpoints A and B. If we assign a matrix-valued security token after authentication to each secure area, how could we use this property to ensure that only those who have successfully be authenticated to A and then B (in that order) will gain access to data?
    ABv = yes, BAv = no. Obvious how we could use this? Give each user a matrix token/ticket on passing through a check point. Combine these with any matrix-tickets the use already has by multiplying the tickets at each step. To access a resource, we need to apply our ticket. If the result is yes, we get access otherwise no.
  4. Can you generalize the previous problem to three levels, A, B and C? (Hint, try 3x3 matrices)

    There are are many possible answers. Here is just one:

        ( 0 1 0 )      ( 0 0 0 )     ( 1 0 0 )          ( yes )
    A = ( 0 0 0 )  B = ( 1 0 0 ) C = ( 0 0 0 )  and v = ( no  )
        ( 0 0 0 )      ( 0 0 0 )     ( 0 0 0 )          ( no  )
    
    Can verify that only ABCv = yes. All other combinations give either "no" or zero for an answer. i.e. if we choose yes = 1, the this is consistent.

Back