SlideShare a Scribd company logo

Ch14 protection

Syaiful Ahdan
Syaiful Ahdan

Ch14 protection

Education
1 of 17
Download to read offline
Silberschatz and Galvin199919.1Operating System Concepts Silberschatz and Galvin19995.1Operating System Concepts Silberschatz and Galvin 19994.1 1 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 O P E R A T I N G S Y S T E M S Chapter 14 : Protection • Goals of Protection • Domain of Protection • Access Matrix • Implementation of Access Matrix • Revocation of Access Rights • Capability-Based Systems • Language-Based Protection Operating System Concepts
Silberschatz and Galvin199919.2Operating System Concepts Silberschatz and Galvin19995.2Operating System Concepts Silberschatz and Galvin 19994.2 2 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Chapter 14: Protection • Goals of Protection • Domain of Protection • Access Matrix • Implementation of Access Matrix • Revocation of Access Rights • Capability-Based Systems • Language-Based Protection Operating System Concepts
Silberschatz and Galvin199919.3Operating System Concepts Silberschatz and Galvin19995.3Operating System Concepts Silberschatz and Galvin 19994.3 3 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Protection • Operating system consists of a collection of object|s, hardware or software • Each object has a unique name and can be accessed through a well-defined set of operations. • Protection problem - ensure that each object is accessed correctly and only by those processes that are allowed to do so. Operating System Concepts
Silberschatz and Galvin199919.4Operating System Concepts Silberschatz and Galvin19995.4Operating System Concepts Silberschatz and Galvin 19994.4 4 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Domain Structure • Access-right = <object-name, rights-set> Rights-set is a subset of all valid operations that can be performed on the object. • Domain = set of access-rights Operating System Concepts
Silberschatz and Galvin199919.5Operating System Concepts Silberschatz and Galvin19995.5Operating System Concepts Silberschatz and Galvin 19994.5 5 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Domain Implementation • System consists of 2 domains: • User • Supervisor • UNIX • Domain = user-id • Domain switch accomplished via file system.  Each file has associated with it a domain bit (setuid bit).  When file is executed and setuid = on, then user-id is set to owner of the file being executed. When execution completes user-id is reset. Operating System Concepts
Silberschatz and Galvin199919.6Operating System Concepts Silberschatz and Galvin19995.6Operating System Concepts Silberschatz and Galvin 19994.6 6 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Multics Rings • Let Di and Dj be any two domain rings. • If j < I  Di  Dj Operating System Concepts
Silberschatz and Galvin199919.7Operating System Concepts Silberschatz and Galvin19995.7Operating System Concepts Silberschatz and Galvin 19994.7 7 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Access Matrix Figure 1 Operating System Concepts
Silberschatz and Galvin199919.8Operating System Concepts Silberschatz and Galvin19995.8Operating System Concepts Silberschatz and Galvin 19994.8 8 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Use of Access Matrix • If a process in Domain Di tries to do “op” on object Oj, then “op” must be in the access matrix. • Can be expanded to dynamic protection. • Operations to add, delete access rights. • Special access rights:  owner of Oi  copy op from Oi to Oj  control – Di can modify Djs access rights  transfer – switch from domain Di to Dj Operating System Concepts
Silberschatz and Galvin199919.9Operating System Concepts Silberschatz and Galvin19995.9Operating System Concepts Silberschatz and Galvin 19994.9 9 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Use of Access Matrix (Cont.) • Access matrix design separates mechanism from policy. • Mechanism  Operating system provides Access-matrix + rules.  If ensures that the matrix is only manipulated by authorized agents and that rules are strictly enforced. • Policy  User dictates policy.  Who can access what object and in what mode. Operating System Concepts
Silberschatz and Galvin199919.10Operating System Concepts Silberschatz and Galvin19995.10Operating System Concepts Silberschatz and Galvin 19994.10 10 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Implementation of Access Matrix • Each column = Access-control list for one object Defines who can perform what operation. Domain 1 = Read, Write Domain 2 = Read Domain 3 = Read  • Each Row = Capability List (like a key) Fore each domain, what operations allowed on what objects. • Object 1 – Read • Object 4 – Read, Write, Execute • Object 5 – Read, Write, Delete, Copy Operating System Concepts
Silberschatz and Galvin199919.11Operating System Concepts Silberschatz and Galvin19995.11Operating System Concepts Silberschatz and Galvin 19994.11 11 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Access Matrix of Figure 1 With Domains as Objects Figure 2 Operating System Concepts
Silberschatz and Galvin199919.12Operating System Concepts Silberschatz and Galvin19995.12Operating System Concepts Silberschatz and Galvin 19994.12 12 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Access Matrix with Copy Rights Operating System Concepts
Silberschatz and Galvin199919.13Operating System Concepts Silberschatz and Galvin19995.13Operating System Concepts Silberschatz and Galvin 19994.13 13 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Access Matrix With Owner Rights Operating System Concepts
Silberschatz and Galvin199919.14Operating System Concepts Silberschatz and Galvin19995.14Operating System Concepts Silberschatz and Galvin 19994.14 14 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Modified Access Matrix of Figure 2 Operating System Concepts
Silberschatz and Galvin199919.15Operating System Concepts Silberschatz and Galvin19995.15Operating System Concepts Silberschatz and Galvin 19994.15 15 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Revocation of Access Rights • Access List – Delete access rights from access list. • Simple • Immediate • Capability List – Scheme required to locate capability in the system before capability can be revoked. • Reacquisition • Back-pointers • Indirection • Keys Operating System Concepts
Silberschatz and Galvin199919.16Operating System Concepts Silberschatz and Galvin19995.16Operating System Concepts Silberschatz and Galvin 19994.16 16 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Capability-Based Systems • Hydra • Fixed set of access rights known to and interpreted by the system. • Interpretation of user-defined rights performed solely by user's program; system provides access protection for use of these rights. • Cambridge CAP System • Data capability - provides standard read, write, execute of individual storage segments associated with object. • Software capability -interpretation left to the subsystem, through its protected procedures. Operating System Concepts
Silberschatz and Galvin199919.17Operating System Concepts Silberschatz and Galvin19995.17Operating System Concepts Silberschatz and Galvin 19994.17 17 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Language-Based Protection • Specification of protection in a programming language allows the high-level description of policies for the allocation and use of resources. • Language implementation can provide software for protection enforcement when automatic hardware-supported checking is unavailable. • Interpret protection specifications to generate calls on whatever protection system is provided by the hardware and the operating system. Operating System Concepts

