Download - Operating system And security
-
8/9/2019 Operating system And security
1/138
Chapter 14: Protection Goals of Protection Principles of Protection
Domain of Protection Access Matrix Implementation of Access Matrix Access Control Revocation of Access Rights Capability-Based Systems Language-Based Protection
-
8/9/2019 Operating system And security
2/138
Objectives Discuss the goals and principles of
protection in a modern computer system Explain how protection domains combined
with an access matrix are used to specifythe resources a process may access
Examine capability and language-based protection systems
-
8/9/2019 Operating system And security
3/138
Goals of Protection Operating system consists of a collection of
objects, hardware or software
Each object has a unique name and can beaccessed through a well-defined set of operations
Protection problem - ensure that each object isaccessed correctly and only by those processesthat are allowed to do so
-
8/9/2019 Operating system And security
4/138
-
8/9/2019 Operating system And security
5/138
Domain Structure Access-right = < object-name , rights-set >
where rights-set is a subset of all validoperations that can be performed on theobject.
Domain = set of access-rights
-
8/9/2019 Operating system And security
6/138
Domain Implementation (UNIX) System consists of 2 domains:
User Supervisor
UNIX Domain = user-id Domain switch accomplished via file system
Each file has associated with it a domain bit (setuid bit) When file is executed and setuid = on, then user-id is set to
owner of the file being executed. When execution completesuser-id is reset
-
8/9/2019 Operating system And security
7/138
Domain Implementation
(MULTICS) Let D i and D j be any two domain rings If j < I D
i D
j
-
8/9/2019 Operating system And security
8/138
Access Matrix View protection as a matrix ( access matrix )
Rows represent domains
Columns represent objects
Access(i, j) is the set of operations that a processexecuting in Domain i can invoke on Object j
-
8/9/2019 Operating system And security
9/138
Access Matrix
-
8/9/2019 Operating system And security
10/138
Use of Access Matrix If a process in Domain D i tries to do op on
object O j, then op must be in the access matrix
Can be expanded to dynamic protection Operations to add, delete access rights Special access rights:
owner of O i copy op from O i to O j control D i can modify D j access rights transfer switch from domain D i to D j
-
8/9/2019 Operating system And security
11/138
Use of Access Matrix (Cont) Access matrix design separates mechanism
from policy
Mechanism Operating system provides access-matrix + rules If ensures that the matrix is only manipulated by
authorized agents and that rules are strictly enforced
Policy User dictates policy Who can access what object and in what mode
-
8/9/2019 Operating system And security
12/138
Implementation of Access Matrix Each column = Access-control list for one
objectDefines who can perform what operation.
Domain 1 = Read, WriteDomain 2 = ReadDomain 3 = Read
Each Row = Capability List (like a key)Fore each domain, what operations allowedon what objects.
Object 1 Read
-
8/9/2019 Operating system And security
13/138
Objects
Figure B
-
8/9/2019 Operating system And security
14/138
Access Matrix with Copy Rights
-
8/9/2019 Operating system And security
15/138
Access Matrix With Owner
Rights
-
8/9/2019 Operating system And security
16/138
Modified Access Matrix of
Figure B
-
8/9/2019 Operating system And security
17/138
Access Control Protection can be applied to non-file resources Solaris 10 provides role-based access control
(RBAC ) to implement least privilege Privilege is right to execute system call or use an option
within a system call Can be assigned to processes
Users assigned roles granting access to privileges and programs
-
8/9/2019 Operating system And security
18/138
Role-based Access Control in
Solaris 10
-
8/9/2019 Operating system And security
19/138
Revocation of Access Rights Access List Delete access rights from access list
Simple Immediate
Capability List Scheme required to locatecapability in the system before capability can berevoked Reacquisition Back-pointers Indirection Keys
-
8/9/2019 Operating system And security
20/138
Capability-Based Systems Hydra
Fixed set of access rights known to and interpreted bythe system
Interpretation of user-defined rights performed solely by user's program; system provides access protectionfor use of these rights
Cambridge CAP System Data capability - provides standard read, write, execute
of individual storage segments associated with object Software capability -interpretation left to the
subsystem, through its protected procedures
-
8/9/2019 Operating system And security
21/138
Language-Based Protection Specification of protection in a programming
language allows the high-level description of policies for the allocation and use of resources
Language implementation can provide softwarefor protection enforcement when automatichardware-supported checking is unavailable
Interpret protection specifications to generate callson whatever protection system is provided by thehardware and the operating system
-
8/9/2019 Operating system And security
22/138
Protection in Java 2 Protection is handled by the Java Virtual Machine
(JVM)
A class is assigned a protection domain when it isloaded by the JVM
The protection domain indicates what operationsthe class can (and cannot) perform
If a library method is invoked that performs a
privileged operation, the stack is inspected toensure the o eration can be erformed b the
-
8/9/2019 Operating system And security
