Presentation is loading. Please wait.

Presentation is loading. Please wait.

Protection and Security

Published byCamron Hamilton Modified over 6 years ago

Similar presentations

Presentation on theme: "Protection and Security"— Presentation transcript:

1 Protection and Security
Protection is any mechanism for controlling the access of processes to the resources of a computer system. This mechanism must provide a means for specification of the control to be imposed and a means of enforcement. Security ensures user authentication preventing malicious destruction or alteration of the information stored in a computer system.

2 Protection models policies mechanisms
A general protection system may be subdivided in three levels models policies mechanisms

3 Models The protection model defines the subjects, the objects to which the subjects may access and the access rights, that is the operations by which subjects can access to objects. The subjects are the active part of the system (processes) The objects are the passive part of the system (physical and logical resources). A subject may have access rights either to objects or other subjects (a process can control other processes) .

4 A process has different access rights to objects, depending on what task is currently doing.
The particular set of rigts a process has at any given time is referred to as its protection domain.

5 Policies The protection policy define the rules by which the subjects can access to the objects: Discretional access control (DAC). The owner of an object controls the access rigthts for that object. ( UNIX). Mandatory access control (MAC). The access rigths are centrally managed ( hospital organizations). Rules are defined in order to establish the access rights of the users. The rules cannot be modified by the users. Role Based Access Control (RABC). Specific access rights are assigned to useres depending to their role in the organization. A user can belong to different roles. .

6 Mechanisms and policies are different concepts
Example: UNIX provides a mechanism to define for each file three bits ( read, write and execute) for the owner of the file, for the group and for the others The user defines the value of the three bits (policy)

7 Changing the protection state
Standard dual mode (monitor-user mode) Two protection state:user mode and monitor o kernel mode. Domain changing associated to the system calls When a process must execute a privileged instruction (access to files, I/O operations…) a change of domain happens. It is not possible to have protection among users.

8 Access matrix O1 O2 O3 read,write execute write read,write, S1 S2

9 Access matrix implementation
: - Matrix dimension - Sparse matrix Access Control List (ACL). The matrix may be decomposed by columns: to each object an access control list is associated. It contains all the subjects that can access to the object and the permitted access rigths. .Capability List The matrix is decomposed by rows: to each subject is associated a list that contains the objects accessible by the the subject and the relative access rights.

Download ppt "Protection and Security"

Similar presentations

Protection Goals of Protection Domain of Protection Access Matrix

Protection Goals of Protection Domain of Protection Access Matrix
Operating System Security

Operating System Security
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
Protection and Security Protection is any mechanism for controlling the access of processes to the resources of a computer system. This mechanism must.

Protection and Security Protection is any mechanism for controlling the access of processes to the resources of a computer system. This mechanism must.
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Protection. Goals of Protection Operating system consists of a collection of objects, hardware or software Each object has a unique name and can be accessed.

Protection. Goals of Protection Operating system consists of a collection of objects, hardware or software Each object has a unique name and can be accessed.
Reasons for Protection n Prevent users from accessing information they shouldn’t have access to. n Ensure that each program component uses system resources.

Reasons for Protection n Prevent users from accessing information they shouldn’t have access to. n Ensure that each program component uses system resources.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.

Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.
Chapter 14: Protection.

Chapter 14: Protection.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 4: Access Control.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 4: Access Control.
Lecture 7 Access Control

Lecture 7 Access Control
Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.

Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
© G. Dhillon, IS Department Virginia Commonwealth University Principles of IS Security Formal Models.

© G. Dhillon, IS Department Virginia Commonwealth University Principles of IS Security Formal Models.
14.1 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts Chapter 14: Protection Goals of Protection Principles of Protection Domain of Protection.

14.1 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts Chapter 14: Protection Goals of Protection Principles of Protection Domain of Protection.
CSCE 201 Introduction to Information Security Fall 2010 Access Control.

CSCE 201 Introduction to Information Security Fall 2010 Access Control.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 4 – Access Control.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 4 – Access Control.

Similar presentations

Ads by Google