SlideShare a Scribd company logo

Protection Domain and Access Matrix Model -Operating System

Download as PPTX, PDF
L
LalfakawmaKh

Presentation on Protection Domain,Access Matrix Model and Design Principle for Secure System

Education
1 of 14
PROTECTION AND SECURITY IN OPERATING SYSTEM LALFAKAWMA M.Tech (C.S.E)
PROTECTION SECURITY  Authorization  Authentication/Encryption  It’s a Mechanisms to build secure System  It deals with the Policy issues that use protection mechanism to build secure System OPERATING SYSTEM  Control User Access to system resources.  Decide which user can have access to what resources.
PROTECTION • Protection deals with the access to the system resources. • It determines that what files can be accessed or permeated by a special user. • The protection of the system should confirm the approval of the process and users. • Due to this, these licensed users and processes will care for the central processing unit, memory and alternative sources. • It refers to a mechanism which controls the access of programs, processes, or users to the resources defined by a computer system.
NEED OF PROTECTION • To prevent the access of unauthorized users • To ensure that each active programs or processes in the system uses resources only as the stated policy, • To improve reliability by detecting latent errors.
PROTECTION DOMAIN Limiting the process’s access to only needed resources Protection domain specify: Access to the resources Operation that process can perform on the resources Every process executes in its protection domain only Switching domain:- control jump from a process to another process
PROTECTION DOMAIN • Computer is a collection of processes and objects OBJECT HARDWAR E OBJECTS SOFTWAR E OBJECTS File, ProgramCPU, Printer • Each object has a unique name that differentiates it from all other objects in the system, and each can be accessed only through well-defined and meaningful operations • Each domain defines a set of objects and the types of operations that may be invoked on each object • Each process may be a domain. In this case, the set of objects that can be accessed depends on the identity of the process. • Each user may be a domain. In this case, the set of objects that can be accessed depends on the identity of the user.
PROTECTION DOMAIN • Process operate within a protection domains, which specify the resources that the process may access. • Each domain defines a set of objects and the types of operations that may invoked on each object. • The ability to execute an operation on an object is an Access Right. • Domain is a collection of Access Right. • Access Right <object- name, rights-set>. subset of all valid operations that can be perform on an object. • Access Right. <O4, { print } >, is shared by both D2 and D3, implying that a process executing either of these two domains can print object O4 • A process must executing in domain D1 to read and write object O1, on other hand, only processes in domain D3 may execute object O1.
DESIGN PRINCIPAL FOR SECURE SYSTEMS ECONOMY: COMPLETE MEDIATION: OPEN DESIGN: SEPARATION OF PRIVILEGES: • Protection mechanism should be economical to develop and use. • Minimum substantial cost or overhead to the system. • Design as simple and small as possible. • Every request to access an object be checked for the authority. • A protection mechanism should work even if its underlying principles are known to an attacker. • Protection mechanism that requires two keys to unlock and lock is more robust and flexible. • Presence of two keys may mean satisfying two independent condition before an access is allowed.
DESIGN PRINCIPAL FOR SECURE SYSTEMS LEAST PRIVILEGE: • Minimum access rights that are sufficient for it to complete its task. • If the requirement of the subject changes, the subject should acquire it by switching the domain. LEAST COMMON MECHANISM: • Minimizing the common portion of a mechanism, which are access by more than one user. ACCEPTABILITY: • Protection mechanism must be simple to use. • Complex and obscure protection mechanism will deter users from using it. FAIL-SAFE DEFAULTS: • If design or implementation mistake is responsible for denial of an access, it will eventually be discovered and be fixed.
THE ACCESS MATRIX MODEL • Model of protection can be viewed abstractly as a matrix, called an Access Matrix. • Access Matrix is a security model of protection state in computer system. • Access matrix is used to define the rights of each process executing in the domain with respect to each object. • The rows of matrix represent domains and columns represent objects. • Each cell of matrix represents set of access rights which are given to the processes of domain • Means each entry(i, j) defines the set of operations that a process executing in domain Di can invoke on object Oj.
THE ACCESS MATRIX MODEL • There are four domains and four objects- three files(F1, F2, F3) and one printer. • A process executing in D1 can read files F1 and F3. A process executing in domain D4 has same rights as D1 but it can also write on files. • Printer can be accessed by only one process executing in domain D2. • The mechanism of access matrix consists of many policies and semantic properties. • Specifically, We must ensure that a process executing in domain Di can access only those objects that are specified in row i.
THE ACCESS MATRIX MODEL • Association between the domain and processes can be either static or dynamic. • Access matrix provides an mechanism for defining the control for this association between domain and processes. • When we switch a process from one domain to another, we execute a switch operation on an object(the domain). • We can control domain switching by including domains among the objects of the access matrix. • Processes should be able to switch from one domain (Di) to another domain (Dj) if and only is a switch right is given to access(i, j). • According to the matrix: a process executing in domain D2 can switch to domain D3 and D4. • A process executing in domain D4 can switch to domain D1 and process executing in domain D1 can switch to domain D2.
THE PROTECTION STATE OF SYSTEM • It represented by Triplet( S,O,P ) O P [s , o] S Subjects Objects Schematic Diagram of Access Matrix
Protection Domain and Access Matrix Model -Operating System

