AnupmaSangwan OS 8

8/8/2019 AnupmaSangwan OS 8

http://slidepdf.com/reader/full/anupmasangwan-os-8 1/19

Protection

Goals of Protection

Domain of ProtectionAccess Matrix

Implementation of Access Matrix

Revocation of Access RightsCapability-Based Systems

Language-Based Protection



Protection

Operating system consists of a collection of

objects, hardware or software

Each object has a unique name and can be

accessed through a well-defined set of

operations.

Protection problem - ensure that each object

is accessed correctly and only by those

processes that are allowed to do so.



Goals of Protection

In multiprogramming system ,the

operating system should enable theuser to safely share a common logical

& physical address space.

Ensure fair and reliable resourceusage.



Domain Structure

Access-right = <object-name, rights-set>

where rights-set is a subset of all valid

operations that can be performed on the object.

Domain = set of access-rights



Continued«Domain can be realized a variety of ways:

User

Process

Procedure



Access Matrix

View protection as a matrix (access matrix )

Rows represent domains

Columns represent objects

Access(i, j) is the set of operations that a

process executing in Domaini can invoke on

Object j



Access Matrix

Figure A



Use of Access Matrix

If a process in Domain Di tries to do ´opµ on

object O j, then ´opµ must be in the access

matrix.

Can be expanded to dynamic protection.

Operations to add, delete access rights.

Special access rights: owner of Oi

copy op from Oi to O j

control ² Di can modify D j access rights

transfer ² switch from domain Di to D j



Use of Access Matrix (Cont.)

Access matrix design separates mechanism

from policy.

Mechanism Operating system provides access-matrix + rules.

If ensures that the matrix is only manipulated by

authorized agents and that rules are strictly enforced.

Policy User dictates policy.

Who can access what object and in what mode.



Access Matrix of Figure A With Domains as Objects

Figure B



Access Matrix with Copy Rights



Access Matrix With Owner Rights



Modified Access Matrix of Figure

B



Implementation of Access Matrix

Global Table:Simplest

Consists set of ordered triples

<domain,object,right-set>Table is usually large so cant kept in memory.

Access List for Objects

Each column can be implemented as an Access Listfor Objects

Empty entries can be discarded

<domain, right-set>



Each column = Access-control list for one object

Defines who can perform what operation.

Domain 1 = Read, Write

Domain 2 = Read

Domain 3 = Read1

Each Row = Capability List (like a key)

Fore each domain, what operations allowed on what

objects.Object 1 ² Read

Object 4 ² Read, Write, Execute

Object 5 ² Read, Write, Delete, Copy



Continued..

Capability List for DomainsHere we can associate each row with its domain.

Capability List for Domains is a list of objects together with

the operation allowed on those objects.

Objects is represented by its physical name /address called

capability.

Capability List is associated with domain never directly

accessible to process executing in that domain rather, it is

itself a protected object ,maintained by OS.

A Lock key MechanismCompromise b/w access list & capability.

Each object has a list of unique bit pattern called locks.

Each domain has a list of unique bit pattern called key.



Revocation of Access Rights

Access List ² Delete access rights fromaccess list.

Simple

Immediate

Capability List ² Scheme required to locate

capability in the system before capability can

be revoked.

Reacquisition

Back-pointers

Indirection

Keys



Language-Based Protection

Specification of protection in a programming

language allows the high-level description of

policies for the allocation and use of resources.

Language implementation can provide softwarefor protection enforcement when automatic

hardware-supported checking is unavailable.

Interpret protection specifications to generatecalls on whatever protection system is provided

by the hardware and the operating system.



Protection in Java 2

Protection is handled by the Java VirtualMachine (JVM)

A class is assigned a protection domain when it

is loaded by the JVM.The protection domain indicates what

operations the class can (and cannot) perform.

If a library method is invoked that performs aprivileged operation, the stack is inspected to

ensure the operation can be performed by the

library.

Documents

AnupmaSangwan OS 8