SlideShare a Scribd company logo

Ch14 protection

Syaiful Ahdan
Syaiful Ahdan

This document discusses protection in operating systems. It covers goals of protection like ensuring only authorized access to objects. Key concepts discussed include domains of protection, access matrices to define access rights, and implementations using access lists and capability lists. Methods to revoke access rights and capability-based systems are also summarized. The document concludes with language-based protection where languages can specify policies enforced by the operating system.

1 of 17
Download to read offline
Silberschatz and Galvin199919.1Operating System Concepts Silberschatz and Galvin19995.1Operating System Concepts Silberschatz and Galvin 19994.1 1 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 O P E R A T I N G S Y S T E M S Chapter 14 : Protection • Goals of Protection • Domain of Protection • Access Matrix • Implementation of Access Matrix • Revocation of Access Rights • Capability-Based Systems • Language-Based Protection Operating System Concepts
Silberschatz and Galvin199919.2Operating System Concepts Silberschatz and Galvin19995.2Operating System Concepts Silberschatz and Galvin 19994.2 2 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Chapter 14: Protection • Goals of Protection • Domain of Protection • Access Matrix • Implementation of Access Matrix • Revocation of Access Rights • Capability-Based Systems • Language-Based Protection Operating System Concepts
Silberschatz and Galvin199919.3Operating System Concepts Silberschatz and Galvin19995.3Operating System Concepts Silberschatz and Galvin 19994.3 3 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Protection • Operating system consists of a collection of object|s, hardware or software • Each object has a unique name and can be accessed through a well-defined set of operations. • Protection problem - ensure that each object is accessed correctly and only by those processes that are allowed to do so. Operating System Concepts
Silberschatz and Galvin199919.4Operating System Concepts Silberschatz and Galvin19995.4Operating System Concepts Silberschatz and Galvin 19994.4 4 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Domain Structure • Access-right = <object-name, rights-set> Rights-set is a subset of all valid operations that can be performed on the object. • Domain = set of access-rights Operating System Concepts
Silberschatz and Galvin199919.5Operating System Concepts Silberschatz and Galvin19995.5Operating System Concepts Silberschatz and Galvin 19994.5 5 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Domain Implementation • System consists of 2 domains: • User • Supervisor • UNIX • Domain = user-id • Domain switch accomplished via file system.  Each file has associated with it a domain bit (setuid bit).  When file is executed and setuid = on, then user-id is set to owner of the file being executed. When execution completes user-id is reset. Operating System Concepts
Silberschatz and Galvin199919.6Operating System Concepts Silberschatz and Galvin19995.6Operating System Concepts Silberschatz and Galvin 19994.6 6 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Multics Rings • Let Di and Dj be any two domain rings. • If j < I  Di  Dj Operating System Concepts
Silberschatz and Galvin199919.7Operating System Concepts Silberschatz and Galvin19995.7Operating System Concepts Silberschatz and Galvin 19994.7 7 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Access Matrix Figure 1 Operating System Concepts
Silberschatz and Galvin199919.8Operating System Concepts Silberschatz and Galvin19995.8Operating System Concepts Silberschatz and Galvin 19994.8 8 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Use of Access Matrix • If a process in Domain Di tries to do “op” on object Oj, then “op” must be in the access matrix. • Can be expanded to dynamic protection. • Operations to add, delete access rights. • Special access rights:  owner of Oi  copy op from Oi to Oj  control – Di can modify Djs access rights  transfer – switch from domain Di to Dj Operating System Concepts
Silberschatz and Galvin199919.9Operating System Concepts Silberschatz and Galvin19995.9Operating System Concepts Silberschatz and Galvin 19994.9 9 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Use of Access Matrix (Cont.) • Access matrix design separates mechanism from policy. • Mechanism  Operating system provides Access-matrix + rules.  If ensures that the matrix is only manipulated by authorized agents and that rules are strictly enforced. • Policy  User dictates policy.  Who can access what object and in what mode. Operating System Concepts
Silberschatz and Galvin199919.10Operating System Concepts Silberschatz and Galvin19995.10Operating System Concepts Silberschatz and Galvin 19994.10 10 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Implementation of Access Matrix • Each column = Access-control list for one object Defines who can perform what operation. Domain 1 = Read, Write Domain 2 = Read Domain 3 = Read  • Each Row = Capability List (like a key) Fore each domain, what operations allowed on what objects. • Object 1 – Read • Object 4 – Read, Write, Execute • Object 5 – Read, Write, Delete, Copy Operating System Concepts
Silberschatz and Galvin199919.11Operating System Concepts Silberschatz and Galvin19995.11Operating System Concepts Silberschatz and Galvin 19994.11 11 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Access Matrix of Figure 1 With Domains as Objects Figure 2 Operating System Concepts
Silberschatz and Galvin199919.12Operating System Concepts Silberschatz and Galvin19995.12Operating System Concepts Silberschatz and Galvin 19994.12 12 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Access Matrix with Copy Rights Operating System Concepts
Silberschatz and Galvin199919.13Operating System Concepts Silberschatz and Galvin19995.13Operating System Concepts Silberschatz and Galvin 19994.13 13 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Access Matrix With Owner Rights Operating System Concepts
Silberschatz and Galvin199919.14Operating System Concepts Silberschatz and Galvin19995.14Operating System Concepts Silberschatz and Galvin 19994.14 14 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Modified Access Matrix of Figure 2 Operating System Concepts
Silberschatz and Galvin199919.15Operating System Concepts Silberschatz and Galvin19995.15Operating System Concepts Silberschatz and Galvin 19994.15 15 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Revocation of Access Rights • Access List – Delete access rights from access list. • Simple • Immediate • Capability List – Scheme required to locate capability in the system before capability can be revoked. • Reacquisition • Back-pointers • Indirection • Keys Operating System Concepts
Silberschatz and Galvin199919.16Operating System Concepts Silberschatz and Galvin19995.16Operating System Concepts Silberschatz and Galvin 19994.16 16 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Capability-Based Systems • Hydra • Fixed set of access rights known to and interpreted by the system. • Interpretation of user-defined rights performed solely by user's program; system provides access protection for use of these rights. • Cambridge CAP System • Data capability - provides standard read, write, execute of individual storage segments associated with object. • Software capability -interpretation left to the subsystem, through its protected procedures. Operating System Concepts
Silberschatz and Galvin199919.17Operating System Concepts Silberschatz and Galvin19995.17Operating System Concepts Silberschatz and Galvin 19994.17 17 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Language-Based Protection • Specification of protection in a programming language allows the high-level description of policies for the allocation and use of resources. • Language implementation can provide software for protection enforcement when automatic hardware-supported checking is unavailable. • Interpret protection specifications to generate calls on whatever protection system is provided by the hardware and the operating system. Operating System Concepts

