Uploaded bysohaildanish
PPTX, PDF42,683 views

System protection in Operating System

This document discusses computer system protection. It outlines goals of protection like preventing unauthorized access. Principles like least privilege aim to minimize damage from compromised access. Protection domains define which objects and operations processes can access. Access matrices represent these access rights. Examples of early capability-based and language-based protection systems are described.

Embed presentation

Downloaded 850 times
Outline: Protection. Goals of Protection. Principles of protection. Domain of protection. Domain Structure. Access Matrix. Access control. Compatibility-based System.  Hydra  Cambridge CAP system Language Based Protection.
Protection: Protection refers to a mechanism for controlling the access of programs, processes, or users to the resources defined by a computer system. Protection ensures that the resources of the computer are used in a consistent way. It ensure that each object accessed correctly and only by those processes that are allowed to do so.
Goals of Protection: As computer systems have become more sophisticated and pervasive in their applications, the need to protect their integrity has also grown. We need to provide protection for several reasons. The most obvious is the need to prevent the mischievous, intentional violation of an access restriction by user.  An unprotected resource cannot defend against use (or misuse) by an unauthorized or incompetent user. A protection-oriented system provides means to distinguish between authorized and unauthorized usage.
Cont… The role of protection in a computer system is to provide a mechanism for the enforcement of the policies governing resource use. These policies can be established in a variety of ways. Some are fixed in the design of the system, while others are formulated by the management of a system. Still others are defined by the individual users to protect their own files and programs. A protection system must have the flexibility to enforce a variety of policies.
Principles of Protection: The time-tested guiding principle for protection is the Principle of least privilege.It dictates that programs, users, and even systems be given just enough privileges to perform their tasks. Consider the analogy of a security guard with a passkey. If this key allows the guard into just the public areas that she guards, then misuse of the key will result in minimal damage. If, however, the passkey allows access to all areas, then damage from its being lost, stolen, misused, copied, or otherwise compromised will be much greater.
Cont… An operating system following the principle of least privilege implements its features, programs, system calls, and data structures so that failure or compromise of a component does the minimum damage and allows the minimum damage to be done. The principle of least privilege can help produce a more secure computing environment.
Domain of Protection: A computer system is a collection of processes and objects. By objects, we mean both hardware objects (such as the CPU, printer) and software objects(such as files, programs). Each object has a unique name that differentiates it from all other objects in the system, and each can be accessed only through well-defined and meaningful operations.
Cont… A process should be allowed to access only those resources for which it has authorization Furthermore, at any time, a process should be able to access only those resources that it currently requires to complete its task.
Domain Structures.  A process operates within a Protection Domain that specifies the resources that the process may access.  Each domain defines a set of objects and the types of operations that may be invoked on each object.  The ability to execute an operation on an object is an access right.
Cont… For example, if domain D has the access right <file F, {read, write}>, then a process executing in domain D can both read and write file F; it cannot, however, perform any other operation on that object.
Cont… A domain can be realized in a variety of ways: Each user may be a domain. In this case, the set of objects that can be accessed depends on the identity of the user. Each process may be a domain. In this case, the set of objects that can be accessed depends on the identity of the process.
