SlideShare a Scribd company logo

System protection in Operating System

Download as PPTX, PDF
S
sohaildanish

System Protection in operating System. All Detail about system protection.

EducationTechnologyBusiness
1 of 31
Outline: Protection. Goals of Protection. Principles of protection. Domain of protection. Domain Structure. Access Matrix. Access control. Compatibility-based System.  Hydra  Cambridge CAP system Language Based Protection.
Protection: Protection refers to a mechanism for controlling the access of programs, processes, or users to the resources defined by a computer system. Protection ensures that the resources of the computer are used in a consistent way. It ensure that each object accessed correctly and only by those processes that are allowed to do so.
Goals of Protection: As computer systems have become more sophisticated and pervasive in their applications, the need to protect their integrity has also grown. We need to provide protection for several reasons. The most obvious is the need to prevent the mischievous, intentional violation of an access restriction by user.  An unprotected resource cannot defend against use (or misuse) by an unauthorized or incompetent user. A protection-oriented system provides means to distinguish between authorized and unauthorized usage.
Cont… The role of protection in a computer system is to provide a mechanism for the enforcement of the policies governing resource use. These policies can be established in a variety of ways. Some are fixed in the design of the system, while others are formulated by the management of a system. Still others are defined by the individual users to protect their own files and programs. A protection system must have the flexibility to enforce a variety of policies.
Principles of Protection: The time-tested guiding principle for protection is the Principle of least privilege.It dictates that programs, users, and even systems be given just enough privileges to perform their tasks. Consider the analogy of a security guard with a passkey. If this key allows the guard into just the public areas that she guards, then misuse of the key will result in minimal damage. If, however, the passkey allows access to all areas, then damage from its being lost, stolen, misused, copied, or otherwise compromised will be much greater.
Cont… An operating system following the principle of least privilege implements its features, programs, system calls, and data structures so that failure or compromise of a component does the minimum damage and allows the minimum damage to be done. The principle of least privilege can help produce a more secure computing environment.
Domain of Protection: A computer system is a collection of processes and objects. By objects, we mean both hardware objects (such as the CPU, printer) and software objects(such as files, programs). Each object has a unique name that differentiates it from all other objects in the system, and each can be accessed only through well-defined and meaningful operations.
Cont… A process should be allowed to access only those resources for which it has authorization Furthermore, at any time, a process should be able to access only those resources that it currently requires to complete its task.
Domain Structures.  A process operates within a Protection Domain that specifies the resources that the process may access.  Each domain defines a set of objects and the types of operations that may be invoked on each object.  The ability to execute an operation on an object is an access right.
Cont… For example, if domain D has the access right <file F, {read, write}>, then a process executing in domain D can both read and write file F; it cannot, however, perform any other operation on that object.
Cont… A domain can be realized in a variety of ways: Each user may be a domain. In this case, the set of objects that can be accessed depends on the identity of the user. Each process may be a domain. In this case, the set of objects that can be accessed depends on the identity of the process.
Example of Unix: In the UNIX operating system, a domain is associated with the user In Unix operating system user ID’s use for identify the domain.
Example of MULTICS: In the MULTICS system, the protection domains are organized into a ring structure. Each ring corresponds to a single domain .
Access Matrix: Our model of protection can be viewed abstractly as a matrix, called an Access Matrix. The rows of the access matrix represent domains, and the columns represent objects. Each entry in the matrix consists of a set of access rights.
Access Matrix:
Access Control: The basic problem of computer protection is to control which objects a given program can access, and in what ways. Objects are things like files, sound cards, other programs, the network, your modem etc. Access means what kind of operations can be done on these objects. Examples include reading a file, writing to a file and creating or deleting objects.
Cont… When we talk about ``controlling access,'' we are really talking about four kinds of things: Preventing access. Limiting access. Granting access . Revoking access. A good example of this is found in Solaris 10. Solaris uses Role-based access control(RBAC) to adding the principle.
Cont... Role-based access control (RBAC) is a security feature for controlling user access to tasks that would normally be restricted to the root user.  In conventional UNIX systems, the root user, also referred to as superuser. The root user has the ability to read and write to any file, run all programs, and send kill signals to any process.
Access Control in Solaris:
Capability-based Systems: In a capability-based computer system, all access to objects is done through capabilities, and capabilities provide the only means of accessing objects. In such a system, every program holds a set of capabilities. If program A holds a capability to talk to program B, then the two programs can grant capabilities to each other. In most capability-based systems, a program can hold an infinite number of capabilities. Such systems have tended to be slow.
Cont... A better design allows each program to hold a fixed (and small -- like 16 or 32) number of capabilities, and provides a means for storing additional capabilities if they are needed. Here two example are discuss Cambridge CAP System. Hydra
Cambridge CAP System: The Cambridge CAP computer was the first successful experimental computer that demonstrated the use of security capabilities, both in hardware and software .It was developed at the University of Cambridge Computer Laboratory in the 1970s The CAP system was designed such that any access to a memory segment or hardware required that the current process held the necessary capabilities. CAP has two kinds of capabilities. Data Capability. Software Capability.
Cont… Data Capability: It can be used to provide access to objects, but the only rights provided are the standard read, write, and execute of the individual storage segments associated with the object. Software Capability: It is a protected procedure, which may be written by an application programmer as part of a subsystem. A particular kind of rights amplification is associated with a protected procedure. When executing the code,a process temporarily acquires the right to read or write the contents of a software capability itself.
Hydra: Hydra is a capability-based protection system that provides considerable flexibility. The system implements a fixed set of possible access rights.  In addition, a user can declare other rights. The interpretation of user-defined rights is performed by the user's program, but the system provides access protection for the use of these rights.
Language Based Protection: As operating systems have become more complex, and particularly as they have attempted to provide higher-level user interfaces, the goals of protection have become much more refined. The designers of protection systems have drawn heavily on ideas that originated in programming languages and especially on the concepts of abstract data types and objects. There must be a protection policy to control the access of user defined programs.
Cont…  Protection systems are now concerned not only with the identity of a resource to which access is attempted but also with the functional nature of that access. It is usually achieved through an operating-system kernel, which acts as a security agent to inspect and validate each attempt to access a protected resource.

