14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Chapter 14: Protection.

Slides:



Advertisements
Similar presentations
Protection Goals of Protection Domain of Protection Access Matrix
Advertisements

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
Protection. Goals of Protection Operating system consists of a collection of objects, hardware or software Each object has a unique name and can be accessed.
Bilkent University Department of Computer Engineering
1999 Chapter 8-Protection Goals of Protection Domain of Protection Access Matrix Implementation of Access Matrix Revocation of Access Rights Capability-Based.
Reasons for Protection n Prevent users from accessing information they shouldn’t have access to. n Ensure that each program component uses system resources.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts, Amherst Operating Systems CMPSCI 377 Lecture.
Chapter 14: Protection.
Chapter 14: Protection.
Chapter 14: Protection.
Silberschatz, Galvin and Gagne ©2013 Operating System Concepts – 9 th Edition Chapter 14: Protection.
Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Protection.
Page 19/4/2015 CSE 30341: Operating Systems Principles Raid storage  Raid – 0: Striping  Good I/O performance if spread across disks (equivalent to n.
Operating Systems Protection & Security.
U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts, Amherst Operating Systems CMPSCI 377 Lecture.
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Chapter 14: Protection.
Protection.
14.1 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts Chapter 14: Protection Goals of Protection Principles of Protection Domain of Protection.
Network Security Lecture 3 Presented by: Dr. Munam Ali Shah.
Announcements Assignment 3 due. Invite friends, co-workers to your presentations. Course evaluations on Friday.
Chapter 14 Protection Bernard Chen Spring Goal of Protection Protection was originally conceived as an adjunct to multiprogramming operation.
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition The Security Requirements Triad Data confidentiality Privacy Data Integrity.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
Chapter 14: Protection Silberschatz, Galvin and Gagne ©2005 AE4B33OSS Chapter 14: Protection Goals of Protection Principles of Protection Domain.
Silberschatz, Galvin, and Gagne  Applied Operating System Concepts Module 18: Protection Goals of Protection Domain of Protection Access Matrix.
Silberschatz, Galvin and Gagne  Operating System Concepts Chapter 18: Protection Goals of Protection Objects and Domains Access Matrix Implementation.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Protection (Chapter 14)
Cosc 4740 Chapter 13: Protection. Goals of Protection Operating system consists of a collection of objects, hardware or software Each object has a unique.
Protection Nadeem Majeed Choudhary
CE Operating Systems Lecture 21 Operating Systems Protection with examples from Linux & Windows.
Modul ke: Fakultas Program Studi Proteksi SISTEM OPERASI Misbahul Fajri, ST., MTI. 14 FASILKOM Teknik Informatika.
14.1/21 Part 5: protection and security Protection mechanisms control access to a system by limiting the types of file access permitted to users. In addition,
Chapter 14: Protection Silberschatz, Galvin and Gagne ©2005 Operating System Concepts – 7 th Edition, Apr 11, 2005 Chapter 14: Protection Goals.
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Protection.
Chapter 14: Protection Silberschatz, Galvin and Gagne ©2005 Operating System Concepts – 7 th Edition, Apr 11, 2005 Goals of Protection Operating.
Chapter 14: Protection Silberschatz, Galvin and Gagne ©2005 Operating System Concepts Goals of Protection Operating system consists of a collection.
Silberschatz, Galvin and Gagne ©2013 Operating System Concepts – 9 th Edition Chapter 14: Protection.
11.1 CSE Department MAITSandeep Tayal 11: Protection Goals of Protection Domain of Protection Access Matrix Implementation of Access Matrix Revocation.
CSE Operating System Principles Protection.
18.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 18: Protection Goals of Protection Domain of Protection Access Matrix.
Chapter 17: System Protection Silberschatz, Galvin and Gagne ©2005 Operating System Concepts Chapter 17: Protection Goals of Protection Principles.
Saurav Karmakar. Chapter 14: Protection  Goals of Protection  Principles of Protection  Domain of Protection  Access Matrix  Implementation of Access.
PROTECTION.
Operating Systems Protection Alok Kumar Jagadev.
Chapter 14: Protection Modified by Dr. Neerja Mhaskar for CS 3SH3.
Chapter 14: System Protection
Operating System Concepts
Chapter 14: Protection.
Chapter 14: Protection Source & Copyright: Operating System Concepts, Silberschatz, Galvin and Gagne.
Chapter 14: Protection.
Chapter 14: Protection.
Chapter 14: Protection.
CE Operating Systems Lecture 21
Chapter 14: Protection.
Chapter 14: Protection.
Chapter 14: Protection.
Chapter 14: Protection.
Chapter 14: Protection.
Chapter 14: Protection.
Chapter 14: Protection.
Operating System Concepts
Chapter 14: Protection.
Chapter 14: Protection.
Chapter 14: Protection.
Chapter 14: Protection.
Chapter 14: Protection.
Operating System Concepts
Chapter 14: Protection.
Presentation transcript:

14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Chapter 14: Protection

14.2 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Chapter 14: Protection Goals of Protection Principles of Protection Domain of Protection Access Matrix Implementation of Access Matrix Access Control

14.3 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Goals of Protection Operating system consists of a collection of objects, hardware or software Each object has a unique name and can be accessed through a well-defined set of operations Protection problem - ensure that each object is accessed correctly and only by those processes that are allowed to do so

14.4 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Principles of Protection Guiding principle – principle of least privilege Programs, users and systems should be given just enough privileges to perform their tasks

14.5 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Domain Structure Access-right = where rights-set is a subset of all valid operations that can be performed on the object. Domain = set of access-rights

14.6 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Domain Implementation (UNIX) System consists of 2 domains: User Supervisor UNIX Domain = user-id Domain switch accomplished via file system  Each file has associated with it a domain bit (setuid bit)  When file is executed and setuid = on, then user-id is set to owner of the file being executed. When execution completes user-id is reset

14.7 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Access Matrix View protection as a matrix (access matrix) Rows represent domains Columns represent objects Access(i, j) is the set of operations that a process executing in Domain i can invoke on Object j

14.8 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Access Matrix

14.9 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Use of Access Matrix If a process in Domain D i tries to do “op” on object O j, then “op” must be in the access matrix Can be expanded to dynamic protection Operations to add, delete access rights Special access rights:  owner of O i  copy op from O i to O j  control – D i can modify D j access rights  transfer – switch from domain D i to D j

14.10 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Use of Access Matrix (Cont) Access matrix design separates mechanism from policy Mechanism  Operating system provides access-matrix + rules  If ensures that the matrix is only manipulated by authorized agents and that rules are strictly enforced Policy  User dictates policy  Who can access what object and in what mode

14.11 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Implementation of Access Matrix Each column = Access-control list for one object Defines who can perform what operation. Domain 1 = Read, Write Domain 2 = Read Domain 3 = Read  Each Row = Capability List (like a key) Fore each domain, what operations allowed on what objects. Object 1 – Read Object 4 – Read, Write, Execute Object 5 – Read, Write, Delete, Copy

14.12 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Access Matrix of Figure A With Domains as Objects Figure B

14.13 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Access Matrix with Copy Rights

14.14 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Access Matrix With Owner Rights

14.15 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Modified Access Matrix of Figure B

14.16 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Access Control Protection can be applied to non-file resources Solaris 10 provides role-based access control (RBAC) to implement least privilege Privilege is right to execute system call or use an option within a system call Can be assigned to processes Users assigned roles granting access to privileges and programs

14.17 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Role-based Access Control in Solaris 10

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.