Professional Documents
Culture Documents
ch14 PDF
ch14 PDF
ch14 PDF
Goals of Protection
Principles of Protection
Domain of Protection
Access Matrix
Implementation of Access Matrix
Access Control
Revocation of Access Rights
Capability-Based Systems
Language-Based Protection
Operating System Concepts – 7th Edition, Apr 11, 2005 14.2 Silberschatz, Galvin and Gagne ©2005
1
Objectives
Operating System Concepts – 7th Edition, Apr 11, 2005 14.3 Silberschatz, Galvin and Gagne ©2005
Protection
The need to protect files is a direct result of the ability to access files.
z complete protection by prohibiting accessÎ not useful !!!!
z Or, free access with no protection.
z What is needed is controlled access.
Types of access
z Read (“r” in Unix)
z Write (“w”)
z Execute (“x”)
z Append (“w”)
z Delete (owner)
z List (“r” for a directory)
z Search (“x” for a directory)
Other operations (renaming, copying, and editing) use these basic set of
operations
Operating System Concepts – 7th Edition, Apr 11, 2005 14.4 Silberschatz, Galvin and Gagne ©2005
2
Protection - Access Control
Operating System Concepts – 7th Edition, Apr 11, 2005 14.5 Silberschatz, Galvin and Gagne ©2005
Operating System Concepts – 7th Edition, Apr 11, 2005 14.6 Silberschatz, Galvin and Gagne ©2005
3
Protection - A Sample UNIX Directory Listing
Operating System Concepts – 7th Edition, Apr 11, 2005 14.7 Silberschatz, Galvin and Gagne ©2005
Protection - summary
Operating System Concepts – 7th Edition, Apr 11, 2005 14.8 Silberschatz, Galvin and Gagne ©2005
4
Goals of Protection
Operating System Concepts – 7th Edition, Apr 11, 2005 14.9 Silberschatz, Galvin and Gagne ©2005
Principles of Protection
Operating System Concepts – 7th Edition, Apr 11, 2005 14.10 Silberschatz, Galvin and Gagne ©2005
5
Domain of Protection
Operating System Concepts – 7th Edition, Apr 11, 2005 14.11 Silberschatz, Galvin and Gagne ©2005
Domain Structure
Operating System Concepts – 7th Edition, Apr 11, 2005 14.12 Silberschatz, Galvin and Gagne ©2005
6
Domain Implementation (UNIX)
System consists of 2 domains:
z User
z Supervisor
UNIX
z Domain = user-ID
z Domain switching corresponds to user ID switching
z Domain switching is accomplished through file system as follows:
Each file has associated with it a domain bit (setuid bit) and an
owner ID.
When a user A starts executing a file owned by user B and the
setuid bit is off, the user ID of the process is set to A
When setuid = on, then user-id is set to owner of the file being
executed: B. When execution completes user-id is reset.
Operating System Concepts – 7th Edition, Apr 11, 2005 14.13 Silberschatz, Galvin and Gagne ©2005
Access Matrix
View protection as a matrix (access matrix)
Operating System Concepts – 7th Edition, Apr 11, 2005 14.14 Silberschatz, Galvin and Gagne ©2005
7
Access Matrix - contd
Access Matrix illustration:
4 domains and 4 objects
(3 files and one printer).
When a process
executes in D1, it can
read files F1 and F3.
A process executing in
D4 has the same
privileges as it does in
D1, it can also write
onto files F1 and F3.
Printer can be accessed
by a process executing
in D2.
Operating System Concepts – 7th Edition, Apr 11, 2005 14.15 Silberschatz, Galvin and Gagne ©2005
Operating System Concepts – 7th Edition, Apr 11, 2005 14.16 Silberschatz, Galvin and Gagne ©2005
8
Access Matrix - contd
Operating System Concepts – 7th Edition, Apr 11, 2005 14.17 Silberschatz, Galvin and Gagne ©2005
Operating System Concepts – 7th Edition, Apr 11, 2005 14.18 Silberschatz, Galvin and Gagne ©2005
9
Access Matrix with Copy Rights
Copy right allows the copying of the access right only within the
column (that is, for the object) for which the right is defined.
Operating System Concepts – 7th Edition, Apr 11, 2005 14.19 Silberschatz, Galvin and Gagne ©2005
Operating System Concepts – 7th Edition, Apr 11, 2005 14.20 Silberschatz, Galvin and Gagne ©2005
10
Access Matrix with Copy Rights - contd
Operating System Concepts – 7th Edition, Apr 11, 2005 14.21 Silberschatz, Galvin and Gagne ©2005
Operating System Concepts – 7th Edition, Apr 11, 2005 14.22 Silberschatz, Galvin and Gagne ©2005
11
Access Matrix With Control Rights
Operating System Concepts – 7th Edition, Apr 11, 2005 14.23 Silberschatz, Galvin and Gagne ©2005
Operating System Concepts – 7th Edition, Apr 11, 2005 14.24 Silberschatz, Galvin and Gagne ©2005
12
Access Matrix Implementation
1. Global table
z Row= <domain,object,rights-set>
z Whenever an operation M is performed on an object Oj within domain Di,the table is
searched for a match
z Drawbacks:
Large table, thus not kept in memory, so additional I/O is needed
No advantage for special grouping of domains or object
2. Access lists
for objects
3. Capability
Lists for
Domains
Operating System Concepts – 7th Edition, Apr 11, 2005 14.25 Silberschatz, Galvin and Gagne ©2005
Operating System Concepts – 7th Edition, Apr 11, 2005 14.26 Silberschatz, Galvin and Gagne ©2005
13
Revocation of Access Rights
Operating System Concepts – 7th Edition, Apr 11, 2005 14.27 Silberschatz, Galvin and Gagne ©2005
Operating System Concepts – 7th Edition, Apr 11, 2005 14.28 Silberschatz, Galvin and Gagne ©2005
14
Capability-Based Systems
Hydra
z Fixed set of access rights known to and interpreted by the
system.
z Interpretation of user-defined rights performed solely by user's
program; system provides access protection for use of these
rights.
Operating System Concepts – 7th Edition, Apr 11, 2005 14.29 Silberschatz, Galvin and Gagne ©2005
Language-Based Protection
Operating System Concepts – 7th Edition, Apr 11, 2005 14.30 Silberschatz, Galvin and Gagne ©2005
15
Protection in Java 2
Operating System Concepts – 7th Edition, Apr 11, 2005 14.31 Silberschatz, Galvin and Gagne ©2005
Stack Inspection
Operating System Concepts – 7th Edition, Apr 11, 2005 14.32 Silberschatz, Galvin and Gagne ©2005
16
End of Chapter 14
17