Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 14: Protection Modified by Dr. Neerja Mhaskar for CS 3SH3.

Published byMarcia McCarthy Modified over 6 years ago

Similar presentations

Presentation on theme: "Chapter 14: Protection Modified by Dr. Neerja Mhaskar for CS 3SH3."— Presentation transcript:

1 Chapter 14: Protection Modified by Dr. Neerja Mhaskar for CS 3SH3

2 Protection Goal Prevent malicious misuse of the system.
Ensure that each shared resource is used only in accordance with system policies Ensure that errant programs cause the minimal amount of damage possible Principle: Guiding principle – principle of least privilege Programs, users and systems should be given just enough privileges to perform their tasks Administrator account (or root account) not used for normal day to day activity. Limits damage if entity has a bug, gets abused

3 Domain of Protection A computer system is a collection of processes and objects Hardware objects (e.g.: CPU, memory segments, printers, disks, and tape drives) Software objects (such as files, programs, and semaphores). Need to know principle - states that a process should only have access to those objects it needs to accomplish its task, and furthermore only in the modes for which it needs access and only during the time frame when it needs access.

4 Domain Structure Processes operates within a protection domain
Protection domain specifies the resources a process may access Each domain defines a set of objects and the types of operations that may be invoked on each object. A domain is defined as a set of pairs of <object-name, rights-set> E.g.: <file F, {read, write}> An access right is the ability to execute an operation on an object. rights-set is a subset of all valid operations that can be performed on the object

5 Domain Structure Cont…
The association between a process and a domain may be static or dynamic. Association is static – then the set of resources available to the process is fixed throughout the process’s lifetime Association is dynamic – then the set of resources available to the process changes throughout the process’s lifetime Domain switching (switch from one domain to another). Domains may be realized in different ways As users, or As processes, or As procedures UNIX associates domains with users

6 Access Matrix View the model of protection as a matrix (access matrix)
Rows represent Domains Columns represent Objects access(i, j)- is the set of operations that a process executing in domain Di can invoke on Object Oj

7 Access Matrix Cont… Access Matrix with Domains as Objects
Domain switching can be easily supported under this model, by: including domains among the objects of the access matrix, and providing switch access right to other domains. Switching from Di to Dj  switch ∈ access(i, j) A process executing in domain D2 can switch to domain D3 or to domain D4.

8 Access Matrix Cont… Access Matrix with Domains as Objects
Domain switching can be easily supported under this model, simply by providing switch access right to other domains. Switching from Di to Dj  switch ∈ access(i, j) A process executing in domain D2 can switch to domain D3 or to domain D4.

9 Access Matrix Cont… To allow controlled changes to the access matrix, three additional operations are needed – copy, owner and control. Access Matrix with Copy Rights The ability to copy rights is denoted by an asterisk (*), Asterisk indicates that processes in that domain have the right to copy that access within the same column, i.e. for the same object. There are two variations: Transfer right - the access is removed from the original access entry after copying, that is, the access right is transferred rather than copied. Limited Copy right - the access right and not the asterisk is copied, that is only the right is copied but the ability to propagate the right further is not.

10 Access Matrix with Copy Rights
For example: process executing in domain D2 can copy the read operation into any entry associated with file F2

11 Access Matrix Cont… Access Matrix With Owner Rights
The owner right enables adding new rights or removing existing ones in a column or to that object. For example, in the next slide domain D1 is the owner of F1 and thus can add and delete any valid right in column F1

12 Access Matrix Cont…

13 Access Matrix Cont… Copy and owner rights only allow the modification of rights within a column. Control rights changes the entries in a row. Allow a process operating in one domain to affect the rights available in other domains. Control rights only apply to domain objects

14 Access Matrix Cont… For example in the table below, a process operating in domain D2 has the right to control any of the rights in domain D4.

15 Implementation of Access Matrix
The access matrix is generally, a sparse matrix (less entries) It can be implemented in many ways: Global Table Access Lists for Objects Capability Lists for Domains Lock–Key Mechanism  Comparison Each method has its own advantages and disadvantages. Many systems employ a combination of the above listed methods.

