2. PROTECTION SECURITY
Authorization Authentication/Encryption
It’s a Mechanisms
to build secure
System
It deals with the Policy
issues that use protection
mechanism to build
secure System
OPERATING
SYSTEM
Control User Access
to system resources.
Decide which user
can have access to
what resources.
3. PROTECTION
• Protection deals with the access to the system resources.
• It determines that what files can be accessed or permeated by a
special user.
• The protection of the system should confirm the approval of the
process and users.
• Due to this, these licensed users and processes will care for the
central processing unit, memory and alternative sources.
• It refers to a mechanism which controls the access of programs,
processes, or users to the resources defined by a computer system.
4. NEED OF PROTECTION
• To prevent the access of unauthorized users
• To ensure that each active programs or processes in the system
uses resources only as the stated policy,
• To improve reliability by detecting latent errors.
5. PROTECTION DOMAIN
Limiting the process’s access to only needed resources
Protection domain specify:
Access to the resources
Operation that process can perform on the resources
Every process executes in its protection domain only
Switching domain:- control jump from a process to another process
6. PROTECTION DOMAIN
• Computer is a collection of processes and objects
OBJECT
HARDWAR
E
OBJECTS
SOFTWAR
E
OBJECTS
File, ProgramCPU, Printer
• Each object has a unique name that differentiates it
from all other objects in the system, and each can be
accessed only through well-defined and meaningful
operations
• Each domain defines a set of objects and the types of operations that may be invoked
on each object
• Each process may be a domain. In this case, the set of objects that can be accessed
depends on the identity of the process.
• Each user may be a domain. In this case, the set of objects that can be accessed
depends on the identity of the user.
7. PROTECTION DOMAIN
• Process operate within a protection domains, which specify the resources that the process may
access.
• Each domain defines a set of objects and the types of operations that may invoked on each object.
• The ability to execute an operation on an object is an Access Right.
• Domain is a collection of Access Right.
• Access Right <object- name, rights-set>.
subset of all valid
operations that
can be perform
on an object.
• Access Right. <O4, { print } >, is shared by both D2 and D3, implying that a process executing
either of these two domains can print object O4
• A process must executing in domain D1 to read and write object O1, on other hand, only
processes in domain D3 may execute object O1.
8. DESIGN PRINCIPAL FOR SECURE SYSTEMS
ECONOMY:
COMPLETE MEDIATION:
OPEN DESIGN:
SEPARATION OF PRIVILEGES:
• Protection mechanism should be economical to develop and use.
• Minimum substantial cost or overhead to the system.
• Design as simple and small as possible.
• Every request to access an object be checked for the authority.
• A protection mechanism should work even if its underlying principles are known to an attacker.
• Protection mechanism that requires two keys to unlock and lock is more robust and flexible.
• Presence of two keys may mean satisfying two independent condition before an access is allowed.
9. DESIGN PRINCIPAL FOR SECURE SYSTEMS
LEAST PRIVILEGE:
• Minimum access rights that are sufficient for it to complete its task.
• If the requirement of the subject changes, the subject should acquire it by switching the domain.
LEAST COMMON MECHANISM:
• Minimizing the common portion of a mechanism, which are access by more than one user.
ACCEPTABILITY:
• Protection mechanism must be simple to use.
• Complex and obscure protection mechanism will deter users from using it.
FAIL-SAFE DEFAULTS:
• If design or implementation mistake is responsible for denial of an access, it will eventually
be discovered and be fixed.
10. THE ACCESS MATRIX MODEL
• Model of protection can be viewed abstractly as a matrix, called an Access Matrix.
• Access Matrix is a security model of protection state in computer system.
• Access matrix is used to define the rights of each
process executing in the domain with respect to
each object.
• The rows of matrix represent domains and
columns represent objects.
• Each cell of matrix represents set of access rights
which are given to the processes of domain
• Means each entry(i, j) defines the set of operations
that a process executing in domain Di can invoke
on object Oj.
11. THE ACCESS MATRIX MODEL
• There are four domains and four objects- three files(F1, F2, F3) and one printer.
• A process executing in D1 can read files F1 and F3. A process executing in domain D4 has same
rights as D1 but it can also write on files.
• Printer can be accessed by only one process
executing in domain D2.
• The mechanism of access matrix consists of many
policies and semantic properties.
• Specifically, We must ensure that a process
executing in domain Di can access only those
objects that are specified in row i.
12. THE ACCESS MATRIX MODEL
• Association between the domain and processes can be either static or dynamic.
• Access matrix provides an mechanism for defining the control for this association
between domain and processes.
• When we switch a process from one domain to
another, we execute a switch operation on an
object(the domain).
• We can control domain switching by including
domains among the objects of the access
matrix.
• Processes should be able to switch from one domain
(Di) to another domain (Dj) if and only is a switch
right is given to access(i, j).
• According to the matrix: a process executing in domain D2 can switch to domain D3 and D4.
• A process executing in domain D4 can switch to domain D1 and process executing in domain D1 can
switch to domain D2.
13. THE PROTECTION STATE OF SYSTEM
• It represented by Triplet( S,O,P )
O
P [s , o]
S
Subjects
Objects
Schematic Diagram of Access Matrix