Recommended

Goals of protection
Goals of protectionGoals of protection
Goals of protectionveena ali
 
XML-RPC (XML Remote Procedure Call)
XML-RPC (XML Remote Procedure Call)XML-RPC (XML Remote Procedure Call)
XML-RPC (XML Remote Procedure Call)Peter R. Egli
 
Deadlock ppt
Deadlock ppt Deadlock ppt
Deadlock ppt Sweetestangel Kochar
 
Protection and security
Protection and securityProtection and security
Protection and securitymbadhi
 
Software and Hardware Reliability
Software and Hardware ReliabilitySoftware and Hardware Reliability
Software and Hardware ReliabilitySandeep Patalay
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating systemAbou Bakr Ashraf
 
Protection and Security in Operating Systems
Protection and Security in Operating SystemsProtection and Security in Operating Systems
Protection and Security in Operating Systemsvampugani
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 

Recommended

Goals of protection
Goals of protectionGoals of protection
Goals of protectionveena ali
 
XML-RPC (XML Remote Procedure Call)
XML-RPC (XML Remote Procedure Call)XML-RPC (XML Remote Procedure Call)
XML-RPC (XML Remote Procedure Call)Peter R. Egli
 
Deadlock ppt
Deadlock ppt Deadlock ppt
Deadlock ppt Sweetestangel Kochar
 
Protection and security
Protection and securityProtection and security
Protection and securitymbadhi
 
Software and Hardware Reliability
Software and Hardware ReliabilitySoftware and Hardware Reliability
Software and Hardware ReliabilitySandeep Patalay
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating systemAbou Bakr Ashraf
 
Protection and Security in Operating Systems
Protection and Security in Operating SystemsProtection and Security in Operating Systems
Protection and Security in Operating Systemsvampugani
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Methods for handling deadlock
Methods for handling deadlockMethods for handling deadlock
Methods for handling deadlocksangrampatil81
 
Android intents
Android intentsAndroid intents
Android intentsSiva Ramakrishna kv
 
Unit 1 architecture of distributed systems
Unit 1 architecture of distributed systemsUnit 1 architecture of distributed systems
Unit 1 architecture of distributed systemskaran2190
 
Operating system critical section
Operating system critical sectionOperating system critical section
Operating system critical sectionHarshana Madusanka Jayamaha
 
Planning
PlanningPlanning
Planningahmad bassiouny
 
Concurrency: Mutual Exclusion and Synchronization
Concurrency: Mutual Exclusion and SynchronizationConcurrency: Mutual Exclusion and Synchronization
Concurrency: Mutual Exclusion and SynchronizationAnas Ebrahim
 
System security
System securitySystem security
System securitysommerville-videos
 
Program Threats
Program ThreatsProgram Threats
Program Threatsguestab0ee0
 
Software design
Software designSoftware design
Software designSyed Muhammad Hammad-ud-Din
 
Chapter 3 - Processes
Chapter 3 - ProcessesChapter 3 - Processes
Chapter 3 - ProcessesWayne Jones Jnr
 
Cohesion and coupling
Cohesion and couplingCohesion and coupling
Cohesion and couplingAprajita (Abbey) Singh
 
OS - Process Concepts
OS - Process ConceptsOS - Process Concepts
OS - Process ConceptsMukesh Chinta
 
Communication primitives
Communication primitivesCommunication primitives
Communication primitivesStudent
 
