SlideShare a Scribd company logo

운영체제론 Ch18

Download as PPT, PDF
Jongmyoung Kim
Jongmyoung Kim

운영체제론

Software
1 of 16
Silberschatz, Galvin, and Gagne ©199918.1 Module 18: Protection • Goals of Protection • Domain of Protection • Access Matrix • Implementation of Access Matrix • Revocation of Access Rights • Capability-Based Systems • Language-Based Protection
Silberschatz, Galvin, and Gagne ©199918.2 Protection • Operating system consists of a collection of object|s, hardware or software • Each object has a unique name and can be accessed through a well-defined set of operations. • Protection problem - ensure that each object is accessed correctly and only by those processes that are allowed to do so.
Silberschatz, Galvin, and Gagne ©199918.3 Domain Structure • Access-right = <object-name, rights-set> Rights-set is a subset of all valid operations that can be performed on the object. • Domain = set of access-rights
Silberschatz, Galvin, and Gagne ©199918.4 Domain Implementation • System consists of 2 domains: – User – Supervisor • UNIX – Domain = user-id – Domain switch accomplished via file system. Each file has associated with it a domain bit (setuid bit). When file is executed and setuid = on, then user-id is set to owner of the file being executed. When execution completes user-id is reset.
Silberschatz, Galvin, and Gagne ©199918.5 Multics Rings • Let Di and Dj be any two domain rings. • If j < I ⇒ Di ⊆ Dj
Silberschatz, Galvin, and Gagne ©199918.6 Access Matrix Figure 1
Silberschatz, Galvin, and Gagne ©199918.7 Use of Access Matrix • If a process in Domain Di tries to do “op” on object Oj, then “op” must be in the access matrix. • Can be expanded to dynamic protection. – Operations to add, delete access rights. – Special access rights: owner of Oi copy op from Oi to Oj control – Di can modify Djs access rights transfer – switch from domain Di to Dj
Silberschatz, Galvin, and Gagne ©199918.8 Use of Access Matrix (Cont.) • Access matrix design separates mechanism from policy. – Mechanism Operating system provides Access-matrix + rules. If ensures that the matrix is only manipulated by authorized agents and that rules are strictly enforced. – Policy User dictates policy. Who can access what object and in what mode.
Silberschatz, Galvin, and Gagne ©199918.9 Implementation of Access Matrix • Each column = Access-control list for one object Defines who can perform what operation. Domain 1 = Read, Write Domain 2 = Read Domain 3 = Read  • Each Row = Capability List (like a key) Fore each domain, what operations allowed on what objects. Object 1 – Read Object 4 – Read, Write, Execute Object 5 – Read, Write, Delete, Copy
Silberschatz, Galvin, and Gagne ©199918.10 Access Matrix of Figure 1 With Domains as Objects Figure 2
Silberschatz, Galvin, and Gagne ©199918.11 Access Matrix with Copy Rights
Silberschatz, Galvin, and Gagne ©199918.12 Access Matrix With Owner Rights
Silberschatz, Galvin, and Gagne ©199918.13 Modified Access Matrix of Figure 2
Silberschatz, Galvin, and Gagne ©199918.14 Revocation of Access Rights • Access List – Delete access rights from access list. – Simple – Immediate • Capability List – Scheme required to locate capability in the system before capability can be revoked. – Reacquisition – Back-pointers – Indirection – Keys
Silberschatz, Galvin, and Gagne ©199918.15 Capability-Based Systems • Hydra – Fixed set of access rights known to and interpreted by the system. – Interpretation of user-defined rights performed solely by user's program; system provides access protection for use of these rights. • Cambridge CAP System – Data capability - provides standard read, write, execute of individual storage segments associated with object. – Software capability -interpretation left to the subsystem, through its protected procedures.
Silberschatz, Galvin, and Gagne ©199918.16 Language-Based Protection • Specification of protection in a programming language allows the high-level description of policies for the allocation and use of resources. • Language implementation can provide software for protection enforcement when automatic hardware-supported checking is unavailable. • Interpret protection specifications to generate calls on whatever protection system is provided by the hardware and the operating system.

