Uploaded byLalfakawmaKh
PPTX, PDF1,147 views

Protection Domain and Access Matrix Model -Operating System

This document discusses protection and security in operating systems. It covers authorization, authentication, encryption, and how operating systems control user access to system resources by deciding which users can access which resources. Protection deals with access to system resources and determines which files can be accessed by special users. Protection domains specify the resources a process can access and the operations it can perform on those resources. The access matrix model represents the protection state of a system using a matrix with rows for domains and columns for objects to define the access rights for each domain-object pair.

Embed presentation

Download to read offline
PROTECTION AND SECURITY IN OPERATING SYSTEM LALFAKAWMA M.Tech (C.S.E)
PROTECTION SECURITY  Authorization  Authentication/Encryption  It’s a Mechanisms to build secure System  It deals with the Policy issues that use protection mechanism to build secure System OPERATING SYSTEM  Control User Access to system resources.  Decide which user can have access to what resources.
PROTECTION • Protection deals with the access to the system resources. • It determines that what files can be accessed or permeated by a special user. • The protection of the system should confirm the approval of the process and users. • Due to this, these licensed users and processes will care for the central processing unit, memory and alternative sources. • It refers to a mechanism which controls the access of programs, processes, or users to the resources defined by a computer system.
NEED OF PROTECTION • To prevent the access of unauthorized users • To ensure that each active programs or processes in the system uses resources only as the stated policy, • To improve reliability by detecting latent errors.
PROTECTION DOMAIN Limiting the process’s access to only needed resources Protection domain specify: Access to the resources Operation that process can perform on the resources Every process executes in its protection domain only Switching domain:- control jump from a process to another process
PROTECTION DOMAIN • Computer is a collection of processes and objects OBJECT HARDWAR E OBJECTS SOFTWAR E OBJECTS File, ProgramCPU, Printer • Each object has a unique name that differentiates it from all other objects in the system, and each can be accessed only through well-defined and meaningful operations • Each domain defines a set of objects and the types of operations that may be invoked on each object • Each process may be a domain. In this case, the set of objects that can be accessed depends on the identity of the process. • Each user may be a domain. In this case, the set of objects that can be accessed depends on the identity of the user.
PROTECTION DOMAIN • Process operate within a protection domains, which specify the resources that the process may access. • Each domain defines a set of objects and the types of operations that may invoked on each object. • The ability to execute an operation on an object is an Access Right. • Domain is a collection of Access Right. • Access Right <object- name, rights-set>. subset of all valid operations that can be perform on an object. • Access Right. <O4, { print } >, is shared by both D2 and D3, implying that a process executing either of these two domains can print object O4 • A process must executing in domain D1 to read and write object O1, on other hand, only processes in domain D3 may execute object O1.
DESIGN PRINCIPAL FOR SECURE SYSTEMS ECONOMY: COMPLETE MEDIATION: OPEN DESIGN: SEPARATION OF PRIVILEGES: • Protection mechanism should be economical to develop and use. • Minimum substantial cost or overhead to the system. • Design as simple and small as possible. • Every request to access an object be checked for the authority. • A protection mechanism should work even if its underlying principles are known to an attacker. • Protection mechanism that requires two keys to unlock and lock is more robust and flexible. • Presence of two keys may mean satisfying two independent condition before an access is allowed.
DESIGN PRINCIPAL FOR SECURE SYSTEMS LEAST PRIVILEGE: • Minimum access rights that are sufficient for it to complete its task. • If the requirement of the subject changes, the subject should acquire it by switching the domain. LEAST COMMON MECHANISM: • Minimizing the common portion of a mechanism, which are access by more than one user. ACCEPTABILITY: • Protection mechanism must be simple to use. • Complex and obscure protection mechanism will deter users from using it. FAIL-SAFE DEFAULTS: • If design or implementation mistake is responsible for denial of an access, it will eventually be discovered and be fixed.
THE ACCESS MATRIX MODEL • Model of protection can be viewed abstractly as a matrix, called an Access Matrix. • Access Matrix is a security model of protection state in computer system. • Access matrix is used to define the rights of each process executing in the domain with respect to each object. • The rows of matrix represent domains and columns represent objects. • Each cell of matrix represents set of access rights which are given to the processes of domain • Means each entry(i, j) defines the set of operations that a process executing in domain Di can invoke on object Oj.
THE ACCESS MATRIX MODEL • There are four domains and four objects- three files(F1, F2, F3) and one printer. • A process executing in D1 can read files F1 and F3. A process executing in domain D4 has same rights as D1 but it can also write on files. • Printer can be accessed by only one process executing in domain D2. • The mechanism of access matrix consists of many policies and semantic properties. • Specifically, We must ensure that a process executing in domain Di can access only those objects that are specified in row i.
THE ACCESS MATRIX MODEL • Association between the domain and processes can be either static or dynamic. • Access matrix provides an mechanism for defining the control for this association between domain and processes. • When we switch a process from one domain to another, we execute a switch operation on an object(the domain). • We can control domain switching by including domains among the objects of the access matrix. • Processes should be able to switch from one domain (Di) to another domain (Dj) if and only is a switch right is given to access(i, j). • According to the matrix: a process executing in domain D2 can switch to domain D3 and D4. • A process executing in domain D4 can switch to domain D1 and process executing in domain D1 can switch to domain D2.
THE PROTECTION STATE OF SYSTEM • It represented by Triplet( S,O,P ) O P [s , o] S Subjects Objects Schematic Diagram of Access Matrix
Protection Domain and Access Matrix Model -Operating System

