COMP 314 - U4C14

Operating System Concepts, Seventh Edition

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
COMP 314 – Unit 4 Chapter 14 (Protection) Goals of Protection (532) Mechanisms differ from policies. Mechanisms determine how something will be done. Policies determine what will be done. Principles of Protection Principle of Least Privilege Dictates that programs, users, or even system be given just enough privileges to perform their task. Minimizes damage that can be done. Domain of Protection (533) A computer system is a collection of objects and processes – objects being both software and hardware. Objects each have a unique name and each can be access through well defined and meaningful operations. The operations depend on the object. A process should be allowed to access only those resources for which it has authorization. Domain Structure (534) To facilitate this scheme, a process operates within a protection domain , which specifies the resources that the process may access. Each domain defines a set of objects and teh types of operations that may be invoked on each object. The ability to execute an operation is known as access rights. A domain is a collection of access rights, each of which is an ordered pair (object-right set). Domains do not need to be disjointed, but can share rights. Access rights can be either static – fixed throughout the lifespan of the object – or dynamic. If an association is dynamic, a mechanism is available to allow domain switching.(535) A domain can be realized in several ways: Each user may be a domain – domain switching is occurs when switching a user. Each process may be a domain – domain switching occurs when one process sends a message to another and waits for a response. Each procedure may be a domain – domain switching occurs when a procedure call is made. In a multi-programmed OS, two protection domains are insufficient. Users also want to be protected from one another. Access Matrix (538) Our model of protection can be viewed abstractly as a matrix, called an access matrix. The rows of the access matrix represent domains, and the columns represent objects. The access-matrix scheme provides us with a mechanism for specifying a variety of policies. Allowing controlled change in the contents of the access-matrix entries requires three additional operations: copy, owner and control. (540) The ability to copy an access right from one domain (or row) of the access matrix to another is denoted by an asterisk appended to the access right. This scheme has two variants: A right is copied from access (i,j) to access (k,j); it is then removed from access (i,j). Propagation of the copy right may be limited. Thus, the copied access may lose the ability to copy itself further.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 3

COMP 314 - U4C14 - COMP 314 Unit 4 Chapter 14 (Protection)...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online