Recommended

MULTICS
MULTICSMULTICS
MULTICSLukas Pirl
 
ch17.pptx
ch17.pptxch17.pptx
ch17.pptxTeodoraSumurduc
 
Os8
Os8Os8
Os8gopal10scs185
 
Os8
Os8Os8
Os8gopal10scs185
 
Operating System : Ch19 protection
Operating System : Ch19 protectionOperating System : Ch19 protection
Operating System : Ch19 protectionSyaiful Ahdan
 
Ch14 protection
Ch14 protectionCh14 protection
Ch14 protectionSyaiful Ahdan
 
Ch13 protection
Ch13 protectionCh13 protection
Ch13 protectionWelly Dian Astika
 
Ch18 OS
Ch18 OSCh18 OS
Ch18 OSC.U
 

Recommended

MULTICS
MULTICSMULTICS
MULTICSLukas Pirl
 
ch17.pptx
ch17.pptxch17.pptx
ch17.pptxTeodoraSumurduc
 
Os8
Os8Os8
Os8gopal10scs185
 
Os8
Os8Os8
Os8gopal10scs185
 
Operating System : Ch19 protection
Operating System : Ch19 protectionOperating System : Ch19 protection
Operating System : Ch19 protectionSyaiful Ahdan
 
Ch14 protection
Ch14 protectionCh14 protection
Ch14 protectionSyaiful Ahdan
 
Ch13 protection
Ch13 protectionCh13 protection
Ch13 protectionWelly Dian Astika
 
Ch18 OS
Ch18 OSCh18 OS
Ch18 OSC.U
 
OSCh18
OSCh18OSCh18
OSCh18Joe Christensen
 
OS_Ch18
OS_Ch18OS_Ch18
OS_Ch18Supriya Shrivastava
 
Chapter 14 - Protection
Chapter 14 - ProtectionChapter 14 - Protection
Chapter 14 - ProtectionWayne Jones Jnr
 
14.Protection
14.Protection14.Protection
14.ProtectionSenthil Kanth
 
L14: Access Rights and Triggers
L14: Access Rights and TriggersL14: Access Rights and Triggers
L14: Access Rights and Triggersmedialeg gmbh
 
Operating System-Ch2 computer system structures
Operating System-Ch2 computer system structuresOperating System-Ch2 computer system structures
Operating System-Ch2 computer system structuresSyaiful Ahdan
 
운영체제론 Ch19
운영체제론 Ch19운영체제론 Ch19
운영체제론 Ch19Jongmyoung Kim
 
Protection Domain and Access Matrix Model -Operating System
Protection Domain and Access Matrix Model -Operating SystemProtection Domain and Access Matrix Model -Operating System
Protection Domain and Access Matrix Model -Operating SystemLalfakawmaKh
 
Chapter 3 access control fundamental i
Chapter 3 access control fundamental iChapter 3 access control fundamental i
Chapter 3 access control fundamental iSyaiful Ahdan
 
report on network security fundamentals
report on network security fundamentalsreport on network security fundamentals
report on network security fundamentalsJassika
 
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationFirewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationGopal Sakarkar
 
Practical White Hat Hacker Training - Post Exploitation
Practical White Hat Hacker Training - Post ExploitationPractical White Hat Hacker Training - Post Exploitation
Practical White Hat Hacker Training - Post ExploitationPRISMA CSI
 
Ch2.1 computer system structures
Ch2.1 computer system structures Ch2.1 computer system structures
Ch2.1 computer system structures Syaiful Ahdan
 
ch2a.pptx
ch2a.pptxch2a.pptx
ch2a.pptxZoYaKazmi3
 
ch2.pptx.,;llllllllllllllllllllllllllllllllll
ch2.pptx.,;llllllllllllllllllllllllllllllllllch2.pptx.,;llllllllllllllllllllllllllllllllll
ch2.pptx.,;llllllllllllllllllllllllllllllllllabdulrahmaanwalid
 
OperatingSystem.ppt
OperatingSystem.pptOperatingSystem.ppt
OperatingSystem.pptRAJESHKUMARMANEPALLI
 
OperatingSystem.ppt
OperatingSystem.pptOperatingSystem.ppt
OperatingSystem.pptKaivanParikh
 
ch2.pptx
ch2.pptxch2.pptx
ch2.pptxUmarHayat623396
 
Ch2
Ch2Ch2
Ch2Kailash Maheshwari
 
boundary_security.pptx
boundary_security.pptxboundary_security.pptx
boundary_security.pptxKelvinDube4
 
