Basic concepts and terminologies two primitive

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: mputer systems, it is customary to use the following terms: 1. Objects. An object is an entity to which access must be controlled. An object may be an abstract entity, such as a process, a file, a database, a tree data structure, or a physical entity, such as a CPU, a memory segment, a printer, and a tape drive. Each object has a unique name that differentiates it from all other objects in the system. An object is referenced by its unique name. In addition, associated with each object is a "type" that determines the set of operations that may be performed on it. For example, the set of operations possible on objects belonging to the type "data file" may be Open, Close, Create, Delete, Read, and Write, whereas for objects belonging to the type "program file," the set of possible operations may be Read, Write, and Execute. 2. Subjects. A subject is an active entity whose access to objects must be controlled. That is, entities wishing to access and perform operations on objects and to which access authorizations are granted are called subjects. Examples of subjects are processes and users. 3. Protection rules. Protection rules define the possible ways in which subjects and objects are allowed to interact. That is, protection rules govern the subjects' access to objects. Therefore, associated with each (subject, object) pair is an access right that defines the subset of the set of possible operations for the object type that the subject may perform on the object. The complete set of access rights of a system defines which subjects can perform what operations on which objects. At any particular instance of time, this set defines the protection state of the system at that time. With the above mentioned concepts, access to objects by subjects is controlled in the following manner. Suppose a subject S requests for an access r on object O, where r belongs to the set of operations that may be performed on 0. To validate this access request, the access control modules of the security system check whether access r i...
View Full Document

This document was uploaded on 04/07/2014.

Ask a homework question - tutors are online