Recommended

Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating systemAbou Bakr Ashraf
 
Memory Management in OS
Memory Management in OSMemory Management in OS
Memory Management in OSvampugani
 
File system structure
File system structureFile system structure
File system structuresangrampatil81
 
Protection and security
Protection and securityProtection and security
Protection and securitymbadhi
 
File Management in Operating System
File Management in Operating SystemFile Management in Operating System
File Management in Operating SystemJanki Shah
 
file system in operating system
file system in operating systemfile system in operating system
file system in operating systemtittuajay
 
File system Os
File system OsFile system Os
File system OsNehal Naik
 
Database security
Database securityDatabase security
Database securitySoftware Engineering
 

Recommended

Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating systemAbou Bakr Ashraf
 
Memory Management in OS
Memory Management in OSMemory Management in OS
Memory Management in OSvampugani
 
File system structure
File system structureFile system structure
File system structuresangrampatil81
 
Protection and security
Protection and securityProtection and security
Protection and securitymbadhi
 
File Management in Operating System
File Management in Operating SystemFile Management in Operating System
File Management in Operating SystemJanki Shah
 
file system in operating system
file system in operating systemfile system in operating system
file system in operating systemtittuajay
 
File system Os
File system OsFile system Os
File system OsNehal Naik
 
Database security
Database securityDatabase security
Database securitySoftware Engineering
 
Operating system paging and segmentation
Operating system paging and segmentationOperating system paging and segmentation
Operating system paging and segmentationhamza haseeb
 
Inter Process Communication Presentation[1]
Inter Process Communication Presentation[1]Inter Process Communication Presentation[1]
Inter Process Communication Presentation[1]Ravindra Raju Kolahalam
 
File Management in Operating Systems
File Management in Operating SystemsFile Management in Operating Systems
File Management in Operating Systemsvampugani
 