Example of Unix: In the UNIX operating system, a domain is associated with the user In Unix operating system user ID’s use for identify the domain.
Example of MULTICS: In the MULTICS system, the protection domains are organized into a ring structure. Each ring corresponds to a single domain .
Access Matrix: Our model of protection can be viewed abstractly as a matrix, called an Access Matrix. The rows of the access matrix represent domains, and the columns represent objects. Each entry in the matrix consists of a set of access rights.
Access Matrix:
Access Control: The basic problem of computer protection is to control which objects a given program can access, and in what ways. Objects are things like files, sound cards, other programs, the network, your modem etc. Access means what kind of operations can be done on these objects. Examples include reading a file, writing to a file and creating or deleting objects.
Cont… When we talk about ``controlling access,'' we are really talking about four kinds of things: Preventing access. Limiting access. Granting access . Revoking access. A good example of this is found in Solaris 10. Solaris uses Role-based access control(RBAC) to adding the principle.
Cont... Role-based access control (RBAC) is a security feature for controlling user access to tasks that would normally be restricted to the root user.  In conventional UNIX systems, the root user, also referred to as superuser. The root user has the ability to read and write to any file, run all programs, and send kill signals to any process.
Access Control in Solaris:
Capability-based Systems: In a capability-based computer system, all access to objects is done through capabilities, and capabilities provide the only means of accessing objects. In such a system, every program holds a set of capabilities. If program A holds a capability to talk to program B, then the two programs can grant capabilities to each other. In most capability-based systems, a program can hold an infinite number of capabilities. Such systems have tended to be slow.
Cont... A better design allows each program to hold a fixed (and small -- like 16 or 32) number of capabilities, and provides a means for storing additional capabilities if they are needed. Here two example are discuss Cambridge CAP System. Hydra
Cambridge CAP System: The Cambridge CAP computer was the first successful experimental computer that demonstrated the use of security capabilities, both in hardware and software .It was developed at the University of Cambridge Computer Laboratory in the 1970s The CAP system was designed such that any access to a memory segment or hardware required that the current process held the necessary capabilities. CAP has two kinds of capabilities. Data Capability. Software Capability.
Cont… Data Capability: It can be used to provide access to objects, but the only rights provided are the standard read, write, and execute of the individual storage segments associated with the object. Software Capability: It is a protected procedure, which may be written by an application programmer as part of a subsystem. A particular kind of rights amplification is associated with a protected procedure. When executing the code,a process temporarily acquires the right to read or write the contents of a software capability itself.
Hydra: Hydra is a capability-based protection system that provides considerable flexibility. The system implements a fixed set of possible access rights.  In addition, a user can declare other rights. The interpretation of user-defined rights is performed by the user's program, but the system provides access protection for the use of these rights.
Language Based Protection: As operating systems have become more complex, and particularly as they have attempted to provide higher-level user interfaces, the goals of protection have become much more refined. The designers of protection systems have drawn heavily on ideas that originated in programming languages and especially on the concepts of abstract data types and objects. There must be a protection policy to control the access of user defined programs.
Cont…  Protection systems are now concerned not only with the identity of a resource to which access is attempted but also with the functional nature of that access. It is usually achieved through an operating-system kernel, which acts as a security agent to inspect and validate each attempt to access a protected resource.

