Ambient authority

Ambient authority

A computer program is said to use ambient authoritywhen it designates permissionsthat it wishes to exercise from a global namespace.The authority is "ambient"in the sense that it exists in a broadly visible environmentwhere others can request it by name.A computer security model is said to have ambient authorityif it provides access to protected resources in this fashion.

For example,suppose a C program opens a file for read access by executing the call:

open("filename", O_RDONLY, 0)

The desired file is designatedby its name on the filesystem,which is a global namespace shared with other programs,so the program is exercising ambient authority.

When ambient authority is requested,permissions are granted or deniedbased on one or more global properties of the executing program,such as its "identity" or its "role".In such cases,the management of access control is handled separatelyfrom explicit communicationto the executing program or process,through means such as access control lists associated with objectsor through Role-Based Access Control mechanisms.The executing program has no means to determinefor what purpose it was granted a permission.This inevitably leads to such programsbeing subject to the Confused deputy problem.

The term "ambient authority" is used primarilyto contrast with object-capability modelsor simply capability-based security models,in which executing programs receive permissionsas they might receive data, as communicated object references.This allows them to determine where the permissions came from,and thus avoid the Confused deputy problem.

Ambient authorityis the dominant form of access controlin computer systems today.The "user" model of access controlas used in Unix and in Windows systemsis an ambient authority modelbecause programs executewith the authorities of the "user" that started them.This not only means that executing programsare inevitably given more permissions(see Principle of least privilege)than they need for their task,but that they are unable to determinethe source or the number and types of permission that they have.A program executing under an ambient authority access control modelhas little option but to designate permissionsand try to exercise them, hoping for the best.This property requires an excess of permissionsto be granted to users or roles,in order for programs to execute without error.


Wikimedia Foundation. 2010.

Игры ⚽ Поможем написать курсовую

Look at other dictionaries:

  • National Ambient Air Quality Standards — Counties in the United States where one or more National Ambient Air Quality Standards are not met, as of June 2007. The National Ambient Air Quality Standards (NAAQS) are standards established by the United States Environmental Protection Agency …   Wikipedia

  • National Ambient Air Quality Standards — (NAAQS) USA Standards for outdoor air quality in the US created through the Environmental Protection Agency s authority under the Clean Air Act. Primary standards limit pollutants to protect public health, particularly of sensitive populations… …   Law dictionary

  • Confused deputy problem — A confused deputy is a computer program that is innocently fooled by some other party into misusing its authority. It is a specific type of privilege escalation. In information security, the confused deputy problem is often cited as an example of …   Wikipedia

  • Object-capability model — The object capability model is a computer security model based on the Actor model of computation. The name object capability model is due to the idea that the capability to perform an operation can be obtained by the following combination: an… …   Wikipedia

  • Coyotos — is a capability based security focused microkernel operating system developed by The EROS Group, LLC.[1] It is a successor to the EROS system that was created at the University of Pennsylvania and Johns Hopkins University. History Coyotos is… …   Wikipedia

  • United States Clean Air Act — The Congress passed the Clean Air Act in 1963, the Air Quality Act in 1967, the Clean Air Act Extension of 1970, and Clean Air Act Amendments in 1977 and 1990. Numerous state and local governments have enacted similar legislation, either… …   Wikipedia

  • Clean Air Act (United States) — Clean Air Act Full title Clean Air Act of 1963 Acronym CAA Effective Dec. 17, 1963 Citations Public Law P.L. 88 206 …   Wikipedia

  • Concentrated Animal Feeding Operations — CAFO for cattle Sw …   Wikipedia

  • Gas cylinder — For the mechanical devices used to impart a force from a pressurized liquid or gas, see pneumatic cylinder. For the large structures used to store town gas, see gas holder. Industrial compressed gas cylinders used for oxy fuel welding and cutting …   Wikipedia

  • Argentine Constitution of 1853 — The Argentine Constitution of 1853 was the first constitution of Argentina, approved with the support of the governments of the provinces mdash;though without that of the Buenos Aires Province, who remained separated of the Argentine… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”