OS - Process Concepts
OS - Process ConceptsOS - Process Concepts
OS - Process ConceptsMukesh Chinta
 
Unit 1 architecture of distributed systems
Unit 1 architecture of distributed systemsUnit 1 architecture of distributed systems
Unit 1 architecture of distributed systemskaran2190
 
16. Concurrency Control in DBMS
16. Concurrency Control in DBMS16. Concurrency Control in DBMS
16. Concurrency Control in DBMSkoolkampus
 
operating system structure
operating system structureoperating system structure
operating system structureWaseem Ud Din Farooqui
 
Chapter 11 - File System Implementation
Chapter 11 - File System ImplementationChapter 11 - File System Implementation
Chapter 11 - File System ImplementationWayne Jones Jnr
 
11. dfs
11. dfs11. dfs
11. dfsDr Sandeep Kumar Poonia
 
Chapter 14 - Protection
Chapter 14 - ProtectionChapter 14 - Protection
Chapter 14 - ProtectionWayne Jones Jnr
 
6.distributed shared memory
6.distributed shared memory6.distributed shared memory
6.distributed shared memoryGd Goenka University
 
Protection
ProtectionProtection
ProtectionMohanlal Sukhadia University (MLSU)
 
Paging and segmentation
Paging and segmentationPaging and segmentation
Paging and segmentationPiyush Rochwani
 
15. Transactions in DBMS
15. Transactions in DBMS15. Transactions in DBMS
15. Transactions in DBMSkoolkampus
 
Process synchronization in Operating Systems
Process synchronization in Operating SystemsProcess synchronization in Operating Systems
Process synchronization in Operating SystemsRitu Ranjan Shrivastwa
 
Levels of Virtualization.docx
Levels of Virtualization.docxLevels of Virtualization.docx
Levels of Virtualization.docxkumari36
 
Distributed System ppt
Distributed System pptDistributed System ppt
Distributed System pptOECLIB Odisha Electronics Control Library
 
Multi processor scheduling
Multi processor schedulingMulti processor scheduling
Multi processor schedulingShashank Kapoor
 
RAID
RAIDRAID
RAIDMukesh Tekwani
 
Memory Management in OS
Memory Management in OSMemory Management in OS
Memory Management in OSKumar Pritam
 
Protection and security of operating system
Protection and security of operating systemProtection and security of operating system
Protection and security of operating systemAbdullah Khosa
 
Protection Structures & Capabilities in Operating System
Protection Structures & Capabilities in Operating SystemProtection Structures & Capabilities in Operating System
Protection Structures & Capabilities in Operating SystemMeghaj Mallick
 

More Related Content

What's hot

Operating system paging and segmentation
Operating system paging and segmentationOperating system paging and segmentation
Operating system paging and segmentationhamza haseeb
 
Inter Process Communication Presentation[1]
Inter Process Communication Presentation[1]Inter Process Communication Presentation[1]
Inter Process Communication Presentation[1]Ravindra Raju Kolahalam
 
File Management in Operating Systems
File Management in Operating SystemsFile Management in Operating Systems
File Management in Operating Systemsvampugani
 
OS - Process Concepts
OS - Process ConceptsOS - Process Concepts
OS - Process ConceptsMukesh Chinta
 
Unit 1 architecture of distributed systems
Unit 1 architecture of distributed systemsUnit 1 architecture of distributed systems
Unit 1 architecture of distributed systemskaran2190
 
16. Concurrency Control in DBMS
16. Concurrency Control in DBMS16. Concurrency Control in DBMS
16. Concurrency Control in DBMSkoolkampus
 
Chapter 11 - File System Implementation
Chapter 11 - File System ImplementationChapter 11 - File System Implementation
Chapter 11 - File System ImplementationWayne Jones Jnr
 
15. Transactions in DBMS
15. Transactions in DBMS15. Transactions in DBMS
15. Transactions in DBMSkoolkampus
 
Process synchronization in Operating Systems
Process synchronization in Operating SystemsProcess synchronization in Operating Systems
Process synchronization in Operating SystemsRitu Ranjan Shrivastwa
 
