14.4 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts – 7 th Edition, Apr 11, 2005Goals of Protection software well-defined set of operations.. 14.6 Silberschatz, Galvin an
Trang 1Chapter 14: Protection
Trang 214.2 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts – 7 th Edition, Apr 11, 2005
Trang 3computer system
are used to specify the resources a process may access
Trang 414.4 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts – 7 th Edition, Apr 11, 2005
Goals of Protection
software
well-defined set of operations
and only by those processes that are allowed to do so
Trang 5Principles of Protection
privileges to perform their tasks
Trang 614.6 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts – 7 th Edition, Apr 11, 2005
Domain Structure
where rights-set is a subset of all valid operations that can be
performed on the object
Trang 7Domain Implementation (UNIX)
● User
owner of the file being executed When execution completes user-id is reset
Trang 814.8 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts – 7 th Edition, Apr 11, 2005
Domain Implementation (MULTICS)
Trang 9Access Matrix
■ Access(i, j) is the set of operations that a process executing in
Trang 1014.10 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts – 7 th Edition, Apr 11, 2005
Access Matrix
Trang 11Use of Access Matrix
must be in the access matrix
owner of O i
copy op from O i to O j
control – D i can modify D j access rights
transfer – switch from domain D i to D j
Trang 1214.12 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts – 7 th Edition, Apr 11, 2005
Use of Access Matrix (Cont.)
agents and that rules are strictly enforced
Trang 13Implementation of Access Matrix
Defines who can perform what operation
Domain 1 = Read, Write Domain 2 = Read
Domain 3 = Read
Fore each domain, what operations allowed on what objects
Object 1 – Read Object 4 – Read, Write, Execute Object 5 – Read, Write, Delete, Copy
Trang 1414.14 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts – 7 th Edition, Apr 11, 2005
Access Matrix of Figure A With Domains as Objects
Figure B
Trang 15Access Matrix with Copy Rights
Trang 1614.16 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts – 7 th Edition, Apr 11, 2005
Trang 17Modified Access Matrix of Figure B
Trang 1814.18 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts – 7 th Edition, Apr 11, 2005
Access Control
privilege
a system call
programs
Trang 19Role-based Access Control in Solaris 10
Trang 2014.20 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts – 7 th Edition, Apr 11, 2005
Revocation of Access Rights
■ Access List – Delete access rights from access list.
■ Capability List – Scheme required to locate capability in the system
before capability can be revoked
● Keys
Trang 21Capability-Based Systems
system
program; system provides access protection for use of these rights
individual storage segments associated with object
through its protected procedures
Trang 2214.22 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts – 7 th Edition, Apr 11, 2005
Language-Based Protection
high-level description of policies for the allocation and use of resources
enforcement when automatic hardware-supported checking is unavailable
protection system is provided by the hardware and the operating system
Trang 23Protection in Java 2
JVM
cannot) perform
the stack is inspected to ensure the operation can be performed by the library
Trang 2414.24 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts – 7 th Edition, Apr 11, 2005
Stack Inspection
Trang 25End of Chapter 14