Chapter 4 Protection in General Purpose Operating Systems
- Slides: 12
Chapter 4 – Protection in General Purpose Operating Systems Protection features provided by general-purpose operating systems— protecting memory, files, and the execution environment u Controlled access to objects u User authentication u
Protected Objects and Methods of Protections u u u 1 rst OS were simple utilities – executives Multiprogramming OS required monitors which oversaw each program’s execution Protected objects • • • Memory Sharable I/O devices (disks) Serially reusable devices (printers) Shareable programs & subprocedures Networks Shareable Data
Security Methods of Operating Systems u Physical Separation (different processes use different objects) u Temporal Separation (processes executed at different times) u Logical Separation (process appears to be alone) u Cryptographic Separation conceal data and computations) (processes
Security Methods of Operating Systems u Want to be able to share resources without compromising security • Do not protect • Isolate different processes • Share all or nothing • Share via access limitation (granularity) • Share by capabilities • Limit use of an object
Memory & Address Protection u Fence u Relocation u Base/Bounds Registers – confines user to one side of boundary • Use predefined memory addresses • Can protect OS, but not one user from another – changes all addresses of program using offset • Uses variable fence register (base register) to provide lower bound • Uses bounds register for upper address
Memory & Address Protection u Tagged Architecture • Every word of machine memory has extra bits to indicate access rights (expensive) u Segmentation (program divided into pieces) • Each segment has name & offset u u u Each address reference is checked for protection Different classes of data can be assigned different levels of protection Users can share access to segments User cannot access an unpermitted segment Paging (program uses equal sized “pages”; memory divided into equal sized page frames)
Control of Access to General Objects u u u u u Memory File/data set Program in memory Directory of files Hardware device Data structure (stack) Operating system table Instructions (privileged) Passwords / user authentication mechanism Protection mechanism
Goals in protecting objects Check every access u Enforce least privilege u Verify acceptable usage u
Directory mechanism Each user (subject) has a file directory, which lists all files accessible by user u List can become too large if many shared objects u Cannot revoke rights of everyone to an object u File names for different owners may be different u
Access Control List One list for each object with list showing all subjects & their access rights u Can use wildcards to limit size of ACL u Access Control Matrix u • Rows for subjects • Columns for objects • Sparse matrix of triples <subjects, objects, rights>
Capability Unforgeable token that gives possessor rights to an object u Predecessor of Kerberos u Can propagate capabilities to other subjects u Capabilities must be stored in inaccessible memory u
Procedure-Oriented Access Control u Procedure that controls access to objects including what subjects can do to objects
- General purpose operating system
- Specific purpose statements
- Protection and security in operating system
- Security and protection in operating system
- Security and protection in operating system
- Protection and security in operating system
- Environmental protection agency purpose
- General and specific protection
- Asset protection for general contractors
- Osha 1910 subpart l
- Osha 1910 subpart l
- Asset protection for general contractors
- Turbine supervisory instrumentation