SlideShare a Scribd company logo

운영체제론 Ch18

Download as PPT, PDF
Jongmyoung Kim
Jongmyoung Kim

운영체제론

Software
1 of 16
Silberschatz, Galvin, and Gagne ©199918.1 Module 18: Protection • Goals of Protection • Domain of Protection • Access Matrix • Implementation of Access Matrix • Revocation of Access Rights • Capability-Based Systems • Language-Based Protection
Silberschatz, Galvin, and Gagne ©199918.2 Protection • Operating system consists of a collection of object|s, hardware or software • Each object has a unique name and can be accessed through a well-defined set of operations. • Protection problem - ensure that each object is accessed correctly and only by those processes that are allowed to do so.
Silberschatz, Galvin, and Gagne ©199918.3 Domain Structure • Access-right = <object-name, rights-set> Rights-set is a subset of all valid operations that can be performed on the object. • Domain = set of access-rights
Silberschatz, Galvin, and Gagne ©199918.4 Domain Implementation • System consists of 2 domains: – User – Supervisor • UNIX – Domain = user-id – Domain switch accomplished via file system. Each file has associated with it a domain bit (setuid bit). When file is executed and setuid = on, then user-id is set to owner of the file being executed. When execution completes user-id is reset.
Silberschatz, Galvin, and Gagne ©199918.5 Multics Rings • Let Di and Dj be any two domain rings. • If j < I ⇒ Di ⊆ Dj
Silberschatz, Galvin, and Gagne ©199918.6 Access Matrix Figure 1
Silberschatz, Galvin, and Gagne ©199918.7 Use of Access Matrix • If a process in Domain Di tries to do “op” on object Oj, then “op” must be in the access matrix. • Can be expanded to dynamic protection. – Operations to add, delete access rights. – Special access rights: owner of Oi copy op from Oi to Oj control – Di can modify Djs access rights transfer – switch from domain Di to Dj
Silberschatz, Galvin, and Gagne ©199918.8 Use of Access Matrix (Cont.) • Access matrix design separates mechanism from policy. – Mechanism Operating system provides Access-matrix + rules. If ensures that the matrix is only manipulated by authorized agents and that rules are strictly enforced. – Policy User dictates policy. Who can access what object and in what mode.
Silberschatz, Galvin, and Gagne ©199918.9 Implementation of Access Matrix • Each column = Access-control list for one object Defines who can perform what operation. Domain 1 = Read, Write Domain 2 = Read Domain 3 = Read  • Each Row = Capability List (like a key) Fore each domain, what operations allowed on what objects. Object 1 – Read Object 4 – Read, Write, Execute Object 5 – Read, Write, Delete, Copy
Silberschatz, Galvin, and Gagne ©199918.10 Access Matrix of Figure 1 With Domains as Objects Figure 2
Silberschatz, Galvin, and Gagne ©199918.11 Access Matrix with Copy Rights
Silberschatz, Galvin, and Gagne ©199918.12 Access Matrix With Owner Rights
Silberschatz, Galvin, and Gagne ©199918.13 Modified Access Matrix of Figure 2
Silberschatz, Galvin, and Gagne ©199918.14 Revocation of Access Rights • Access List – Delete access rights from access list. – Simple – Immediate • Capability List – Scheme required to locate capability in the system before capability can be revoked. – Reacquisition – Back-pointers – Indirection – Keys
Silberschatz, Galvin, and Gagne ©199918.15 Capability-Based Systems • Hydra – Fixed set of access rights known to and interpreted by the system. – Interpretation of user-defined rights performed solely by user's program; system provides access protection for use of these rights. • Cambridge CAP System – Data capability - provides standard read, write, execute of individual storage segments associated with object. – Software capability -interpretation left to the subsystem, through its protected procedures.
Silberschatz, Galvin, and Gagne ©199918.16 Language-Based Protection • Specification of protection in a programming language allows the high-level description of policies for the allocation and use of resources. • Language implementation can provide software for protection enforcement when automatic hardware-supported checking is unavailable. • Interpret protection specifications to generate calls on whatever protection system is provided by the hardware and the operating system.