Deadlock in distribute system by saeed siddik
Deadlock in distribute system by saeed siddikDeadlock in distribute system by saeed siddik
Deadlock in distribute system by saeed siddikSaeed Siddik
 
OPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITYOPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITYRohitK71
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Inference in First-Order Logic 2
Inference in First-Order Logic 2Inference in First-Order Logic 2
Inference in First-Order Logic 2Junya Tanaka
 
Protection and security of operating system
Protection and security of operating systemProtection and security of operating system
Protection and security of operating systemAbdullah Khosa
 
Operating system security
Operating system securityOperating system security
Operating system securitySarmad Makhdoom
 
Deadlocks
Deadlocks Deadlocks
DeadlocksDilshan Sudaraka
 
Protection
ProtectionProtection
ProtectionMohanlal Sukhadia University (MLSU)
 
Os8
Os8Os8
Os8gopal10scs185
 

More Related Content

What's hot

Methods for handling deadlock
Methods for handling deadlockMethods for handling deadlock
Methods for handling deadlocksangrampatil81
 
Unit 1 architecture of distributed systems
Unit 1 architecture of distributed systemsUnit 1 architecture of distributed systems
Unit 1 architecture of distributed systemskaran2190
 
Concurrency: Mutual Exclusion and Synchronization
Concurrency: Mutual Exclusion and SynchronizationConcurrency: Mutual Exclusion and Synchronization
Concurrency: Mutual Exclusion and SynchronizationAnas Ebrahim
 
OS - Process Concepts
OS - Process ConceptsOS - Process Concepts
OS - Process ConceptsMukesh Chinta
 
Communication primitives
Communication primitivesCommunication primitives
Communication primitivesStudent
 
Deadlock in distribute system by saeed siddik
Deadlock in distribute system by saeed siddikDeadlock in distribute system by saeed siddik
Deadlock in distribute system by saeed siddikSaeed Siddik
 
OPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITYOPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITYRohitK71
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Inference in First-Order Logic 2
Inference in First-Order Logic 2Inference in First-Order Logic 2
Inference in First-Order Logic 2Junya Tanaka
 
Protection and security of operating system
Protection and security of operating systemProtection and security of operating system
Protection and security of operating systemAbdullah Khosa
 
Operating system security
Operating system securityOperating system security
Operating system securitySarmad Makhdoom
 

What's hot (20)

Methods for handling deadlock
Methods for handling deadlockMethods for handling deadlock
Methods for handling deadlock
 
Android intents
Android intentsAndroid intents
Android intents
 
Unit 1 architecture of distributed systems
Unit 1 architecture of distributed systemsUnit 1 architecture of distributed systems
Unit 1 architecture of distributed systems
 
Operating system critical section
Operating system critical sectionOperating system critical section
Operating system critical section
 
Planning
PlanningPlanning
Planning
 
Concurrency: Mutual Exclusion and Synchronization
Concurrency: Mutual Exclusion and SynchronizationConcurrency: Mutual Exclusion and Synchronization
Concurrency: Mutual Exclusion and Synchronization
 
System security
System securitySystem security
System security
 
Program Threats
Program ThreatsProgram Threats
Program Threats
 
Software design
Software designSoftware design
Software design
 
Chapter 3 - Processes
Chapter 3 - ProcessesChapter 3 - Processes
Chapter 3 - Processes
 
Cohesion and coupling
Cohesion and couplingCohesion and coupling
Cohesion and coupling
 
OS - Process Concepts
OS - Process ConceptsOS - Process Concepts
OS - Process Concepts
 
Communication primitives
Communication primitivesCommunication primitives
Communication primitives
 
Deadlock in distribute system by saeed siddik
Deadlock in distribute system by saeed siddikDeadlock in distribute system by saeed siddik
Deadlock in distribute system by saeed siddik
 
OPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITYOPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITY
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 
Inference in First-Order Logic 2
Inference in First-Order Logic 2Inference in First-Order Logic 2
Inference in First-Order Logic 2
 
Protection and security of operating system
Protection and security of operating systemProtection and security of operating system
Protection and security of operating system
 
Operating system security
Operating system securityOperating system security
Operating system security
 
Deadlocks
Deadlocks Deadlocks
Deadlocks
 

Similar to Protection Domain and Access Matrix Model -Operating System

Least privilege, access control, operating system security
Least privilege, access control, operating system securityLeast privilege, access control, operating system security
Least privilege, access control, operating system securityG Prachi
 
