home | about

intermediate control
Complete

Summary

Grouping

  • owner, group(s) and everyone else
  • users in each groupd have shared access rights
  • role-based access control
    • user’s role determines their grouping

Privilege

  • levels of access
  • higher level will have more rights than lower levels
  • protection rings
    • lower number -> higher privilege
HighprivilegesubjectHighprivilegeobjectLowprivilegesubjectLowprivilegeobjectr,wr,wr,w

UNIX has 2 rings, user and superuser

Checking access

  • use the permissions for owner, group(s) and others, in order

Concept

Intermediate control

  • a form of mandatory access control
  • preserve some of the fine grain from ACL but easy to manage
  • easier to manage groups of users than each user individually

Bell-LaPadula model

  • for confidentiality, no sensitive info leaking down
  • no read up -> low lvl subj cannot read high lvl obj
  • no write down -> high lvl subj cannot write to low lvl obj
HighprivilegesubjectHighprivilegeobjectLowprivilegesubjectLowprivilegeobjectr,wr,wwr

Biba model

  • for integrity, no malicious info going up
  • no write up -> low lvl subj cannot write to high lvl obj
  • no read down -> high lvl subj cannot read low lvl obj
HighprivilegesubjectHighprivilegeobjectLowprivilegesubjectLowprivilegeobjectr,wr,wrw