Recommended

Ch15 security
Ch15 securityCh15 security
Ch15 security
Syaiful Ahdan
 
Operating System : Ch20 security
Operating System : Ch20 securityOperating System : Ch20 security
Operating System : Ch20 security
Syaiful Ahdan
 
Operating System : Ch19 protection
Operating System : Ch19 protectionOperating System : Ch19 protection
Operating System : Ch19 protection
Syaiful Ahdan
 
Operating System : Ch11 file system implementation
Operating System : Ch11 file system implementationOperating System : Ch11 file system implementation
Operating System : Ch11 file system implementation
Syaiful Ahdan
 
Ch12 file system implementation
Ch12 file system implementationCh12 file system implementation
Ch12 file system implementation
Syaiful Ahdan
 
Configuring Site-to-Site VPN's on ASA Firewalls
Configuring Site-to-Site VPN's on ASA FirewallsConfiguring Site-to-Site VPN's on ASA Firewalls
Configuring Site-to-Site VPN's on ASA Firewalls
Kelvin Charles
 
Central Iowa Linux Users Group May 2020 Meeting: WireGuard
Central Iowa Linux Users Group May 2020 Meeting: WireGuardCentral Iowa Linux Users Group May 2020 Meeting: WireGuard
Central Iowa Linux Users Group May 2020 Meeting: WireGuard
Andrew Denner
 
Ch11 file system interface
Ch11 file system interfaceCh11 file system interface
Ch11 file system interface
Syaiful Ahdan
 

Recommended

Ch15 security
Ch15 securityCh15 security
Ch15 security
Syaiful Ahdan
 
Operating System : Ch20 security
Operating System : Ch20 securityOperating System : Ch20 security
Operating System : Ch20 security
Syaiful Ahdan
 
Operating System : Ch19 protection
Operating System : Ch19 protectionOperating System : Ch19 protection
Operating System : Ch19 protection
Syaiful Ahdan
 