Recommended

MULTICS
MULTICSMULTICS
MULTICSLukas Pirl
 
ch17.pptx
ch17.pptxch17.pptx
ch17.pptxTeodoraSumurduc
 
Os8
Os8Os8
Os8gopal10scs185
 
Os8
Os8Os8
Os8gopal10scs185
 
Operating System : Ch19 protection
Operating System : Ch19 protectionOperating System : Ch19 protection
Operating System : Ch19 protectionSyaiful Ahdan
 
Ch14 protection
Ch14 protectionCh14 protection
Ch14 protectionSyaiful Ahdan
 
Ch13 protection
Ch13 protectionCh13 protection
Ch13 protectionWelly Dian Astika
 
Ch18 OS
Ch18 OSCh18 OS
Ch18 OSC.U
 

Recommended

MULTICS
MULTICSMULTICS
MULTICSLukas Pirl
 
ch17.pptx
ch17.pptxch17.pptx
ch17.pptxTeodoraSumurduc
 
Os8
Os8Os8
Os8gopal10scs185
 
Os8
Os8Os8
Os8gopal10scs185
 
Operating System : Ch19 protection
Operating System : Ch19 protectionOperating System : Ch19 protection
Operating System : Ch19 protectionSyaiful Ahdan
 
Ch14 protection
Ch14 protectionCh14 protection
Ch14 protectionSyaiful Ahdan
 
Ch13 protection
Ch13 protectionCh13 protection
Ch13 protectionWelly Dian Astika
 
Ch18 OS
Ch18 OSCh18 OS
Ch18 OSC.U
 
OSCh18
OSCh18OSCh18
OSCh18Joe Christensen
 
OS_Ch18
OS_Ch18OS_Ch18
OS_Ch18Supriya Shrivastava
 
Chapter 14 - Protection
Chapter 14 - ProtectionChapter 14 - Protection
Chapter 14 - ProtectionWayne Jones Jnr
 
14.Protection
14.Protection14.Protection
14.ProtectionSenthil Kanth
 
L14: Access Rights and Triggers
L14: Access Rights and TriggersL14: Access Rights and Triggers
L14: Access Rights and Triggersmedialeg gmbh
 
Operating System-Ch2 computer system structures
Operating System-Ch2 computer system structuresOperating System-Ch2 computer system structures
Operating System-Ch2 computer system structuresSyaiful Ahdan
 
운영체제론 Ch19
운영체제론 Ch19운영체제론 Ch19
운영체제론 Ch19Jongmyoung Kim
 
Protection Domain and Access Matrix Model -Operating System
Protection Domain and Access Matrix Model -Operating SystemProtection Domain and Access Matrix Model -Operating System
Protection Domain and Access Matrix Model -Operating SystemLalfakawmaKh
 
Chapter 3 access control fundamental i
Chapter 3 access control fundamental iChapter 3 access control fundamental i
Chapter 3 access control fundamental iSyaiful Ahdan
 
report on network security fundamentals
report on network security fundamentalsreport on network security fundamentals
report on network security fundamentalsJassika
 
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationFirewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationGopal Sakarkar
 
Practical White Hat Hacker Training - Post Exploitation
Practical White Hat Hacker Training - Post ExploitationPractical White Hat Hacker Training - Post Exploitation
Practical White Hat Hacker Training - Post ExploitationPRISMA CSI
 
Ch2.1 computer system structures
Ch2.1 computer system structures Ch2.1 computer system structures
Ch2.1 computer system structures Syaiful Ahdan
 
ch2a.pptx
ch2a.pptxch2a.pptx
ch2a.pptxZoYaKazmi3
 
ch2.pptx.,;llllllllllllllllllllllllllllllllll
ch2.pptx.,;llllllllllllllllllllllllllllllllllch2.pptx.,;llllllllllllllllllllllllllllllllll
ch2.pptx.,;llllllllllllllllllllllllllllllllllabdulrahmaanwalid
 
OperatingSystem.ppt
OperatingSystem.pptOperatingSystem.ppt
OperatingSystem.pptRAJESHKUMARMANEPALLI
 
OperatingSystem.ppt
OperatingSystem.pptOperatingSystem.ppt
OperatingSystem.pptKaivanParikh
 
ch2.pptx
ch2.pptxch2.pptx
ch2.pptxUmarHayat623396
 
Ch2
Ch2Ch2
Ch2Kailash Maheshwari
 
boundary_security.pptx
boundary_security.pptxboundary_security.pptx
boundary_security.pptxKelvinDube4
 
