SlideShare ist ein Scribd-Unternehmen logo

Ch13 protection

Welly Dian Astika
Welly Dian Astika

Sistem Operasi Operating System

BildungTechnologieBusiness
1 von 34
Downloaden Sie, um offline zu lesen
OPERATING SYSTEM Chapter 14: Protection
Chapter 14: Protection • • • • • • • • • Goals of Protection Principles of Protection Domain of Protection Access Matrix Implementation of Access Matrix Access Control Revocation of Access Rights Capability-Based Systems Language-Based Protection
Objectives • Discuss the goals and principles of protection in a modern computer system • Explain how protection domains combined with an access matrix are used to specify the resources a process may access • Examine capability and language-based protection systems
Goals of Protection • In one protection model, computer consists of a collection of objects, hardware or software • Each object has a unique name and can be accessed through a well-defined set of operations • Protection problem - ensure that each object is accessed correctly and only by those processes that are allowed to do so
Principles of Protection • Guiding principle – principle of least privilege – Programs, users and systems should be given just enough privileges to perform their tasks – Limits damage if entity has a bug, gets abused – Can be static (during life of system, during life of process) – Or dynamic (changed by process as needed) – domain switching, privilege escalation – “Need to know” a similar concept regarding access to data
Principles of Protection (Cont.) • Must consider “grain” aspect – Rough-grained privilege management easier, simpler, but least privilege now done in large chunks • For example, traditional Unix processes either have abilities of the associated user, or of root – Fine-grained management more complex, more overhead, but more protective • File ACL lists, RBAC • Domain can be user, process, procedure
Domain Structure • Access-right = <object-name, rights-set> where rights-set is a subset of all valid operations that can be performed on the object • Domain = set of access-rights
Domain Implementation (UNIX) • Domain = user-id • Domain switch accomplished via file system • Each file has associated with it a domain bit (setuid bit) • When file is executed and setuid = on, then user-id is set to owner of the file being executed • When execution completes user-id is reset • Domain switch accomplished via passwords – su command temporarily switches to another user’s domain when other domain’s password provided • Domain switching via commands – sudo command prefix executes specified command in another domain (if original domain has privilege or password given)
Domain Implementation (MULTICS) • Let Di and Dj be any two domain rings • If j < I  Di  Dj
Multics Benefits and Limits • Ring / hierarchical structure provided more than the basic kernel / user or root / normal user design • Fairly complex  more overhead • But does not allow strict need-to-know – Object accessible in Dj but not in Di, then j must be < i – But then every segment accessible in Di also accessible in Dj
Access Matrix • View protection as a matrix (access matrix) • Rows represent domains • Columns represent objects • Access(i, j) is the set of operations that a process executing in Domaini can invoke on Objectj
Access Matrix
Use of Access Matrix • • If a process in Domain Di tries to do “op” on object Oj, then “op” must be in the access matrix User who creates object can define access column for that object Can be expanded to dynamic protection – Operations to add, delete access rights – Special access rights: • owner of Oi • copy op from Oi to Oj (denoted by “*”) • control – Di can modify Dj access rights • transfer – switch from domain Di to Dj – Copy and Owner applicable to an object – Control applicable to domain object
Use of Access Matrix (Cont.) • Access matrix design separates mechanism from policy – Mechanism • Operating system provides access-matrix + rules • If ensures that the matrix is only manipulated by authorized agents and that rules are strictly enforced – Policy • User dictates policy • Who can access what object and in what mode • But doesn’t solve the general confinement problem
Access Matrix of Figure A with Domains as Objects
Access Matrix with Copy Rights
Access Matrix With Owner Rights
Modified Access Matrix of Figure B
Implementation of Access Matrix • Generally, a sparse matrix • Option 1 – Global table – Store ordered triples < domain, object, rights-set > in table – A requested operation M on object Oj within domain Di -> search table for < Di, Oj, Rk > • with M ∈ Rk – But table could be large -> won’t fit in main memory – Difficult to group objects (consider an object that all domains can read) • Option 2 – Access lists for objects – Each column implemented as an access list for one object – Resulting per-object list consists of ordered pairs < domain, rights-set > defining all domains with non-empty set of access rights for the object – Easily extended to contain default set -> If M ∈ default set, also allow access
• Each column = Access-control list for one object Defines who can perform what operation Domain 1 = Read, Write Domain 2 = Read Domain 3 = Read • Each Row = Capability List (like a key) For each domain, what operations allowed on what objects Object F1 – Read Object F4 – Read, Write, Execute Object F5 – Read, Write, Delete, Copy
