Protection Goals of Protection Domain of Protection Access
- Slides: 10
Protection • • • Goals of Protection Domain of Protection Access Matrix Implementation of Access Matrix Revocation of Access Rights Operating System Concepts
Difference between protection and security • Protection refers to a mechanism for controlling the access of programs, processes, or users to the resources defined by a computer system. • Security is a measure of confidence that the integrity of system and its data will be preserved. Operating System Concepts
Protection • Protection problem - ensure that each object is accessed correctly and only by those processes that are allowed to do so. • Protection improve reliability, used in enforcing policies governing resource uses Operating System Concepts
Need to know principle • A process should be allowed to access only those resources for which it has authorization. • A process should be able to access only those resources that it currently requires to complete its task. This is referred as need to know principle and is useful in limiting the amount of damage a faulty process can cause to the system. Operating System Concepts
Domain Structure • Access-right = <object-name, rights-set> where rights-set is a subset of all valid operations that can be performed on the object. • Domain = set of access-rights • Domains may be either static or dynamic • Domain can be realized in a variety of ways: Each user may be a domain, each process may be a domain, each procedure may be a domain • In unix a domain is associated with a user. Operating System Concepts
Access Matrix • View protection as a matrix (access matrix) • Rows represent domains • Columns represent objects • Access(i, j) is the set of operations that a process executing in Domaini can invoke on Objectj Operating System Concepts
Access Matrix Figure A Operating System Concepts
Use of Access Matrix • If a process in Domain Di tries to do “op” on object Oj, then “op” must be in the access matrix. • Can be expanded to dynamic protection. – Operations to add, delete access rights. – Special access rights Operating System Concepts
Mechanism vs. policy • Access matrix design separates mechanism from policy. – Mechanism • Operating system provides access-matrix + rules. • If ensures that the matrix is only manipulated by authorized agents and that rules are strictly enforced. – Policy • User dictates policy. • Who can access what object and in what mode. Operating System Concepts
Changes in access rights • Switching domain • Controlled changes to access matrix – Copy: The ability to copy an access right from one domain of the access matrix to another is denoted by * – Owner: If access(I, j) contains owner right then a process executing in domain Di can add or remove any right from column j. – Control If access (I, j) contains the control right then a process executing in domain Di can remove any access right from row j. Operating System Concepts
Strategic goals tactical goals operational goals
Strategic goals tactical goals operational goals
General goals and specific goals
Motivation in consumer behaviour
Goals and principles of protection in os
Goals of protection
Goals of protection in os
Z domain to frequency domain
Domain specific vs domain general
Data domain fundamentals
Domain specific vs domain general
