This preview shows page 1. Sign up to view the full content.
Unformatted text preview: mputer systems, it is customary to use the
1. Objects. An object is an entity to which access must be controlled. An object
may be an abstract entity, such as a process, a file, a database, a tree data structure,
or a physical entity, such as a CPU, a memory segment, a printer, and a tape drive.
Each object has a unique name that differentiates it from all other objects in the
system. An object is referenced by its unique name. In addition, associated with
each object is a "type" that determines the set of operations that may be performed
on it. For example, the set of operations possible on objects belonging to the type
"data file" may be Open, Close, Create, Delete, Read, and Write, whereas for
objects belonging to the type "program file," the set of possible operations may be
Read, Write, and Execute.
Subjects. A subject is an active entity whose access to objects must be
controlled. That is, entities wishing to access and perform operations on objects
and to which access authorizations are granted are called subjects. Examples of
subjects are processes and users.
3. Protection rules. Protection rules define the possible ways in which subjects
and objects are allowed to interact. That is, protection rules govern the subjects'
access to objects. Therefore, associated with each (subject, object) pair is an
access right that defines the subset of the set of possible operations for the object
type that the subject may perform on the object. The complete set of access rights
of a system defines which subjects can perform what operations on which objects.
At any particular instance of time, this set defines the protection state of the
system at that time.
With the above mentioned concepts, access to objects by subjects is controlled in
the following manner. Suppose a subject S requests for an access r on object O, where r belongs to the set of operations that may be performed on 0. To validate
this access request, the access control modules of the security system check
whether access r i...
View Full Document
This document was uploaded on 04/07/2014.
- Spring '14