More Related Content

PDF
Network security & cryptography full notes
bygangadhar9989166446
 
PPTX
Protection and security of operating system
byAbdullah Khosa
 
PDF
Chapter 2 program-security
byVamsee Krishna Kiran
 
PPT
Access control matrix
byAravindharamanan S
 
PPT
Design for security in operating system
byBhagyashree Barde
 
PPTX
File Protection
byKriti Katyayan
 
PDF
Fault tolerance
byGaurav Rawat
 
PPTX
Distributed System - Security
byHarshana Madusanka Jayamaha
 
Network security & cryptography full notes
bygangadhar9989166446
 
Protection and security of operating system
byAbdullah Khosa
 
Chapter 2 program-security
byVamsee Krishna Kiran
 
Access control matrix
byAravindharamanan S
 
Design for security in operating system
byBhagyashree Barde
 
File Protection
byKriti Katyayan
 
Fault tolerance
byGaurav Rawat
 
Distributed System - Security
byHarshana Madusanka Jayamaha
 

What's hot

PPTX
Multi processor scheduling
byShashank Kapoor
 
PPT
Chapter 14 - Protection
byWayne Jones Jnr
 
PPTX
Demand paging
byTrinity Dwarka
 
PPT
message passing
byAshish Kumar
 
PPTX
process and thread.pptx
byHamzaxTv
 
PPT
Distributed file systems dfs
byPragati Startup Presentation Designer firm
 
PPTX
Deadlock Prevention
byprachi mewara
 
PPTX
deadlock handling
bySuraj Kumar
 
PPT
Chapter 8 distributed file systems
byAbDul ThaYyal
 
PPTX
2. Distributed Systems Hardware & Software concepts
byPrajakta Rane
 
PPT
Paging.ppt
byinfomerlin
 
PPTX
Database System Architectures
byInformation Technology
 
PDF
CS9222 ADVANCED OPERATING SYSTEMS
byKathirvel Ayyaswamy
 
PPTX
Deadlock ppt
bySweetestangel Kochar
 
PDF
Processes and Processors in Distributed Systems
byDr Sandeep Kumar Poonia
 
PDF
Inter Process Communication
byAnil Kumar Pugalia
 
PPTX
Leaky Bucket & Tocken Bucket - Traffic shaping
byVimal Dewangan
 
PPTX
Distributed file system
byAnamika Singh
 
PDF
11. dfs
byDr Sandeep Kumar Poonia
 
PPTX
OS multiprocessing -.pptx
byamirdawood3
 
Multi processor scheduling
byShashank Kapoor
 
Chapter 14 - Protection
byWayne Jones Jnr
 
Demand paging
byTrinity Dwarka
 
message passing
byAshish Kumar
 
process and thread.pptx
byHamzaxTv
 
Distributed file systems dfs
byPragati Startup Presentation Designer firm
 
Deadlock Prevention
byprachi mewara
 
deadlock handling
bySuraj Kumar
 
Chapter 8 distributed file systems
byAbDul ThaYyal
 
2. Distributed Systems Hardware & Software concepts
byPrajakta Rane
 
Paging.ppt
byinfomerlin
 
Database System Architectures
byInformation Technology
 
CS9222 ADVANCED OPERATING SYSTEMS
byKathirvel Ayyaswamy
 
Deadlock ppt
bySweetestangel Kochar
 
Processes and Processors in Distributed Systems
byDr Sandeep Kumar Poonia
 
Inter Process Communication
byAnil Kumar Pugalia
 
Leaky Bucket & Tocken Bucket - Traffic shaping
byVimal Dewangan
 
Distributed file system
byAnamika Singh
 
11. dfs
byDr Sandeep Kumar Poonia
 
OS multiprocessing -.pptx
byamirdawood3
 

Similar to System protection in Operating System

PPT
Protection
byMohanlal Sukhadia University (MLSU)
 
PDF
Ch13 protection
byWelly Dian Astika
 
PPTX
Protection Structures & Capabilities in Operating System
byMeghaj Mallick
 
PPT
access control configurations and principles
byAngieloBecenia1
 
PPTX
Protection Domain and Access Matrix Model -Operating System
byLalfakawmaKh
 
PPT
Os8
bygopal10scs185
 
PPT
Os8
bygopal10scs185
 
PPTX
Least privilege, access control, operating system security
byPrachi Gulihar
 
PPTX
Security-Mechanisms-and-Policies-Protecting-System-Resources (1).pptx
bypalkartik420238
 
PPT
Protection and Security in Operating Systems
byvampugani
 
PPTX
Protection
byBellal Hossain
 
PPTX
protection-151130150434-lva1-app6891.ppt_20240605_104455_0000.pptx
byabidwaqar4554
 
PDF
CSI-503 - 10. Security & Protection (Operating System)
byghayour abbas
 
PPTX
operating system ppt tegeng2.pptxguktgjh
bytegenefikadu91
 
PPTX
Protection and security
bymbadhi
 
PPTX
Security and management
byArtiSolanki5
 
PPTX
security introduction and overview lecture1 .pptx
bynagwaAboElenein
 
PPT
its a computer security based ppt which is very useful
bySantoshChintawar
 
PDF
Distributed Operating System Resource Security And Protection: Access and Flo...
byAki Akshaya.D
 
PPTX
Security Environment, Design Principles Of Security
byankitashah871482
 
Protection
byMohanlal Sukhadia University (MLSU)
 
Ch13 protection
byWelly Dian Astika
 
Protection Structures & Capabilities in Operating System
byMeghaj Mallick
 
access control configurations and principles
byAngieloBecenia1
 
Protection Domain and Access Matrix Model -Operating System
byLalfakawmaKh
 
Os8
bygopal10scs185
 
Os8
bygopal10scs185
 
Least privilege, access control, operating system security
byPrachi Gulihar
 
Security-Mechanisms-and-Policies-Protecting-System-Resources (1).pptx
bypalkartik420238
 
