Presentation is loading. Please wait.

Presentation is loading. Please wait.

ANKITA NAIK. INTRODUCTION g598 An access matrix is a model of system resources protection. It consists of rows and columns. The rows of access matrix.

Published byAdrian Phillips Modified over 9 years ago

Similar presentations

Presentation on theme: "ANKITA NAIK. INTRODUCTION g598 An access matrix is a model of system resources protection. It consists of rows and columns. The rows of access matrix."— Presentation transcript:

1 ANKITA NAIK

2 INTRODUCTION g598 An access matrix is a model of system resources protection. It consists of rows and columns. The rows of access matrix represent domains, and columns represent objects. Each entry in the matrix consists of a set of access rights. The entry access(i,j) defines the set of operations that a process executing in domain D i can invoke object O j.

3 Access Matrix G598

4 Explanation of the above figure There are 4 domains and 4 objects - three files(F1,F2,F3) and one laser printer. A process executing in domain D1 can read files F1 and F3. A process executing in domain D4 can read and write the onto files F1 and F3. The laser printer can be accessed only by a process executing in domain D2. G598

5 USING SWITCH Processes should be able to switch from one domain to other so right(switch) is used. Switching from domain D i to D j is allowed only if access right switch € access(i,j). In the fig a process executing in domain D2 can switch to domain D3 or D4. a process executing in domain D4 can switch to domain D1 and D1 can switch to D2. G599

6 Access Matrix of fig 14.3 with Domains as Objects G599

7 Function of Access Matrix  provides mechanism consisting of implementing the access matrix and ensuring that semantic properties,we have outlined hold.  It implements policy decisions concerning protection.  The user normally decides the contents of access matrix entries i.e. who can access what object in what mode. G599

8 Operations(access rights) In order for change to take place in the contents of access matrix three additional operations required are as follows:  copy rights  Owner rights  Control rights G600

9 Access Matrix with Copy Rights The copy right allows the access right to be copied only within the column for which the right is defined. The ability to copy an access right from one domain to another is denoted by an asterisk(*) appended to the access right. For e.g. in the above fig a,a process executing in domain D2 can copy read operation into any entry in file F2. G600

10 Access Matrix with Copy Rights G600

11 Copy Rights This copy right can be divided into two variants: transfer and limited copy. 1) Transfer : A right copied from access(i, j) to access (k, j);it is then removed from access(i, j).this action is transfer of right. 2) Limited: propagation of copy right is limited i.e. when the right R* is copied from access(i, j) to access(k, j),only R is created (not R*). G600

12 Owner Rights The owner rights controls operation to allow addition of new rights and removal of the some rights. If access(I,j) includes the owner right, then a processes executing in domain Di can add and remove any right in any entry in column j. For eg,in fig below, domain D1 is the owner of F1 and thus can add and delete any valid right in column F1. Similarly, domain D2 is the owner of F2 and F3 and thus can add and remove any valid right within these two columns. G601

13 Access Matrix With Owner Rights G601

14 Control Rights The control right is applicable only to domain objects. If access(I,j) includes the control right, then process executing in Di can remove any access right from row j. For e.g.,in fig 14.4,we include the control right in access(D2,D4). Then a process executing in domain D2 could modify domain D4 as shown n fig 14.7. G601

15 Modified Access Matrix of Figure 14.4 G601

16 Questions:  Write a short note on access matrix.  Explain access matrix as a model of protection.

17

Download ppt "ANKITA NAIK. INTRODUCTION g598 An access matrix is a model of system resources protection. It consists of rows and columns. The rows of access matrix."

Similar presentations

Protection Goals of Protection Domain of Protection Access Matrix

Protection Goals of Protection Domain of Protection Access Matrix
1 Access Control. 2 Objects and Subjects A multi-user distributed computer system offers access to objects such as resources (memory, printers), data.

1 Access Control. 2 Objects and Subjects A multi-user distributed computer system offers access to objects such as resources (memory, printers), data.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
8.2 Discretionary Access Control Models Weiling Li.

8.2 Discretionary Access Control Models Weiling Li.
Protection. Goals of Protection Operating system consists of a collection of objects, hardware or software Each object has a unique name and can be accessed.

Protection. Goals of Protection Operating system consists of a collection of objects, hardware or software Each object has a unique name and can be accessed.
Bilkent University Department of Computer Engineering

Bilkent University Department of Computer Engineering
1999 Chapter 8-Protection Goals of Protection Domain of Protection Access Matrix Implementation of Access Matrix Revocation of Access Rights Capability-Based.

1999 Chapter 8-Protection Goals of Protection Domain of Protection Access Matrix Implementation of Access Matrix Revocation of Access Rights Capability-Based.
Reasons for Protection n Prevent users from accessing information they shouldn’t have access to. n Ensure that each program component uses system resources.

Reasons for Protection n Prevent users from accessing information they shouldn’t have access to. n Ensure that each program component uses system resources.
19: Protection1 PROTECTION Protection is the mechanism for controlling access to computer resources. Security concerns the physical integrity of the system.

19: Protection1 PROTECTION Protection is the mechanism for controlling access to computer resources. Security concerns the physical integrity of the system.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
Chapter 14: Protection.

Chapter 14: Protection.
Chapter 14: Protection.

Chapter 14: Protection.
Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Protection.

Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Protection.
Page 19/4/2015 CSE 30341: Operating Systems Principles Raid storage  Raid – 0: Striping  Good I/O performance if spread across disks (equivalent to n.

Page 19/4/2015 CSE 30341: Operating Systems Principles Raid storage  Raid – 0: Striping  Good I/O performance if spread across disks (equivalent to n.
Operating Systems Protection & Security.

Operating Systems Protection & Security.
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Chapter 14: Protection.

14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Chapter 14: Protection.
Protection.

Protection.
14.1 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts Chapter 14: Protection Goals of Protection Principles of Protection Domain of Protection.

14.1 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts Chapter 14: Protection Goals of Protection Principles of Protection Domain of Protection.
Announcements Assignment 3 due. Invite friends, co-workers to your presentations. Course evaluations on Friday.

Announcements Assignment 3 due. Invite friends, co-workers to your presentations. Course evaluations on Friday.

Similar presentations

Ads by Google