Lecture 18. Confidentiality, authorization, and protocols

Authors: Setiawan Makmur


----Authentication----

3 Ways to Authenticate

1. Based on WHO the principal is eq. Retinal Scan, Brain Scan
2. Something the principal HAS eq. Physical Key
3. Something the principal KNOWS eq. Password

Authentication protocol

Unix process table diagram

----Authorization----

Once authenticated, we would like allocate file permissions to principals, a possible implementation is the following 3d array

Block authorization diagram

An alternate approach

Access Control Lists (ACLs)

Files have owner + group + modes + ACL.
Modes are operations allowed for each category: self, group, and others.
ACL is implemented for more permission flexibility illustrated below.
Processes have owner + group.

Access control list diagram

Catch with ACLS with UNIX permissions

Capabilities

We can control access to an object by encrypting a pointer to object.
This means we can send capabilities over networks for others to have access the same file without committing internal changes
They are similar to keys to your files.
Hence we don't need kernel anymore to control protection.



----Trusted Software----

Question: How can you trust the system you are running on?
Read Ken Thompson on UNIX
"Reflections on Trusting Trust