Recommended

Ch15 security
Ch15 securityCh15 security
Ch15 security
Syaiful Ahdan
 
Operating System : Ch20 security
Operating System : Ch20 securityOperating System : Ch20 security
Operating System : Ch20 security
Syaiful Ahdan
 
Operating System : Ch19 protection
Operating System : Ch19 protectionOperating System : Ch19 protection
Operating System : Ch19 protection
Syaiful Ahdan
 
Operating System : Ch11 file system implementation
Operating System : Ch11 file system implementationOperating System : Ch11 file system implementation
Operating System : Ch11 file system implementation
Syaiful Ahdan
 
Ch12 file system implementation
Ch12 file system implementationCh12 file system implementation
Ch12 file system implementation
Syaiful Ahdan
 
Configuring Site-to-Site VPN's on ASA Firewalls
Configuring Site-to-Site VPN's on ASA FirewallsConfiguring Site-to-Site VPN's on ASA Firewalls
Configuring Site-to-Site VPN's on ASA Firewalls
Kelvin Charles
 
Central Iowa Linux Users Group May 2020 Meeting: WireGuard
Central Iowa Linux Users Group May 2020 Meeting: WireGuardCentral Iowa Linux Users Group May 2020 Meeting: WireGuard
Central Iowa Linux Users Group May 2020 Meeting: WireGuard
Andrew Denner
 
Ch11 file system interface
Ch11 file system interfaceCh11 file system interface
Ch11 file system interface
Syaiful Ahdan
 

Recommended

Ch15 security
Ch15 securityCh15 security
Ch15 security
Syaiful Ahdan
 
Operating System : Ch20 security
Operating System : Ch20 securityOperating System : Ch20 security
Operating System : Ch20 security
Syaiful Ahdan
 
Operating System : Ch19 protection
Operating System : Ch19 protectionOperating System : Ch19 protection
Operating System : Ch19 protection
Syaiful Ahdan
 
Operating System : Ch11 file system implementation
Operating System : Ch11 file system implementationOperating System : Ch11 file system implementation
Operating System : Ch11 file system implementation
Syaiful Ahdan
 
Ch12 file system implementation
Ch12 file system implementationCh12 file system implementation
Ch12 file system implementation
Syaiful Ahdan
 
