Upload
junaidarshad
View
217
Download
0
Embed Size (px)
Citation preview
8/18/2019 ch14(1) [Autosaved]
1/21
Chapter 14: System
Protection
8/18/2019 ch14(1) [Autosaved]
2/21
Chapter 14: SystemProtection Goals of Protection
Principles of Protection
Domain of Protection
Access Matrix
Implementation of Access Matrix
Access Control
Revocation of Access Rights
Capaility!"ase# Systems
$ang%age!"ase# Protection
8/18/2019 ch14(1) [Autosaved]
3/21
&'ectives Disc%ss the goals an# principles of protection in a mo#ern
comp%ter system
(xplain ho) protection #omains comine# )ith an accessmatrix are %se# to specify the reso%rces a process may access
(xamine capaility an# lang%age!ase# protection systems
8/18/2019 ch14(1) [Autosaved]
4/21
Intro#%ction
*or the year 1+,4- one so%rce has i#enti.e# //+ casesof comp%ter!relate# crime0 lf he average loss in the//+ inci#ents )as 2344-0 his average is not#istorte# y a fe) exceptional cases!!the me#ian loss)as very close to the average0 Most of the inci#entsinvolve# simple fra%#0 y an employee )ho ha# access
to comp%teri5e# .nancial recor#s0 In 637 of the cases-management #i# not report the inci#ent to the police!often eca%se p%licity ao%t it )o%l# have eenemarrassing0
8/18/2019 ch14(1) [Autosaved]
5/21
Goals of Protection In one protection mo#el- comp%ter consists of a collection of
o'ects- har#)are or soft)are
(ach o'ect has a %ni8%e name an# can e accesse# thro%gh a)ell!#e.ne# set of operations
Protection prolem ! ens%re that each o'ect is accesse#correctly an# only y those processes that are allo)e# to #o so
8/18/2019 ch14(1) [Autosaved]
6/21
8/18/2019 ch14(1) [Autosaved]
7/21
8/18/2019 ch14(1) [Autosaved]
8/21
Principles of Protection
G%i#ing principle 9 principle of least privilege
Programs- %sers an# systems sho%l# e given '%st eno%gh privileges to perform their tass
$imits #amage if entity has a %g- gets a%se#
Can e static ;#%ring life of system- #%ring life of
process<&r #ynamic ;change# y process as nee#e#< 9
domain switching-=>ee# to no)? a similarconcept regar#ing access to #ata
8/18/2019 ch14(1) [Autosaved]
9/21
Domain Str%ct%re Access!right @ object-name- rights-set B
)here rights-set is a s%set of all vali# operationsthat can e performe# on the o'ect
Domain @ set of access!rights
8/18/2019 ch14(1) [Autosaved]
10/21
Access Matrix
ie) protection as a matrix ;access matrix <
Ro)s represent #omains
Col%mns represent o'ects
Access(i, j) is the set of operations that aprocess exec%ting in Domaini can invoe on
&'ect '
8/18/2019 ch14(1) [Autosaved]
11/21
Access Matrix
8/18/2019 ch14(1) [Autosaved]
12/21
se of Access Matrix
Can e expan#e# to #ynamic protection &perations to a##- #elete access rights
Special access rights:
owner of Oi
copy op from Oi to O j (denoted by “*”)
control !i can modify ! j access rights
transfer switch from domain ! i to ! j
"opy an# Owner applicale to an o'ect
"ontrol applicale to #omain o'ect
8/18/2019 ch14(1) [Autosaved]
13/21
Access Matrix Eith Owner Rights
8/18/2019 ch14(1) [Autosaved]
14/21
Access Matrix )ith "opy Rights
A M t i f *i A
8/18/2019 ch14(1) [Autosaved]
15/21
Access Matrix of *ig%re A)ith Domains as &'ects
8/18/2019 ch14(1) [Autosaved]
16/21
Mo#i.e# Access Matrix of *ig%re"
8/18/2019 ch14(1) [Autosaved]
17/21
Implementation of AccessMatrix Generally- a sparse matrix &ption 1 9 Gloal tale
Store or#ere# triples domain, object, rights-set B in tale
A re8%este# operation M on o'ect & ' )ithin #omain Di !B search talefor Di- & '- R B
)ith M F R
"%t tale co%l# e large !B )ont .t in main memory
DiHc%lt to gro%p o'ects ;consi#er an o'ect that all #omains can rea#<
&ption 9 Access lists for o'ects
(ach col%mn implemente# as an access list for one o'ect
Res%lting per!o'ect list consists of or#ere# pairs domain, rights-set B#e.ning all #omains )ith non!empty set of access rights for the o'ect
(asily exten#e# to contain #efa%lt set !B If M F #efa%lt set- also allo)access
8/18/2019 ch14(1) [Autosaved]
18/21
&ption / 9 Capaility list for #omains
Capaility list for #omains
?A capaility is a toen- ticet- or ey thatgives the possessor permission to accessan entity or o'ect in a comp%ter system?0
Intuitive examples – A movie ticet is a capaility to )atch a
movie0 – A ey is a capaility to enter a ho%se0
8/18/2019 ch14(1) [Autosaved]
19/21
Implementation of AccessMatrix ;Cont0<
&ption 4 9 $oc!eyCompromise et)een access lists an#
capaility lists
(ach o'ect has list of %ni8%e itpatterns- calle# locks(ach #omain as list of %ni8%e it
patterns calle# keysProcess in a #omain can only access
o'ect if #omain has ey that matchesone of the locs
8/18/2019 ch14(1) [Autosaved]
20/21
Comparison ofImplementations
Many tra#e!oJs to consi#er
Gloal tale is simple- %t can e large
Access lists correspon# to nee#s of %sers
(very access to an o'ect m%st e chece#Many o'ects an# access rights !B slo)
Capaility lists %sef%l for locali5ing information fora given process
"%t revocation capailities can e ineHcient
$oc!ey eJective an# Kexile- eys can e passe#freely from #omain to #omain- easy revocation
8/18/2019 ch14(1) [Autosaved]
21/21
$ang%age!"ase# Protection Speci.cation of protection in a programming lang%age allo)s the
high!level #escription of policies for the allocation an# %se of
reso%rces
$ang%age implementation can provi#e soft)are for protectionenforcement )hen a%tomatic har#)are!s%pporte# checing is%navailale
Interpret protection speci.cations to generate calls on )hateverprotection system is provi#e# y the har#)are an# the operatingsystem
In a compiler!ase# approach to protection enforcement-programmers #irectly specify the protection nee#e# for #iJerent
reso%rces at the time the reso%rces are #eclare#