Protection and Security in Operating Systems
byvampugani
 
Protection
byBellal Hossain
 
protection-151130150434-lva1-app6891.ppt_20240605_104455_0000.pptx
byabidwaqar4554
 
CSI-503 - 10. Security & Protection (Operating System)
byghayour abbas
 
operating system ppt tegeng2.pptxguktgjh
bytegenefikadu91
 
Protection and security
bymbadhi
 
Security and management
byArtiSolanki5
 
security introduction and overview lecture1 .pptx
bynagwaAboElenein
 
its a computer security based ppt which is very useful
bySantoshChintawar
 
Distributed Operating System Resource Security And Protection: Access and Flo...
byAki Akshaya.D
 
Security Environment, Design Principles Of Security
byankitashah871482
 

More from sohaildanish

PPT
Computer Miss-use and Criminal Law
bysohaildanish
 
PPTX
Social Media
bysohaildanish
 
PPTX
Virtual Personal Assistant
bysohaildanish
 
PPTX
Automated Vehicle (Google Car)
bysohaildanish
 
PPTX
Sorce of communication
bysohaildanish
 
PPTX
Cover letter
bysohaildanish
 
Computer Miss-use and Criminal Law
bysohaildanish
 
Social Media
bysohaildanish
 
Virtual Personal Assistant
bysohaildanish
 
Automated Vehicle (Google Car)
bysohaildanish
 
Sorce of communication
bysohaildanish
 
Cover letter
bysohaildanish
 

Recently uploaded

PPTX
Drugs modulating serotonergic system.pptx
byNorman Arockiaraj G
 
PPTX
West Hatch High School - GCSE Spanish Presentation
byWestHatch
 
PPTX
Master of Punjabi Short Story "kartar singh duggal
bybhautikbharwad4
 
PPTX
" Jaya : Silence as Resistance " - That long silence
bydharabhandari35
 
PDF
Bishan_Singh_Presentation - Toba tek Singh
bygopalsinhchauhan9313
 
PDF
West Hatch High School - GCSE Media Specification
byWestHatch
 
PPTX
Drug Distribution in Pharmacology: Mechanisms, Barriers, Factors & Volume of ...
byamrin3379
 
PPTX
Central Line Associated Bloodstream Infection
bynabinabhaila40
 
PDF
Darwinism: Theory of Natural Selection and Origin of Species
byIPGDCWA,NAMPALLY
 
PPTX
The night at deoli - Ruskin bond's story of first love
byrajibhammar4
 
PPTX
Toba Tek Singh - Visualising Partition through Manto's Lens
bymiraljoshi48
 
PPTX
Appreciations - Jan 26 01.pptxkkkmmkmkmkmkm
bypreetheshparmar
 
PPTX
literary theory and criticism by Vivek p
byvivekrathodborda
 
PPTX
COMMUNICATION ITS PROCESS ELEMENTS & BARRIER .pptx
byPoojaSen20
 
PPTX
TLE 8 W1 Q4 D2.pptx COMMON FLOOR PLAN SYMBOLS PLUMBING SYMBOLS
byraquelanaaltres1
 
PPTX
West Hatch High School: Year 9 Art Course
byWestHatch
 
PPTX
Definition of communication skills and it's process.
bypurvrajsinhsarvaiya0
 
PPTX
Exploring Higher education and its pathways
byEVAMAEBONGHANOY5
 
PPTX
West Hatch High School - GCSE Media Studies
byWestHatch
 
PPTX
"Aristotle : Father Of Western Philosophy"
bymitalbarathod28
 
Drugs modulating serotonergic system.pptx
byNorman Arockiaraj G
 
West Hatch High School - GCSE Spanish Presentation
byWestHatch
 
Master of Punjabi Short Story "kartar singh duggal
bybhautikbharwad4
 
" Jaya : Silence as Resistance " - That long silence
bydharabhandari35
 
Bishan_Singh_Presentation - Toba tek Singh
bygopalsinhchauhan9313
 
West Hatch High School - GCSE Media Specification
byWestHatch
 
Drug Distribution in Pharmacology: Mechanisms, Barriers, Factors & Volume of ...
byamrin3379
 