File Protection in Operating System
File Protection in Operating SystemFile Protection in Operating System
File Protection in Operating SystemMeghaj Mallick
 
Database managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxeDatabase managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxechnrketan
 
Lannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber AttacksLannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber AttacksSecurity Bootcamp
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsKarthikeyan Dhayalan
 
Fundamental_Security_Design_Principles.pptx
Fundamental_Security_Design_Principles.pptxFundamental_Security_Design_Principles.pptx
Fundamental_Security_Design_Principles.pptxKelvinDube4
 
access-control-basics-murat-kantarcioglu.pdf
access-control-basics-murat-kantarcioglu.pdfaccess-control-basics-murat-kantarcioglu.pdf
access-control-basics-murat-kantarcioglu.pdfNohaNagy5
 
CISSP - Chapter 3 - System security architecture
CISSP - Chapter 3 - System security architectureCISSP - Chapter 3 - System security architecture
CISSP - Chapter 3 - System security architectureKarthikeyan Dhayalan
 
System Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptxSystem Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptxrahulkumarcscsf21
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models7wounders
 
Enumeration and system hacking
Enumeration and system hackingEnumeration and system hacking
Enumeration and system hackingbegmohsin
 
System protection in Operating System
System protection in Operating SystemSystem protection in Operating System
System protection in Operating Systemsohaildanish
 
Security issues in os
Security issues in osSecurity issues in os
Security issues in osDevAdnani
 

Similar to Protection Domain and Access Matrix Model -Operating System (20)

Protection
ProtectionProtection
Protection
 
Os8
Os8Os8
Os8
 
Os8
Os8Os8
Os8
 
Least privilege, access control, operating system security
Least privilege, access control, operating system securityLeast privilege, access control, operating system security
Least privilege, access control, operating system security
 
File Protection in Operating System
File Protection in Operating SystemFile Protection in Operating System
File Protection in Operating System
 
Ch13 protection
Ch13 protectionCh13 protection
Ch13 protection
 
Database managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxeDatabase managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxe
 
Chapter 14 - Protection
Chapter 14 - ProtectionChapter 14 - Protection
Chapter 14 - Protection
 
Lannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber AttacksLannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber Attacks
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security Operations
 
Fundamental_Security_Design_Principles.pptx
Fundamental_Security_Design_Principles.pptxFundamental_Security_Design_Principles.pptx
Fundamental_Security_Design_Principles.pptx
 
access-control-basics-murat-kantarcioglu.pdf
access-control-basics-murat-kantarcioglu.pdfaccess-control-basics-murat-kantarcioglu.pdf
access-control-basics-murat-kantarcioglu.pdf
 
Chapter 7
Chapter 7Chapter 7
Chapter 7
 
CISSP - Chapter 3 - System security architecture
CISSP - Chapter 3 - System security architectureCISSP - Chapter 3 - System security architecture
CISSP - Chapter 3 - System security architecture
 
4_5949547032388570388.ppt
4_5949547032388570388.ppt4_5949547032388570388.ppt
4_5949547032388570388.ppt
 
System Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptxSystem Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptx
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models
 
Enumeration and system hacking
Enumeration and system hackingEnumeration and system hacking
Enumeration and system hacking
 
System protection in Operating System
System protection in Operating SystemSystem protection in Operating System
System protection in Operating System
 
Security issues in os
Security issues in osSecurity issues in os
Security issues in os
 

Recently uploaded

Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxPoojaSen20
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppCeline George
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfakmcokerachita
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 

Recently uploaded (20)

Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docx
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdf
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 

