Download presentation
Presentation is loading. Please wait.
1
Operating System Concepts
Protection Goals of Protection Domain of Protection Access Matrix Implementation of Access Matrix Revocation of Access Rights Operating System Concepts
2
Difference between protection and security
Protection refers to a mechanism for controlling the access of programs, processes, or users to the resources defined by a computer system. Security is a measure of confidence that the integrity of system and its data will be preserved. Operating System Concepts
3
Operating System Concepts
Protection Protection problem - ensure that each object is accessed correctly and only by those processes that are allowed to do so. Protection improve reliability, used in enforcing policies governing resource uses Operating System Concepts
4
Operating System Concepts
Need to know principle A process should be allowed to access only those resources for which it has authorization. A process should be able to access only those resources that it currently requires to complete its task. This is referred as need to know principle and is useful in limiting the amount of damage a faulty process can cause to the system. Operating System Concepts
5
Operating System Concepts
Domain Structure Access-right = <object-name, rights-set> where rights-set is a subset of all valid operations that can be performed on the object. Domain = set of access-rights Domains may be either static or dynamic Domain can be realized in a variety of ways: Each user may be a domain, each process may be a domain, each procedure may be a domain In unix a domain is associated with a user. Operating System Concepts
6
Operating System Concepts
Access Matrix View protection as a matrix (access matrix) Rows represent domains Columns represent objects Access(i, j) is the set of operations that a process executing in Domaini can invoke on Objectj Operating System Concepts
7
Operating System Concepts
Access Matrix Figure A Operating System Concepts
8
Operating System Concepts
Use of Access Matrix If a process in Domain Di tries to do “op” on object Oj, then “op” must be in the access matrix. Can be expanded to dynamic protection. Operations to add, delete access rights. Special access rights Operating System Concepts
9
Operating System Concepts
Mechanism vs. policy Access matrix design separates mechanism from policy. Mechanism Operating system provides access-matrix + rules. If ensures that the matrix is only manipulated by authorized agents and that rules are strictly enforced. Policy User dictates policy. Who can access what object and in what mode. Operating System Concepts
10
Changes in access rights
Switching domain Controlled changes to access matrix Copy: The ability to copy an access right from one domain of the access matrix to another is denoted by * Owner:If access(I,j) contains owner right then a process executing in domain Di can add or remove any right from column j. Control If access (I,j) contains the control right then a process executing in domain Di can remove any access right from row j. Operating System Concepts
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.