Implementation of Access Matrix (Cont.) • Option 3 – Capability list for domains – – – – Instead of object-based, list is domain based Capability list for domain is list of objects together with operations allows on them Object represented by its name or address, called a capability Execute operation M on object Oj, process requests operation and specifies capability as parameter • Possession of capability means access is allowed – Capability list associated with domain but never directly accessible by domain • Rather, protected object, maintained by OS and accessed indirectly • Like a “secure pointer” • Idea can be extended up to applications
• Option 4 – Lock-key – – – – Compromise between access lists and capability lists Each object has list of unique bit patterns, called locks Each domain as list of unique bit patterns called keys Process in a domain can only access object if domain has key that matches one of the locks
Comparison of Implementations • Many trade-offs to consider – Global table is simple, but can be large – Access lists correspond to needs of users • Determining set of access rights for domain non-localized so difficult • Every access to an object must be checked – Many objects and access rights -> slow – Capability lists useful for localizing information for a given process • But revocation capabilities can be inefficient – Lock-key effective and flexible, keys can be passed freely from domain to domain, easy revocation
Comparison of Implementations (Cont.) • Most systems use combination of access lists and capabilities – First access to an object  access list searched • If allowed, capability created and attached to process – Additional accesses need not be checked • After last access, capability destroyed • Consider file system with ACLs per file
Access Control • Protection can be applied to non-file resources • Solaris 10 provides role-based access control (RBAC) to implement least privilege – Privilege is right to execute system call or use an option within a system call – Can be assigned to processes – Users assigned roles granting access to privileges and programs • Enable role via password to gain its privileges – Similar to access matrix
Role-based Access Control in Solaris 10
Revocation of Access Rights • Various options to remove the access right of a domain to an object – – – – Immediate vs. delayed Selective vs. general Partial vs. total Temporary vs. permanent • Access List – Delete access rights from access list – Simple – search access list and remove entry – Immediate, general or selective, total or partial, permanent or temporary
Revocation of Access Rights (Cont.) • Capability List – Scheme required to locate capability in the system before capability can be revoked – Reacquisition – periodic delete, with require and denial if revoked – Back-pointers – set of pointers from each object to all capabilities of that object (Multics) – Indirection – capability points to global table entry which points to object – delete entry from global table, not selective (CAL) – Keys – unique bits associated with capability, generated when capability created • Master key associated with object, key matches master key for access • Revocation – create new master key • Policy decision of who can create and modify keys – object owner or others?
Capability-Based Systems • Hydra – Fixed set of access rights known to and interpreted by the system • • • • i.e. read, write, or execute each memory segment User can declare other auxiliary rights and register those with protection system Accessing process must hold capability and know name of operation Rights amplification allowed by trustworthy procedures for a specific type – Interpretation of user-defined rights performed solely by user's program; system provides access protection for use of these rights – Operations on objects defined procedurally – procedures are objects accessed indirectly by capabilities – Solves the problem of mutually suspicious subsystems – Includes library of prewritten security routines
Capability-Based Systems (Cont.) • Cambridge CAP System – Simpler but powerful – Data capability - provides standard read, write, execute of individual storage segments associated with object – implemented in microcode – Software capability - interpretation left to the subsystem, through its protected procedures • Only has access to its own subsystem • Programmers must learn principles and techniques of protection
Language-Based Protection • Specification of protection in a programming language allows the high-level description of policies for the allocation and use of resources • Language implementation can provide software for protection enforcement when automatic hardware-supported checking is unavailable • Interpret protection specifications to generate calls on whatever protection system is provided by the hardware and the operating system
Protection in Java 2 • Protection is handled by the Java Virtual Machine (JVM) • A class is assigned a protection domain when it is loaded by the JVM • The protection domain indicates what operations the class can (and cannot) perform • If a library method is invoked that performs a privileged operation, the stack is inspected to ensure the operation can be performed by the library
Stack Inspection
End of Chapter 13