Configuring Site-to-Site VPN's on ASA Firewalls
Configuring Site-to-Site VPN's on ASA FirewallsConfiguring Site-to-Site VPN's on ASA Firewalls
Configuring Site-to-Site VPN's on ASA Firewalls
Kelvin Charles
 
Central Iowa Linux Users Group May 2020 Meeting: WireGuard
Central Iowa Linux Users Group May 2020 Meeting: WireGuardCentral Iowa Linux Users Group May 2020 Meeting: WireGuard
Central Iowa Linux Users Group May 2020 Meeting: WireGuard
Andrew Denner
 
Ch11 file system interface
Ch11 file system interfaceCh11 file system interface
Ch11 file system interface
Syaiful Ahdan
 
Ch7 deadlocks
Ch7 deadlocksCh7 deadlocks
Ch7 deadlocks
Syaiful Ahdan
 
Operating System-Ch7 deadlocks
Operating System-Ch7 deadlocksOperating System-Ch7 deadlocks
Operating System-Ch7 deadlocks
Syaiful Ahdan
 
Operating System : Ch12 io systems
Operating System : Ch12 io systemsOperating System : Ch12 io systems
Operating System : Ch12 io systems
Syaiful Ahdan
 
Ch13 io systems
Ch13 io systemsCh13 io systems
Ch13 io systems
Syaiful Ahdan
 
Operating System : Ch18 distributed coordination
Operating System : Ch18 distributed coordinationOperating System : Ch18 distributed coordination
Operating System : Ch18 distributed coordination
Syaiful Ahdan
 
Operating System-Ch8 memory management
Operating System-Ch8 memory managementOperating System-Ch8 memory management
Operating System-Ch8 memory management
Syaiful Ahdan
 
Operating System : Ch10 file system interface
Operating System : Ch10 file system interfaceOperating System : Ch10 file system interface
Operating System : Ch10 file system interface
Syaiful Ahdan
 
Operating System : Ch16.distributed system structures
Operating System : Ch16.distributed system structuresOperating System : Ch16.distributed system structures
Operating System : Ch16.distributed system structures
Syaiful Ahdan
 
Materi8mainmemory
Materi8mainmemoryMateri8mainmemory
Materi8mainmemory
Universitas Perwira Purbalingga
 
Ch8 main memory
Ch8 main memoryCh8 main memory
Ch8 main memory
Syaiful Ahdan
 
Operating System : Ch13 secondary storage
Operating System : Ch13 secondary storageOperating System : Ch13 secondary storage
Operating System : Ch13 secondary storage
Syaiful Ahdan
 
Operating System : Ch15 network structures
Operating System : Ch15 network structuresOperating System : Ch15 network structures
Operating System : Ch15 network structures
Syaiful Ahdan
 
Operating System : Ch17 distributed file systems
Operating System : Ch17 distributed file systemsOperating System : Ch17 distributed file systems
Operating System : Ch17 distributed file systems
Syaiful Ahdan
 
Ch10.1 secondary storage
Ch10.1 secondary storageCh10.1 secondary storage
Ch10.1 secondary storage
Syaiful Ahdan
 
Operating System : Ch4 b threads
Operating System : Ch4 b threadsOperating System : Ch4 b threads
Operating System : Ch4 b threads
Syaiful Ahdan
 
Ch4 threads
Ch4 threadsCh4 threads
Ch4 threads
Syaiful Ahdan
 
Operating System : Ch14.tertiary storage structure
Operating System : Ch14.tertiary storage structureOperating System : Ch14.tertiary storage structure
Operating System : Ch14.tertiary storage structure
Syaiful Ahdan
 
Operating System-Ch4.processes
Operating System-Ch4.processesOperating System-Ch4.processes
Operating System-Ch4.processes
Syaiful Ahdan
 
Ch3.processes
Ch3.processesCh3.processes
Ch3.processes
Syaiful Ahdan
 
Ch5 process synchronization
Ch5 process synchronizationCh5 process synchronization
Ch5 process synchronization
Syaiful Ahdan
 
Sertifikat EC00202128391
Sertifikat EC00202128391 Sertifikat EC00202128391
Sertifikat EC00202128391
Syaiful Ahdan
 