Central Line Associated Bloodstream Infection
bynabinabhaila40
 
Darwinism: Theory of Natural Selection and Origin of Species
byIPGDCWA,NAMPALLY
 
The night at deoli - Ruskin bond's story of first love
byrajibhammar4
 
Toba Tek Singh - Visualising Partition through Manto's Lens
bymiraljoshi48
 
Appreciations - Jan 26 01.pptxkkkmmkmkmkmkm
bypreetheshparmar
 
literary theory and criticism by Vivek p
byvivekrathodborda
 
COMMUNICATION ITS PROCESS ELEMENTS & BARRIER .pptx
byPoojaSen20
 
TLE 8 W1 Q4 D2.pptx COMMON FLOOR PLAN SYMBOLS PLUMBING SYMBOLS
byraquelanaaltres1
 
West Hatch High School: Year 9 Art Course
byWestHatch
 
Definition of communication skills and it's process.
bypurvrajsinhsarvaiya0
 
Exploring Higher education and its pathways
byEVAMAEBONGHANOY5
 
West Hatch High School - GCSE Media Studies
byWestHatch
 
"Aristotle : Father Of Western Philosophy"
bymitalbarathod28
 

System protection in Operating System

  • 4.
    Outline: Protection. Goals of Protection. Principlesof protection. Domain of protection. Domain Structure. Access Matrix. Access control. Compatibility-based System.  Hydra  Cambridge CAP system Language Based Protection.
  • 5.
    Protection: Protection refers toa mechanism for controlling the access of programs, processes, or users to the resources defined by a computer system. Protection ensures that the resources of the computer are used in a consistent way. It ensure that each object accessed correctly and only by those processes that are allowed to do so.
  • 6.
    Goals of Protection: Ascomputer systems have become more sophisticated and pervasive in their applications, the need to protect their integrity has also grown. We need to provide protection for several reasons. The most obvious is the need to prevent the mischievous, intentional violation of an access restriction by user.  An unprotected resource cannot defend against use (or misuse) by an unauthorized or incompetent user. A protection-oriented system provides means to distinguish between authorized and unauthorized usage.
  • 7.
    Cont… The role ofprotection in a computer system is to provide a mechanism for the enforcement of the policies governing resource use. These policies can be established in a variety of ways. Some are fixed in the design of the system, while others are formulated by the management of a system. Still others are defined by the individual users to protect their own files and programs. A protection system must have the flexibility to enforce a variety of policies.
  • 8.
    Principles of Protection: Thetime-tested guiding principle for protection is the Principle of least privilege.It dictates that programs, users, and even systems be given just enough privileges to perform their tasks. Consider the analogy of a security guard with a passkey. If this key allows the guard into just the public areas that she guards, then misuse of the key will result in minimal damage. If, however, the passkey allows access to all areas, then damage from its being lost, stolen, misused, copied, or otherwise compromised will be much greater.
  • 9.
    Cont… An operating systemfollowing the principle of least privilege implements its features, programs, system calls, and data structures so that failure or compromise of a component does the minimum damage and allows the minimum damage to be done. The principle of least privilege can help produce a more secure computing environment.
  • 10.
    Domain of Protection: Acomputer system is a collection of processes and objects. By objects, we mean both hardware objects (such as the CPU, printer) and software objects(such as files, programs). Each object has a unique name that differentiates it from all other objects in the system, and each can be accessed only through well-defined and meaningful operations.
  • 11.
    Cont… A process shouldbe allowed to access only those resources for which it has authorization Furthermore, at any time, a process should be able to access only those resources that it currently requires to complete its task.
  • 13.
    Domain Structures.  Aprocess operates within a Protection Domain that specifies the resources that the process may access.  Each domain defines a set of objects and the types of operations that may be invoked on each object.  The ability to execute an operation on an object is an access right.
  • 14.
    Cont… For example, ifdomain D has the access right <file F, {read, write}>, then a process executing in domain D can both read and write file F; it cannot, however, perform any other operation on that object.
  • 15.