Operating System : Ch11 file system implementation
Operating System : Ch11 file system implementationOperating System : Ch11 file system implementation
Operating System : Ch11 file system implementation
Syaiful Ahdan
 
Ch12 file system implementation
Ch12 file system implementationCh12 file system implementation
Ch12 file system implementation
Syaiful Ahdan
 
Configuring Site-to-Site VPN's on ASA Firewalls
Configuring Site-to-Site VPN's on ASA FirewallsConfiguring Site-to-Site VPN's on ASA Firewalls
Configuring Site-to-Site VPN's on ASA Firewalls
Kelvin Charles
 
Central Iowa Linux Users Group May 2020 Meeting: WireGuard
Central Iowa Linux Users Group May 2020 Meeting: WireGuardCentral Iowa Linux Users Group May 2020 Meeting: WireGuard
Central Iowa Linux Users Group May 2020 Meeting: WireGuard
Andrew Denner
 
Ch11 file system interface
Ch11 file system interfaceCh11 file system interface
Ch11 file system interface
Syaiful Ahdan
 
Ch7 deadlocks
Ch7 deadlocksCh7 deadlocks
Ch7 deadlocks
Syaiful Ahdan
 
Operating System-Ch7 deadlocks
Operating System-Ch7 deadlocksOperating System-Ch7 deadlocks
Operating System-Ch7 deadlocks
Syaiful Ahdan
 
Operating System : Ch12 io systems
Operating System : Ch12 io systemsOperating System : Ch12 io systems
Operating System : Ch12 io systems
Syaiful Ahdan
 
Ch13 io systems
Ch13 io systemsCh13 io systems
Ch13 io systems
Syaiful Ahdan
 
Operating System : Ch18 distributed coordination
Operating System : Ch18 distributed coordinationOperating System : Ch18 distributed coordination
Operating System : Ch18 distributed coordination
Syaiful Ahdan
 
Operating System-Ch8 memory management
Operating System-Ch8 memory managementOperating System-Ch8 memory management
Operating System-Ch8 memory management
Syaiful Ahdan
 
Operating System : Ch10 file system interface
Operating System : Ch10 file system interfaceOperating System : Ch10 file system interface
Operating System : Ch10 file system interface
Syaiful Ahdan
 
Operating System : Ch16.distributed system structures
Operating System : Ch16.distributed system structuresOperating System : Ch16.distributed system structures
Operating System : Ch16.distributed system structures
Syaiful Ahdan
 
Materi8mainmemory
Materi8mainmemoryMateri8mainmemory
Materi8mainmemory
Universitas Perwira Purbalingga
 
Ch8 main memory
Ch8 main memoryCh8 main memory
Ch8 main memory
Syaiful Ahdan
 
Operating System : Ch13 secondary storage
Operating System : Ch13 secondary storageOperating System : Ch13 secondary storage
Operating System : Ch13 secondary storage
Syaiful Ahdan
 
Operating System : Ch15 network structures
Operating System : Ch15 network structuresOperating System : Ch15 network structures
Operating System : Ch15 network structures
Syaiful Ahdan
 
Operating System : Ch17 distributed file systems
Operating System : Ch17 distributed file systemsOperating System : Ch17 distributed file systems
Operating System : Ch17 distributed file systems
Syaiful Ahdan
 
Ch10.1 secondary storage
Ch10.1 secondary storageCh10.1 secondary storage
Ch10.1 secondary storage
Syaiful Ahdan
 
Operating System : Ch4 b threads
Operating System : Ch4 b threadsOperating System : Ch4 b threads
Operating System : Ch4 b threads
Syaiful Ahdan
 
Ch4 threads
Ch4 threadsCh4 threads
Ch4 threads
Syaiful Ahdan
 
Operating System : Ch14.tertiary storage structure
Operating System : Ch14.tertiary storage structureOperating System : Ch14.tertiary storage structure
Operating System : Ch14.tertiary storage structure
Syaiful Ahdan
 
Operating System-Ch4.processes
Operating System-Ch4.processesOperating System-Ch4.processes
Operating System-Ch4.processes
Syaiful Ahdan
 
Ch3.processes
Ch3.processesCh3.processes
Ch3.processes
Syaiful Ahdan
 
Ch5 process synchronization
Ch5 process synchronizationCh5 process synchronization
Ch5 process synchronization
Syaiful Ahdan
 