SP2JPB - Aplikasi Sistem Pelayanan Pemesanan Jasa Perbaikan Pada Bengkel Alam...
SP2JPB - Aplikasi Sistem Pelayanan Pemesanan Jasa Perbaikan Pada Bengkel Alam...SP2JPB - Aplikasi Sistem Pelayanan Pemesanan Jasa Perbaikan Pada Bengkel Alam...
SP2JPB - Aplikasi Sistem Pelayanan Pemesanan Jasa Perbaikan Pada Bengkel Alam...
Syaiful Ahdan
 

More Related Content

Similar to Ch14 protection

Similar to Ch14 protection (20)

Ch7 deadlocks
Ch7 deadlocksCh7 deadlocks
Ch7 deadlocks
 
Operating System-Ch7 deadlocks
Operating System-Ch7 deadlocksOperating System-Ch7 deadlocks
Operating System-Ch7 deadlocks
 
Operating System : Ch12 io systems
Operating System : Ch12 io systemsOperating System : Ch12 io systems
Operating System : Ch12 io systems
 
Ch13 io systems
Ch13 io systemsCh13 io systems
Ch13 io systems
 
Operating System : Ch18 distributed coordination
Operating System : Ch18 distributed coordinationOperating System : Ch18 distributed coordination
Operating System : Ch18 distributed coordination
 
Operating System-Ch8 memory management
Operating System-Ch8 memory managementOperating System-Ch8 memory management
Operating System-Ch8 memory management
 
Operating System : Ch10 file system interface
Operating System : Ch10 file system interfaceOperating System : Ch10 file system interface
Operating System : Ch10 file system interface
 
Operating System : Ch16.distributed system structures
Operating System : Ch16.distributed system structuresOperating System : Ch16.distributed system structures
Operating System : Ch16.distributed system structures
 
Materi8mainmemory
Materi8mainmemoryMateri8mainmemory
Materi8mainmemory
 
Ch8 main memory
Ch8 main memoryCh8 main memory
Ch8 main memory
 
Operating System : Ch13 secondary storage
Operating System : Ch13 secondary storageOperating System : Ch13 secondary storage
Operating System : Ch13 secondary storage
 
Operating System : Ch15 network structures
Operating System : Ch15 network structuresOperating System : Ch15 network structures
Operating System : Ch15 network structures
 
Operating System : Ch17 distributed file systems
Operating System : Ch17 distributed file systemsOperating System : Ch17 distributed file systems
Operating System : Ch17 distributed file systems
 
Ch10.1 secondary storage
Ch10.1 secondary storageCh10.1 secondary storage
Ch10.1 secondary storage
 
Operating System : Ch4 b threads
Operating System : Ch4 b threadsOperating System : Ch4 b threads
Operating System : Ch4 b threads
 
Ch4 threads
Ch4 threadsCh4 threads
Ch4 threads
 
Operating System : Ch14.tertiary storage structure
Operating System : Ch14.tertiary storage structureOperating System : Ch14.tertiary storage structure
Operating System : Ch14.tertiary storage structure
 
Operating System-Ch4.processes
Operating System-Ch4.processesOperating System-Ch4.processes
Operating System-Ch4.processes
 
Ch3.processes
Ch3.processesCh3.processes
Ch3.processes
 
Ch5 process synchronization
Ch5 process synchronizationCh5 process synchronization
Ch5 process synchronization
 

More from Syaiful Ahdan

More from Syaiful Ahdan (20)

Sertifikat EC00202128391
Sertifikat EC00202128391 Sertifikat EC00202128391
Sertifikat EC00202128391
 
SP2JPB - Aplikasi Sistem Pelayanan Pemesanan Jasa Perbaikan Pada Bengkel Alam...
SP2JPB - Aplikasi Sistem Pelayanan Pemesanan Jasa Perbaikan Pada Bengkel Alam...SP2JPB - Aplikasi Sistem Pelayanan Pemesanan Jasa Perbaikan Pada Bengkel Alam...
SP2JPB - Aplikasi Sistem Pelayanan Pemesanan Jasa Perbaikan Pada Bengkel Alam...
 
