Presentation is loading. Please wait.

Presentation is loading. Please wait.

14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Chapter 14: Protection.

Published byElaine Day Modified over 8 years ago

Similar presentations

Presentation on theme: "14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Chapter 14: Protection."— Presentation transcript:

1 14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Chapter 14: Protection

2 14.2 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Chapter 14: Protection Goals of Protection Principles of Protection Domain of Protection Access Matrix Implementation of Access Matrix Access Control

3 14.3 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Goals of Protection Operating system consists of a collection of objects, hardware or software Each object has a unique name and can be accessed through a well-defined set of operations Protection problem - ensure that each object is accessed correctly and only by those processes that are allowed to do so

4 14.4 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Principles of Protection Guiding principle – principle of least privilege Programs, users and systems should be given just enough privileges to perform their tasks

5 14.5 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Domain Structure Access-right = where rights-set is a subset of all valid operations that can be performed on the object. Domain = set of access-rights

6 14.6 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Domain Implementation (UNIX) System consists of 2 domains: User Supervisor UNIX Domain = user-id Domain switch accomplished via file system  Each file has associated with it a domain bit (setuid bit)  When file is executed and setuid = on, then user-id is set to owner of the file being executed. When execution completes user-id is reset

7 14.7 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Access Matrix View protection as a matrix (access matrix) Rows represent domains Columns represent objects Access(i, j) is the set of operations that a process executing in Domain i can invoke on Object j

8 14.8 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Access Matrix

9 14.9 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Use of Access Matrix If a process in Domain D i tries to do “op” on object O j, then “op” must be in the access matrix Can be expanded to dynamic protection Operations to add, delete access rights Special access rights:  owner of O i  copy op from O i to O j  control – D i can modify D j access rights  transfer – switch from domain D i to D j

10 14.10 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Use of Access Matrix (Cont) Access matrix design separates mechanism from policy Mechanism  Operating system provides access-matrix + rules  If ensures that the matrix is only manipulated by authorized agents and that rules are strictly enforced Policy  User dictates policy  Who can access what object and in what mode

11 14.11 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Implementation of Access Matrix Each column = Access-control list for one object Defines who can perform what operation. Domain 1 = Read, Write Domain 2 = Read Domain 3 = Read  Each Row = Capability List (like a key) Fore each domain, what operations allowed on what objects. Object 1 – Read Object 4 – Read, Write, Execute Object 5 – Read, Write, Delete, Copy

12 14.12 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Access Matrix of Figure A With Domains as Objects Figure B

13 14.13 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Access Matrix with Copy Rights

14 14.14 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Access Matrix With Owner Rights

15 14.15 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Modified Access Matrix of Figure B

16 14.16 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Access Control Protection can be applied to non-file resources Solaris 10 provides role-based access control (RBAC) to implement least privilege Privilege is right to execute system call or use an option within a system call Can be assigned to processes Users assigned roles granting access to privileges and programs

17 14.17 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Role-based Access Control in Solaris 10

Download ppt "14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Chapter 14: Protection."

Similar presentations

Protection Goals of Protection Domain of Protection Access Matrix

Protection Goals of Protection Domain of Protection Access Matrix
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
Protection. Goals of Protection Operating system consists of a collection of objects, hardware or software Each object has a unique name and can be accessed.

Protection. Goals of Protection Operating system consists of a collection of objects, hardware or software Each object has a unique name and can be accessed.
Bilkent University Department of Computer Engineering

Bilkent University Department of Computer Engineering
1999 Chapter 8-Protection Goals of Protection Domain of Protection Access Matrix Implementation of Access Matrix Revocation of Access Rights Capability-Based.

1999 Chapter 8-Protection Goals of Protection Domain of Protection Access Matrix Implementation of Access Matrix Revocation of Access Rights Capability-Based.
Reasons for Protection n Prevent users from accessing information they shouldn’t have access to. n Ensure that each program component uses system resources.

Reasons for Protection n Prevent users from accessing information they shouldn’t have access to. n Ensure that each program component uses system resources.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts, Amherst Operating Systems CMPSCI 377 Lecture.

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts, Amherst Operating Systems CMPSCI 377 Lecture.
Chapter 14: Protection.

Chapter 14: Protection.
Chapter 14: Protection.

Chapter 14: Protection.
Chapter 14: Protection.

Chapter 14: Protection.
Silberschatz, Galvin and Gagne ©2013 Operating System Concepts – 9 th Edition Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2013 Operating System Concepts – 9 th Edition Chapter 14: Protection.
Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Protection.

Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Protection.
Page 19/4/2015 CSE 30341: Operating Systems Principles Raid storage  Raid – 0: Striping  Good I/O performance if spread across disks (equivalent to n.

Page 19/4/2015 CSE 30341: Operating Systems Principles Raid storage  Raid – 0: Striping  Good I/O performance if spread across disks (equivalent to n.
Operating Systems Protection & Security.

Operating Systems Protection & Security.
U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts, Amherst Operating Systems CMPSCI 377 Lecture.

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts, Amherst Operating Systems CMPSCI 377 Lecture.
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Chapter 14: Protection.

14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Chapter 14: Protection.
Protection.

Protection.
14.1 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts Chapter 14: Protection Goals of Protection Principles of Protection Domain of Protection.

14.1 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts Chapter 14: Protection Goals of Protection Principles of Protection Domain of Protection.
Network Security Lecture 3 Presented by: Dr. Munam Ali Shah.

Network Security Lecture 3 Presented by: Dr. Munam Ali Shah.

Similar presentations

Ads by Google