Sertifikat EC00202128391
Sertifikat EC00202128391 Sertifikat EC00202128391
Sertifikat EC00202128391
Syaiful Ahdan
 
SP2JPB - Aplikasi Sistem Pelayanan Pemesanan Jasa Perbaikan Pada Bengkel Alam...
SP2JPB - Aplikasi Sistem Pelayanan Pemesanan Jasa Perbaikan Pada Bengkel Alam...SP2JPB - Aplikasi Sistem Pelayanan Pemesanan Jasa Perbaikan Pada Bengkel Alam...
SP2JPB - Aplikasi Sistem Pelayanan Pemesanan Jasa Perbaikan Pada Bengkel Alam...
Syaiful Ahdan
 

More Related Content

Similar to Ch14 protection

Ch7 deadlocks
Ch7 deadlocksCh7 deadlocks
Ch7 deadlocks
Syaiful Ahdan
 
Operating System-Ch7 deadlocks
Operating System-Ch7 deadlocksOperating System-Ch7 deadlocks
Operating System-Ch7 deadlocks
Syaiful Ahdan
 
Operating System : Ch12 io systems
Operating System : Ch12 io systemsOperating System : Ch12 io systems
Operating System : Ch12 io systems
Syaiful Ahdan
 
Ch13 io systems
Ch13 io systemsCh13 io systems
Ch13 io systems
Syaiful Ahdan
 
Operating System : Ch18 distributed coordination
Operating System : Ch18 distributed coordinationOperating System : Ch18 distributed coordination
Operating System : Ch18 distributed coordination
Syaiful Ahdan
 
Operating System-Ch8 memory management
Operating System-Ch8 memory managementOperating System-Ch8 memory management
Operating System-Ch8 memory management
Syaiful Ahdan
 
Operating System : Ch10 file system interface
Operating System : Ch10 file system interfaceOperating System : Ch10 file system interface
Operating System : Ch10 file system interface
Syaiful Ahdan
 
Operating System : Ch16.distributed system structures
Operating System : Ch16.distributed system structuresOperating System : Ch16.distributed system structures
Operating System : Ch16.distributed system structures
Syaiful Ahdan
 
Materi8mainmemory
Materi8mainmemoryMateri8mainmemory
Materi8mainmemory
Universitas Perwira Purbalingga
 
Ch8 main memory
Ch8 main memoryCh8 main memory
Ch8 main memory
Syaiful Ahdan
 
Operating System : Ch13 secondary storage
Operating System : Ch13 secondary storageOperating System : Ch13 secondary storage
Operating System : Ch13 secondary storage
Syaiful Ahdan
 
Operating System : Ch15 network structures
Operating System : Ch15 network structuresOperating System : Ch15 network structures
Operating System : Ch15 network structures
Syaiful Ahdan
 
Operating System : Ch17 distributed file systems
Operating System : Ch17 distributed file systemsOperating System : Ch17 distributed file systems
Operating System : Ch17 distributed file systems
Syaiful Ahdan
 
Ch10.1 secondary storage
Ch10.1 secondary storageCh10.1 secondary storage
Ch10.1 secondary storage
Syaiful Ahdan
 
Operating System : Ch4 b threads
Operating System : Ch4 b threadsOperating System : Ch4 b threads
Operating System : Ch4 b threads
Syaiful Ahdan
 
Ch4 threads
Ch4 threadsCh4 threads
Ch4 threads
Syaiful Ahdan
 
Operating System : Ch14.tertiary storage structure
Operating System : Ch14.tertiary storage structureOperating System : Ch14.tertiary storage structure
Operating System : Ch14.tertiary storage structure
Syaiful Ahdan
 
Operating System-Ch4.processes
Operating System-Ch4.processesOperating System-Ch4.processes
Operating System-Ch4.processes
Syaiful Ahdan
 
Ch3.processes
Ch3.processesCh3.processes
Ch3.processes
Syaiful Ahdan
 
Ch5 process synchronization
Ch5 process synchronizationCh5 process synchronization
Ch5 process synchronization
Syaiful Ahdan
 

Similar to Ch14 protection (20)

Ch7 deadlocks
Ch7 deadlocksCh7 deadlocks
Ch7 deadlocks
 
Operating System-Ch7 deadlocks
Operating System-Ch7 deadlocksOperating System-Ch7 deadlocks
Operating System-Ch7 deadlocks
 