More Related Content

PPTX
A* Algorithm
byDr. C.V. Suresh Babu
 
PPTX
Design and Analysis of Algorithms.pptx
bySyed Zaid Irshad
 
PDF
Basic blocks and flow graph in Compiler Construction
byMuhammad Haroon
 
PPTX
Visibility control in java
byTech_MX
 
PPTX
Disk Scheduling Algorithm in Operating System
byMeghaj Mallick
 
PPT
Communication primitives
byStudent
 
PPT
Types of Load distributing algorithm in Distributed System
byDHIVYADEVAKI
 
PPTX
Single source Shortest path algorithm with example
byVINITACHAUHAN21
 
A* Algorithm
byDr. C.V. Suresh Babu
 
Design and Analysis of Algorithms.pptx
bySyed Zaid Irshad
 
Basic blocks and flow graph in Compiler Construction
byMuhammad Haroon
 
Visibility control in java
byTech_MX
 
Disk Scheduling Algorithm in Operating System
byMeghaj Mallick
 
Communication primitives
byStudent
 
Types of Load distributing algorithm in Distributed System
byDHIVYADEVAKI
 
Single source Shortest path algorithm with example
byVINITACHAUHAN21
 

What's hot

PPT
Divide and conquer
byDr Shashikant Athawale
 
PPT
Heuristic Search Techniques {Artificial Intelligence}
byFellowBuddy.com
 
PDF
Classes and Objects
byyndaravind
 
ODP
Production system in ai
bysabin kafle
 
PPTX
Control Strategies in AI
byAmey Kerkar
 
PPT
Heuristic Search Techniques Unit -II.ppt
bykarthikaparthasarath
 
PDF
I.BEST FIRST SEARCH IN AI
byvikas dhakane
 
PPT
Heuristc Search Techniques
byJismy .K.Jose
 
PPTX
Lecture 17 Iterative Deepening a star algorithm
byHema Kashyap
 
PPT
Hill climbing
byMohammad Faizan
 
PPTX
Breadth First Search & Depth First Search
byKevin Jadiya
 
PPTX
Operator precedance parsing
bysanchi29
 
PPTX
object oriented methodologies
byAmith Tiwari
 
PPTX
Performance analysis(Time & Space Complexity)
byswapnac12
 
PPTX
Code generation
byAparna Nayak
 
PPTX
COCOMO model
byhajra azam
 
PPT
Sliding window protocol
byShehara Abeythunga
 
PPT
Divide and Conquer
byDr Shashikant Athawale
 
PPTX
Topic1 substitution transposition-techniques
byMdFazleRabbi18
 
PPTX
Partial redundancy elimination
byIshucs
 
Divide and conquer
byDr Shashikant Athawale
 
Heuristic Search Techniques {Artificial Intelligence}
byFellowBuddy.com
 
Classes and Objects
byyndaravind
 
Production system in ai
bysabin kafle
 
Control Strategies in AI
byAmey Kerkar
 
Heuristic Search Techniques Unit -II.ppt
bykarthikaparthasarath
 
I.BEST FIRST SEARCH IN AI
byvikas dhakane
 
Heuristc Search Techniques
byJismy .K.Jose
 
Lecture 17 Iterative Deepening a star algorithm
byHema Kashyap
 
Hill climbing
byMohammad Faizan
 
Breadth First Search & Depth First Search
byKevin Jadiya
 
Operator precedance parsing
bysanchi29
 
object oriented methodologies
byAmith Tiwari
 
Performance analysis(Time & Space Complexity)
byswapnac12
 
Code generation
byAparna Nayak
 
COCOMO model
byhajra azam
 
Sliding window protocol
byShehara Abeythunga
 
Divide and Conquer
byDr Shashikant Athawale
 
