Lecture 28 Protection - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

Lecture 28 Protection

Description:

Operating system consists of a collection of objects, ... Fore each domain, what operations allowed on what objects. Domain YYY. Object 1 Read ... – PowerPoint PPT presentation

Number of Views:45
Avg rating:3.0/5.0
Slides: 13
Provided by: marily264
Category:

less

Transcript and Presenter's Notes

Title: Lecture 28 Protection


1
Lecture 28Protection
  • Based on Silberschatz Galvin Slides

2
Protection
  • Goals of Protection
  • Domain of Protection
  • Access Matrix
  • Implementation of Access Matrix
  • Revocation of Access Rights
  • Capability-Based Systems
  • Language-Based Protection

3
Protection
  • Operating system consists of a collection of
    objects,
  • hardware (CPU, memory segments, printers,
    disks,)
  • software (files, programs, semaphores)
  • Each object has a unique name and can be accessed
    through a well-defined set of operations.
  • The operations that are possible may depend on
    the object. For example,
  • a card reader can only be read,
  • Data files can be created, opened, read, written,
    closed and deleted
  • Protection problem - ensure that each object is
    accessed correctly and only by those processes
    that are allowed to do so.

4
Domain Structure
  • Access-right ltobject-name, rights-setgtRights-se
    t is a subset of all valid operations that can be
    performed on the object.
  • Domain set of access-rights

5
Access Matrix
Figure 1
6
Use of Access Matrix
  • If a process in Domain Di tries to do op on
    object Oj, then op must be in the access
    matrix.
  • Can be expanded to dynamic protection.
  • Operations to add, delete access rights.
  • Special access rights
  • owner of Oi
  • copy op from Oi to Oj
  • control Di can modify Djs access rights
  • transfer switch from domain Di to Dj

7
Use of Access Matrix (Cont.)
  • Access matrix design separates mechanism from
    policy.
  • Mechanism
  • Operating system provides Access-matrix rules.
  • If ensures that the matrix is only manipulated by
    authorized agents and that rules are strictly
    enforced.
  • Policy
  • User dictates policy.
  • Who can access what object and in what mode.

8
Access Matrix of Figure 1 With Domains as Objects
Figure 2
9
Access Matrix with Copy Rights
10
Access Matrix With Owner Rights
11
Implementation of Access Matrix
  • Each column Access-control list for one object
    Defines who can perform what operation.
  • Object XXX Domain 1 Read, Write Domain 2
    Read Domain 3 Read ?
  • Correspond directly to the needs of the users
  • When a user creates an object, he/she can specify
    which domains can access the object, as well as
    the operations allowed
  • Access-rights information for a particular domain
    is not localized, determining the set of access
    rights for each domain is difficult

12
Implementation of Access Matrix
  • Each Row Capability List (like a key)Fore each
    domain, what operations allowed on what objects.
  • Domain YYY
  • Object 1 Read
  • Object 4 Read, Write, Execute
  • Object 5 Read, Write, Delete, Copy
  • The capability list is associated with a domain,
    but is never directly accessible to a process
    executing in that domain. Rather, the capability
    list is itself a protected object, maintained by
    the operating system and accessed by the user
    only indirectly
  • Capability list do not correspond directly to the
    needs of users they are useful, however for
    localizing information for a particular process
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Lecture 28 Protection" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!