Đang chuẩn bị liên kết để tải về tài liệu:
Bài giảng Hệ điều hành nâng cao - Chapter 14: Protection

Bài giảng Hệ điều hành nâng cao - Chapter 14: Protection trình bày các nội dung về bảo vệ hệ thống, mục tiêu của bảo vệ, lĩnh vực bảo vệ, kiểm soát truy cập và thu hồi quyền truy cập,.Mời bạn đọc cùng tham khảo. | Chapter 14: Protection 1 Chapter 14: Protection Goals of Protection Principles of Protection Domain of Protection Access Matrix Implementation of Access Matrix Access Control Revocation of Access Rights Capability-Based Systems Language-Based Protection 2 Objectives Discuss the goals and principles of protection in a modern computer system Explain how protection domains combined with an access matrix are used to specify the resources a process may access Examine capability and language-based protection systems 3 Goals of Protection In one protection model, computer consists of a collection of objects, hardware or software Each object has a unique name and can be accessed through a well-defined set of operations Protection problem - ensure that each object is accessed correctly and only by those processes that are allowed to do so 4 Principles of Protection Guiding principle – principle of least privilege Programs, users and systems should be given just enough privileges to perform their tasks Limits damage if entity has a bug, gets abused Can be static (during life of system, during life of process) Or dynamic (changed by process as needed) – domain switching, privilege escalation “Need to know” a similar concept regarding access to data Must consider “grain” aspect Rough-grained privilege management easier, simpler, but least privilege now done in large chunks For example, traditional Unix processes either have abilities of the associated user, or of root Fine-grained management more complex, more overhead, but more protective File ACL lists, RBAC Domain can be user, process, procedure 5 Domain Structure Access-right = where rights-set is a subset of all valid operations that can be performed on the object Domain = set of access-rights 6 Domain Implementation (UNIX) Domain = user-id Domain switch accomplished via file system Each file has associated with it a domain bit (setuid bit) When file is executed and setuid = on, then . | Chapter 14: Protection 1 Chapter 14: Protection Goals of Protection Principles of Protection Domain of Protection Access Matrix Implementation of Access Matrix Access Control Revocation of Access Rights Capability-Based Systems Language-Based Protection 2 Objectives Discuss the goals and principles of protection in a modern computer system Explain how protection domains combined with an access matrix are used to specify the resources a process may access Examine capability and language-based protection systems 3 Goals of Protection In one protection model, computer consists of a collection of objects, hardware or software Each object has a unique name and can be accessed through a well-defined set of operations Protection problem - ensure that each object is accessed correctly and only by those processes that are allowed to do so 4 Principles of Protection Guiding principle – principle of least privilege Programs, users and systems should be given just enough privileges to perform .