Topic1 substitution transposition-techniques
byMdFazleRabbi18
 
Partial redundancy elimination
byIshucs
 

Similar to Protection Domain and Access Matrix Model -Operating System

PPT
Protection
byMohanlal Sukhadia University (MLSU)
 
PPTX
Operating Systems Protection and Security
bySivakumar M
 
PPTX
Security Environment, Design Principles Of Security
byankitashah871482
 
PPTX
securityandprotection Design Principles Of Security
byankitashah871482
 
PPTX
System protection in Operating System
bysohaildanish
 
PPT
Os8
bygopal10scs185
 
PPT
Os8
bygopal10scs185
 
PPT
Protection and Security in Operating Systems
byvampugani
 
PDF
Ch13 protection
byWelly Dian Astika
 
PPTX
resource security and protection in distributed system
bysathiabama40
 
PPTX
Protection and security of operating system
byAbdullah Khosa
 
PPTX
Least privilege, access control, operating system security
byPrachi Gulihar
 
PPTX
Security-Mechanisms-and-Policies-Protecting-System-Resources (1).pptx
bypalkartik420238
 
PPT
ch14 protection use in operating sys.ppt
byvvsp1
 
PPT
Ch18 OS
byC.U
 
PPT
OSCh18
byJoe Christensen
 
PPT
OS_Ch18
bySupriya Shrivastava
 
PDF
Distributed Operating System Resource Security And Protection: Access and Flo...
byAki Akshaya.D
 
PPT
Chapter 14 - Protection
byWayne Jones Jnr
 
PDF
CSI-503 - 10. Security & Protection (Operating System)
byghayour abbas
 
Protection
byMohanlal Sukhadia University (MLSU)
 
Operating Systems Protection and Security
bySivakumar M
 
Security Environment, Design Principles Of Security
byankitashah871482
 
securityandprotection Design Principles Of Security
byankitashah871482
 
System protection in Operating System
bysohaildanish
 
Os8
bygopal10scs185
 
Os8
bygopal10scs185
 
Protection and Security in Operating Systems
byvampugani
 
Ch13 protection
byWelly Dian Astika
 
resource security and protection in distributed system
bysathiabama40
 
Protection and security of operating system
byAbdullah Khosa
 
Least privilege, access control, operating system security
byPrachi Gulihar
 
Security-Mechanisms-and-Policies-Protecting-System-Resources (1).pptx
bypalkartik420238
 
ch14 protection use in operating sys.ppt
byvvsp1
 
Ch18 OS
byC.U
 
OSCh18
byJoe Christensen
 
OS_Ch18
bySupriya Shrivastava
 
Distributed Operating System Resource Security And Protection: Access and Flo...
byAki Akshaya.D
 
Chapter 14 - Protection
byWayne Jones Jnr
 
CSI-503 - 10. Security & Protection (Operating System)
byghayour abbas
 

Recently uploaded

PPTX
Appreciations - Jan 26 01.pptxkjkjkkjkjkjkj
bypreetheshparmar
 
PPTX
Fruit Fermentation_ Ethanol & Sugar Estimation- Dr. Shikha Gaikwad
byinsighteduwithme
 
PPTX
christal dinesha (1).ppt seminar topic..
bychristaldinesha
 
PDF
Take This Quirky Quiz! - QGI 1st Anniversary .pdf
byNiyati Jois
 
PPTX
Poster Based Ethical Reflection - Dharma and Values Poster.pptx
byRajshreeBeneymadoo
 
