TAILIEUCHUNG - Operating System Concepts ppt (18)
Module 18: Protection Goals of Protection. Domain of Protection. Access Matrix. Implementation of Access Matrix. Revocation of Access Rights. Capability-Based Systems. Language-Based Protection. Silberschatz, Galvin and Gagne 2002Protection Operating system consists of a collection of objects,. hardware or software Each object has a unique name and can be accessed. through a well-defined set of operations. Protection problem - ensure that each object is accessed. correctly and only by those processes that are allowed to. do so Silberschatz, Galvin and Gagne 2002Domain Structure Access-right = . where rights-set is a subset of all valid operations that. can be performed on the object. Domain = set of access-rights. Silberschatz, Galvin and Gagne 2002Domain Implementation (UNIX) System consists of 2 domains:. User. Supervisor UNIX. Domain = user-id. Domain switch accomplished via file system Each file has associated with it a domain bit (setuid bit) When file is executed and setuid = on, then user-id is. set to owner of the file being executed. When execution. completes user-id is reset Silberschatz, Galvin and Gagne 2002Domain Implementation (Multics) Let Di and Dj be any two domain rings If j < I Di Dj. Multics Rings. Silberschatz, Galvin and Gagne 2002Access Matrix View protection as a matrix (access matrix) Rows represent domains Columns represent objects Access(i, j) is the set of operations that a process. executing in Domaini can invoke on Objectj. Silberschatz, Galvin and Gagne 2002Access Matrix. Figure A Silberschatz, Galvin and Gagne 2002Use of Access Matrix If a process in Domain Di tries to do “op” on object Oj,. then “op” must be in the access matrix. Can be expanded to dynamic protection Operations to add, delete access rights Special access rights:. owner of Oi. copy op from Oi to Oj. control – Di can modify Dj access rights. transfer – switch from domain Di to Dj. Silberschatz, Galvin and Gagne 2002Use of Access Matrix (Cont.) Access matrix design separates mechanism from policy Mechanism. Operating system provides access-matrix + rules If ensures that the matrix is only manipulated by. authorized agents and that rules are strictly enforced Policy. User dictates policy Who can access what object and in what mode Silberschatz, Galvin and Gagne 2002Implementation of Access Matrix Each column = Access-control list for one object. Defines who can perform what operation. Domain 1 = Read, Write. Domain 2 = Read. Domain 3 = Read . Each Row = Capability List (like a key). Fore each domain, what operations allowed on what. objects Object 1 – Read. Object 4 – Read, Write, Execute. Object 5 – Read, Write, Delete, Copy. Silberschatz, Galvin and Gagne 2002Access Matrix of Figure A With Domains as Objects. Figure B Silberschatz, Galvin and Gagne 2002Access Matrix with Copy Rights. Silberschatz, Galvin and Gagne 2002Access Matrix With Owner Rights. Silberschatz, Galvin and Gagne 2002Modified Access Matrix of Figure B. Silberschatz, Galvin and Gagne 2002Revocation of Access Rights Access List –
đang nạp các trang xem trước
