Presentation is loading. Please wait.

Presentation is loading. Please wait.

Saurav Karmakar. Chapter 14: Protection  Goals of Protection  Principles of Protection  Domain of Protection  Access Matrix  Implementation of Access.

Published bySpencer Barker Modified over 7 years ago

Similar presentations

Presentation on theme: "Saurav Karmakar. Chapter 14: Protection  Goals of Protection  Principles of Protection  Domain of Protection  Access Matrix  Implementation of Access."— Presentation transcript:

1 Saurav Karmakar

2 Chapter 14: Protection  Goals of Protection  Principles of Protection  Domain of Protection  Access Matrix  Implementation of Access Matrix  Access Control  Revocation of Access Rights  Capability-Based Systems  Language-Based Protection

3 Objectives  Discuss the goals and principles of protection in a modern computer system  Explain how protection domains combined with an access matrix, are used to specify the resources a process may access  Examine capability and language-based protection systems

4 Goals of Protection  Protection problem - ensure that each object is accessed correctly and only by those processes that are allowed to do so.  Ensuring that a system uses resources only in ways consistent with stated policies (Access restriction employment)  Providing mechanism for the enforcement of the policies governing resource use.  Not only the concern of OS designer, but also application programmers need to use protection mechanism as well. [Note : Mechanism describes how things will be done and policies describes what will be done ]

5 Principles of Protection  Guiding principle – Principle of least privilege  Programs, users and systems should be given just enough privileges to perform their tasks

6 Domain of Protection  Operating system consists of a collection of objects, hardware or software  Requirement– Need-To-Know Principle  Useful in limiting the amount of damage a faulty process can cause in the system  Similar to “least privileged principle”.

7 Domain Structure  Protection Domain : Resources, a process can access.  Access Right : Ability to execute operation on object  Representing Access-right : where rights-set is a subset of all valid operations that can be performed on the object.  Domain = set of access-rights Association between domain and process may be static/dynamic

8 Domain Structure  Dynamic association : Domain Switching  Domain Realization–  Each user may be a domain  Each process may be a domain  Each procedure may be a domain

9 Domain Implementation (UNIX)  System consists of 2 domains in dual-mode:  User  Supervisor  UNIX  Domain = user-id  Domain switch accomplished via file system.  Each file has associated with it a domain bit (setuid bit) and an owner identification.  When file is executed and setuid = on, then user-id is set to owner of the file being executed. When execution completes user-id is reset.

10 Domain Implementation (MULTICS)  Let D i and D j be any two domain rings.  If j < i  D i  D j

11 Access Matrix  View protection as a matrix (access matrix)  Rows represent domains  Columns represent objects  Access(i, j) is the set of operations that a process executing in Domain i can invoke on Object j

12 Access Matrix

13 Use of Access Matrix  If a process in Domain D i tries to do “op” on object O j, then “op” must be in the access matrix.  Can be expanded to dynamic protection.  Operations to add, delete access rights.  Special access rights:  copy op from O i to O j  transfer – switch from domain D i to D j  owner of O i  control – D i can modify D j access rights

14 Access Matrix with Copy Rights

15 Access Matrix With Owner Rights

16 Access Matrix of Figure A With Domains as Objects Figure B

17 Modified Access Matrix of Figure B

18 Use of Access Matrix (Cont.)  Access matrix design separates mechanism from policy.  Mechanism  Operating system provides access-matrix + rules.  Ensures that the matrix is only manipulated by authorized agents and that rules are strictly enforced.  Policy  User dictates policy.  Who can access what object and in what mode.

19 Implementation of Access Matrix  GLOBAL TABLE :  Consisting of set of ordered triplets  Operation M, Domain D i, Object O j : search, with M in R k   Access Lists for Objects :  Each column : Access-control list for one object Defines who can perform what operation say for object F :  Can be extended to define a list plus default set of access rights.

20 Implementation of Access Matrix  Capability Lists for Domains :  Each Row :Capability List (like a key) Fore each domain, what operations allowed on what objects.  Viz. Domain D :  Lock-Key Scheme :  Compromise between lists and capability based system  Each Object has a unique bit patterns, called locks  Each Domain has a unique bit pattern lists, called keys  Lock and key pattern has to match for execution.

