8/18/2019 ch14(1) [Autosaved]

1/21

Chapter 14: System

Protection

8/18/2019 ch14(1) [Autosaved]

2/21

Chapter 14: SystemProtection Goals of Protection

Principles of Protection

Domain of Protection

Access Matrix

Implementation of Access Matrix

Access Control

Revocation of Access Rights

Capaility!"ase# Systems

$ang%age!"ase# Protection

8/18/2019 ch14(1) [Autosaved]

3/21

&'ectives Disc%ss the goals an# principles of protection in a mo#ern

comp%ter system

(xplain ho) protection #omains comine# )ith an accessmatrix are %se# to specify the reso%rces a process may access

(xamine capaility an# lang%age!ase# protection systems

8/18/2019 ch14(1) [Autosaved]

4/21

Intro#%ction

*or the year 1+,4- one so%rce has i#enti.e# //+ casesof comp%ter!relate# crime0 lf he average loss in the//+ inci#ents )as 2344-0 his average is not#istorte# y a fe) exceptional cases!!the me#ian loss)as very close to the average0 Most of the inci#entsinvolve# simple fra%#0 y an employee )ho ha# access

to comp%teri5e# .nancial recor#s0 In 637 of the cases-management #i# not report the inci#ent to the police!often eca%se p%licity ao%t it )o%l# have eenemarrassing0

8/18/2019 ch14(1) [Autosaved]

5/21

Goals of Protection In one protection mo#el- comp%ter consists of a collection of

o'ects- har#)are or soft)are

(ach o'ect has a %ni8%e name an# can e accesse# thro%gh a)ell!#e.ne# set of operations

Protection prolem ! ens%re that each o'ect is accesse#correctly an# only y those processes that are allo)e# to #o so

8/18/2019 ch14(1) [Autosaved]

6/21

8/18/2019 ch14(1) [Autosaved]

7/21

8/18/2019 ch14(1) [Autosaved]

8/21

Principles of Protection

G%i#ing principle 9 principle of least privilege

Programs- %sers an# systems sho%l# e given '%st eno%gh privileges to perform their tass

$imits #amage if entity has a %g- gets a%se#

Can e static ;#%ring life of system- #%ring life of

process<&r #ynamic ;change# y process as nee#e#< 9

domain switching-=>ee# to no)? a similarconcept regar#ing access to #ata

8/18/2019 ch14(1) [Autosaved]

9/21

Domain Str%ct%re Access!right @ object-name- rights-set B

)here rights-set  is a s%set of all vali# operationsthat can e performe# on the o'ect

Domain @ set of access!rights

8/18/2019 ch14(1) [Autosaved]

10/21

Access Matrix

ie) protection as a matrix ;access matrix <

Ro)s represent #omains

Col%mns represent o'ects

 Access(i, j) is the set of operations that aprocess exec%ting in Domaini can invoe on

&'ect '

8/18/2019 ch14(1) [Autosaved]

11/21

Access Matrix

8/18/2019 ch14(1) [Autosaved]

12/21

se of Access Matrix

Can e expan#e# to #ynamic protection &perations to a##- #elete access rights

Special access rights:

owner of Oi

copy op from Oi to O j (denoted by “*”)

control !i can modify ! j access rights

transfer switch from domain ! i to ! j

"opy an# Owner applicale to an o'ect

"ontrol applicale to #omain o'ect

8/18/2019 ch14(1) [Autosaved]

13/21

Access Matrix Eith Owner  Rights

8/18/2019 ch14(1) [Autosaved]

14/21

Access Matrix )ith "opy  Rights

A M t i f *i A

8/18/2019 ch14(1) [Autosaved]

15/21

Access Matrix of *ig%re A)ith Domains as &'ects

8/18/2019 ch14(1) [Autosaved]

16/21

Mo#i.e# Access Matrix of *ig%re"

8/18/2019 ch14(1) [Autosaved]

17/21

Implementation of AccessMatrix Generally- a sparse matrix &ption 1 9 Gloal tale

Store or#ere# triples domain, object, rights-set  B in tale

A re8%este# operation M on o'ect & ' )ithin #omain Di !B search talefor Di- & '- R B

)ith M F R

"%t tale co%l# e large !B )ont .t in main memory

DiHc%lt to gro%p o'ects ;consi#er an o'ect that all #omains can rea#<

&ption 9 Access lists for o'ects

(ach col%mn implemente# as an access list for one o'ect

Res%lting per!o'ect list consists of or#ere# pairs domain, rights-set B#e.ning all #omains )ith non!empty set of access rights for the o'ect

(asily exten#e# to contain #efa%lt set !B If M F #efa%lt set- also allo)access

8/18/2019 ch14(1) [Autosaved]

18/21

&ption / 9 Capaility list for #omains

Capaility list for #omains

?A capaility is a toen- ticet- or ey thatgives the possessor permission to accessan entity or o'ect in a comp%ter system?0

 Intuitive examples – A movie ticet is a capaility to )atch a

movie0 – A ey is a capaility to enter a ho%se0

8/18/2019 ch14(1) [Autosaved]

19/21

Implementation of AccessMatrix ;Cont0<

&ption 4 9 $oc!eyCompromise et)een access lists an#

capaility lists

(ach o'ect has list of %ni8%e itpatterns- calle# locks(ach #omain as list of %ni8%e it

patterns calle# keysProcess in a #omain can only access

o'ect if #omain has ey that matchesone of the locs

8/18/2019 ch14(1) [Autosaved]

20/21

Comparison ofImplementations

Many tra#e!oJs to consi#er

Gloal tale is simple- %t can e large

Access lists correspon# to nee#s of %sers

(very access to an o'ect m%st e chece#Many o'ects an# access rights !B slo)

Capaility lists %sef%l for locali5ing information fora given process

"%t revocation capailities can e ineHcient

$oc!ey eJective an# Kexile- eys can e passe#freely from #omain to #omain- easy revocation

8/18/2019 ch14(1) [Autosaved]

21/21

$ang%age!"ase# Protection Speci.cation of protection in a programming lang%age allo)s the

high!level #escription of policies for the allocation an# %se of

reso%rces

$ang%age implementation can provi#e soft)are for protectionenforcement )hen a%tomatic har#)are!s%pporte# checing is%navailale

Interpret protection speci.cations to generate calls on )hateverprotection system is provi#e# y the har#)are an# the operatingsystem

In a compiler!ase# approach to protection enforcement-programmers #irectly specify the protection nee#e# for #iJerent

reso%rces at the time the reso%rces are #eclare#