The various processes in an operating system must be protected from one another’s activities. For that purpose, various mechanisms exist that can be used to ensure that the files, memory segments, CPU, and other resources can be operated on by only those processes that have gained proper authorization from the operating system. In this chapter, we examine the problem of protection in great detail and develop a unifying model for implementing protection. | Lecture Operating system concepts Fifth edition Module 19 - Avi Silberschatz Peter Galvin Module 19 Protection Goals of Protection Domain of Protection Access Matrix Implementation of Access Matrix Revocation of Access Rights Capability-Based Systems Language-Based Protection Silberschatz and Galvin 1999 Protection Operating system consists of a collection of object s hardware or software Each object has a unique name and can be accessed through a well-defined set of operations. Protection problem - ensure that each object is accessed correctly and only by those processes that are allowed to do so. Silberschatz and Galvin 1999 Domain Structure Access-right Rights-set is a subset of all valid operations that can be performed on the object. Domain set of access-rights Silberschatz and Galvin 1999 Domain Implementation System consists of 2 domains User Supervisor UNIX Domain user-id Domain switch accomplished via file system. Each file has associated with it a domain bit setuid bit . When file is executed and setuid on then user-id is set to owner of the file being executed. When execution completes user-id is reset. Silberschatz and Galvin 1999 Multics Rings Let Di and Dj be any two domain rings. If j lt I Di Dj Silberschatz and Galvin 1999 Access Matrix Figure 1 Silberschatz and Galvin 1999 Use of Access Matrix If a process in Domain Di tries to do op on object Oj then op must be in the access matrix. Can be expanded to dynamic protection. Operations to add delete access rights. Special access rights owner of Oi copy op from Oi to Oj control Di can modify Djs access rights transfer switch from domain Di to Dj Silberschatz and Galvin 1999 Use of Access Matrix Cont. Access matrix design separates mechanism from policy. Mechanism Operating system provides Access-matrix rules. If ensures that the matrix is only manipulated by authorized agents and that rules are strictly enforced. Policy User dictates policy. Who can access what .