Empfohlen

Kernel security Concepts
Kernel security ConceptsKernel security Concepts
Kernel security ConceptsMohit Saxena
 
OSCh18
OSCh18OSCh18
OSCh18Joe Christensen
 
Kernel security of Systems
Kernel security of SystemsKernel security of Systems
Kernel security of SystemsJamal Jamali
 
Services and system calls
Services and system callsServices and system calls
Services and system callssangrampatil81
 
OSCh21
OSCh21OSCh21
OSCh21Joe Christensen
 
OS Internals and Portable Executable File Format
OS Internals and Portable Executable File FormatOS Internals and Portable Executable File Format
OS Internals and Portable Executable File FormatAitezaz Mohsin
 
Unix SVR4/OpenSolaris and allumos Access Control
Unix SVR4/OpenSolaris and allumos Access ControlUnix SVR4/OpenSolaris and allumos Access Control
Unix SVR4/OpenSolaris and allumos Access ControlSalem Elbargathy
 
Os
OsOs
OsSushma Shinde
 

Empfohlen

Kernel security Concepts
Kernel security ConceptsKernel security Concepts
Kernel security ConceptsMohit Saxena
 
OSCh18
OSCh18OSCh18
OSCh18Joe Christensen
 
Kernel security of Systems
Kernel security of SystemsKernel security of Systems
Kernel security of SystemsJamal Jamali
 
Services and system calls
Services and system callsServices and system calls
Services and system callssangrampatil81
 
OSCh21
OSCh21OSCh21
OSCh21Joe Christensen
 
OS Internals and Portable Executable File Format
OS Internals and Portable Executable File FormatOS Internals and Portable Executable File Format
OS Internals and Portable Executable File FormatAitezaz Mohsin
 
Unix SVR4/OpenSolaris and allumos Access Control
Unix SVR4/OpenSolaris and allumos Access ControlUnix SVR4/OpenSolaris and allumos Access Control
Unix SVR4/OpenSolaris and allumos Access ControlSalem Elbargathy
 
Os
OsOs
OsSushma Shinde
 
E3 chap-03
E3 chap-03E3 chap-03
E3 chap-03Welly Dian Astika
 
E3 chap-20
E3 chap-20E3 chap-20
E3 chap-20Welly Dian Astika
 
Ch11 file system implementation
Ch11 file system implementationCh11 file system implementation
Ch11 file system implementationWelly Dian Astika
 
E3 chap-04
E3 chap-04E3 chap-04
E3 chap-04Welly Dian Astika
 
E3 chap-11
E3 chap-11E3 chap-11
E3 chap-11Welly Dian Astika
 
Ch8 main memory
Ch8 main memoryCh8 main memory
Ch8 main memoryWelly Dian Astika
 
App c
App cApp c
App cWelly Dian Astika
 
Imk pertemuan-1
Imk pertemuan-1Imk pertemuan-1
Imk pertemuan-1Welly Dian Astika
 
Peubah acak-kontinu
Peubah acak-kontinuPeubah acak-kontinu
Peubah acak-kontinuWelly Dian Astika
 
Sebaran peluang-bersama
Sebaran peluang-bersamaSebaran peluang-bersama
Sebaran peluang-bersamaWelly Dian Astika
 
E3 chap-06
E3 chap-06E3 chap-06
E3 chap-06Welly Dian Astika
 
Ch22
Ch22Ch22
Ch22Welly Dian Astika
 
Ch2
Ch2Ch2
Ch2Welly Dian Astika
 
Ch15
Ch15Ch15
Ch15Welly Dian Astika
 
Hci [6]interaction design
Hci [6]interaction designHci [6]interaction design
Hci [6]interaction designWelly Dian Astika
 
