Presentation is loading. Please wait.

Presentation is loading. Please wait.

14.1/21 Part 5: protection and security Protection mechanisms control access to a system by limiting the types of file access permitted to users. In addition,

Published byRalph Lindsey Modified over 8 years ago

Similar presentations

Presentation on theme: "14.1/21 Part 5: protection and security Protection mechanisms control access to a system by limiting the types of file access permitted to users. In addition,"— Presentation transcript:

1 14.1/21 Part 5: protection and security Protection mechanisms control access to a system by limiting the types of file access permitted to users. In addition, protection must ensure that only processes that have gained proper authorization from the operating system can operate on memory segments, the CPU, and other resources. Security ensures the authentication of system users to protect the integrity of the information stored in the system (both data and code), as well as the physical resources of the computer system. The security system prevents unauthorized access, malicious destruction or alteration of data, and accidental introduction of inconsistency.

2 Chapter 14: Protection

3 14.3/21 Chapter 14: Protection Goals of Protection Principles of Protection Domain of Protection Access Matrix Implementation of Access Matrix

4 14.4/21 Objectives Discuss the goals and principles of protection in a modern computer system Explain how protection domains combined with an access matrix are used to specify the resources a process may access Examine capability and language-based protection systems

5 14.5/21 Goals of Protection Modern protection concepts have evolved to increase the reliability of any complex system that makes use of shared resources. need to provide protection for several reasons the need to prevent mischievous, intentional violation of an access restriction by a user. the need to ensure that each program component active in a system uses system resources only in the ways consistent with stated policies. Protection can improve reliability by detecting latent errors at the interfaces between component subsystems. P531

6 14.6/21 Principles of Protection Guiding principle – principle of least privilege Programs, users and systems should be given just enough privileges to perform their tasks Consider the analogy of a security guard with a passkey. If this key allows the guard into just the public areas that she guards, then misuse of the key will result in minimal damage. If, however, the passkey allows access to all areas, then damage from its being lost, stolen, misused, copied or otherwise compromised will be much greater. P532

7 14.7/21 Principles of Protection Managing users with the principle of least privilege entails creating a separate account for each user, with just the privileges that the user needs. Computers implemented in a computing facility under the principle of least privilege can be limited to running specific services, accessing specific remote hosts via specific services, and doing so during specific times. The principle of least privilege can help produce a more secure computing environment. Unfortunately, it frequently does not. For example, Windows 2000 has a complex protection scheme at its core and yet has many security hole.

8 14.8/21 Domain of Protection Operating system consists of a collection of objects, hardware objects or software objects Each object has a unique name and can be accessed through a well-defined set of operations. A process should be allowed to access only those resources for which it has authorization. Furthermore, at any time, a process should be able to access only those resources that it currently requires to complete its task. This requirement, commonly referred to as the need to know principle, is useful in limiting the amount of damage a faulty process can cause in the system. P533

9 14.9/21 Domain Structure Each protection domain defines a set of objects and the types of operations that may be invoked on each object. The ability to execute an operation on an object is an access right. Access-right = where rights-set is a subset of all valid operations that can be performed on the object. Domain = set of access-rights if domain D has the access right, then a process executing in domain D can both read and write file F. P534

10 14.10/21 Domain Structure Domains do not need to be disjoint; they may share access rights.

11 14.11/21 Domain Structure The association between a process and a domain may be either static, if the set of resources available to the process is fixed throughout the process's lifetime, or dynamic. If the association between processes and domains is fixed, and we want to adhere to the need-to-know principle, then a mechanism must be available to change the content of a domain. If the association is dynamic, a mechanism is available to allow domain switching, enabling the process to switch from one domain to another. P534

12 14.12/21 Domain Realization Each user may be a domain. In this case, the set of objects that can be accessed depends on the identity of the user. Domain switching occurs when the user is changed- generally when one user logs out and another user logs in. Each process may be a domain. In this case, the set of objects that can be accessed depends on the identity of the process. Domain switching occurs when one process sends a message to another process and then waits for a response. Each procedure may be a domain. in this case, the set of objects that can be accessed corresponds to the local variables defined within the procedure. Domain switching occurs when a procedure call is made. P535

13 14.13/21 Access Matrix View protection as a matrix (access matrix) Rows represent domains Columns represent objects Access(i, j) is the set of operations that a process executing in Domain i can invoke on Object j P538

