Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 14: Protection.

Published byJulia Bridges Modified over 5 years ago

Similar presentations

Presentation on theme: "Chapter 14: Protection."— Presentation transcript:

1 Chapter 14: Protection

2 Protection Have been discussing throughout course Dual-mode operation
File-system permissions Will examine in more detail Will provide a theoretical construct for comparison purposes Protection System Resources User Other Users

3 Principles of Protection
Guiding principles Principle of least privilege Just enough privileges to perform their tasks Need to know principle Access only those resources that user currently requires Least Privilege Need-to-know

4 A Theoretical Construct
Like Turing machines in computational theory or relational calculus in databases Gives us a framework for comparing models Access-right = <object-name, rights-set> where rights-set is a subset of all valid operations that can be performed on the object. Domain = set objects and their associated of access-rights

5 Domain Structure Processes Association between process and domain
Fixed If wish to adhere to need-to-know principle Must be able to change domain content Dynamic Implies: able to switch domains Processes Change access rights on the fly -or- Switch domains

6 Domain Implementation (UNIX)
System consists of 2 domain classes: User Supervisor Domain = user-id Can’t easily change access privileges on the fly… Unix: dynamic Processes able to change domains

7 Domain switching in Unix
Domain switch accomplished via file system. Each file has associated with it a domain bit (setuid bit). When file is executed and setuid = on, then user-id is set to owner of the file being executed. When execution completes user-id is reset. Example: set password Must change an entry in “passwd” file Could perform through system call Very limiting, must alter the kernel What if a user wanted to give limited access

8 Domain Implementation (MULTICS)
Let Di and Dj be any two domain rings. If j < I  Di  Dj

9 Access Matrix Representation of theoretical construct
In Unix, rows=users, columns=resources (files, etc.)

10 Where to keep the list ACL vs. Capabilities
If keep permissions with object Access control list (ACL) Columns of access matrix If keep with the user (or in a database indexed by user) Capability list Rows of access matrix ACL dominant Still a huge debate ACL vs. Capabilities

11 Revocation of Access Rights
If mean remove rights for all users to access a given object… Access List – Delete access rights from access list. Simple Immediate Capability List – Scheme required to locate capability in the system before capability can be revoked. Less easy, would search all user’s lists Methods for overcoming Reacquisition: periodically delete all rights from domains Back-pointers Indirection Keys (domain has key, objects have locks) Master key Several keys with different privileges User n capabilities Print to printer x r,w,x,own home dir r,x /usr/bin Doug notes Basically, list is with domain, not object Seems cultish, a lot of anger AL has taken over But still lots of research and publications It has been said that they are equivalent Distinguish between capability and or other accessible data I think an example of a capability might be “print” Book says most OS’s use combo of two, and likens permissions on file as access list and entry in open file table as a capability Mach is supposedly capability list From wiki Although most operating systems implement a facility which resembles capabilities, they typically do not provide enough support to allow for the exchange of capabilities among possibly mutually untrusting entities to be the primary means of granting and distributing access rights throughout the system. A capability-based system, in contrast, is designed with that goal in mind. Also said that does not have a path to a file, but rather each user must have an “un-forgeable reference” and simply having the reference gives them access.

12 Role-Based Access Control
RBAC Solaris 10 and systems that utilize directory services (Novel, Windows NT, Linux) Users assigned roles granting access to privileges and programs Can be temporary In charge of certain resources

13 Language-Based Protection
Compiler-based enforcement Only allow compilation by “trusted” compiler Write programs for dissemination with built-in safe-guards Weaknesses? Example: Java Handled by Java Virtual Machine (JVM) Especially useful in Java Applets Disk access off by default Performs loads un-trusted methods downloaded from web A class can only perform a privileged operation if it is in a protection domain All privileged ops must be performed in a privileged block Determined through stack inspection

14 End of Chapter 14

Download ppt "Chapter 14: Protection."

Similar presentations

Protection Goals of Protection Domain of Protection Access Matrix

Protection Goals of Protection Domain of Protection Access Matrix
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Protection. Goals of Protection Operating system consists of a collection of objects, hardware or software Each object has a unique name and can be accessed.

Protection. Goals of Protection Operating system consists of a collection of objects, hardware or software Each object has a unique name and can be accessed.
Bilkent University Department of Computer Engineering

Bilkent University Department of Computer Engineering
Reasons for Protection n Prevent users from accessing information they shouldn’t have access to. n Ensure that each program component uses system resources.

Reasons for Protection n Prevent users from accessing information they shouldn’t have access to. n Ensure that each program component uses system resources.
19: Protection1 PROTECTION Protection is the mechanism for controlling access to computer resources. Security concerns the physical integrity of the system.

19: Protection1 PROTECTION Protection is the mechanism for controlling access to computer resources. Security concerns the physical integrity of the system.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
Chapter 14: Protection.

Chapter 14: Protection.
Chapter 14: Protection.

Chapter 14: Protection.
Lecture 7 Access Control

Lecture 7 Access Control
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
Silberschatz, Galvin and Gagne ©2013 Operating System Concepts – 9 th Edition Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2013 Operating System Concepts – 9 th Edition Chapter 14: Protection.
Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Protection.

Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Protection.
Page 19/4/2015 CSE 30341: Operating Systems Principles Raid storage  Raid – 0: Striping  Good I/O performance if spread across disks (equivalent to n.

Page 19/4/2015 CSE 30341: Operating Systems Principles Raid storage  Raid – 0: Striping  Good I/O performance if spread across disks (equivalent to n.
Operating Systems Protection & Security.

Operating Systems Protection & Security.
Protection.

Protection.
14.1 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts Chapter 14: Protection Goals of Protection Principles of Protection Domain of Protection.

14.1 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts Chapter 14: Protection Goals of Protection Principles of Protection Domain of Protection.
Announcements Assignment 3 due. Invite friends, co-workers to your presentations. Course evaluations on Friday.

Announcements Assignment 3 due. Invite friends, co-workers to your presentations. Course evaluations on Friday.
Chapter 14 Protection Bernard Chen Spring 2007. 14.1 Goal of Protection Protection was originally conceived as an adjunct to multiprogramming operation.

Chapter 14 Protection Bernard Chen Spring Goal of Protection Protection was originally conceived as an adjunct to multiprogramming operation.

Similar presentations

Ads by Google