aboutsummaryrefslogtreecommitdiff
path: root/en_GB/Introduction to Information Security/introduction_to_information_security.md
diff options
context:
space:
mode:
authorLeonard Kugis <leonard@kug.is>2020-03-07 04:15:11 +0100
committerLeonard Kugis <leonard@kug.is>2020-03-07 04:15:11 +0100
commitec8889d56e32ff1f7d2fd4a064e7a325763a050a (patch)
treefc0b642608b8d87c6b4afb59365106f9b42a4f7b /en_GB/Introduction to Information Security/introduction_to_information_security.md
parent0bad90edb3a1e432b321832575a00c7a7292530c (diff)
IntroSec
Added access control chapter.
Diffstat (limited to 'en_GB/Introduction to Information Security/introduction_to_information_security.md')
-rw-r--r--en_GB/Introduction to Information Security/introduction_to_information_security.md42
1 files changed, 40 insertions, 2 deletions
diff --git a/en_GB/Introduction to Information Security/introduction_to_information_security.md b/en_GB/Introduction to Information Security/introduction_to_information_security.md
index d1ce4fb..947b427 100644
--- a/en_GB/Introduction to Information Security/introduction_to_information_security.md
+++ b/en_GB/Introduction to Information Security/introduction_to_information_security.md
@@ -179,7 +179,8 @@ Frequency of failing to extract a feature of a sample.
#### Failure-To-Acquire Rate (FTA)
-Frequency of failing to acquire a biometric feature.
+Frequency of failing to acquire a biometric feature.
+
$$
\text{FTA} = \text{FTC} + \text{FTX} \times (1 - \text{FTC})
$$
@@ -198,7 +199,8 @@ $$
#### False Positive Identification Rate (FPIR)
-Probability of some sample to match at least one of the entries in the database.
+Probability of some sample to match at least one of the entries in the database.
+
$$
\text{FPIR} = (1 - \text{FTA}) \times (1 - (1 - \text{FMR})^{n})
$$
@@ -212,6 +214,42 @@ $$
Using a biometric scheme with $\text{FMR} = 0.01\%$ and a database of size $\text{n} = 80000$ results in $\text{FPIR} = (1 - 0) \times (1 - (1 - 0.0001)^{80000}) = 99.97\%$.
+## Access Control
+
+| Role | Description |
+| --- | --- |
+| User | The actual human. |
+| Principal | The user identity on the system instructing a process to request access. |
+| Subject | The active process on the system requesting access. |
+| Object | The resource access requested to. |
+
+### User Identities
+
+*User Identities* in Linux are stored in `/etc/passwd`. A typical `/etc/passwd` entry looks like this:
+
+```
+root:69geDfelkw:0:0:root:/root:/bin/bash
+<user>:<password>:<user id>:<primary group id>:<id string>:<home>:<shell>
+```
+
+`/etc/passwd` is world readable. It contains mainly user indentity information. Password related data (expiry data, issue date, etc.)
+is stored in `/etc/shadow`, and can only be written to there. It is readable only by root.
+
+### UIDs / GIDs of processes
+
+Processes have a *real* and an *effective* UID/GID pair.
+The real pair is inherited from parent process. The effective pair is applied from current file being executed.
+E.g. `su` changes real pair from current user to effective pair of root.
+
+### Security Patterns
+
+#### Controlled Invokation
+
+User might want to use a file, but design does not permit users to read that file.
+In that case, there could be a program the user has execute rights on, containing checks guaranteeing safe resource access.
+Those programs are called *set UID* (SUID) and *set GID* (SGID) programs. They set the *effective UID/GID pair* to the ones required
+to access the file (they might have to be created) and reset them on exit. Be careful with *SUID to Root* programs!
+
## Encryption
### Kerckhoffs' Principle