Salient Features of India constitution especially power and functions
Ch14 protection
1. Silberschatz and Galvin199919.1Operating System Concepts Silberschatz and Galvin19995.1Operating System Concepts Silberschatz and Galvin 19994.1
1 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17
O P E R A T I N G S Y S T E M S
Chapter 14 : Protection
• Goals of Protection
• Domain of Protection
• Access Matrix
• Implementation of Access Matrix
• Revocation of Access Rights
• Capability-Based Systems
• Language-Based Protection
Operating System Concepts
2. Silberschatz and Galvin199919.2Operating System Concepts Silberschatz and Galvin19995.2Operating System Concepts Silberschatz and Galvin 19994.2
2 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17
Chapter 14: Protection
• Goals of Protection
• Domain of Protection
• Access Matrix
• Implementation of Access Matrix
• Revocation of Access Rights
• Capability-Based Systems
• Language-Based Protection
Operating System Concepts
3. Silberschatz and Galvin199919.3Operating System Concepts Silberschatz and Galvin19995.3Operating System Concepts Silberschatz and Galvin 19994.3
3 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17
Protection
• Operating system consists of a collection of object|s, hardware or
software
• Each object has a unique name and can be accessed through a
well-defined set of operations.
• Protection problem - ensure that each object is accessed
correctly and only by those processes that are allowed to do so.
Operating System Concepts
4. Silberschatz and Galvin199919.4Operating System Concepts Silberschatz and Galvin19995.4Operating System Concepts Silberschatz and Galvin 19994.4
4 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17
Domain Structure
• Access-right = <object-name, rights-set>
Rights-set is a subset of all valid operations that can be
performed on the object.
• Domain = set of access-rights
Operating System Concepts
5. Silberschatz and Galvin199919.5Operating System Concepts Silberschatz and Galvin19995.5Operating System Concepts Silberschatz and Galvin 19994.5
5 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17
Domain Implementation
• System consists of 2 domains:
• User
• Supervisor
• UNIX
• Domain = user-id
• Domain switch accomplished via file system.
Each file has associated with it a domain bit (setuid bit).
When file is executed and setuid = on, then user-id is
set to owner of the file being executed. When execution
completes user-id is reset.
Operating System Concepts
6. Silberschatz and Galvin199919.6Operating System Concepts Silberschatz and Galvin19995.6Operating System Concepts Silberschatz and Galvin 19994.6
6 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17
Multics Rings
• Let Di and Dj be any two domain rings.
• If j < I Di Dj
Operating System Concepts
7. Silberschatz and Galvin199919.7Operating System Concepts Silberschatz and Galvin19995.7Operating System Concepts Silberschatz and Galvin 19994.7
7 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17
Access Matrix
Figure 1
Operating System Concepts
8. Silberschatz and Galvin199919.8Operating System Concepts Silberschatz and Galvin19995.8Operating System Concepts Silberschatz and Galvin 19994.8
8 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17
Use of Access Matrix
• If a process in Domain Di tries to do “op” on object Oj, then “op”
must be in the access matrix.
• Can be expanded to dynamic protection.
• Operations to add, delete access rights.
• Special access rights:
owner of Oi
copy op from Oi to Oj
control – Di can modify Djs access rights
transfer – switch from domain Di to Dj
Operating System Concepts
9. Silberschatz and Galvin199919.9Operating System Concepts Silberschatz and Galvin19995.9Operating System Concepts Silberschatz and Galvin 19994.9
9 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17
Use of Access Matrix (Cont.)
• Access matrix design separates mechanism from policy.
• Mechanism
Operating system provides Access-matrix + rules.
If ensures that the matrix is only manipulated by
authorized agents and that rules are strictly enforced.
• Policy
User dictates policy.
Who can access what object and in what mode.
Operating System Concepts
10. Silberschatz and Galvin199919.10Operating System Concepts Silberschatz and Galvin19995.10Operating System Concepts Silberschatz and Galvin 19994.10
10 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17
Implementation of Access Matrix
• Each column = Access-control list for one object
Defines who can perform what operation.
Domain 1 = Read, Write
Domain 2 = Read
Domain 3 = Read
• Each Row = Capability List (like a key)
Fore each domain, what operations allowed on what objects.
• Object 1 – Read
• Object 4 – Read, Write, Execute
• Object 5 – Read, Write, Delete, Copy
Operating System Concepts
11. Silberschatz and Galvin199919.11Operating System Concepts Silberschatz and Galvin19995.11Operating System Concepts Silberschatz and Galvin 19994.11
11 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17
Access Matrix of Figure 1 With Domains as Objects
Figure 2
Operating System Concepts
12. Silberschatz and Galvin199919.12Operating System Concepts Silberschatz and Galvin19995.12Operating System Concepts Silberschatz and Galvin 19994.12
12 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17
Access Matrix with Copy Rights
Operating System Concepts
13. Silberschatz and Galvin199919.13Operating System Concepts Silberschatz and Galvin19995.13Operating System Concepts Silberschatz and Galvin 19994.13
13 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17
Access Matrix With Owner Rights
Operating System Concepts
14. Silberschatz and Galvin199919.14Operating System Concepts Silberschatz and Galvin19995.14Operating System Concepts Silberschatz and Galvin 19994.14
14 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17
Modified Access Matrix of Figure 2
Operating System Concepts
15. Silberschatz and Galvin199919.15Operating System Concepts Silberschatz and Galvin19995.15Operating System Concepts Silberschatz and Galvin 19994.15
15 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17
Revocation of Access Rights
• Access List – Delete access rights from access list.
• Simple
• Immediate
• Capability List – Scheme required to locate capability in the
system before capability can be revoked.
• Reacquisition
• Back-pointers
• Indirection
• Keys
Operating System Concepts
16. Silberschatz and Galvin199919.16Operating System Concepts Silberschatz and Galvin19995.16Operating System Concepts Silberschatz and Galvin 19994.16
16 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17
Capability-Based Systems
• Hydra
• Fixed set of access rights known to and interpreted by the
system.
• Interpretation of user-defined rights performed solely by
user's program; system provides access protection for use
of these rights.
• Cambridge CAP System
• Data capability - provides standard read, write, execute of
individual storage segments associated with object.
• Software capability -interpretation left to the subsystem,
through its protected procedures.
Operating System Concepts
17. Silberschatz and Galvin199919.17Operating System Concepts Silberschatz and Galvin19995.17Operating System Concepts Silberschatz and Galvin 19994.17
17 toOperating System Concepts | Silberschatz and Galvin 1999https://github.com/syaifulahdan/ 17
Language-Based Protection
• Specification of protection in a programming language allows the
high-level description of policies for the allocation and use of
resources.
• Language implementation can provide software for protection
enforcement when automatic hardware-supported checking is
unavailable.
• Interpret protection specifications to generate calls on whatever
protection system is provided by the hardware and the operating
system.
Operating System Concepts