Operating System : Ch12 io systems
Operating System : Ch12 io systemsOperating System : Ch12 io systems
Operating System : Ch12 io systems
 
Ch13 io systems
Ch13 io systemsCh13 io systems
Ch13 io systems
 
Operating System : Ch18 distributed coordination
Operating System : Ch18 distributed coordinationOperating System : Ch18 distributed coordination
Operating System : Ch18 distributed coordination
 
Operating System-Ch8 memory management
Operating System-Ch8 memory managementOperating System-Ch8 memory management
Operating System-Ch8 memory management
 
Operating System : Ch10 file system interface
Operating System : Ch10 file system interfaceOperating System : Ch10 file system interface
Operating System : Ch10 file system interface
 
Operating System : Ch16.distributed system structures
Operating System : Ch16.distributed system structuresOperating System : Ch16.distributed system structures
Operating System : Ch16.distributed system structures
 
Materi8mainmemory
Materi8mainmemoryMateri8mainmemory
Materi8mainmemory
 
Ch8 main memory
Ch8 main memoryCh8 main memory
Ch8 main memory
 
Operating System : Ch13 secondary storage
Operating System : Ch13 secondary storageOperating System : Ch13 secondary storage
Operating System : Ch13 secondary storage
 
Operating System : Ch15 network structures
Operating System : Ch15 network structuresOperating System : Ch15 network structures
Operating System : Ch15 network structures
 
Operating System : Ch17 distributed file systems
Operating System : Ch17 distributed file systemsOperating System : Ch17 distributed file systems
Operating System : Ch17 distributed file systems
 
Ch10.1 secondary storage
Ch10.1 secondary storageCh10.1 secondary storage
Ch10.1 secondary storage
 
Operating System : Ch4 b threads
Operating System : Ch4 b threadsOperating System : Ch4 b threads
Operating System : Ch4 b threads
 
Ch4 threads
Ch4 threadsCh4 threads
Ch4 threads
 
Operating System : Ch14.tertiary storage structure
Operating System : Ch14.tertiary storage structureOperating System : Ch14.tertiary storage structure
Operating System : Ch14.tertiary storage structure
 
Operating System-Ch4.processes
Operating System-Ch4.processesOperating System-Ch4.processes
Operating System-Ch4.processes
 
Ch3.processes
Ch3.processesCh3.processes
Ch3.processes
 
Ch5 process synchronization
Ch5 process synchronizationCh5 process synchronization
Ch5 process synchronization
 

More from Syaiful Ahdan

Sertifikat EC00202128391
Sertifikat EC00202128391 Sertifikat EC00202128391
Sertifikat EC00202128391
Syaiful Ahdan
 
SP2JPB - Aplikasi Sistem Pelayanan Pemesanan Jasa Perbaikan Pada Bengkel Alam...
SP2JPB - Aplikasi Sistem Pelayanan Pemesanan Jasa Perbaikan Pada Bengkel Alam...SP2JPB - Aplikasi Sistem Pelayanan Pemesanan Jasa Perbaikan Pada Bengkel Alam...
SP2JPB - Aplikasi Sistem Pelayanan Pemesanan Jasa Perbaikan Pada Bengkel Alam...
Syaiful Ahdan
 
Sertifikat ec00202059774
Sertifikat ec00202059774Sertifikat ec00202059774
Sertifikat ec00202059774
Syaiful Ahdan
 
Sertifikat ec00202059775
Sertifikat ec00202059775Sertifikat ec00202059775
Sertifikat ec00202059775
Syaiful Ahdan
 
Sertifikat EC00202045078
Sertifikat EC00202045078Sertifikat EC00202045078
Sertifikat EC00202045078
Syaiful Ahdan
 
Sertifikat EC00202044723
Sertifikat EC00202044723 Sertifikat EC00202044723
Sertifikat EC00202044723
Syaiful Ahdan
 
Sertifikat EC00202023523
Sertifikat EC00202023523Sertifikat EC00202023523
Sertifikat EC00202023523
Syaiful Ahdan
 
Sertifikat EC00201826309
Sertifikat EC00201826309Sertifikat EC00201826309
Sertifikat EC00201826309
Syaiful Ahdan
 
Sertifikat EC00202023149
Sertifikat EC00202023149Sertifikat EC00202023149
Sertifikat EC00202023149
Syaiful Ahdan
 
