Operating System Concepts Protection Goals of Protection Domain of Protection Access Matrix Implementation of Access Matrix Revocation of Access Rights Operating System Concepts

Difference between protection and security Protection refers to a mechanism for controlling the access of programs, processes, or users to the resources defined by a computer system. Security is a measure of confidence that the integrity of system and its data will be preserved. Operating System Concepts

Operating System Concepts Protection Protection problem - ensure that each object is accessed correctly and only by those processes that are allowed to do so. Protection improve reliability, used in enforcing policies governing resource uses Operating System Concepts

Operating System Concepts Need to know principle A process should be allowed to access only those resources for which it has authorization. A process should be able to access only those resources that it currently requires to complete its task. This is referred as need to know principle and is useful in limiting the amount of damage a faulty process can cause to the system. Operating System Concepts

Operating System Concepts Domain Structure Access-right = <object-name, rights-set> where rights-set is a subset of all valid operations that can be performed on the object. Domain = set of access-rights Domains may be either static or dynamic Domain can be realized in a variety of ways: Each user may be a domain, each process may be a domain, each procedure may be a domain In unix a domain is associated with a user. Operating System Concepts

Operating System Concepts Access Matrix View protection as a matrix (access matrix) Rows represent domains Columns represent objects Access(i, j) is the set of operations that a process executing in Domaini can invoke on Objectj Operating System Concepts

Operating System Concepts Access Matrix Figure A Operating System Concepts

Operating System Concepts Use of Access Matrix If a process in Domain Di tries to do “op” on object Oj, then “op” must be in the access matrix. Can be expanded to dynamic protection. Operations to add, delete access rights. Special access rights Operating System Concepts

Operating System Concepts Mechanism vs. policy Access matrix design separates mechanism from policy. Mechanism Operating system provides access-matrix + rules. If ensures that the matrix is only manipulated by authorized agents and that rules are strictly enforced. Policy User dictates policy. Who can access what object and in what mode. Operating System Concepts

Changes in access rights Switching domain Controlled changes to access matrix Copy: The ability to copy an access right from one domain of the access matrix to another is denoted by * Owner:If access(I,j) contains owner right then a process executing in domain Di can add or remove any right from column j. Control If access (I,j) contains the control right then a process executing in domain Di can remove any access right from row j. Operating System Concepts