21 Access Control  Protection can be applied to non-file resources as well  Solaris 10 provides role-based access control to implement least privilege  Privilege is right to execute system call or use an option within a system call  Can be assigned to processes/roles  Users assigned roles granting access to privileges and programs

22 Role-based Access Control in Solaris 10

23 Revocation of Access Rights  Question about Revocation:  Immediate Vs Delayed  Selective Vs General  Partial Vs Total  Temporary Vs Permanent

24 Revocation of Access Rights  Access List – Delete access rights from access list.  Simple  Immediate  Capability List – Scheme required to locate capability in the system before capability can be revoked.  Reacquisition  Back-pointers  Indirection  Keys

25 Capability-Based Systems  Hydra  Fixed set of access rights known to and interpreted by the system.  Interpretation of user-defined rights performed solely by user's program; system provides access protection for use of these rights.  Cambridge CAP System  Data capability - provides standard read, write, execute of individual storage segments associated with object.  Software capability - interpretation left to the subsystem, through its protected procedures.

26 Language-Based Protection  Specification of protection in a programming language allows the high-level description of policies for the allocation and use of resources.  Language implementation can provide software for protection enforcement when automatic hardware- supported checking is unavailable.  Interpret protection specifications to generate calls on whatever protection system is provided by the hardware and the operating system.

27 Protection in Java  Protection is handled by the Java Virtual Machine (JVM)  A class is assigned a protection domain when it is loaded by the JVM.  The protection domain indicates what operations the class can (and cannot) perform.  If a library method is invoked that performs a privileged operation, the stack is inspected to ensure the operation can be performed by the library.

28 End of Lecture 10

Download ppt "Saurav Karmakar. Chapter 14: Protection  Goals of Protection  Principles of Protection  Domain of Protection  Access Matrix  Implementation of Access."

Similar presentations

Protection Goals of Protection Domain of Protection Access Matrix

Protection Goals of Protection Domain of Protection Access Matrix
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
Protection. Goals of Protection Operating system consists of a collection of objects, hardware or software Each object has a unique name and can be accessed.

Protection. Goals of Protection Operating system consists of a collection of objects, hardware or software Each object has a unique name and can be accessed.
Bilkent University Department of Computer Engineering

Bilkent University Department of Computer Engineering
1999 Chapter 8-Protection Goals of Protection Domain of Protection Access Matrix Implementation of Access Matrix Revocation of Access Rights Capability-Based.

1999 Chapter 8-Protection Goals of Protection Domain of Protection Access Matrix Implementation of Access Matrix Revocation of Access Rights Capability-Based.
Reasons for Protection n Prevent users from accessing information they shouldn’t have access to. n Ensure that each program component uses system resources.

Reasons for Protection n Prevent users from accessing information they shouldn’t have access to. n Ensure that each program component uses system resources.
19: Protection1 PROTECTION Protection is the mechanism for controlling access to computer resources. Security concerns the physical integrity of the system.

19: Protection1 PROTECTION Protection is the mechanism for controlling access to computer resources. Security concerns the physical integrity of the system.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts, Amherst Operating Systems CMPSCI 377 Lecture.

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts, Amherst Operating Systems CMPSCI 377 Lecture.
Chapter 14: Protection.

Chapter 14: Protection.
Chapter 14: Protection.

Chapter 14: Protection.
Silberschatz, Galvin and Gagne ©2013 Operating System Concepts – 9 th Edition Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2013 Operating System Concepts – 9 th Edition Chapter 14: Protection.
Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Protection.

Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Protection.
Page 19/4/2015 CSE 30341: Operating Systems Principles Raid storage  Raid – 0: Striping  Good I/O performance if spread across disks (equivalent to n.

Page 19/4/2015 CSE 30341: Operating Systems Principles Raid storage  Raid – 0: Striping  Good I/O performance if spread across disks (equivalent to n.
Operating Systems Protection & Security.

Operating Systems Protection & Security.
U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts, Amherst Operating Systems CMPSCI 377 Lecture.

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts, Amherst Operating Systems CMPSCI 377 Lecture.
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Chapter 14: Protection.

14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Chapter 14: Protection.
Protection.

Protection.
14.1 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts Chapter 14: Protection Goals of Protection Principles of Protection Domain of Protection.

14.1 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts Chapter 14: Protection Goals of Protection Principles of Protection Domain of Protection.
Announcements Assignment 3 due. Invite friends, co-workers to your presentations. Course evaluations on Friday.

Announcements Assignment 3 due. Invite friends, co-workers to your presentations. Course evaluations on Friday.

Similar presentations

Ads by Google