Upload
anupmasangwan
View
218
Download
0
Embed Size (px)
Citation preview
8/8/2019 AnupmaSangwan OS 8
http://slidepdf.com/reader/full/anupmasangwan-os-8 1/19
Protection
Goals of Protection
Domain of ProtectionAccess Matrix
Implementation of Access Matrix
Revocation of Access RightsCapability-Based Systems
Language-Based Protection
8/8/2019 AnupmaSangwan OS 8
http://slidepdf.com/reader/full/anupmasangwan-os-8 2/19
Protection
Operating system consists of a collection of
objects, hardware or software
Each object has a unique name and can be
accessed through a well-defined set of
operations.
Protection problem - ensure that each object
is accessed correctly and only by those
processes that are allowed to do so.
8/8/2019 AnupmaSangwan OS 8
http://slidepdf.com/reader/full/anupmasangwan-os-8 3/19
Goals of Protection
In multiprogramming system ,the
operating system should enable theuser to safely share a common logical
& physical address space.
Ensure fair and reliable resourceusage.
8/8/2019 AnupmaSangwan OS 8
http://slidepdf.com/reader/full/anupmasangwan-os-8 4/19
Domain Structure
Access-right = <object-name, rights-set>
where rights-set is a subset of all valid
operations that can be performed on the object.
Domain = set of access-rights
8/8/2019 AnupmaSangwan OS 8
http://slidepdf.com/reader/full/anupmasangwan-os-8 5/19
Continued«Domain can be realized a variety of ways:
User
Process
Procedure
8/8/2019 AnupmaSangwan OS 8
http://slidepdf.com/reader/full/anupmasangwan-os-8 6/19
Access Matrix
View protection as a matrix (access matrix )
Rows represent domains
Columns represent objects
Access(i, j) is the set of operations that a
process executing in Domaini can invoke on
Object j
8/8/2019 AnupmaSangwan OS 8
http://slidepdf.com/reader/full/anupmasangwan-os-8 7/19
Access Matrix
Figure A
8/8/2019 AnupmaSangwan OS 8
http://slidepdf.com/reader/full/anupmasangwan-os-8 8/19
Use of Access Matrix
If a process in Domain Di tries to do ´opµ on
object O j, then ´opµ must be in the access
matrix.
Can be expanded to dynamic protection.
Operations to add, delete access rights.
Special access rights: owner of Oi
copy op from Oi to O j
control ² Di can modify D j access rights
transfer ² switch from domain Di to D j
8/8/2019 AnupmaSangwan OS 8
http://slidepdf.com/reader/full/anupmasangwan-os-8 9/19
Use of Access Matrix (Cont.)
Access matrix design separates mechanism
from policy.
Mechanism Operating system provides access-matrix + rules.
If ensures that the matrix is only manipulated by
authorized agents and that rules are strictly enforced.
Policy User dictates policy.
Who can access what object and in what mode.
8/8/2019 AnupmaSangwan OS 8
http://slidepdf.com/reader/full/anupmasangwan-os-8 10/19
Access Matrix of Figure A With Domains as Objects
Figure B
8/8/2019 AnupmaSangwan OS 8
http://slidepdf.com/reader/full/anupmasangwan-os-8 11/19
Access Matrix with Copy Rights
8/8/2019 AnupmaSangwan OS 8
http://slidepdf.com/reader/full/anupmasangwan-os-8 12/19
Access Matrix With Owner Rights
8/8/2019 AnupmaSangwan OS 8
http://slidepdf.com/reader/full/anupmasangwan-os-8 13/19
Modified Access Matrix of Figure
B
8/8/2019 AnupmaSangwan OS 8
http://slidepdf.com/reader/full/anupmasangwan-os-8 14/19
Implementation of Access Matrix
Global Table:Simplest
Consists set of ordered triples
<domain,object,right-set>Table is usually large so cant kept in memory.
Access List for Objects
Each column can be implemented as an Access Listfor Objects
Empty entries can be discarded
<domain, right-set>
8/8/2019 AnupmaSangwan OS 8
http://slidepdf.com/reader/full/anupmasangwan-os-8 15/19
Each column = Access-control list for one object
Defines who can perform what operation.
Domain 1 = Read, Write
Domain 2 = Read
Domain 3 = Read1
Each Row = Capability List (like a key)
Fore each domain, what operations allowed on what
objects.Object 1 ² Read
Object 4 ² Read, Write, Execute
Object 5 ² Read, Write, Delete, Copy
8/8/2019 AnupmaSangwan OS 8
http://slidepdf.com/reader/full/anupmasangwan-os-8 16/19
Continued..
Capability List for DomainsHere we can associate each row with its domain.
Capability List for Domains is a list of objects together with
the operation allowed on those objects.
Objects is represented by its physical name /address called
capability.
Capability List is associated with domain never directly
accessible to process executing in that domain rather, it is
itself a protected object ,maintained by OS.
A Lock key MechanismCompromise b/w access list & capability.
Each object has a list of unique bit pattern called locks.
Each domain has a list of unique bit pattern called key.
8/8/2019 AnupmaSangwan OS 8
http://slidepdf.com/reader/full/anupmasangwan-os-8 17/19
Revocation of Access Rights
Access List ² Delete access rights fromaccess list.
Simple
Immediate
Capability List ² Scheme required to locate
capability in the system before capability can
be revoked.
Reacquisition
Back-pointers
Indirection
Keys
8/8/2019 AnupmaSangwan OS 8
http://slidepdf.com/reader/full/anupmasangwan-os-8 18/19
Language-Based Protection
Specification of protection in a programming
language allows the high-level description of
policies for the allocation and use of resources.
Language implementation can provide softwarefor protection enforcement when automatic
hardware-supported checking is unavailable.
Interpret protection specifications to generatecalls on whatever protection system is provided
by the hardware and the operating system.
8/8/2019 AnupmaSangwan OS 8
http://slidepdf.com/reader/full/anupmasangwan-os-8 19/19
Protection in Java 2
Protection is handled by the Java VirtualMachine (JVM)
A class is assigned a protection domain when it
is loaded by the JVM.The protection domain indicates what
operations the class can (and cannot) perform.
If a library method is invoked that performs aprivileged operation, the stack is inspected to
ensure the operation can be performed by the
library.