Outline for May 4, 2000
- Greetings and felicitations!
- MULTICS ring mechanism
- MULTICS rings: used for both data and procedures; rights are REWA
-
(b1, b2) access bracket - can access freely; (b3, b4) call bracket - can call segment through gate; so if a's access bracket is (32,35) and its call bracket is (36,39), then assuming permission mode (REWA) allows access, a procedure in:
rings 0-31: can access a, but ring-crossing fault occurs
rings 32-35: can access a, no ring-crossing fault
rings 36-39: can access a, provided a valid gate is used as an entry point
rings 40-63: cannot access a
-
If the procedure is accessing a data segment d, no call bracket allowed; given the above, assuming permission mode (REWA) allows access, a procedure in:
rings 0-32: can access d
rings 33-35: can access d, but cannot write to it (W or A)
rings 36-63: cannot access d
- Propagated access control lists
- Discretionary AC Attacks: Trojan Horse
- overt - example edit a file
- covert - example delete all files
- a type of malicious logic (discuss this)
- Approaches
- Limited Protection Domain: (sandboxing)
- Name-checking subsystem; catches accesses not in pattern (startup, .asm, .obj)
- Other approaches
Send email to
[email protected].
Department of Computer Science
University of California at Davis
Davis, CA 95616-8562
Page last modified on 5/11/2000