23/138
Stack Inspection
-
8/9/2019 Operating system And security
24/138
End of Chapter 14
-
8/9/2019 Operating system And security
25/138
-
8/9/2019 Operating system And security
26/138
-
8/9/2019 Operating system And security
27/138
-
8/9/2019 Operating system And security
28/138
-
8/9/2019 Operating system And security
29/138
-
8/9/2019 Operating system And security
30/138
-
8/9/2019 Operating system And security
31/138
-
8/9/2019 Operating system And security
32/138
-
8/9/2019 Operating system And security
33/138
-
8/9/2019 Operating system And security
34/138
-
8/9/2019 Operating system And security
35/138
-
8/9/2019 Operating system And security
36/138
-
8/9/2019 Operating system And security
37/138
-
8/9/2019 Operating system And security
38/138
-
8/9/2019 Operating system And security
39/138
-
8/9/2019 Operating system And security
40/138
-
8/9/2019 Operating system And security
41/138
-
8/9/2019 Operating system And security
42/138
-
8/9/2019 Operating system And security
43/138
-
8/9/2019 Operating system And security
44/138
-
8/9/2019 Operating system And security
45/138
-
8/9/2019 Operating system And security
46/138
-
8/9/2019 Operating system And security
47/138
-
8/9/2019 Operating system And security
48/138
-
8/9/2019 Operating system And security
49/138
-
8/9/2019 Operating system And security
50/138
-
8/9/2019 Operating system And security
51/138
-
8/9/2019 Operating system And security
52/138
-
8/9/2019 Operating system And security
53/138
-
8/9/2019 Operating system And security
54/138
-
8/9/2019 Operating system And security
55/138
-
8/9/2019 Operating system And security
56/138
-
8/9/2019 Operating system And security
57/138
-
8/9/2019 Operating system And security
58/138
-
8/9/2019 Operating system And security
59/138
-
8/9/2019 Operating system And security
60/138
-
8/9/2019 Operating system And security
61/138
-
8/9/2019 Operating system And security
62/138
-
8/9/2019 Operating system And security
63/138
-
8/9/2019 Operating system And security
64/138
-
8/9/2019 Operating system And security
65/138
-
8/9/2019 Operating system And security
66/138
-
8/9/2019 Operating system And security
67/138
-
8/9/2019 Operating system And security
68/138
-
8/9/2019 Operating system And security
69/138
-
8/9/2019 Operating system And security
70/138
-
8/9/2019 Operating system And security
71/138
-
8/9/2019 Operating system And security
72/138
-
8/9/2019 Operating system And security
73/138
-
8/9/2019 Operating system And security
74/138
-
8/9/2019 Operating system And security
75/138
-
8/9/2019 Operating system And security
76/138
-
8/9/2019 Operating system And security
77/138
-
8/9/2019 Operating system And security
78/138
-
8/9/2019 Operating system And security
79/138
-
8/9/2019 Operating system And security
80/138
-
8/9/2019 Operating system And security
81/138
-
8/9/2019 Operating system And security
82/138
-
8/9/2019 Operating system And security
83/138
-
8/9/2019 Operating system And security
84/138
-
8/9/2019 Operating system And security
85/138
-
8/9/2019 Operating system And security
86/138
-
8/9/2019 Operating system And security
87/138
-
8/9/2019 Operating system And security
88/138
-
8/9/2019 Operating system And security
89/138
-
8/9/2019 Operating system And security
90/138
-
8/9/2019 Operating system And security
91/138
-
8/9/2019 Operating system And security
92/138
-
8/9/2019 Operating system And security
93/138
-
8/9/2019 Operating system And security
94/138
-
8/9/2019 Operating system And security
95/138
-
8/9/2019 Operating system And security
96/138
-
8/9/2019 Operating system And security
97/138
-
8/9/2019 Operating system And security
98/138
-
8/9/2019 Operating system And security
99/138
-
8/9/2019 Operating system And security
100/138
-
8/9/2019 Operating system And security
101/138
-
8/9/2019 Operating system And security
102/138
-
8/9/2019 Operating system And security
103/138
-
8/9/2019 Operating system And security
104/138
-
8/9/2019 Operating system And security
105/138
-
8/9/2019 Operating system And security
106/138
-
8/9/2019 Operating system And security
107/138
-
8/9/2019 Operating system And security
108/138
-
8/9/2019 Operating system And security
109/138
-
8/9/2019 Operating system And security
110/138
-
8/9/2019 Operating system And security
111/138
-
8/9/2019 Operating system And security
112/138
-
8/9/2019 Operating system And security
113/138
-
8/9/2019 Operating system And security
114/138
-
8/9/2019 Operating system And security
115/138
-
8/9/2019 Operating system And security
116/138
-
8/9/2019 Operating system And security
117/138
-
8/9/2019 Operating system And security
118/138
-
8/9/2019 Operating system And security
119/138
-
8/9/2019 Operating system And security
120/138
-
8/9/2019 Operating system And security
121/138
-
8/9/2019 Operating system And security
122/138
-
8/9/2019 Operating system And security
123/138
-
8/9/2019 Operating system And security
124/138
-
8/9/2019 Operating system And security
125/138
-
8/9/2019 Operating system And security
126/138
-
8/9/2019 Operating system And security
127/138
-
8/9/2019 Operating system And security
128/138
-
8/9/2019 Operating system And security
129/138
-
8/9/2019 Operating system And security
130/138
-
8/9/2019 Operating system And security
131/138
-
8/9/2019 Operating system And security
132/138
-
8/9/2019 Operating system And security
133/138
-
8/9/2019 Operating system And security
134/138
-
8/9/2019 Operating system And security
135/138
-
8/9/2019 Operating system And security
136/138
-
8/9/2019 Operating system And security
137/138
-
8/9/2019 Operating system And security
138/138