Sertifikat ec00202059774
Sertifikat ec00202059774Sertifikat ec00202059774
Sertifikat ec00202059774
 
Sertifikat ec00202059775
Sertifikat ec00202059775Sertifikat ec00202059775
Sertifikat ec00202059775
 
Sertifikat EC00202045078
Sertifikat EC00202045078Sertifikat EC00202045078
Sertifikat EC00202045078
 
Sertifikat EC00202044723
Sertifikat EC00202044723 Sertifikat EC00202044723
Sertifikat EC00202044723
 
Sertifikat EC00202023523
Sertifikat EC00202023523Sertifikat EC00202023523
Sertifikat EC00202023523
 
Sertifikat EC00201826309
Sertifikat EC00201826309Sertifikat EC00201826309
Sertifikat EC00201826309
 
Sertifikat EC00202023149
Sertifikat EC00202023149Sertifikat EC00202023149
Sertifikat EC00202023149
 
Sertifikat EC00202022868
Sertifikat EC00202022868Sertifikat EC00202022868
Sertifikat EC00202022868
 
Sertifikat EC00202021343
Sertifikat EC00202021343Sertifikat EC00202021343
Sertifikat EC00202021343
 
Sertifikat EC00202022755
Sertifikat EC00202022755Sertifikat EC00202022755
Sertifikat EC00202022755
 
Sertifikat EC00201987196
Sertifikat EC00201987196Sertifikat EC00201987196
Sertifikat EC00201987196
 
Sertifikat EC00201856484
Sertifikat EC00201856484Sertifikat EC00201856484
Sertifikat EC00201856484
 
Sertifikat EC00201856352
Sertifikat EC00201856352Sertifikat EC00201856352
Sertifikat EC00201856352
 
Sertifikat EC00201856994
Sertifikat EC00201856994Sertifikat EC00201856994
Sertifikat EC00201856994
 
Sertifikat EC00201856895
Sertifikat EC00201856895Sertifikat EC00201856895
Sertifikat EC00201856895
 
Meeting 2 introdcution network administrator
Meeting 2 introdcution network administratorMeeting 2 introdcution network administrator
Meeting 2 introdcution network administrator
 
Pertemuan 5
Pertemuan 5Pertemuan 5
Pertemuan 5
 
Pertemuan 4
Pertemuan 4Pertemuan 4
Pertemuan 4
 

Recently uploaded

Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
QucHHunhnh
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
ciinovamais
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
AnaAcapella
 
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdfVishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
ssuserdda66b
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
KarakKing
 

Recently uploaded (20)

Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptx
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
 
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdfVishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 

