Lecture 18 -Confidentiality, Authorization, and Protocols

by Tristan Vuong

Access Control List

An access control list is way of controlling access to an object.
One version of an access control list is a role based access control list.
For example, in the NASDAQ there are levels of access. A broker can only view
quotes. A dealer can view and change quotes. It can also be something like
a school system. Instructors can view and change grades. Students can only
view them.

Capabilities

Capabilities are a different form of access control

• Are a float
• Are attached to processes
• Are unforgeable
• A good example is Linux file descriptors

Cloud Computing

Cloud computing allows for users to access shared resources made available
from a computer infrastructure through the use of virtual machines on a browser.

Security is a potential problem with public clouds:

• browser authentication
• third party vulnerability, like Google or Amazon

Possible solutions:

• encrypt stored data network
• backup data

Other problems with cloud computing:

• server overload
• DNS attacks on one person affects another person
• Cannot test program with a high number of users

Trusting a Virtual Machine

Ken Thompson described a method to break into Unix

• Add code to login.c to make the user automatically root
• Add code to gcc.c to compile the new login.c to look like the old one
• Add code to gcc.c to compile itself to look like the gold gcc.c
• Add code to gdb to make it see the code in gcc.c as if it was the old code
• Essentially, you go as deep as you can to hide the changes