PPTX
How to Create & Manage Wizard in Odoo 18
byCeline George
 
PPTX
Exploring Higher education and its pathways
byEVAMAEBONGHANOY5
 
PDF
Problem Solving Agents in Artificial Intelligence with Examples and Water Jug...
byARTHIDEVARANIP
 
PPTX
HABIT. Cognitive process. I Semester Shilpa Hotakar pptx
bySHILPA HOTAKAR
 
PPTX
Toba Tek Singh - Visualising Partition through Manto's Lens
byMiral Joshi
 
PPTX
PREVENTIVE PEDIATRICS.pptx
byBANDITA PATRA
 
PDF
U.S. Departments of Education and Treasury fact sheet
byMebane Rash
 
PPTX
Payment Follow-Up via WhatsApp in Odoo 18.1 Accounting
byCeline George
 
PPTX
Central Line Associated Bloodstream Infection
bynabinabhaila40
 
PPTX
Appreciations - Jan 26 01.pptxkkkmmkmkmkmkm
bypreetheshparmar
 
PPTX
NMR Spectroscopy: Principles and Applications
byVanitha Rajakumar
 
PPTX
Drug Distribution in Pharmacology: Mechanisms, Barriers, Factors & Volume of ...
byamrin3379
 
PPTX
Day 2 ppt english.powerpoint presentation ppt
byJeahMaeMedez
 
PDF
NCA New Family Orientation 2026 Dosemagen.pdf
bytimdosemagen1
 
PDF
Introduction to Principle Components Analysis algorithms
byBapusahebDange
 
Appreciations - Jan 26 01.pptxkjkjkkjkjkjkj
bypreetheshparmar
 
Fruit Fermentation_ Ethanol & Sugar Estimation- Dr. Shikha Gaikwad
byinsighteduwithme
 
christal dinesha (1).ppt seminar topic..
bychristaldinesha
 
Take This Quirky Quiz! - QGI 1st Anniversary .pdf
byNiyati Jois
 
Poster Based Ethical Reflection - Dharma and Values Poster.pptx
byRajshreeBeneymadoo
 
How to Create & Manage Wizard in Odoo 18
byCeline George
 
Exploring Higher education and its pathways
byEVAMAEBONGHANOY5
 
Problem Solving Agents in Artificial Intelligence with Examples and Water Jug...
byARTHIDEVARANIP
 
HABIT. Cognitive process. I Semester Shilpa Hotakar pptx
bySHILPA HOTAKAR
 
Toba Tek Singh - Visualising Partition through Manto's Lens
byMiral Joshi
 
PREVENTIVE PEDIATRICS.pptx
byBANDITA PATRA
 
U.S. Departments of Education and Treasury fact sheet
byMebane Rash
 
Payment Follow-Up via WhatsApp in Odoo 18.1 Accounting
byCeline George
 
Central Line Associated Bloodstream Infection
bynabinabhaila40
 
Appreciations - Jan 26 01.pptxkkkmmkmkmkmkm
bypreetheshparmar
 
NMR Spectroscopy: Principles and Applications
byVanitha Rajakumar
 
Drug Distribution in Pharmacology: Mechanisms, Barriers, Factors & Volume of ...
byamrin3379
 