Ch14 protection

  • 1. Silberschatz and Galvin199919.1Operating System Concepts Silberschatz and Galvin19995.1Operating System Concepts Silberschatz and Galvin 19994.1 1 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 O P E R A T I N G S Y S T E M S Chapter 14 : Protection • Goals of Protection • Domain of Protection • Access Matrix • Implementation of Access Matrix • Revocation of Access Rights • Capability-Based Systems • Language-Based Protection Operating System Concepts
  • 2. Silberschatz and Galvin199919.2Operating System Concepts Silberschatz and Galvin19995.2Operating System Concepts Silberschatz and Galvin 19994.2 2 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Chapter 14: Protection • Goals of Protection • Domain of Protection • Access Matrix • Implementation of Access Matrix • Revocation of Access Rights • Capability-Based Systems • Language-Based Protection Operating System Concepts
  • 3. Silberschatz and Galvin199919.3Operating System Concepts Silberschatz and Galvin19995.3Operating System Concepts Silberschatz and Galvin 19994.3 3 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Protection • Operating system consists of a collection of object|s, hardware or software • Each object has a unique name and can be accessed through a well-defined set of operations. • Protection problem - ensure that each object is accessed correctly and only by those processes that are allowed to do so. Operating System Concepts
  • 4. Silberschatz and Galvin199919.4Operating System Concepts Silberschatz and Galvin19995.4Operating System Concepts Silberschatz and Galvin 19994.4 4 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Domain Structure • Access-right = <object-name, rights-set> Rights-set is a subset of all valid operations that can be performed on the object. • Domain = set of access-rights Operating System Concepts
  • 5. Silberschatz and Galvin199919.5Operating System Concepts Silberschatz and Galvin19995.5Operating System Concepts Silberschatz and Galvin 19994.5 5 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Domain Implementation • System consists of 2 domains: • User • Supervisor • UNIX • Domain = user-id • Domain switch accomplished via file system.  Each file has associated with it a domain bit (setuid bit).  When file is executed and setuid = on, then user-id is set to owner of the file being executed. When execution completes user-id is reset. Operating System Concepts
  • 6. Silberschatz and Galvin199919.6Operating System Concepts Silberschatz and Galvin19995.6Operating System Concepts Silberschatz and Galvin 19994.6 6 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Multics Rings • Let Di and Dj be any two domain rings. • If j < I  Di  Dj Operating System Concepts
  • 7. Silberschatz and Galvin199919.7Operating System Concepts Silberschatz and Galvin19995.7Operating System Concepts Silberschatz and Galvin 19994.7 7 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Access Matrix Figure 1 Operating System Concepts
  • 8. Silberschatz and Galvin199919.8Operating System Concepts Silberschatz and Galvin19995.8Operating System Concepts Silberschatz and Galvin 19994.8 8 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Use of Access Matrix • If a process in Domain Di tries to do “op” on object Oj, then “op” must be in the access matrix. • Can be expanded to dynamic protection. • Operations to add, delete access rights. • Special access rights:  owner of Oi  copy op from Oi to Oj  control – Di can modify Djs access rights  transfer – switch from domain Di to Dj Operating System Concepts
  • 9. Silberschatz and Galvin199919.9Operating System Concepts Silberschatz and Galvin19995.9Operating System Concepts Silberschatz and Galvin 19994.9 9 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Use of Access Matrix (Cont.) • Access matrix design separates mechanism from policy. • Mechanism  Operating system provides Access-matrix + rules.  If ensures that the matrix is only manipulated by authorized agents and that rules are strictly enforced. • Policy  User dictates policy.  Who can access what object and in what mode. Operating System Concepts
  • 10. Silberschatz and Galvin199919.10Operating System Concepts Silberschatz and Galvin19995.10Operating System Concepts Silberschatz and Galvin 19994.10 10 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Implementation of Access Matrix • Each column = Access-control list for one object Defines who can perform what operation. Domain 1 = Read, Write Domain 2 = Read Domain 3 = Read  • Each Row = Capability List (like a key) Fore each domain, what operations allowed on what objects. • Object 1 – Read • Object 4 – Read, Write, Execute • Object 5 – Read, Write, Delete, Copy Operating System Concepts
  • 11. Silberschatz and Galvin199919.11Operating System Concepts Silberschatz and Galvin19995.11Operating System Concepts Silberschatz and Galvin 19994.11 11 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Access Matrix of Figure 1 With Domains as Objects Figure 2 Operating System Concepts
  • 12. Silberschatz and Galvin199919.12Operating System Concepts Silberschatz and Galvin19995.12Operating System Concepts Silberschatz and Galvin 19994.12 12 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Access Matrix with Copy Rights Operating System Concepts
  • 13. Silberschatz and Galvin199919.13Operating System Concepts Silberschatz and Galvin19995.13Operating System Concepts Silberschatz and Galvin 19994.13 13 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Access Matrix With Owner Rights Operating System Concepts
  • 14. Silberschatz and Galvin199919.14Operating System Concepts Silberschatz and Galvin19995.14Operating System Concepts Silberschatz and Galvin 19994.14 14 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Modified Access Matrix of Figure 2 Operating System Concepts
  • 15. Silberschatz and Galvin199919.15Operating System Concepts Silberschatz and Galvin19995.15Operating System Concepts Silberschatz and Galvin 19994.15 15 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Revocation of Access Rights • Access List – Delete access rights from access list. • Simple • Immediate • Capability List – Scheme required to locate capability in the system before capability can be revoked. • Reacquisition • Back-pointers • Indirection • Keys Operating System Concepts
  • 16. Silberschatz and Galvin199919.16Operating System Concepts Silberschatz and Galvin19995.16Operating System Concepts Silberschatz and Galvin 19994.16 16 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Capability-Based Systems • Hydra • Fixed set of access rights known to and interpreted by the system. • Interpretation of user-defined rights performed solely by user's program; system provides access protection for use of these rights. • Cambridge CAP System • Data capability - provides standard read, write, execute of individual storage segments associated with object. • Software capability -interpretation left to the subsystem, through its protected procedures. Operating System Concepts
  • 17. Silberschatz and Galvin199919.17Operating System Concepts Silberschatz and Galvin19995.17Operating System Concepts Silberschatz and Galvin 19994.17 17 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17 Language-Based Protection • Specification of protection in a programming language allows the high-level description of policies for the allocation and use of resources. • Language implementation can provide software for protection enforcement when automatic hardware-supported checking is unavailable. • Interpret protection specifications to generate calls on whatever protection system is provided by the hardware and the operating system. Operating System Concepts