Post on 06-Jan-2017
Protection and securityBaljit Singh Saini
Why protectionTo prevent violation of an access restriction
of userTo ensure every program component in a
system uses resources in an intended manner only
Principle of least privilegeIt dictates that programs, users and even
systems be given just enough privileges to perform their tasks.
Domain of protectionComputer system is a collection of
ProcessesObjects – hardware or software
Each object has a unique name – for identificationWell defined operations – for access
E.g.CPU – can only executeMemory segments – read and writeData files – created, opened, read, written, closed
and deleted
Domain StructureProtection domain specifies the resources that the
process may access.Access right – ability to execute an operation on an object
Domain defines a set of objects and types of operations that may be invoked on each object.
Domain is a collection of access rights, each of which is an ordered pair <object-name, rights-set>.
E.g. domain D has the access right <file F, {right,write}> Means any process executing in domain D can both read
and write in file F
Example
A domain can be realized in a variety of ways:1. Each user can be a domain2. Each process can be a domain3. Each procedure can be a domain
Access MatrixView protection as a matrix (access matrix)Rows represent domainsColumns represent objectsAccess(i, j) is the set of operations that a process
executing in Domaini can invoke on Objectj
Access matrix with domains as objectsProcess from one domain can switch to
another domain
Access matrix with copy rightsA copy right allows
the access right to be copied only within the column.
Denoted by *A process executing
in domain D2 can copy the read operation into any entry associated with file F2.
Access matrix with owner rightsOwner right –
permission to add new rights or remove some rights
If access(I,j) includes the owner right, then a a process executing in domain Di can add and remove any right in any entry in column j.
Access matrix with control right
System and Network threatsWormsPort scanningDenial of service
User authenticationPasswords
Password vulnerabilitiesOne time passwordsBiometrics
ReferencesSilberschatz, Abraham, et al. Operating
system concepts. Edition-8. Reading: Addison-Wesley