    Cont… A domain canbe realized in a variety of ways: Each user may be a domain. In this case, the set of objects that can be accessed depends on the identity of the user. Each process may be a domain. In this case, the set of objects that can be accessed depends on the identity of the process.
  • 16.
    Example of Unix: Inthe UNIX operating system, a domain is associated with the user In Unix operating system user ID’s use for identify the domain.
  • 17.
    Example of MULTICS: Inthe MULTICS system, the protection domains are organized into a ring structure. Each ring corresponds to a single domain .
  • 18.
    Access Matrix: Our modelof protection can be viewed abstractly as a matrix, called an Access Matrix. The rows of the access matrix represent domains, and the columns represent objects. Each entry in the matrix consists of a set of access rights.
  • 19.
  • 21.
    Access Control: The basicproblem of computer protection is to control which objects a given program can access, and in what ways. Objects are things like files, sound cards, other programs, the network, your modem etc. Access means what kind of operations can be done on these objects. Examples include reading a file, writing to a file and creating or deleting objects.
  • 22.
    Cont… When we talkabout ``controlling access,'' we are really talking about four kinds of things: Preventing access. Limiting access. Granting access . Revoking access. A good example of this is found in Solaris 10. Solaris uses Role-based access control(RBAC) to adding the principle.
  • 23.
    Cont... Role-based access control(RBAC) is a security feature for controlling user access to tasks that would normally be restricted to the root user.  In conventional UNIX systems, the root user, also referred to as superuser. The root user has the ability to read and write to any file, run all programs, and send kill signals to any process.
  • 24.
  • 25.
    Capability-based Systems: In acapability-based computer system, all access to objects is done through capabilities, and capabilities provide the only means of accessing objects. In such a system, every program holds a set of capabilities. If program A holds a capability to talk to program B, then the two programs can grant capabilities to each other. In most capability-based systems, a program can hold an infinite number of capabilities. Such systems have tended to be slow.
  • 26.
    Cont... A better designallows each program to hold a fixed (and small -- like 16 or 32) number of capabilities, and provides a means for storing additional capabilities if they are needed. Here two example are discuss Cambridge CAP System. Hydra
  • 27.
    Cambridge CAP System: TheCambridge CAP computer was the first successful experimental computer that demonstrated the use of security capabilities, both in hardware and software .It was developed at the University of Cambridge Computer Laboratory in the 1970s The CAP system was designed such that any access to a memory segment or hardware required that the current process held the necessary capabilities. CAP has two kinds of capabilities. Data Capability. Software Capability.
  • 28.
    Cont… Data Capability: It canbe used to provide access to objects, but the only rights provided are the standard read, write, and execute of the individual storage segments associated with the object. Software Capability: It is a protected procedure, which may be written by an application programmer as part of a subsystem. A particular kind of rights amplification is associated with a protected procedure. When executing the code,a process temporarily acquires the right to read or write the contents of a software capability itself.
  • 29.
    Hydra: Hydra is acapability-based protection system that provides considerable flexibility. The system implements a fixed set of possible access rights.  In addition, a user can declare other rights. The interpretation of user-defined rights is performed by the user's program, but the system provides access protection for the use of these rights.
  • 30.
    Language Based Protection: Asoperating systems have become more complex, and particularly as they have attempted to provide higher-level user interfaces, the goals of protection have become much more refined. The designers of protection systems have drawn heavily on ideas that originated in programming languages and especially on the concepts of abstract data types and objects. There must be a protection policy to control the access of user defined programs.
  • 31.
    Cont…  Protection systemsare now concerned not only with the identity of a resource to which access is attempted but also with the functional nature of that access. It is usually achieved through an operating-system kernel, which acts as a security agent to inspect and validate each attempt to access a protected resource.