Protection Domain and Access Matrix Model -Operating System

  • 1. PROTECTION AND SECURITY IN OPERATING SYSTEM LALFAKAWMA M.Tech (C.S.E)
  • 2. PROTECTION SECURITY  Authorization  Authentication/Encryption  It’s a Mechanisms to build secure System  It deals with the Policy issues that use protection mechanism to build secure System OPERATING SYSTEM  Control User Access to system resources.  Decide which user can have access to what resources.
  • 3. PROTECTION • Protection deals with the access to the system resources. • It determines that what files can be accessed or permeated by a special user. • The protection of the system should confirm the approval of the process and users. • Due to this, these licensed users and processes will care for the central processing unit, memory and alternative sources. • It refers to a mechanism which controls the access of programs, processes, or users to the resources defined by a computer system.
  • 4. NEED OF PROTECTION • To prevent the access of unauthorized users • To ensure that each active programs or processes in the system uses resources only as the stated policy, • To improve reliability by detecting latent errors.
  • 5. PROTECTION DOMAIN Limiting the process’s access to only needed resources Protection domain specify: Access to the resources Operation that process can perform on the resources Every process executes in its protection domain only Switching domain:- control jump from a process to another process
  • 6. PROTECTION DOMAIN • Computer is a collection of processes and objects OBJECT HARDWAR E OBJECTS SOFTWAR E OBJECTS File, ProgramCPU, Printer • Each object has a unique name that differentiates it from all other objects in the system, and each can be accessed only through well-defined and meaningful operations • Each domain defines a set of objects and the types of operations that may be invoked on each object • Each process may be a domain. In this case, the set of objects that can be accessed depends on the identity of the process. • Each user may be a domain. In this case, the set of objects that can be accessed depends on the identity of the user.
  • 7. PROTECTION DOMAIN • Process operate within a protection domains, which specify the resources that the process may access. • Each domain defines a set of objects and the types of operations that may invoked on each object. • The ability to execute an operation on an object is an Access Right. • Domain is a collection of Access Right. • Access Right <object- name, rights-set>. subset of all valid operations that can be perform on an object. • Access Right. <O4, { print } >, is shared by both D2 and D3, implying that a process executing either of these two domains can print object O4 • A process must executing in domain D1 to read and write object O1, on other hand, only processes in domain D3 may execute object O1.
  • 8. DESIGN PRINCIPAL FOR SECURE SYSTEMS ECONOMY: COMPLETE MEDIATION: OPEN DESIGN: SEPARATION OF PRIVILEGES: • Protection mechanism should be economical to develop and use. • Minimum substantial cost or overhead to the system. • Design as simple and small as possible. • Every request to access an object be checked for the authority. • A protection mechanism should work even if its underlying principles are known to an attacker. • Protection mechanism that requires two keys to unlock and lock is more robust and flexible. • Presence of two keys may mean satisfying two independent condition before an access is allowed.
  • 9. DESIGN PRINCIPAL FOR SECURE SYSTEMS LEAST PRIVILEGE: • Minimum access rights that are sufficient for it to complete its task. • If the requirement of the subject changes, the subject should acquire it by switching the domain. LEAST COMMON MECHANISM: • Minimizing the common portion of a mechanism, which are access by more than one user. ACCEPTABILITY: • Protection mechanism must be simple to use. • Complex and obscure protection mechanism will deter users from using it. FAIL-SAFE DEFAULTS: • If design or implementation mistake is responsible for denial of an access, it will eventually be discovered and be fixed.
  • 10. THE ACCESS MATRIX MODEL • Model of protection can be viewed abstractly as a matrix, called an Access Matrix. • Access Matrix is a security model of protection state in computer system. • Access matrix is used to define the rights of each process executing in the domain with respect to each object. • The rows of matrix represent domains and columns represent objects. • Each cell of matrix represents set of access rights which are given to the processes of domain • Means each entry(i, j) defines the set of operations that a process executing in domain Di can invoke on object Oj.
  • 11. THE ACCESS MATRIX MODEL • There are four domains and four objects- three files(F1, F2, F3) and one printer. • A process executing in D1 can read files F1 and F3. A process executing in domain D4 has same rights as D1 but it can also write on files. • Printer can be accessed by only one process executing in domain D2. • The mechanism of access matrix consists of many policies and semantic properties. • Specifically, We must ensure that a process executing in domain Di can access only those objects that are specified in row i.
  • 12. THE ACCESS MATRIX MODEL • Association between the domain and processes can be either static or dynamic. • Access matrix provides an mechanism for defining the control for this association between domain and processes. • When we switch a process from one domain to another, we execute a switch operation on an object(the domain). • We can control domain switching by including domains among the objects of the access matrix. • Processes should be able to switch from one domain (Di) to another domain (Dj) if and only is a switch right is given to access(i, j). • According to the matrix: a process executing in domain D2 can switch to domain D3 and D4. • A process executing in domain D4 can switch to domain D1 and process executing in domain D1 can switch to domain D2.
  • 13. THE PROTECTION STATE OF SYSTEM • It represented by Triplet( S,O,P ) O P [s , o] S Subjects Objects Schematic Diagram of Access Matrix