Ch12
Ch12Ch12
Ch12Welly Dian Astika
 
Ch6 cpu scheduling
Ch6 cpu schedulingCh6 cpu scheduling
Ch6 cpu schedulingWelly Dian Astika
 
Ch17
Ch17Ch17
Ch17Welly Dian Astika
 
Ch1
Ch1Ch1
Ch1Welly Dian Astika
 
Os8
Os8Os8
Os8gopal10scs185
 
Os8
Os8Os8
Os8gopal10scs185
 
Protection
ProtectionProtection
ProtectionMohanlal Sukhadia University (MLSU)
 

Weitere ähnliche Inhalte

Andere mochten auch

Ch11 file system implementation
Ch11 file system implementationCh11 file system implementation
Ch11 file system implementationWelly Dian Astika
 

Andere mochten auch (19)

E3 chap-03
E3 chap-03E3 chap-03
E3 chap-03
 
E3 chap-20
E3 chap-20E3 chap-20
E3 chap-20
 
Ch11 file system implementation
Ch11 file system implementationCh11 file system implementation
Ch11 file system implementation
 
E3 chap-04
E3 chap-04E3 chap-04
E3 chap-04
 
E3 chap-11
E3 chap-11E3 chap-11
E3 chap-11
 
Ch8 main memory
Ch8 main memoryCh8 main memory
Ch8 main memory
 
App c
App cApp c
App c
 
Imk pertemuan-1
Imk pertemuan-1Imk pertemuan-1
Imk pertemuan-1
 
Peubah acak-kontinu
Peubah acak-kontinuPeubah acak-kontinu
Peubah acak-kontinu
 
Sebaran peluang-bersama
Sebaran peluang-bersamaSebaran peluang-bersama
Sebaran peluang-bersama
 
E3 chap-06
E3 chap-06E3 chap-06
E3 chap-06
 
Ch22
Ch22Ch22
Ch22
 
Ch2
Ch2Ch2
Ch2
 
Ch15
Ch15Ch15
Ch15
 
Hci [6]interaction design
Hci [6]interaction designHci [6]interaction design
Hci [6]interaction design
 
Ch12
Ch12Ch12
Ch12
 
Ch6 cpu scheduling
Ch6 cpu schedulingCh6 cpu scheduling
Ch6 cpu scheduling
 
Ch17
Ch17Ch17
Ch17
 
Ch1
Ch1Ch1
Ch1
 

Ähnlich wie Ch13 protection

access-control-basics-murat-kantarcioglu.pdf
access-control-basics-murat-kantarcioglu.pdfaccess-control-basics-murat-kantarcioglu.pdf
access-control-basics-murat-kantarcioglu.pdfNohaNagy5
 
Least privilege, access control, operating system security
Least privilege, access control, operating system securityLeast privilege, access control, operating system security
Least privilege, access control, operating system securityG Prachi
 
Protection Domain and Access Matrix Model -Operating System
Protection Domain and Access Matrix Model -Operating SystemProtection Domain and Access Matrix Model -Operating System
Protection Domain and Access Matrix Model -Operating SystemLalfakawmaKh
 
Top school in noida
Top school in noidaTop school in noida
Top school in noidaEdhole.com
 
Week No 13 Access Control Part 1.pptx
Week No 13 Access Control Part 1.pptxWeek No 13 Access Control Part 1.pptx
Week No 13 Access Control Part 1.pptxXhamiiiCH
 
Ch18 OS
Ch18 OSCh18 OS
Ch18 OSC.U
 
21CSC202J Operating Systems-Unit-V.pptx.pdf
21CSC202J Operating Systems-Unit-V.pptx.pdf21CSC202J Operating Systems-Unit-V.pptx.pdf
21CSC202J Operating Systems-Unit-V.pptx.pdfanusri1904
 