REST
RESTREST
RESTJongmyoung Kim
 
iTunes media server for ubuntu
iTunes media server for ubuntuiTunes media server for ubuntu
iTunes media server for ubuntuJongmyoung Kim
 

More Related Content

Similar to 운영체제론 Ch18

L14: Access Rights and Triggers
L14: Access Rights and TriggersL14: Access Rights and Triggers
L14: Access Rights and Triggersmedialeg gmbh
 
Operating System-Ch2 computer system structures
Operating System-Ch2 computer system structuresOperating System-Ch2 computer system structures
Operating System-Ch2 computer system structuresSyaiful Ahdan
 
Protection Domain and Access Matrix Model -Operating System
Protection Domain and Access Matrix Model -Operating SystemProtection Domain and Access Matrix Model -Operating System
Protection Domain and Access Matrix Model -Operating SystemLalfakawmaKh
 
Chapter 3 access control fundamental i
Chapter 3 access control fundamental iChapter 3 access control fundamental i
Chapter 3 access control fundamental iSyaiful Ahdan
 
report on network security fundamentals
report on network security fundamentalsreport on network security fundamentals
report on network security fundamentalsJassika
 
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationFirewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationGopal Sakarkar
 
Practical White Hat Hacker Training - Post Exploitation
Practical White Hat Hacker Training - Post ExploitationPractical White Hat Hacker Training - Post Exploitation
Practical White Hat Hacker Training - Post ExploitationPRISMA CSI
 
Ch2.1 computer system structures
Ch2.1 computer system structures Ch2.1 computer system structures
Ch2.1 computer system structures Syaiful Ahdan
 
ch2.pptx.,;llllllllllllllllllllllllllllllllll
ch2.pptx.,;llllllllllllllllllllllllllllllllllch2.pptx.,;llllllllllllllllllllllllllllllllll
ch2.pptx.,;llllllllllllllllllllllllllllllllllabdulrahmaanwalid
 
OperatingSystem.ppt
OperatingSystem.pptOperatingSystem.ppt
OperatingSystem.pptKaivanParikh
 
boundary_security.pptx
boundary_security.pptxboundary_security.pptx
boundary_security.pptxKelvinDube4
 

Similar to 운영체제론 Ch18 (20)

OSCh18
OSCh18OSCh18
OSCh18
 
OS_Ch18
OS_Ch18OS_Ch18
OS_Ch18
 
Chapter 14 - Protection
Chapter 14 - ProtectionChapter 14 - Protection
Chapter 14 - Protection
 
14.Protection
14.Protection14.Protection
14.Protection
 
L14: Access Rights and Triggers
L14: Access Rights and TriggersL14: Access Rights and Triggers
L14: Access Rights and Triggers
 
Operating System-Ch2 computer system structures
Operating System-Ch2 computer system structuresOperating System-Ch2 computer system structures
Operating System-Ch2 computer system structures
 
운영체제론 Ch19
운영체제론 Ch19운영체제론 Ch19
운영체제론 Ch19
 
Protection Domain and Access Matrix Model -Operating System
Protection Domain and Access Matrix Model -Operating SystemProtection Domain and Access Matrix Model -Operating System
Protection Domain and Access Matrix Model -Operating System
 
Chapter 3 access control fundamental i
Chapter 3 access control fundamental iChapter 3 access control fundamental i
Chapter 3 access control fundamental i
 
report on network security fundamentals
report on network security fundamentalsreport on network security fundamentals
report on network security fundamentals
 
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationFirewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
 
Practical White Hat Hacker Training - Post Exploitation
Practical White Hat Hacker Training - Post ExploitationPractical White Hat Hacker Training - Post Exploitation
Practical White Hat Hacker Training - Post Exploitation
 
Ch2.1 computer system structures
Ch2.1 computer system structures Ch2.1 computer system structures
Ch2.1 computer system structures
 
ch2a.pptx
ch2a.pptxch2a.pptx
ch2a.pptx
 
ch2.pptx.,;llllllllllllllllllllllllllllllllll
ch2.pptx.,;llllllllllllllllllllllllllllllllllch2.pptx.,;llllllllllllllllllllllllllllllllll
ch2.pptx.,;llllllllllllllllllllllllllllllllll
 