16 Implementation of Access Matrix Cont…
Global table – it is the simplest implementation Table stores ordered triples - <domain, object, rights-set> Drawbacks: Table usually large, and cannot be kept in main memory (virtual memory techniques used to manage it) Difficult to group objects (consider an object that all domains can read)

17 Implementation of Access Matrix (Cont.)
Access lists for objects Each column implemented as an access list for one object Resulting per-object list consists of ordered pairs <domain, rights-set> defining all domains with non-empty set of access rights for the object

18 Implementation of Access Matrix (Cont.)
Capability list for domains Instead of object-based, list is domain based Capability list for domain is list of objects together with operations allows on them Object represented by its name or address, called a capability Capability list associated with domain but never directly accessible by domain Rather, protected object, maintained by OS and accessed indirectly

19 Implementation of Access Matrix (Cont.)
Lock-key Compromise between access lists and capability lists Each object has list of unique bit patterns, called locks Each domain as list of unique bit patterns called keys Process in a domain can only access object if domain has key that matches one of the locks List of keys for a domain is managed by the operating system. Users are not allowed to examine or modify the list of keys (or locks) directly

20 Revocation of Access Rights
In a dynamic protection system, we may sometimes need to revoke access rights to objects shared by different domains (e.g.: users) Various options to remove the access right Immediate vs. delayed Selective vs. general Partial vs. total Temporary vs. permanent Access List – revocation of access rights from access list is simple. Simply search access list and remove entry. Capability List – revocation of access rights is complicated, because access rights are distributed throughout the system. Need to locate capability in the system before capability can be revoked

21 End of Chapter 14

Download ppt "Chapter 14: Protection Modified by Dr. Neerja Mhaskar for CS 3SH3."

Similar presentations

Protection Goals of Protection Domain of Protection Access Matrix

Protection Goals of Protection Domain of Protection Access Matrix
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
Protection. Goals of Protection Operating system consists of a collection of objects, hardware or software Each object has a unique name and can be accessed.

Protection. Goals of Protection Operating system consists of a collection of objects, hardware or software Each object has a unique name and can be accessed.
Bilkent University Department of Computer Engineering

Bilkent University Department of Computer Engineering
Reasons for Protection n Prevent users from accessing information they shouldn’t have access to. n Ensure that each program component uses system resources.

Reasons for Protection n Prevent users from accessing information they shouldn’t have access to. n Ensure that each program component uses system resources.
19: Protection1 PROTECTION Protection is the mechanism for controlling access to computer resources. Security concerns the physical integrity of the system.

19: Protection1 PROTECTION Protection is the mechanism for controlling access to computer resources. Security concerns the physical integrity of the system.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
Chapter 14: Protection.

Chapter 14: Protection.
Chapter 14: Protection.

Chapter 14: Protection.
Silberschatz, Galvin and Gagne ©2013 Operating System Concepts – 9 th Edition Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2013 Operating System Concepts – 9 th Edition Chapter 14: Protection.
Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Protection.

Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Protection.
Page 19/4/2015 CSE 30341: Operating Systems Principles Raid storage  Raid – 0: Striping  Good I/O performance if spread across disks (equivalent to n.

Page 19/4/2015 CSE 30341: Operating Systems Principles Raid storage  Raid – 0: Striping  Good I/O performance if spread across disks (equivalent to n.
Protection.

Protection.
14.1 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts Chapter 14: Protection Goals of Protection Principles of Protection Domain of Protection.

14.1 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts Chapter 14: Protection Goals of Protection Principles of Protection Domain of Protection.
Announcements Assignment 3 due. Invite friends, co-workers to your presentations. Course evaluations on Friday.

Announcements Assignment 3 due. Invite friends, co-workers to your presentations. Course evaluations on Friday.
Chapter 14 Protection Bernard Chen Spring 2007. 14.1 Goal of Protection Protection was originally conceived as an adjunct to multiprogramming operation.

Chapter 14 Protection Bernard Chen Spring Goal of Protection Protection was originally conceived as an adjunct to multiprogramming operation.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
Chapter 14: Protection. 14.2 Silberschatz, Galvin and Gagne ©2005 AE4B33OSS Chapter 14: Protection Goals of Protection Principles of Protection Domain.

Chapter 14: Protection Silberschatz, Galvin and Gagne ©2005 AE4B33OSS Chapter 14: Protection Goals of Protection Principles of Protection Domain.
Silberschatz, Galvin and Gagne  2002 18.1 Operating System Concepts Chapter 18: Protection Goals of Protection Objects and Domains Access Matrix Implementation.

Silberschatz, Galvin and Gagne  Operating System Concepts Chapter 18: Protection Goals of Protection Objects and Domains Access Matrix Implementation.

Similar presentations

Ads by Google