2. PROTECTION
protection refers to a mechanism for controlling the access of programs, processes,
or users to the resources defined by a computer system.
protection ensures that the resources of the computer are used in a consistent way.
It ensure that each object accessed correctly and only by those processes that are
allowed to do so.
3. ACCESS CONTROL MATRIX
An access control matrix is a protection structure that provides efficient access
to:
Access privileges of users to various files
Access control information for files
users
files
4. ACCESS CONTROL LISTS
ACL of a file is a representation of its access control information:
- Contains the non-null entries that the file’s column would have contained in the
ACM(access control matrix) .
5. CAPABILITY LISTS (C-LISTS)
A C-list represents access privileges of a user to various files in the
system
• Contains the non-null entries that the user’s row in the ACM would have
contained.
6. DOMAIN STRUCTURES
A process operates within a protection domain that specifies the resources that
the process may access.
Each domain defines a set of objects and types of operations that may be
invoked on each object .
The ability to execute an operation on an object is an access right.
7. FOR EXAMPLE:
If domain D has the access right <file f,{read, write}>, then a process executing
in domain D can both read and write file f; it cannot, however, perform any other
operation on that object.
8. CAPABILITIES
Capability is communicable, unforgeable token of authority.
It refers to a value that references an object along with an associated set of
access rights.
A user program on a capability- based operating system must use a capability
to access an object.
9. CAPABILITY BASED SYSTEM
Hydra: fixed set of access rights known to and interpreted by the
system.
analysis of user defined rights performed only by users programs ;
system provides access protection for use of these rights.
10. CAMBRIDGE CAP SYSTEM
Data capability: provides standard read, right, execute of individual storage
segments associated with object.
Software capability: interpretation left to the subsystem , through its protected
procedures.