Day 2 ppt english.powerpoint presentation ppt
byJeahMaeMedez
 
NCA New Family Orientation 2026 Dosemagen.pdf
bytimdosemagen1
 
Introduction to Principle Components Analysis algorithms
byBapusahebDange
 

Protection Domain and Access Matrix Model -Operating System

  • 1.
    PROTECTION AND SECURITY IN OPERATINGSYSTEM LALFAKAWMA M.Tech (C.S.E)
  • 2.
    PROTECTION SECURITY  Authorization Authentication/Encryption  It’s a Mechanisms to build secure System  It deals with the Policy issues that use protection mechanism to build secure System OPERATING SYSTEM  Control User Access to system resources.  Decide which user can have access to what resources.
  • 3.
    PROTECTION • Protection dealswith the access to the system resources. • It determines that what files can be accessed or permeated by a special user. • The protection of the system should confirm the approval of the process and users. • Due to this, these licensed users and processes will care for the central processing unit, memory and alternative sources. • It refers to a mechanism which controls the access of programs, processes, or users to the resources defined by a computer system.
  • 4.
    NEED OF PROTECTION •To prevent the access of unauthorized users • To ensure that each active programs or processes in the system uses resources only as the stated policy, • To improve reliability by detecting latent errors.
  • 5.
    PROTECTION DOMAIN Limiting theprocess’s access to only needed resources Protection domain specify: Access to the resources Operation that process can perform on the resources Every process executes in its protection domain only Switching domain:- control jump from a process to another process
  • 6.
    PROTECTION DOMAIN • Computeris a collection of processes and objects OBJECT HARDWAR E OBJECTS SOFTWAR E OBJECTS File, ProgramCPU, Printer • Each object has a unique name that differentiates it from all other objects in the system, and each can be accessed only through well-defined and meaningful operations • Each domain defines a set of objects and the types of operations that may be invoked on each object • Each process may be a domain. In this case, the set of objects that can be accessed depends on the identity of the process. • Each user may be a domain. In this case, the set of objects that can be accessed depends on the identity of the user.
  • 7.
    PROTECTION DOMAIN • Processoperate within a protection domains, which specify the resources that the process may access. • Each domain defines a set of objects and the types of operations that may invoked on each object. • The ability to execute an operation on an object is an Access Right. • Domain is a collection of Access Right. • Access Right <object- name, rights-set>. subset of all valid operations that can be perform on an object. • Access Right. <O4, { print } >, is shared by both D2 and D3, implying that a process executing either of these two domains can print object O4 • A process must executing in domain D1 to read and write object O1, on other hand, only processes in domain D3 may execute object O1.
  • 8.
    DESIGN PRINCIPAL FORSECURE SYSTEMS ECONOMY: COMPLETE MEDIATION: OPEN DESIGN: SEPARATION OF PRIVILEGES: • Protection mechanism should be economical to develop and use. • Minimum substantial cost or overhead to the system. • Design as simple and small as possible. • Every request to access an object be checked for the authority. • A protection mechanism should work even if its underlying principles are known to an attacker. • Protection mechanism that requires two keys to unlock and lock is more robust and flexible. • Presence of two keys may mean satisfying two independent condition before an access is allowed.
  • 9.
    DESIGN PRINCIPAL FORSECURE SYSTEMS LEAST PRIVILEGE: • Minimum access rights that are sufficient for it to complete its task. • If the requirement of the subject changes, the subject should acquire it by switching the domain. LEAST COMMON MECHANISM: • Minimizing the common portion of a mechanism, which are access by more than one user. ACCEPTABILITY: • Protection mechanism must be simple to use. • Complex and obscure protection mechanism will deter users from using it. FAIL-SAFE DEFAULTS: • If design or implementation mistake is responsible for denial of an access, it will eventually be discovered and be fixed.
  • 10.
    THE ACCESS MATRIXMODEL • Model of protection can be viewed abstractly as a matrix, called an Access Matrix. • Access Matrix is a security model of protection state in computer system. • Access matrix is used to define the rights of each process executing in the domain with respect to each object. • The rows of matrix represent domains and columns represent objects. • Each cell of matrix represents set of access rights which are given to the processes of domain • Means each entry(i, j) defines the set of operations that a process executing in domain Di can invoke on object Oj.
  • 11.
    THE ACCESS MATRIXMODEL • There are four domains and four objects- three files(F1, F2, F3) and one printer. • A process executing in D1 can read files F1 and F3. A process executing in domain D4 has same rights as D1 but it can also write on files. • Printer can be accessed by only one process executing in domain D2. • The mechanism of access matrix consists of many policies and semantic properties. • Specifically, We must ensure that a process executing in domain Di can access only those objects that are specified in row i.
  • 12.
    THE ACCESS MATRIXMODEL • Association between the domain and processes can be either static or dynamic. • Access matrix provides an mechanism for defining the control for this association between domain and processes. • When we switch a process from one domain to another, we execute a switch operation on an object(the domain). • We can control domain switching by including domains among the objects of the access matrix. • Processes should be able to switch from one domain (Di) to another domain (Dj) if and only is a switch right is given to access(i, j). • According to the matrix: a process executing in domain D2 can switch to domain D3 and D4. • A process executing in domain D4 can switch to domain D1 and process executing in domain D1 can switch to domain D2.
  • 13.
    THE PROTECTION STATEOF SYSTEM • It represented by Triplet( S,O,P ) O P [s , o] S Subjects Objects Schematic Diagram of Access Matrix