Levels of Virtualization.docx
Levels of Virtualization.docxLevels of Virtualization.docx
Levels of Virtualization.docxkumari36
 
Multi processor scheduling
Multi processor schedulingMulti processor scheduling
Multi processor schedulingShashank Kapoor
 
Memory Management in OS
Memory Management in OSMemory Management in OS
Memory Management in OSKumar Pritam
 

What's hot (20)

Operating system paging and segmentation
Operating system paging and segmentationOperating system paging and segmentation
Operating system paging and segmentation
 
Inter Process Communication Presentation[1]
Inter Process Communication Presentation[1]Inter Process Communication Presentation[1]
Inter Process Communication Presentation[1]
 
File Management in Operating Systems
File Management in Operating SystemsFile Management in Operating Systems
File Management in Operating Systems
 
OS - Process Concepts
OS - Process ConceptsOS - Process Concepts
OS - Process Concepts
 
Unit 1 architecture of distributed systems
Unit 1 architecture of distributed systemsUnit 1 architecture of distributed systems
Unit 1 architecture of distributed systems
 
16. Concurrency Control in DBMS
16. Concurrency Control in DBMS16. Concurrency Control in DBMS
16. Concurrency Control in DBMS
 
operating system structure
operating system structureoperating system structure
operating system structure
 
Chapter 11 - File System Implementation
Chapter 11 - File System ImplementationChapter 11 - File System Implementation
Chapter 11 - File System Implementation
 
11. dfs
11. dfs11. dfs
11. dfs
 
Chapter 14 - Protection
Chapter 14 - ProtectionChapter 14 - Protection
Chapter 14 - Protection
 
6.distributed shared memory
6.distributed shared memory6.distributed shared memory
6.distributed shared memory
 
Protection
ProtectionProtection
Protection
 
Paging and segmentation
Paging and segmentationPaging and segmentation
Paging and segmentation
 
15. Transactions in DBMS
15. Transactions in DBMS15. Transactions in DBMS
15. Transactions in DBMS
 
Process synchronization in Operating Systems
Process synchronization in Operating SystemsProcess synchronization in Operating Systems
Process synchronization in Operating Systems
 
Levels of Virtualization.docx
Levels of Virtualization.docxLevels of Virtualization.docx
Levels of Virtualization.docx
 
Distributed System ppt
Distributed System pptDistributed System ppt
Distributed System ppt
 
Multi processor scheduling
Multi processor schedulingMulti processor scheduling
Multi processor scheduling
 
RAID
RAIDRAID
RAID
 
Memory Management in OS
Memory Management in OSMemory Management in OS
Memory Management in OS
 

Similar to System protection in Operating System

Protection and security of operating system
Protection and security of operating systemProtection and security of operating system
Protection and security of operating systemAbdullah Khosa
 
Protection Structures & Capabilities in Operating System
Protection Structures & Capabilities in Operating SystemProtection Structures & Capabilities in Operating System
Protection Structures & Capabilities in Operating SystemMeghaj Mallick
 
proposed solution to resource sharing and security against unauthorize.docx
proposed solution to resource sharing and security against unauthorize.docxproposed solution to resource sharing and security against unauthorize.docx
proposed solution to resource sharing and security against unauthorize.docxtodd921
 
Data Security And The Security
Data Security And The SecurityData Security And The Security
Data Security And The SecurityRachel Phillips
 
OS Database Security Chapter 6
OS Database Security Chapter 6OS Database Security Chapter 6
OS Database Security Chapter 6AfiqEfendy Zaen
 
CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System) CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System) ghayour abbas
 
Exploitation and distribution of setuid and setgid binaries on Linux systems
Exploitation and distribution of setuid and setgid binaries on Linux systemsExploitation and distribution of setuid and setgid binaries on Linux systems
Exploitation and distribution of setuid and setgid binaries on Linux systemsZero Science Lab
 
