Lecture 18: Access Control

This lecture began with Nathan talking about Trojan horse and background insertion. He talked about what a Trojan horse was. It is a secret, undocumented routine embedded within a useful program. Some of the functions of a Trojan are to screen capture, steel data, and file modification. A Trojan horse can’t replicate itself. He then went on to background insertion. Background insertion is when you can bypass normal authentication, security, and access routines.

After Nathan presented we spent most of the class reviewing operating systems. We went over memory and address protection. This is when the so prevents programs from corruption other programs or data. Often the so can exploit hardware support for this protection. We then went over some protection techniques. For example fence register protects operating systems from user programs. Then there is tagged architecture. This is when each memory word has one or more extra bits that identify access rights to words. We then went over segmentation. Segmentation is when each program has multiple address spaces. Some advantages are users can share access to a segment with potentially different access rights, and users cannot access an unpermitted segment. We then went over paging. And how it is done and used in operating systems. Some advantages of paging are users cannot access an unpermitted page and users can share access to a page with potentially different access rights.

After the review we went over Access Control. We did not make it very far into this topic. We only covered 5 slides. We discussed what the three goals of access control are. These goals are to check every access, enforce least privilege, and verify acceptable use. We then talked about the issues with access control. Some issues are the list becomes too large if many shared objects are accessible to all users, another issue is multiple permissions. This is as far as we got on the slides for this day.