The document discusses the importance of resource security and protection in distributed operating systems, emphasizing access and flow control mechanisms to safeguard sensitive information. It outlines security policies, potential security violations, and design principles for secure systems, alongside the access matrix model and its implementations, including capabilities and access control lists. A comprehensive approach to integrating these elements is essential for maintaining system integrity and protecting against threats.

1. NADAR SARASWATHI COLLEGE OF ARTS AND SCIENCE
DISTRIBUTED OPERATING SYSYTEM
Resource Security and Protection: Access and Flow Control
BY:
Aki Akshaya.D
I – M.sc (CS)

2. INTRODUCTION :
Resource security and protection in distributed systems are fundamental to safeguarding
sensitive information and ensuring the integrity of operations. As systems become more
interconnected, the potential for unauthorized access and data breaches increases, making it essential
to implement robust access and flow control mechanisms.
Access control determines who can interact with resources, while flow control manages how
information is transmitted within the system. These controls are critical for maintaining
confidentiality, integrity, and availability—key principles of information security. Effective resource
protection requires a combination of well-defined security policies and reliable mechanisms. This
ensures that only authorized users have access to specific resources and that data flows securely
between users and processes.

3. 1. PRELIMINARIES:
➢ Unauthorized Access: When users gain access to resources they should not be able to access.
➢ Data Breaches: Unauthorized exposure or theft of sensitive information.
➢ Malicious Software: Attacks from viruses, worms, or other malware that can compromise
system integrity.
➢ Denial of Service (DoS): Attacks that disrupt service availability by overwhelming resources.
I) Potential Security Violations: Potential security violations in distributed operating systems can
manifest in various forms, including
➢ External Security: Focuses on protecting the system from threats that originate outside the
organization, such as hackers or phishing attacks. Strategies include firewalls, intrusion
detection systems, and secure communication protocols.
➢ Internal Security: Addresses risks that come from within the organization, such as insider
threats or accidental misconfigurations. Techniques include user behavior monitoring, strict
access controls, and auditing.
II) External versus Internal Security

4. III) Policies and Mechanisms:
➢ Security Policies: Define what is permissible and what is not within the system.
➢ Access Control Mechanisms: Implement policies through methods such as authentication,
authorization, and accounting (AAA).
IV) Protection Domain:
➢ A protection domain defines the set of resources and permissions available to a user or
process. It ensures that access rights are clearly defined and enforced.
V) Design Principles for Secure Systems:
➢ Least Privilege: Grant users the minimum level of access necessary to perform their
tasks.
➢ Separation of Duties: Divide responsibilities among multiple users to reduce risk.
➢ Fail-Safe Defaults: Default settings should deny access unless explicitly granted.
➢ Complete Mediation: Every access request should be checked against the security
policy.
➢ Open Design: Security mechanisms should not be secret; they should be open to scrutiny
to identify potential flaws.

5. 2. THE ACCESS MATRIX MODEL:
The Access Matrix Model is a formal representation that outlines how subjects (users or
processes) can interact with objects (files, devices, or other resources) within a system. It
provides a structured way to manage and enforce access rights. The model is typically visualized
as a two-dimensional table (matrix):
➢ Rows represent subjects.
➢ Columns represent objects.
➢ Cells contain the access rights (permissions) that a subject has for a given object.
COMPONENTS:
Subjects - Entities that request access (e.g., users, processes).
Objects - Entities that are accessed (e.g., files, directories, databases).
Access Rights - Types of permissions, such as: Read (r), Write (w), Execute (x), Delete (d).

6. FILE A FILE B FILE C
USER 1 r, w r
USER 2 r r, w
USER 3 r, w r
Example: Here’s a simplified example of an access matrix:
Operations:
➢ Granting Access: Adding permissions for specific subject-object pairs.
➢ Revoking Access: Removing permissions as needed.
➢ Access Control Lists (ACLs): Each object can maintain a list detailing which subjects
have what permissions.

7. 3.IMPLEMENTATIONS OF ACCESS MATRIX
1. CAPABILITIES
Definition: Capabilities are unforgeable tokens or keys that grant specific rights to subjects over
objects.
Mechanism: Each subject possesses a set of capabilities that specify the objects it can access and
the types of access allowed (e.g., read, write, execute).
Advantages:
➢ Decentralization: Permissions are associated with the subject, allowing for easier
management when a subject needs to access multiple objects.
➢ Security: Capabilities can be made non-replicable to enhance security.
Usage: Common in systems that emphasize user-level control and dynamic access rights.

8. 2. ACCESS CONTROL LIST (ACL) METHOD:
Definition: An ACL is a list associated with each object that specifies which subjects have access
and what types of access are permitted.
Mechanism: Each object maintains an access control list detailing the permissions for all subjects
that can interact with it. For example, a file may have an ACL that allows User A to read and write,
while User B can only read.
Advantages:
➢ Object-Centric Control: Simplifies permission management for each object.
➢ Clear Overview: Provides a clear picture of who has access to a specific resource.
Usage: Commonly used in operating systems and databases, where centralized management of
object permissions is necessary.

9. 3. LOCK-KEY METHOD:
Definition: This method uses physical or logical tokens (keys) to control access to resources
(locks).
Mechanism: Each resource (lock) requires a specific key to access it. Subjects must possess the
correct key to gain access, similar to a physical lock and key system.
Advantages:
➢ Simplicity: Easy to understand and implement, often intuitive for users.
➢ Physical Security: Can be applied in both digital and physical environments.
Usage: Useful in environments where straightforward, physical-like access control is needed, such
as secure facilities or straightforward digital systems.

10. In conclusion, resource and protection through access and flow control in distributed operating
systems are vital for safeguarding sensitive information and maintaining system integrity. By
understanding potential security violations, distinguishing between external and internal threats, and
implementing robust policies and mechanisms, systems can effectively manage access. Defining
clear protection domains and adhering to established design principles further enhance security. The
access matrix model, along with its implementations—such as capabilities, access control lists
(ACLs), and lock-key methods—provides various strategies for enforcing access controls.
Ultimately, a comprehensive approach that integrates these elements ensures resilience against
threats and protects valuable resources.

11. THANK YOU