Creating a fortress in your active directory environment
Creating a fortress in your active directory environmentCreating a fortress in your active directory environment
Creating a fortress in your active directory environmentDavid Rowe
 
OperatingSystem.ppt
OperatingSystem.pptOperatingSystem.ppt
OperatingSystem.pptKaivanParikh
 
File Protection in Operating System
File Protection in Operating SystemFile Protection in Operating System
File Protection in Operating SystemMeghaj Mallick
 
Week 13, Protection and Security.ppt
Week 13, Protection and Security.pptWeek 13, Protection and Security.ppt
Week 13, Protection and Security.pptPriyadarshiSharma7
 

Ähnlich wie Ch13 protection (20)

Os8
Os8Os8
Os8
 
Os8
Os8Os8
Os8
 
Protection
ProtectionProtection
Protection
 
access-control-basics-murat-kantarcioglu.pdf
access-control-basics-murat-kantarcioglu.pdfaccess-control-basics-murat-kantarcioglu.pdf
access-control-basics-murat-kantarcioglu.pdf
 
Least privilege, access control, operating system security
Least privilege, access control, operating system securityLeast privilege, access control, operating system security
Least privilege, access control, operating system security
 
Protection Domain and Access Matrix Model -Operating System
Protection Domain and Access Matrix Model -Operating SystemProtection Domain and Access Matrix Model -Operating System
Protection Domain and Access Matrix Model -Operating System
 
Chapter 14 - Protection
Chapter 14 - ProtectionChapter 14 - Protection
Chapter 14 - Protection
 
Topic 7 access control
Topic 7 access controlTopic 7 access control
Topic 7 access control
 
Top school in noida
Top school in noidaTop school in noida
Top school in noida
 
Week No 13 Access Control Part 1.pptx
Week No 13 Access Control Part 1.pptxWeek No 13 Access Control Part 1.pptx
Week No 13 Access Control Part 1.pptx
 
Mcts chapter 4
Mcts chapter 4Mcts chapter 4
Mcts chapter 4
 
L-3.1.1 (1).pptx
L-3.1.1 (1).pptxL-3.1.1 (1).pptx
L-3.1.1 (1).pptx
 
Ch18 OS
Ch18 OSCh18 OS
Ch18 OS
 
OS_Ch18
OS_Ch18OS_Ch18
OS_Ch18
 
21CSC202J Operating Systems-Unit-V.pptx.pdf
21CSC202J Operating Systems-Unit-V.pptx.pdf21CSC202J Operating Systems-Unit-V.pptx.pdf
21CSC202J Operating Systems-Unit-V.pptx.pdf
 
Creating a fortress in your active directory environment
Creating a fortress in your active directory environmentCreating a fortress in your active directory environment
Creating a fortress in your active directory environment
 
OperatingSystem.ppt
OperatingSystem.pptOperatingSystem.ppt
OperatingSystem.ppt
 
OperatingSystem.ppt
OperatingSystem.pptOperatingSystem.ppt
OperatingSystem.ppt
 
File Protection in Operating System
File Protection in Operating SystemFile Protection in Operating System
File Protection in Operating System
 
Week 13, Protection and Security.ppt
Week 13, Protection and Security.pptWeek 13, Protection and Security.ppt
Week 13, Protection and Security.ppt
 

Kürzlich hochgeladen

IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...PsychoTech Services
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfAyushMahapatra5
 

Kürzlich hochgeladen (20)

IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 

Ch13 protection

  • 2. Chapter 14: Protection • • • • • • • • • Goals of Protection Principles of Protection Domain of Protection Access Matrix Implementation of Access Matrix Access Control Revocation of Access Rights Capability-Based Systems Language-Based Protection
  • 3. Objectives • Discuss the goals and principles of protection in a modern computer system • Explain how protection domains combined with an access matrix are used to specify the resources a process may access • Examine capability and language-based protection systems
  • 4. Goals of Protection • In one protection model, computer consists of a collection of objects, hardware or software • Each object has a unique name and can be accessed through a well-defined set of operations • Protection problem - ensure that each object is accessed correctly and only by those processes that are allowed to do so
  • 5. Principles of Protection • Guiding principle – principle of least privilege – Programs, users and systems should be given just enough privileges to perform their tasks – Limits damage if entity has a bug, gets abused – Can be static (during life of system, during life of process) – Or dynamic (changed by process as needed) – domain switching, privilege escalation – “Need to know” a similar concept regarding access to data
  • 6. Principles of Protection (Cont.) • Must consider “grain” aspect – Rough-grained privilege management easier, simpler, but least privilege now done in large chunks • For example, traditional Unix processes either have abilities of the associated user, or of root – Fine-grained management more complex, more overhead, but more protective • File ACL lists, RBAC • Domain can be user, process, procedure
  • 7. Domain Structure • Access-right = <object-name, rights-set> where rights-set is a subset of all valid operations that can be performed on the object • Domain = set of access-rights
  • 8. Domain Implementation (UNIX) • Domain = user-id • Domain switch accomplished via file system • Each file has associated with it a domain bit (setuid bit) • When file is executed and setuid = on, then user-id is set to owner of the file being executed • When execution completes user-id is reset • Domain switch accomplished via passwords – su command temporarily switches to another user’s domain when other domain’s password provided • Domain switching via commands – sudo command prefix executes specified command in another domain (if original domain has privilege or password given)
  • 9. Domain Implementation (MULTICS) • Let Di and Dj be any two domain rings • If j < I  Di  Dj
  • 10. Multics Benefits and Limits • Ring / hierarchical structure provided more than the basic kernel / user or root / normal user design • Fairly complex  more overhead • But does not allow strict need-to-know – Object accessible in Dj but not in Di, then j must be < i – But then every segment accessible in Di also accessible in Dj
  • 11. Access Matrix • View protection as a matrix (access matrix) • Rows represent domains • Columns represent objects • Access(i, j) is the set of operations that a process executing in Domaini can invoke on Objectj
  • 13. Use of Access Matrix • • If a process in Domain Di tries to do “op” on object Oj, then “op” must be in the access matrix User who creates object can define access column for that object Can be expanded to dynamic protection – Operations to add, delete access rights – Special access rights: • owner of Oi • copy op from Oi to Oj (denoted by “*”) • control – Di can modify Dj access rights • transfer – switch from domain Di to Dj – Copy and Owner applicable to an object – Control applicable to domain object
  • 14. Use of Access Matrix (Cont.) • Access matrix design separates mechanism from policy – Mechanism • Operating system provides access-matrix + rules • If ensures that the matrix is only manipulated by authorized agents and that rules are strictly enforced – Policy • User dictates policy • Who can access what object and in what mode • But doesn’t solve the general confinement problem
  • 15. Access Matrix of Figure A with Domains as Objects
  • 16. Access Matrix with Copy Rights
  • 17. Access Matrix With Owner Rights
  • 18. Modified Access Matrix of Figure B
  • 19. Implementation of Access Matrix • Generally, a sparse matrix • Option 1 – Global table – Store ordered triples < domain, object, rights-set > in table – A requested operation M on object Oj within domain Di -> search table for < Di, Oj, Rk > • with M ∈ Rk – But table could be large -> won’t fit in main memory – Difficult to group objects (consider an object that all domains can read) • Option 2 – Access lists for objects – Each column implemented as an access list for one object – Resulting per-object list consists of ordered pairs < domain, rights-set > defining all domains with non-empty set of access rights for the object – Easily extended to contain default set -> If M ∈ default set, also allow access
  • 20. • Each column = Access-control list for one object Defines who can perform what operation Domain 1 = Read, Write Domain 2 = Read Domain 3 = Read • Each Row = Capability List (like a key) For each domain, what operations allowed on what objects Object F1 – Read Object F4 – Read, Write, Execute Object F5 – Read, Write, Delete, Copy