Sertifikat EC00202022868
Sertifikat EC00202022868Sertifikat EC00202022868
Sertifikat EC00202022868
Syaiful Ahdan
 
Sertifikat EC00202021343
Sertifikat EC00202021343Sertifikat EC00202021343
Sertifikat EC00202021343
Syaiful Ahdan
 
Sertifikat EC00202022755
Sertifikat EC00202022755Sertifikat EC00202022755
Sertifikat EC00202022755
Syaiful Ahdan
 
Sertifikat EC00201987196
Sertifikat EC00201987196Sertifikat EC00201987196
Sertifikat EC00201987196
Syaiful Ahdan
 
Sertifikat EC00201856484
Sertifikat EC00201856484Sertifikat EC00201856484
Sertifikat EC00201856484
Syaiful Ahdan
 
Sertifikat EC00201856352
Sertifikat EC00201856352Sertifikat EC00201856352
Sertifikat EC00201856352
Syaiful Ahdan
 
Sertifikat EC00201856994
Sertifikat EC00201856994Sertifikat EC00201856994
Sertifikat EC00201856994
Syaiful Ahdan
 
Sertifikat EC00201856895
Sertifikat EC00201856895Sertifikat EC00201856895
Sertifikat EC00201856895
Syaiful Ahdan
 
Meeting 2 introdcution network administrator
Meeting 2 introdcution network administratorMeeting 2 introdcution network administrator
Meeting 2 introdcution network administrator
Syaiful Ahdan
 
Pertemuan 5
Pertemuan 5Pertemuan 5
Pertemuan 5
Syaiful Ahdan
 
Pertemuan 4
Pertemuan 4Pertemuan 4
Pertemuan 4
Syaiful Ahdan
 

More from Syaiful Ahdan (20)

Sertifikat EC00202128391
Sertifikat EC00202128391 Sertifikat EC00202128391
Sertifikat EC00202128391
 
SP2JPB - Aplikasi Sistem Pelayanan Pemesanan Jasa Perbaikan Pada Bengkel Alam...
SP2JPB - Aplikasi Sistem Pelayanan Pemesanan Jasa Perbaikan Pada Bengkel Alam...SP2JPB - Aplikasi Sistem Pelayanan Pemesanan Jasa Perbaikan Pada Bengkel Alam...
SP2JPB - Aplikasi Sistem Pelayanan Pemesanan Jasa Perbaikan Pada Bengkel Alam...
 
Sertifikat ec00202059774
Sertifikat ec00202059774Sertifikat ec00202059774
Sertifikat ec00202059774
 
Sertifikat ec00202059775
Sertifikat ec00202059775Sertifikat ec00202059775
Sertifikat ec00202059775
 
Sertifikat EC00202045078
Sertifikat EC00202045078Sertifikat EC00202045078
Sertifikat EC00202045078
 
Sertifikat EC00202044723
Sertifikat EC00202044723 Sertifikat EC00202044723
Sertifikat EC00202044723
 
Sertifikat EC00202023523
Sertifikat EC00202023523Sertifikat EC00202023523
Sertifikat EC00202023523
 
Sertifikat EC00201826309
Sertifikat EC00201826309Sertifikat EC00201826309
Sertifikat EC00201826309
 
Sertifikat EC00202023149
Sertifikat EC00202023149Sertifikat EC00202023149
Sertifikat EC00202023149
 
Sertifikat EC00202022868
Sertifikat EC00202022868Sertifikat EC00202022868
Sertifikat EC00202022868
 
Sertifikat EC00202021343
Sertifikat EC00202021343Sertifikat EC00202021343
Sertifikat EC00202021343
 
Sertifikat EC00202022755
Sertifikat EC00202022755Sertifikat EC00202022755
Sertifikat EC00202022755
 
Sertifikat EC00201987196
Sertifikat EC00201987196Sertifikat EC00201987196
Sertifikat EC00201987196
 
Sertifikat EC00201856484
Sertifikat EC00201856484Sertifikat EC00201856484
Sertifikat EC00201856484
 
Sertifikat EC00201856352
Sertifikat EC00201856352Sertifikat EC00201856352
Sertifikat EC00201856352
 
Sertifikat EC00201856994
Sertifikat EC00201856994Sertifikat EC00201856994
Sertifikat EC00201856994
 