OperatingSystem.ppt
OperatingSystem.pptOperatingSystem.ppt
OperatingSystem.ppt
 
OperatingSystem.ppt
OperatingSystem.pptOperatingSystem.ppt
OperatingSystem.ppt
 
ch2.pptx
ch2.pptxch2.pptx
ch2.pptx
 
Ch2
Ch2Ch2
Ch2
 
boundary_security.pptx
boundary_security.pptxboundary_security.pptx
boundary_security.pptx
 

More from Jongmyoung Kim

iTunes media server for ubuntu
iTunes media server for ubuntuiTunes media server for ubuntu
iTunes media server for ubuntuJongmyoung Kim
 
Open source for upload
Open source for uploadOpen source for upload
Open source for uploadJongmyoung Kim
 
취업캠프 특강 - 기업의 서비스 개발 프로젝트
취업캠프 특강 - 기업의 서비스 개발 프로젝트취업캠프 특강 - 기업의 서비스 개발 프로젝트
취업캠프 특강 - 기업의 서비스 개발 프로젝트Jongmyoung Kim
 
TTS System을 이용한 교육용 소프트웨어 개발
TTS System을 이용한 교육용 소프트웨어 개발TTS System을 이용한 교육용 소프트웨어 개발
TTS System을 이용한 교육용 소프트웨어 개발Jongmyoung Kim
 
운영체제론 - Ch09
운영체제론 - Ch09운영체제론 - Ch09
운영체제론 - Ch09Jongmyoung Kim
 
Web app service project
Web app service projectWeb app service project
Web app service projectJongmyoung Kim
 

More from Jongmyoung Kim (19)

REST
RESTREST
REST
 
iTunes media server for ubuntu
iTunes media server for ubuntuiTunes media server for ubuntu
iTunes media server for ubuntu
 
Open source for upload
Open source for uploadOpen source for upload
Open source for upload
 
취업캠프 특강 - 기업의 서비스 개발 프로젝트
취업캠프 특강 - 기업의 서비스 개발 프로젝트취업캠프 특강 - 기업의 서비스 개발 프로젝트
취업캠프 특강 - 기업의 서비스 개발 프로젝트
 
TTS System을 이용한 교육용 소프트웨어 개발
TTS System을 이용한 교육용 소프트웨어 개발TTS System을 이용한 교육용 소프트웨어 개발
TTS System을 이용한 교육용 소프트웨어 개발
 
운영체제론 Ch21
운영체제론 Ch21운영체제론 Ch21
운영체제론 Ch21
 
운영체제론 Ch20
운영체제론 Ch20운영체제론 Ch20
운영체제론 Ch20
 
운영체제론 Ch17
운영체제론 Ch17운영체제론 Ch17
운영체제론 Ch17
 
운영체제론 Ch14
운영체제론 Ch14운영체제론 Ch14
운영체제론 Ch14
 
운영체제론 Ch13
운영체제론 Ch13운영체제론 Ch13
운영체제론 Ch13
 
운영체제론 Ch16
운영체제론 Ch16운영체제론 Ch16
운영체제론 Ch16
 
운영체제론 Ch12
운영체제론 Ch12운영체제론 Ch12
운영체제론 Ch12
 
운영체제론 Ch11
운영체제론 Ch11운영체제론 Ch11
운영체제론 Ch11
 
운영체제론 Ch10
운영체제론 Ch10운영체제론 Ch10
운영체제론 Ch10
 
운영체제론 Ch22
운영체제론 Ch22운영체제론 Ch22
운영체제론 Ch22
 
운영체제론 - Ch09
운영체제론 - Ch09운영체제론 - Ch09
운영체제론 - Ch09
 
Web app service project
Web app service projectWeb app service project
Web app service project
 
Bitcoin
BitcoinBitcoin
Bitcoin
 
Bigdata
BigdataBigdata
Bigdata
 

Recently uploaded

Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyFrank van der Linden
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningcybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningVitsRangannavar
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 

Recently uploaded (20)

Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The Ugly
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningcybersecurity notes for mca students for learning
cybersecurity notes for mca students for learning
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 

운영체제론 Ch18

  • 1. Silberschatz, Galvin, and Gagne ©199918.1 Module 18: Protection • Goals of Protection • Domain of Protection • Access Matrix • Implementation of Access Matrix • Revocation of Access Rights • Capability-Based Systems • Language-Based Protection
  • 2. Silberschatz, Galvin, and Gagne ©199918.2 Protection • Operating system consists of a collection of object|s, hardware or software • Each object has a unique name and can be accessed through a well-defined set of operations. • Protection problem - ensure that each object is accessed correctly and only by those processes that are allowed to do so.
  • 3. Silberschatz, Galvin, and Gagne ©199918.3 Domain Structure • Access-right = <object-name, rights-set> Rights-set is a subset of all valid operations that can be performed on the object. • Domain = set of access-rights
  • 4. Silberschatz, Galvin, and Gagne ©199918.4 Domain Implementation • System consists of 2 domains: – User – Supervisor • UNIX – Domain = user-id – Domain switch accomplished via file system. Each file has associated with it a domain bit (setuid bit). When file is executed and setuid = on, then user-id is set to owner of the file being executed. When execution completes user-id is reset.
  • 5. Silberschatz, Galvin, and Gagne ©199918.5 Multics Rings • Let Di and Dj be any two domain rings. • If j < I ⇒ Di ⊆ Dj
  • 6. Silberschatz, Galvin, and Gagne ©199918.6 Access Matrix Figure 1
  • 7. Silberschatz, Galvin, and Gagne ©199918.7 Use of Access Matrix • If a process in Domain Di tries to do “op” on object Oj, then “op” must be in the access matrix. • Can be expanded to dynamic protection. – Operations to add, delete access rights. – Special access rights: owner of Oi copy op from Oi to Oj control – Di can modify Djs access rights transfer – switch from domain Di to Dj
  • 8. Silberschatz, Galvin, and Gagne ©199918.8 Use of Access Matrix (Cont.) • Access matrix design separates mechanism from policy. – Mechanism Operating system provides Access-matrix + rules. If ensures that the matrix is only manipulated by authorized agents and that rules are strictly enforced. – Policy User dictates policy. Who can access what object and in what mode.
  • 9. Silberschatz, Galvin, and Gagne ©199918.9 Implementation of Access Matrix • Each column = Access-control list for one object Defines who can perform what operation. Domain 1 = Read, Write Domain 2 = Read Domain 3 = Read  • Each Row = Capability List (like a key) Fore each domain, what operations allowed on what objects. Object 1 – Read Object 4 – Read, Write, Execute Object 5 – Read, Write, Delete, Copy
  • 10. Silberschatz, Galvin, and Gagne ©199918.10 Access Matrix of Figure 1 With Domains as Objects Figure 2
  • 11. Silberschatz, Galvin, and Gagne ©199918.11 Access Matrix with Copy Rights
  • 12. Silberschatz, Galvin, and Gagne ©199918.12 Access Matrix With Owner Rights
  • 13. Silberschatz, Galvin, and Gagne ©199918.13 Modified Access Matrix of Figure 2
  • 14. Silberschatz, Galvin, and Gagne ©199918.14 Revocation of Access Rights • Access List – Delete access rights from access list. – Simple – Immediate • Capability List – Scheme required to locate capability in the system before capability can be revoked. – Reacquisition – Back-pointers – Indirection – Keys
  • 15. Silberschatz, Galvin, and Gagne ©199918.15 Capability-Based Systems • Hydra – Fixed set of access rights known to and interpreted by the system. – Interpretation of user-defined rights performed solely by user's program; system provides access protection for use of these rights. • Cambridge CAP System – Data capability - provides standard read, write, execute of individual storage segments associated with object. – Software capability -interpretation left to the subsystem, through its protected procedures.
  • 16. Silberschatz, Galvin, and Gagne ©199918.16 Language-Based Protection • Specification of protection in a programming language allows the high-level description of policies for the allocation and use of resources. • Language implementation can provide software for protection enforcement when automatic hardware-supported checking is unavailable. • Interpret protection specifications to generate calls on whatever protection system is provided by the hardware and the operating system.