Ch18 OS
Ch18 OSCh18 OS
Ch18 OSC.U
 
A Secure Software Engineering Perspective
A Secure Software Engineering PerspectiveA Secure Software Engineering Perspective
A Secure Software Engineering Perspectiveidescitation
 
3 to 4 line answers only each.No Plagarism.$25Need by 109201.docx
3 to 4 line answers only each.No Plagarism.$25Need by 109201.docx3 to 4 line answers only each.No Plagarism.$25Need by 109201.docx
3 to 4 line answers only each.No Plagarism.$25Need by 109201.docxLyndonPelletier761
 
Top 10 ways to make hackers excited: All about the shortcuts not worth taking
Top 10 ways to make hackers excited: All about the shortcuts not worth takingTop 10 ways to make hackers excited: All about the shortcuts not worth taking
Top 10 ways to make hackers excited: All about the shortcuts not worth takingPaula Januszkiewicz
 
Operating System & Application Security
Operating System & Application SecurityOperating System & Application Security
Operating System & Application SecuritySunipa Bera
 
Factors Affecting the System Safety || Linux
Factors Affecting the System Safety || LinuxFactors Affecting the System Safety || Linux
Factors Affecting the System Safety || LinuxZain Abid
 

Similar to System protection in Operating System (20)

Protection and security of operating system
Protection and security of operating systemProtection and security of operating system
Protection and security of operating system
 
Protection Structures & Capabilities in Operating System
Protection Structures & Capabilities in Operating SystemProtection Structures & Capabilities in Operating System
Protection Structures & Capabilities in Operating System
 
proposed solution to resource sharing and security against unauthorize.docx
proposed solution to resource sharing and security against unauthorize.docxproposed solution to resource sharing and security against unauthorize.docx
proposed solution to resource sharing and security against unauthorize.docx
 
Data Security And The Security
Data Security And The SecurityData Security And The Security
Data Security And The Security
 
Protection
ProtectionProtection
Protection
 
OS Database Security Chapter 6
OS Database Security Chapter 6OS Database Security Chapter 6
OS Database Security Chapter 6
 
CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System) CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System)
 
Exploitation and distribution of setuid and setgid binaries on Linux systems
Exploitation and distribution of setuid and setgid binaries on Linux systemsExploitation and distribution of setuid and setgid binaries on Linux systems
Exploitation and distribution of setuid and setgid binaries on Linux systems
 
Desktop support qua
Desktop support quaDesktop support qua
Desktop support qua
 
Desktop support qua
Desktop support quaDesktop support qua
Desktop support qua
 
Os lecture 6
Os lecture 6Os lecture 6
Os lecture 6
 
Ch18 OS
Ch18 OSCh18 OS
Ch18 OS
 
OSCh18
OSCh18OSCh18
OSCh18
 
OS_Ch18
OS_Ch18OS_Ch18
OS_Ch18
 
A Secure Software Engineering Perspective
A Secure Software Engineering PerspectiveA Secure Software Engineering Perspective
A Secure Software Engineering Perspective
 
3 to 4 line answers only each.No Plagarism.$25Need by 109201.docx
3 to 4 line answers only each.No Plagarism.$25Need by 109201.docx3 to 4 line answers only each.No Plagarism.$25Need by 109201.docx
3 to 4 line answers only each.No Plagarism.$25Need by 109201.docx
 
O p
O pO p
O p
 
Top 10 ways to make hackers excited: All about the shortcuts not worth taking
Top 10 ways to make hackers excited: All about the shortcuts not worth takingTop 10 ways to make hackers excited: All about the shortcuts not worth taking
Top 10 ways to make hackers excited: All about the shortcuts not worth taking
 
Operating System & Application Security
Operating System & Application SecurityOperating System & Application Security
Operating System & Application Security
 
Factors Affecting the System Safety || Linux
Factors Affecting the System Safety || LinuxFactors Affecting the System Safety || Linux
Factors Affecting the System Safety || Linux
 

More from sohaildanish

Computer Miss-use and Criminal Law
Computer Miss-use and Criminal Law Computer Miss-use and Criminal Law
Computer Miss-use and Criminal Law sohaildanish
 
