Lecture Operating system concepts (9th Ed) - Chapter 14 includes: Discuss the goals and principles of protection in a modern computer system, explain how protection domains combined with an access matrix are used to specify the resources a process may access, examine capability and language-based protection systems. | Chapter 14: Protection Operating System Concepts – 9th Edition Silberschatz, Galvin and Gagne ©2013 Chapter 14: Protection Goals of Protection Principles of Protection Domain of Protection Access Matrix Implementation of Access Matrix Access Control Revocation of Access Rights Capability-Based Systems Language-Based Protection Operating System Concepts – 9th Edition Silberschatz, Galvin and Gagne ©2013 Objectives Discuss the goals and principles of protection in a modern computer system Explain how protection domains combined with an access matrix are used to specify the resources a process may access Examine capability and language-based protection systems Operating System Concepts – 9th Edition Silberschatz, Galvin and Gagne ©2013 Goals of Protection In one protection model, computer consists of a collection of objects, hardware or software Each object has a unique name and can be accessed through a well-defined set of operations Protection problem - ensure that each object is accessed correctly and only by those processes that are allowed to do so Operating System Concepts – 9th Edition Silberschatz, Galvin and Gagne ©2013 Principles of Protection Guiding principle – principle of least privilege Programs, users and systems should be given just enough privileges to perform their tasks Limits damage if entity has a bug, gets abused Can be static (during life of system, during life of process) Or dynamic (changed by process as needed) – domain switching, privilege escalation “Need to know” a similar concept regarding access to data Operating System Concepts – 9th Edition Silberschatz, Galvin and Gagne .