14 14.14/21 Access Matrix

15 14.15/21 Access Matrix of Figure A With Domains as Objects Figure B

16 14.16/21 Implementation of Access Matrix Global Table Consisting of a set of ordered triples. drawbacks  The table is usually large and thus cannot be kept in main memory, so additional I/O is needed.  if everyone can read a particular object, it must have a separate entry in every domain. P542

17 14.17/21 Implementation of Access Matrix Each column = Access-control list for one object The resulting list for each object consists of ordered pairs, which define all domains with a nonempty set of access rights for that object. Defines who can perform what operation. Domain 1 = Read, Write Domain 2 = Read Domain 3 = Read

18 14.18/21 Implementation of Access Matrix Each Row = Capability List (like a key) Fore each domain, what operations allowed on what objects. Object 1 – Read Object 4 – Read, Write, Execute Object 5 – Read, Write, Delete, Copy P543

19 14.19/21 Lock-key scheme Compromise between access lists and capability lists. Each object has a list of unique bit patterns, called locks. Similarly, each domain has a list of unique bit patterns, called keys. A process executing in a domain can access an object only if that domain has a key that matches one of the locks of the object. Users are not allowed to examine or modify the list of keys (or locks) directly. P544

20 14.20/21 Comparison Using a global table is simple; however, the table can be quite large and often cannot take advantage of special groupings of objects or domains. Access lists correspond directly to the needs of users. determining the set of access rights for each domain is difficult. in addition, every access to the object must be checked, requiring a search of the access list. Capability lists do not correspond directly to the needs of users; they are useful, however, for localizing information for a given process. The process attempting access must present a capability for that access. The lock-key mechanism can be both effective and flexible. P544

21 End of Chapter 14

Download ppt "14.1/21 Part 5: protection and security Protection mechanisms control access to a system by limiting the types of file access permitted to users. In addition,"

Similar presentations

Protection Goals of Protection Domain of Protection Access Matrix

Protection Goals of Protection Domain of Protection Access Matrix
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
Security & Protection 1.

Security & Protection 1.
Protection. Goals of Protection Operating system consists of a collection of objects, hardware or software Each object has a unique name and can be accessed.

Protection. Goals of Protection Operating system consists of a collection of objects, hardware or software Each object has a unique name and can be accessed.
Bilkent University Department of Computer Engineering

Bilkent University Department of Computer Engineering
Reasons for Protection n Prevent users from accessing information they shouldn’t have access to. n Ensure that each program component uses system resources.

Reasons for Protection n Prevent users from accessing information they shouldn’t have access to. n Ensure that each program component uses system resources.
19: Protection1 PROTECTION Protection is the mechanism for controlling access to computer resources. Security concerns the physical integrity of the system.

19: Protection1 PROTECTION Protection is the mechanism for controlling access to computer resources. Security concerns the physical integrity of the system.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
Chapter 14: Protection.

Chapter 14: Protection.
Chapter 14: Protection.

Chapter 14: Protection.
Lecture 7 Access Control

Lecture 7 Access Control
Silberschatz, Galvin and Gagne ©2013 Operating System Concepts – 9 th Edition Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2013 Operating System Concepts – 9 th Edition Chapter 14: Protection.
Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Protection.

Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Protection.
Page 19/4/2015 CSE 30341: Operating Systems Principles Raid storage  Raid – 0: Striping  Good I/O performance if spread across disks (equivalent to n.

Page 19/4/2015 CSE 30341: Operating Systems Principles Raid storage  Raid – 0: Striping  Good I/O performance if spread across disks (equivalent to n.
Operating Systems Protection & Security.

Operating Systems Protection & Security.
Protection.

Protection.
14.1 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts Chapter 14: Protection Goals of Protection Principles of Protection Domain of Protection.

14.1 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts Chapter 14: Protection Goals of Protection Principles of Protection Domain of Protection.
Chapter 14 Protection Bernard Chen Spring 2007. 14.1 Goal of Protection Protection was originally conceived as an adjunct to multiprogramming operation.

Chapter 14 Protection Bernard Chen Spring Goal of Protection Protection was originally conceived as an adjunct to multiprogramming operation.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Similar presentations

Ads by Google