Virtual Personal Assistant
Virtual Personal AssistantVirtual Personal Assistant
Virtual Personal Assistantsohaildanish
 
Automated Vehicle (Google Car)
Automated Vehicle (Google Car)Automated Vehicle (Google Car)
Automated Vehicle (Google Car)sohaildanish
 
Sorce of communication
Sorce of communicationSorce of communication
Sorce of communicationsohaildanish
 

More from sohaildanish (6)

Computer Miss-use and Criminal Law
Computer Miss-use and Criminal Law Computer Miss-use and Criminal Law
Computer Miss-use and Criminal Law
 
Social Media
Social MediaSocial Media
Social Media
 
Virtual Personal Assistant
Virtual Personal AssistantVirtual Personal Assistant
Virtual Personal Assistant
 
Automated Vehicle (Google Car)
Automated Vehicle (Google Car)Automated Vehicle (Google Car)
Automated Vehicle (Google Car)
 
Sorce of communication
Sorce of communicationSorce of communication
Sorce of communication
 
Cover letter
Cover letterCover letter
Cover letter
 

Recently uploaded

This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.christianmathematics
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentationcamerronhm
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxJisc
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxJisc
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxDr. Ravikiran H M Gowda
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxmarlenawright1
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...Poonam Aher Patil
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...Nguyen Thanh Tu Collection
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfDr Vijay Vishwakarma
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and ModificationsMJDuyan
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxVishalSingh1417
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfNirmal Dwivedi
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxAmanpreet Kaur
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfPoh-Sun Goh
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jisc
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxPooja Bhuva
 

Recently uploaded (20)