  • 21. Implementation of Access Matrix (Cont.) • Option 3 – Capability list for domains – – – – Instead of object-based, list is domain based Capability list for domain is list of objects together with operations allows on them Object represented by its name or address, called a capability Execute operation M on object Oj, process requests operation and specifies capability as parameter • Possession of capability means access is allowed – Capability list associated with domain but never directly accessible by domain • Rather, protected object, maintained by OS and accessed indirectly • Like a “secure pointer” • Idea can be extended up to applications
  • 22. • Option 4 – Lock-key – – – – Compromise between access lists and capability lists Each object has list of unique bit patterns, called locks Each domain as list of unique bit patterns called keys Process in a domain can only access object if domain has key that matches one of the locks
  • 23. Comparison of Implementations • Many trade-offs to consider – Global table is simple, but can be large – Access lists correspond to needs of users • Determining set of access rights for domain non-localized so difficult • Every access to an object must be checked – Many objects and access rights -> slow – Capability lists useful for localizing information for a given process • But revocation capabilities can be inefficient – Lock-key effective and flexible, keys can be passed freely from domain to domain, easy revocation
  • 24. Comparison of Implementations (Cont.) • Most systems use combination of access lists and capabilities – First access to an object  access list searched • If allowed, capability created and attached to process – Additional accesses need not be checked • After last access, capability destroyed • Consider file system with ACLs per file
  • 25. Access Control • Protection can be applied to non-file resources • Solaris 10 provides role-based access control (RBAC) to implement least privilege – Privilege is right to execute system call or use an option within a system call – Can be assigned to processes – Users assigned roles granting access to privileges and programs • Enable role via password to gain its privileges – Similar to access matrix
  • 26. Role-based Access Control in Solaris 10
  • 27. Revocation of Access Rights • Various options to remove the access right of a domain to an object – – – – Immediate vs. delayed Selective vs. general Partial vs. total Temporary vs. permanent • Access List – Delete access rights from access list – Simple – search access list and remove entry – Immediate, general or selective, total or partial, permanent or temporary
  • 28. Revocation of Access Rights (Cont.) • Capability List – Scheme required to locate capability in the system before capability can be revoked – Reacquisition – periodic delete, with require and denial if revoked – Back-pointers – set of pointers from each object to all capabilities of that object (Multics) – Indirection – capability points to global table entry which points to object – delete entry from global table, not selective (CAL) – Keys – unique bits associated with capability, generated when capability created • Master key associated with object, key matches master key for access • Revocation – create new master key • Policy decision of who can create and modify keys – object owner or others?
  • 29. Capability-Based Systems • Hydra – Fixed set of access rights known to and interpreted by the system • • • • i.e. read, write, or execute each memory segment User can declare other auxiliary rights and register those with protection system Accessing process must hold capability and know name of operation Rights amplification allowed by trustworthy procedures for a specific type – Interpretation of user-defined rights performed solely by user's program; system provides access protection for use of these rights – Operations on objects defined procedurally – procedures are objects accessed indirectly by capabilities – Solves the problem of mutually suspicious subsystems – Includes library of prewritten security routines
  • 30. Capability-Based Systems (Cont.) • Cambridge CAP System – Simpler but powerful – Data capability - provides standard read, write, execute of individual storage segments associated with object – implemented in microcode – Software capability - interpretation left to the subsystem, through its protected procedures • Only has access to its own subsystem • Programmers must learn principles and techniques of protection
  • 31. Language-Based Protection • Specification of protection in a programming language allows the high-level description of policies for the allocation and use of resources • Language implementation can provide software for protection enforcement when automatic hardware-supported checking is unavailable • Interpret protection specifications to generate calls on whatever protection system is provided by the hardware and the operating system
  • 32. Protection in Java 2 • Protection is handled by the Java Virtual Machine (JVM) • A class is assigned a protection domain when it is loaded by the JVM • The protection domain indicates what operations the class can (and cannot) perform • If a library method is invoked that performs a privileged operation, the stack is inspected to ensure the operation can be performed by the library