The document discusses file protection mechanisms to prevent unauthorized access in computer systems, highlighting internal and external threats. It covers concepts like access control, protection domains, and file allocation strategies, stressing the importance of efficient disk space utilization. The text also addresses challenges faced by OS designers in creating robust protection schemes.

1. FILE PROTECTION
PRESENTED BY :-
AKASH
KUMAR CHAUBEY
CLASS :- MCA (II)
ROLL NO. :- MCA/25014/18

2. It is implemented to prevent interferences with the
use of files both logical and physical address space.
It can be of two types :-
(I)Protection
(II)Security
Any file system may have two types of threats
i.e. INTERNAL and EXTERNAL

3. Let there be multiple users (U)in the system
using different resources (R)of system i.e.
U1
U2
U3
U4
U5
R1
R2
If U3 wants to access R1 then this threats
is internal and leads to protection
If any external users want to access R1 or
R2 then this threats leads to security.
INTERNAL

4. PROTECTION :-
It deals with threats information that are internal.
It provides mechanism for controlling the access to
program process user to a resource.
SECURITY :-
It deals with threats that are external.
It includes firewall and encryption technique.

5. ••
•
• Protection refers to a mechanism for controlling the access
of programs, processes, or users to the resources defined
by a computer system.
Protection ensures that the resources of the computer are
used in a proper way.
It ensure that each object accessed correctly and only by
those processes that are allowed to do so.
OS designer faces challenge of creating a protection scheme
that cannot be by passed by any software that may be
created in the future

6. • Safe sharing of common logical address
space or common physical address space.
• Fair and reliable resources usage.
• Detect malfunction before they
contaminate the system.

7. • Access control is concerned with determining the allowed
activities of valid users, mediating every attempt by a user to
access a resource in the system.
Basic Terminology are :
Object: An entity that contains or receives information.
•
access to the- Access to an object potentially implies
information it contains.
example. File, programs, printer, disk, etc.
performAccess rights: The permisiion granted to a user
to an operation
example. read, write, execute etc

8. Access
Conrol
policy
object
source
(e.g. users,
processes)
request
guard resource
(e.g. files,
printers)
Access
request
subject

9. •
•
•
•
• Domain = collection of objects and a set of access rights for
each of the objects
A process operates within a Protection Domain that specifies
the resources that the process may access.
Each domain defines a set of objects and the types of
operations that may be invoked on each object.
The ability to execute an operation on an object is an access
right
System will consists of such multiple domains each having
certain predefined access right on different object

10. • During execution of the process it can change the domain
this is called domain switching
•
•
•
A domain can be realized in a variety of ways:
Each user may be a domain. In this case, the set of objects
that can be accessed depends on the identity of the user.
Each process may be a domain. In this case, the set of
objects that can be accessed depends on the identity of the
process.

11. Example of Unix:
In the UNIX operating system, a domain is associated with
the user.
In Unix operating system user ID’s use for identify the
domain.

12. Allocate space to the file so that disk space is utilized in a efficient
manner.
FACTOR TO CONSIDER FOR FILE ALLOCATION
1) Processing speed: If we are allocating file where
sequential and random access is very slow then allocation is
inefficient.
2) Ability to use multisector and multitract transfer
3) Disk space utilization: File should be stored or allocated such
that maximum number of file can be stored in the disk.
4) Main memory requirement : It should be less.

13. 1.Each file occupies a set if contiguous addresses on disk.
2.Linear ordering.
3.Location of a file is defined by the disk address of the first
block and its length.
4.Both sequential and direct /random access are supported.
Disadvantages:-
--Finding space for new file.
--leads to external fragmentations.

14. First fit : Allocate at first space that is capable of storing file.
Best fit : Allocate the smallest space that is big enough to store the
file.
Worst fit : Allocate the largest space.

15. 1. Solves all the problems of contiguous
allocation . Each file is a linked list of disk
blocks.
2. No External fragmentation.
3. Can be used only for sequential access of file.

16. 1.Solves the problem of linked allocation.
2. In this all the pointers are brought together into
one location called index blocks.
3.Each file has its own index block.