Sertifikat EC00201856895
Sertifikat EC00201856895Sertifikat EC00201856895
Sertifikat EC00201856895
 
Meeting 2 introdcution network administrator
Meeting 2 introdcution network administratorMeeting 2 introdcution network administrator
Meeting 2 introdcution network administrator
 
Pertemuan 5
Pertemuan 5Pertemuan 5
Pertemuan 5
 
Pertemuan 4
Pertemuan 4Pertemuan 4
Pertemuan 4
 

Recently uploaded

"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
SACHIN R KONDAGURI
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
Jisc
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
Celine George
 
Azure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHatAzure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHat
Scholarhat
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
Celine George
 
Multithreading_in_C++ - std::thread, race condition
Multithreading_in_C++ - std::thread, race conditionMultithreading_in_C++ - std::thread, race condition
Multithreading_in_C++ - std::thread, race condition
Mohammed Sikander
 
Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfHome assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
Tamralipta Mahavidyalaya
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
TechSoup
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
Levi Shapiro
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
Pavel ( NSTU)
 
Operation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela TaraOperation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela Tara
Balvir Singh
 
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBCSTRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
kimdan468
 
The French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free downloadThe French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free download
Vivekanand Anglo Vedic Academy
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
siemaillard
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
Special education needs
 
S1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptxS1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptx
tarandeep35
 
A Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptxA Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptx
thanhdowork
 
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
Nguyen Thanh Tu Collection
 
Embracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic ImperativeEmbracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic Imperative
Peter Windle
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
Jisc
 

Recently uploaded (20)

"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
 
Azure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHatAzure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHat
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
 
Multithreading_in_C++ - std::thread, race condition
Multithreading_in_C++ - std::thread, race conditionMultithreading_in_C++ - std::thread, race condition
Multithreading_in_C++ - std::thread, race condition
 
Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfHome assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
 
Operation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela TaraOperation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela Tara
 
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBCSTRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
 
The French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free downloadThe French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free download
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
 
S1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptxS1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptx
 
A Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptxA Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptx
 
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
 
Embracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic ImperativeEmbracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic Imperative
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
 