REST
RESTREST
RESTJongmyoung Kim
 
iTunes media server for ubuntu
iTunes media server for ubuntuiTunes media server for ubuntu
iTunes media server for ubuntuJongmyoung Kim
 

More Related Content

Similar to 운영체제론 Ch18

L14: Access Rights and Triggers
L14: Access Rights and TriggersL14: Access Rights and Triggers
L14: Access Rights and Triggersmedialeg gmbh
 
Operating System-Ch2 computer system structures
Operating System-Ch2 computer system structuresOperating System-Ch2 computer system structures
Operating System-Ch2 computer system structuresSyaiful Ahdan
 
Protection Domain and Access Matrix Model -Operating System
Protection Domain and Access Matrix Model -Operating SystemProtection Domain and Access Matrix Model -Operating System
Protection Domain and Access Matrix Model -Operating SystemLalfakawmaKh
 
Chapter 3 access control fundamental i
Chapter 3 access control fundamental iChapter 3 access control fundamental i
Chapter 3 access control fundamental iSyaiful Ahdan
 
report on network security fundamentals
report on network security fundamentalsreport on network security fundamentals
report on network security fundamentalsJassika
 
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationFirewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationGopal Sakarkar
 
Practical White Hat Hacker Training - Post Exploitation
Practical White Hat Hacker Training - Post ExploitationPractical White Hat Hacker Training - Post Exploitation
Practical White Hat Hacker Training - Post ExploitationPRISMA CSI
 
Ch2.1 computer system structures
Ch2.1 computer system structures Ch2.1 computer system structures
Ch2.1 computer system structures Syaiful Ahdan
 
ch2.pptx.,;llllllllllllllllllllllllllllllllll
ch2.pptx.,;llllllllllllllllllllllllllllllllllch2.pptx.,;llllllllllllllllllllllllllllllllll
ch2.pptx.,;llllllllllllllllllllllllllllllllllabdulrahmaanwalid
 
OperatingSystem.ppt
OperatingSystem.pptOperatingSystem.ppt
OperatingSystem.pptKaivanParikh
 
boundary_security.pptx
boundary_security.pptxboundary_security.pptx
boundary_security.pptxKelvinDube4
 

Similar to 운영체제론 Ch18 (20)

OSCh18
OSCh18OSCh18
OSCh18
 
OS_Ch18
OS_Ch18OS_Ch18
OS_Ch18
 
Chapter 14 - Protection
Chapter 14 - ProtectionChapter 14 - Protection
Chapter 14 - Protection
 
14.Protection
14.Protection14.Protection
14.Protection
 
L14: Access Rights and Triggers
L14: Access Rights and TriggersL14: Access Rights and Triggers
L14: Access Rights and Triggers
 
Operating System-Ch2 computer system structures
Operating System-Ch2 computer system structuresOperating System-Ch2 computer system structures
Operating System-Ch2 computer system structures
 
운영체제론 Ch19
운영체제론 Ch19운영체제론 Ch19
운영체제론 Ch19
 
Protection Domain and Access Matrix Model -Operating System
Protection Domain and Access Matrix Model -Operating SystemProtection Domain and Access Matrix Model -Operating System
Protection Domain and Access Matrix Model -Operating System
 
Chapter 3 access control fundamental i
Chapter 3 access control fundamental iChapter 3 access control fundamental i
Chapter 3 access control fundamental i
 
report on network security fundamentals
report on network security fundamentalsreport on network security fundamentals
report on network security fundamentals
 
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationFirewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
 
Practical White Hat Hacker Training - Post Exploitation
Practical White Hat Hacker Training - Post ExploitationPractical White Hat Hacker Training - Post Exploitation
Practical White Hat Hacker Training - Post Exploitation
 
Ch2.1 computer system structures
Ch2.1 computer system structures Ch2.1 computer system structures
Ch2.1 computer system structures
 
ch2a.pptx
ch2a.pptxch2a.pptx
ch2a.pptx
 
ch2.pptx.,;llllllllllllllllllllllllllllllllll
ch2.pptx.,;llllllllllllllllllllllllllllllllllch2.pptx.,;llllllllllllllllllllllllllllllllll
ch2.pptx.,;llllllllllllllllllllllllllllllllll
 
