Scribd
Upload
28 views

Protection

The document discusses computer system protection mechanisms including goals of protection, protection domains of user, process and procedure, access matrix model, implementation of access matrix using access control lists, and revocation of access rights.

Uploaded by

Abishek Sah
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
28 views

Protection

The document discusses computer system protection mechanisms including goals of protection, protection domains of user, process and procedure, access matrix model, implementation of access matrix using access control lists, and revocation of access rights.

Uploaded by

Abishek Sah
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

Unit 5

protection
-It is a mechanism for controlling the access of programs, processes, or users to the resources defined
computer system.
-It is internal threat to prevent interference with the use of files, both logical and physical.
e.g users within the network u1,u2,u3,u4 with a right to access certain resource r1 and users u5,u6 with
right to access r2 resource.

Goals of protection
- OS consists of a collection of objects, hardware or software.
- Each object has a unique name and can be accessed through a well defined set of operations.
-Safe sharing of common logical resources (e.g. directory of files) of a space or common physical address
space or logical address space.
- Fair and reliable resource usage. E.g. fair resource usage by process (P1→R1).

Protection domain
-There are different domains of protection.
-Computer system is a collection of process and objects.
- There are three domains in which protection mechanism can be implied.
i. User
- Each user may be a domain that can access objects depending on it’s identity.
-here domain switching occurs when user changes
ii. Process
-each process has id, is defined as identifier and is like domain.
- Process accessed depends on identity of user.
iii. Procedure
- Objects can be accessed corresponding to local variable that is defined within procedure.
- Variables defined within the procedure controls the access of resource.

Fig: system with three protection domains.


Domain:
-Domain is a collection of access rights, each of which is an ordered pair <object name, right sets>.
- Each user may be a domain. In this case, the set of objects that can be accessed depends on identity of
user.
-each process may be a domain. In this case, the set of objects can be accessed depending on the
identity of the process.
Access matrix
-It is a model used for implementation of protection model.
- It composes of two different entries in the form of rows and columns.
Rows: it is domain which can be represented for user/process/procedure.
Column: it represents objects (resources) present in system.

Table: Access matrix


objects File1 File2 File3 Printer
Domain
D1 read Read

D2 Print

D3 read execute

D4 Read Read
write write

- The access matrix can implement policy decisions concerning protection which includes rights to be
included.
- The user normally decides the contents of the access-matrix entries. When Oj is created, the column
Oj is added to access matrix.

Implementation of access matrix


Each column= access-control list for one object defines who can perform that operation.
Domain1= read, write
Access control list associated with an object
Domain2=read
Domain3=read

Each row= capability list


For each domain, operations allowed on object.

Object1= read
Access rights of a domain i.e. capability of domain
Object2=read, write, execute
(What a domain can do).
Object5 =read, write, delete,
copy
Revocation of access rights
Access list- deletes access right from access right list from access matrix.
- Access list differs from object to object.
- Here the access right is deleted from the access control list of object.
- Revocation of access right is done by simple and immediate method.

You might also like