This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptx
 

System protection in Operating System

  • 1.
  • 2.
  • 3.
  • 4. Outline: Protection. Goals of Protection. Principles of protection. Domain of protection. Domain Structure. Access Matrix. Access control. Compatibility-based System.  Hydra  Cambridge CAP system Language Based Protection.
  • 5. Protection: Protection refers to a mechanism for controlling the access of programs, processes, or users to the resources defined by a computer system. Protection ensures that the resources of the computer are used in a consistent way. It ensure that each object accessed correctly and only by those processes that are allowed to do so.
  • 6. Goals of Protection: As computer systems have become more sophisticated and pervasive in their applications, the need to protect their integrity has also grown. We need to provide protection for several reasons. The most obvious is the need to prevent the mischievous, intentional violation of an access restriction by user.  An unprotected resource cannot defend against use (or misuse) by an unauthorized or incompetent user. A protection-oriented system provides means to distinguish between authorized and unauthorized usage.
  • 7. Cont… The role of protection in a computer system is to provide a mechanism for the enforcement of the policies governing resource use. These policies can be established in a variety of ways. Some are fixed in the design of the system, while others are formulated by the management of a system. Still others are defined by the individual users to protect their own files and programs. A protection system must have the flexibility to enforce a variety of policies.
  • 8. Principles of Protection: The time-tested guiding principle for protection is the Principle of least privilege.It dictates that programs, users, and even systems be given just enough privileges to perform their tasks. Consider the analogy of a security guard with a passkey. If this key allows the guard into just the public areas that she guards, then misuse of the key will result in minimal damage. If, however, the passkey allows access to all areas, then damage from its being lost, stolen, misused, copied, or otherwise compromised will be much greater.
  • 9. Cont… An operating system following the principle of least privilege implements its features, programs, system calls, and data structures so that failure or compromise of a component does the minimum damage and allows the minimum damage to be done. The principle of least privilege can help produce a more secure computing environment.
  • 10. Domain of Protection: A computer system is a collection of processes and objects. By objects, we mean both hardware objects (such as the CPU, printer) and software objects(such as files, programs). Each object has a unique name that differentiates it from all other objects in the system, and each can be accessed only through well-defined and meaningful operations.
  • 11. Cont… A process should be allowed to access only those resources for which it has authorization Furthermore, at any time, a process should be able to access only those resources that it currently requires to complete its task.
  • 12.
  • 13. Domain Structures.  A process operates within a Protection Domain that specifies the resources that the process may access.  Each domain defines a set of objects and the types of operations that may be invoked on each object.  The ability to execute an operation on an object is an access right.
  • 14. Cont… For example, if domain D has the access right <file F, {read, write}>, then a process executing in domain D can both read and write file F; it cannot, however, perform any other operation on that object.
  • 15. Cont… A domain can be realized in a variety of ways: Each user may be a domain. In this case, the set of objects that can be accessed depends on the identity of the user. Each process may be a domain. In this case, the set of objects that can be accessed depends on the identity of the process.
  • 16. Example of Unix: In the UNIX operating system, a domain is associated with the user In Unix operating system user ID’s use for identify the domain.
  • 17. Example of MULTICS: In the MULTICS system, the protection domains are organized into a ring structure. Each ring corresponds to a single domain .
  • 18. Access Matrix: Our model of protection can be viewed abstractly as a matrix, called an Access Matrix. The rows of the access matrix represent domains, and the columns represent objects. Each entry in the matrix consists of a set of access rights.
  • 20.
  • 21. Access Control: The basic problem of computer protection is to control which objects a given program can access, and in what ways. Objects are things like files, sound cards, other programs, the network, your modem etc. Access means what kind of operations can be done on these objects. Examples include reading a file, writing to a file and creating or deleting objects.
  • 22. Cont… When we talk about ``controlling access,'' we are really talking about four kinds of things: Preventing access. Limiting access. Granting access . Revoking access. A good example of this is found in Solaris 10. Solaris uses Role-based access control(RBAC) to adding the principle.
  • 23. Cont... Role-based access control (RBAC) is a security feature for controlling user access to tasks that would normally be restricted to the root user.  In conventional UNIX systems, the root user, also referred to as superuser. The root user has the ability to read and write to any file, run all programs, and send kill signals to any process.
  • 24. Access Control in Solaris:
  • 25. Capability-based Systems: In a capability-based computer system, all access to objects is done through capabilities, and capabilities provide the only means of accessing objects. In such a system, every program holds a set of capabilities. If program A holds a capability to talk to program B, then the two programs can grant capabilities to each other. In most capability-based systems, a program can hold an infinite number of capabilities. Such systems have tended to be slow.
  • 26. Cont... A better design allows each program to hold a fixed (and small -- like 16 or 32) number of capabilities, and provides a means for storing additional capabilities if they are needed. Here two example are discuss Cambridge CAP System. Hydra
  • 27. Cambridge CAP System: The Cambridge CAP computer was the first successful experimental computer that demonstrated the use of security capabilities, both in hardware and software .It was developed at the University of Cambridge Computer Laboratory in the 1970s The CAP system was designed such that any access to a memory segment or hardware required that the current process held the necessary capabilities. CAP has two kinds of capabilities. Data Capability. Software Capability.
  • 28. Cont… Data Capability: It can be used to provide access to objects, but the only rights provided are the standard read, write, and execute of the individual storage segments associated with the object. Software Capability: It is a protected procedure, which may be written by an application programmer as part of a subsystem. A particular kind of rights amplification is associated with a protected procedure. When executing the code,a process temporarily acquires the right to read or write the contents of a software capability itself.
  • 29. Hydra: Hydra is a capability-based protection system that provides considerable flexibility. The system implements a fixed set of possible access rights.  In addition, a user can declare other rights. The interpretation of user-defined rights is performed by the user's program, but the system provides access protection for the use of these rights.
  • 30. Language Based Protection: As operating systems have become more complex, and particularly as they have attempted to provide higher-level user interfaces, the goals of protection have become much more refined. The designers of protection systems have drawn heavily on ideas that originated in programming languages and especially on the concepts of abstract data types and objects. There must be a protection policy to control the access of user defined programs.
  • 31. Cont…  Protection systems are now concerned not only with the identity of a resource to which access is attempted but also with the functional nature of that access. It is usually achieved through an operating-system kernel, which acts as a security agent to inspect and validate each attempt to access a protected resource.