Ch14 protection

  • 1. Silberschatz and Galvin199919.1Operating System Concepts Silberschatz and Galvin19995.1Operating System Concepts Silberschatz and Galvin 19994.1 1 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 O P E R A T I N G S Y S T E M S Chapter 14 : Protection • Goals of Protection • Domain of Protection • Access Matrix • Implementation of Access Matrix • Revocation of Access Rights • Capability-Based Systems • Language-Based Protection Operating System Concepts
  • 2. Silberschatz and Galvin199919.2Operating System Concepts Silberschatz and Galvin19995.2Operating System Concepts Silberschatz and Galvin 19994.2 2 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Chapter 14: Protection • Goals of Protection • Domain of Protection • Access Matrix • Implementation of Access Matrix • Revocation of Access Rights • Capability-Based Systems • Language-Based Protection Operating System Concepts
  • 3. Silberschatz and Galvin199919.3Operating System Concepts Silberschatz and Galvin19995.3Operating System Concepts Silberschatz and Galvin 19994.3 3 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Protection • Operating system consists of a collection of object|s, hardware or software • Each object has a unique name and can be accessed through a well-defined set of operations. • Protection problem - ensure that each object is accessed correctly and only by those processes that are allowed to do so. Operating System Concepts
  • 4. Silberschatz and Galvin199919.4Operating System Concepts Silberschatz and Galvin19995.4Operating System Concepts Silberschatz and Galvin 19994.4 4 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Domain Structure • Access-right = <object-name, rights-set> Rights-set is a subset of all valid operations that can be performed on the object. • Domain = set of access-rights Operating System Concepts
  • 5. Silberschatz and Galvin199919.5Operating System Concepts Silberschatz and Galvin19995.5Operating System Concepts Silberschatz and Galvin 19994.5 5 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Domain Implementation • System consists of 2 domains: • User • Supervisor • UNIX • Domain = user-id • Domain switch accomplished via file system.  Each file has associated with it a domain bit (setuid bit).  When file is executed and setuid = on, then user-id is set to owner of the file being executed. When execution completes user-id is reset. Operating System Concepts
  • 6. Silberschatz and Galvin199919.6Operating System Concepts Silberschatz and Galvin19995.6Operating System Concepts Silberschatz and Galvin 19994.6 6 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Multics Rings • Let Di and Dj be any two domain rings. • If j < I  Di  Dj Operating System Concepts
  • 7. Silberschatz and Galvin199919.7Operating System Concepts Silberschatz and Galvin19995.7Operating System Concepts Silberschatz and Galvin 19994.7 7 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Access Matrix Figure 1 Operating System Concepts
  • 8. Silberschatz and Galvin199919.8Operating System Concepts Silberschatz and Galvin19995.8Operating System Concepts Silberschatz and Galvin 19994.8 8 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Use of Access Matrix • If a process in Domain Di tries to do “op” on object Oj, then “op” must be in the access matrix. • Can be expanded to dynamic protection. • Operations to add, delete access rights. • Special access rights:  owner of Oi  copy op from Oi to Oj  control – Di can modify Djs access rights  transfer – switch from domain Di to Dj Operating System Concepts
  • 9. Silberschatz and Galvin199919.9Operating System Concepts Silberschatz and Galvin19995.9Operating System Concepts Silberschatz and Galvin 19994.9 9 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Use of Access Matrix (Cont.) • Access matrix design separates mechanism from policy. • Mechanism  Operating system provides Access-matrix + rules.  If ensures that the matrix is only manipulated by authorized agents and that rules are strictly enforced. • Policy  User dictates policy.  Who can access what object and in what mode. Operating System Concepts
  • 10. Silberschatz and Galvin199919.10Operating System Concepts Silberschatz and Galvin19995.10Operating System Concepts Silberschatz and Galvin 19994.10 10 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Implementation of Access Matrix • Each column = Access-control list for one object Defines who can perform what operation. Domain 1 = Read, Write Domain 2 = Read Domain 3 = Read  • Each Row = Capability List (like a key) Fore each domain, what operations allowed on what objects. • Object 1 – Read • Object 4 – Read, Write, Execute • Object 5 – Read, Write, Delete, Copy Operating System Concepts
  • 11. Silberschatz and Galvin199919.11Operating System Concepts Silberschatz and Galvin19995.11Operating System Concepts Silberschatz and Galvin 19994.11 11 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Access Matrix of Figure 1 With Domains as Objects Figure 2 Operating System Concepts
  • 12. Silberschatz and Galvin199919.12Operating System Concepts Silberschatz and Galvin19995.12Operating System Concepts Silberschatz and Galvin 19994.12 12 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Access Matrix with Copy Rights Operating System Concepts
  • 13. Silberschatz and Galvin199919.13Operating System Concepts Silberschatz and Galvin19995.13Operating System Concepts Silberschatz and Galvin 19994.13 13 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Access Matrix With Owner Rights Operating System Concepts
  • 14. Silberschatz and Galvin199919.14Operating System Concepts Silberschatz and Galvin19995.14Operating System Concepts Silberschatz and Galvin 19994.14 14 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Modified Access Matrix of Figure 2 Operating System Concepts
  • 15. Silberschatz and Galvin199919.15Operating System Concepts Silberschatz and Galvin19995.15Operating System Concepts Silberschatz and Galvin 19994.15 15 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Revocation of Access Rights • Access List – Delete access rights from access list. • Simple • Immediate • Capability List – Scheme required to locate capability in the system before capability can be revoked. • Reacquisition • Back-pointers • Indirection • Keys Operating System Concepts
  • 16. Silberschatz and Galvin199919.16Operating System Concepts Silberschatz and Galvin19995.16Operating System Concepts Silberschatz and Galvin 19994.16 16 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Capability-Based Systems • Hydra • Fixed set of access rights known to and interpreted by the system. • Interpretation of user-defined rights performed solely by user's program; system provides access protection for use of these rights. • Cambridge CAP System • Data capability - provides standard read, write, execute of individual storage segments associated with object. • Software capability -interpretation left to the subsystem, through its protected procedures. Operating System Concepts
  • 17. Silberschatz and Galvin199919.17Operating System Concepts Silberschatz and Galvin19995.17Operating System Concepts Silberschatz and Galvin 19994.17 17 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Language-Based Protection • Specification of protection in a programming language allows the high-level description of policies for the allocation and use of resources. • Language implementation can provide software for protection enforcement when automatic hardware-supported checking is unavailable. • Interpret protection specifications to generate calls on whatever protection system is provided by the hardware and the operating system. Operating System Concepts