OperatingSystem.ppt
OperatingSystem.pptOperatingSystem.ppt
OperatingSystem.ppt
 
OperatingSystem.ppt
OperatingSystem.pptOperatingSystem.ppt
OperatingSystem.ppt
 
ch2.pptx
ch2.pptxch2.pptx
ch2.pptx
 
Ch2
Ch2Ch2
Ch2
 
boundary_security.pptx
boundary_security.pptxboundary_security.pptx
boundary_security.pptx
 

More from Jongmyoung Kim

iTunes media server for ubuntu
iTunes media server for ubuntuiTunes media server for ubuntu
iTunes media server for ubuntuJongmyoung Kim
 
Open source for upload
Open source for uploadOpen source for upload
Open source for uploadJongmyoung Kim
 
취업캠프 특강 - 기업의 서비스 개발 프로젝트
취업캠프 특강 - 기업의 서비스 개발 프로젝트취업캠프 특강 - 기업의 서비스 개발 프로젝트
취업캠프 특강 - 기업의 서비스 개발 프로젝트Jongmyoung Kim
 
TTS System을 이용한 교육용 소프트웨어 개발
TTS System을 이용한 교육용 소프트웨어 개발TTS System을 이용한 교육용 소프트웨어 개발
TTS System을 이용한 교육용 소프트웨어 개발Jongmyoung Kim
 
운영체제론 - Ch09
운영체제론 - Ch09운영체제론 - Ch09
운영체제론 - Ch09Jongmyoung Kim
 
Web app service project
Web app service projectWeb app service project
Web app service projectJongmyoung Kim
 

More from Jongmyoung Kim (19)

REST
RESTREST
REST
 
iTunes media server for ubuntu
iTunes media server for ubuntuiTunes media server for ubuntu
iTunes media server for ubuntu
 
Open source for upload
Open source for uploadOpen source for upload
Open source for upload
 
취업캠프 특강 - 기업의 서비스 개발 프로젝트
취업캠프 특강 - 기업의 서비스 개발 프로젝트취업캠프 특강 - 기업의 서비스 개발 프로젝트
취업캠프 특강 - 기업의 서비스 개발 프로젝트
 
TTS System을 이용한 교육용 소프트웨어 개발
TTS System을 이용한 교육용 소프트웨어 개발TTS System을 이용한 교육용 소프트웨어 개발
TTS System을 이용한 교육용 소프트웨어 개발
 
운영체제론 Ch21
운영체제론 Ch21운영체제론 Ch21
운영체제론 Ch21
 
운영체제론 Ch20
운영체제론 Ch20운영체제론 Ch20
운영체제론 Ch20
 
운영체제론 Ch17
운영체제론 Ch17운영체제론 Ch17
운영체제론 Ch17
 
운영체제론 Ch14
운영체제론 Ch14운영체제론 Ch14
운영체제론 Ch14
 
운영체제론 Ch13
운영체제론 Ch13운영체제론 Ch13
운영체제론 Ch13
 
운영체제론 Ch16
운영체제론 Ch16운영체제론 Ch16
운영체제론 Ch16
 
운영체제론 Ch12
운영체제론 Ch12운영체제론 Ch12
운영체제론 Ch12
 
운영체제론 Ch11
운영체제론 Ch11운영체제론 Ch11
운영체제론 Ch11
 
운영체제론 Ch10
운영체제론 Ch10운영체제론 Ch10
운영체제론 Ch10
 
운영체제론 Ch22
운영체제론 Ch22운영체제론 Ch22
운영체제론 Ch22
 
운영체제론 - Ch09
운영체제론 - Ch09운영체제론 - Ch09
운영체제론 - Ch09
 
Web app service project
Web app service projectWeb app service project
Web app service project
 
Bitcoin
BitcoinBitcoin
Bitcoin
 
Bigdata
BigdataBigdata
Bigdata
 

Recently uploaded

HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfryanfarris8
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfVishalKumarJha10
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionOnePlan Solutions
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...kalichargn70th171
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 

