Chapter 8 Athorization

Access control matris
bulletLike in unix

  Access Control lists and  Capabilities

 Capabilities:  Users to recourses (more secure)

 ACL :  Resources to users  (easier to use, this is why it is used)

Multilevel security models

bulletTop secret - Secret - Confidential - Unclassified
bulletBell-LaPadula BLP - Confidentiality - High watermark principle   - No read up, no write down.
bulletBiba`s model - Integrity - Low watermark principle  -  If we trust the integrity of Object O1 but not that of object O2, then if O is composed of O1 and O2, we can not trust the integrity of O.  In other words, the integrity level of O is the minimum of the integrity of any object contain in O.

  Biba is an integrity version of BLP.

Multilateral security

bulletUses compartments