Recently uploaded (20)

HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 

운영체제론 Ch18

  • 1. Silberschatz, Galvin, and Gagne ©199918.1 Module 18: Protection • Goals of Protection • Domain of Protection • Access Matrix • Implementation of Access Matrix • Revocation of Access Rights • Capability-Based Systems • Language-Based Protection
  • 2. Silberschatz, Galvin, and Gagne ©199918.2 Protection • Operating system consists of a collection of object|s, hardware or software • Each object has a unique name and can be accessed through a well-defined set of operations. • Protection problem - ensure that each object is accessed correctly and only by those processes that are allowed to do so.
  • 3. Silberschatz, Galvin, and Gagne ©199918.3 Domain Structure • Access-right = <object-name, rights-set> Rights-set is a subset of all valid operations that can be performed on the object. • Domain = set of access-rights
  • 4. Silberschatz, Galvin, and Gagne ©199918.4 Domain Implementation • System consists of 2 domains: – User – Supervisor • UNIX – Domain = user-id – Domain switch accomplished via file system. Each file has associated with it a domain bit (setuid bit). When file is executed and setuid = on, then user-id is set to owner of the file being executed. When execution completes user-id is reset.
  • 5. Silberschatz, Galvin, and Gagne ©199918.5 Multics Rings • Let Di and Dj be any two domain rings. • If j < I ⇒ Di ⊆ Dj
  • 6. Silberschatz, Galvin, and Gagne ©199918.6 Access Matrix Figure 1
  • 7. Silberschatz, Galvin, and Gagne ©199918.7 Use of Access Matrix • If a process in Domain Di tries to do “op” on object Oj, then “op” must be in the access matrix. • Can be expanded to dynamic protection. – Operations to add, delete access rights. – Special access rights: owner of Oi copy op from Oi to Oj control – Di can modify Djs access rights transfer – switch from domain Di to Dj
  • 8. Silberschatz, Galvin, and Gagne ©199918.8 Use of Access Matrix (Cont.) • Access matrix design separates mechanism from policy. – Mechanism Operating system provides Access-matrix + rules. If ensures that the matrix is only manipulated by authorized agents and that rules are strictly enforced. – Policy User dictates policy. Who can access what object and in what mode.
  • 9. Silberschatz, Galvin, and Gagne ©199918.9 Implementation of Access Matrix • Each column = Access-control list for one object Defines who can perform what operation. Domain 1 = Read, Write Domain 2 = Read Domain 3 = Read  • Each Row = Capability List (like a key) Fore each domain, what operations allowed on what objects. Object 1 – Read Object 4 – Read, Write, Execute Object 5 – Read, Write, Delete, Copy
  • 10. Silberschatz, Galvin, and Gagne ©199918.10 Access Matrix of Figure 1 With Domains as Objects Figure 2
  • 11. Silberschatz, Galvin, and Gagne ©199918.11 Access Matrix with Copy Rights
  • 12. Silberschatz, Galvin, and Gagne ©199918.12 Access Matrix With Owner Rights
  • 13. Silberschatz, Galvin, and Gagne ©199918.13 Modified Access Matrix of Figure 2
  • 14. Silberschatz, Galvin, and Gagne ©199918.14 Revocation of Access Rights • Access List – Delete access rights from access list. – Simple – Immediate • Capability List – Scheme required to locate capability in the system before capability can be revoked. – Reacquisition – Back-pointers – Indirection – Keys
  • 15. Silberschatz, Galvin, and Gagne ©199918.15 Capability-Based Systems • Hydra – Fixed set of access rights known to and interpreted by the system. – Interpretation of user-defined rights performed solely by user's program; system provides access protection for use of these rights. • Cambridge CAP System – Data capability - provides standard read, write, execute of individual storage segments associated with object. – Software capability -interpretation left to the subsystem, through its protected procedures.
  • 16. Silberschatz, Galvin, and Gagne ©199918.16 Language-Based Protection • Specification of protection in a programming language allows the high-level description of policies for the allocation and use of resources. • Language implementation can provide software for protection enforcement when automatic hardware-supported checking is unavailable. • Interpret protection specifications to generate calls on whatever protection system is provided by the hardware and the operating system.