Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Protection A computer system is a collection of processes and objects. These objects may be hardware (such as memory, CPU time, or I/O devices) or software (such as files, programs), and they need to be protected. Protection refers to a mechanism for controlling the access of programs, processes, or users to the resources (objects) defined by a computer system. This mechanism must provide a means for specification of the controls to be imposed, together with some means of enforcement. Reasons for protection ● Need to prevent mischievous, intentional violation of an access restriction by a user, ● Need to ensure that each active process in the system uses system resources only in ways consistent with stated policies. What if no protection mechanism? 1. Think of a unix-based server being used in a university for labs. Obviously, if theres no protection mechanism implemented in unix, then every student can read/write the files/data of others. 2. Consider a unix-like system where theres a root or the super user. Now, if theres no proper protection mechanism, then any process could acquire root privileges and thereby could cause damage. 3. Think of a situation where a process illegally gains access to the memory allocated to some other process. Again this could happen because of the absence of protection mechanisms. Domain of protection As mentioned before, a computer system consists of processes and objects. Each object has a unique identifier in the system, and can be accessed only through well-defined and meaningul operations. For example, a memory segment (object) supports read and write (operations) while a CD-ROM (object) supports only read (operation). A process should be allowed to access only those objects for which it has authorization. 'Need-to-know' principle According to this widely held principle in the domain of OS protection, a process should be able to access only those resources that it requires at a given point of time to complete its current task. This requirement is useful in limiting the amount of damage a faulty process can cause in the system. Domain structure Every process operates only within a protection domain, which specifies the resources that the process may access. A domain is a collection of access rights. An access right is basically an ordered pair, <object-name, rights-set>. For example, domain D can have the access right <file F, {read, write}>. During the lifetime of a process, a process may be allowed to change its domain (domain switching) or it may not be allowed to change its domain (static). The domain structure is realised in different ways in different operating systems. For example, UNIX takes the approach wherein each user is associated with a domain (also adopts the user/supervisor architecture). In MULTICS, the protection domains are organized hierarchically into a ring structure (layered architecture). Access matrix Access matrix is a general model of protection. Access-matrix is simply a matrix in which the rows represent domains, and the columns represent objects. Then the entry access(i,j), defines the set of operations that a process executing in domain i, can invoke on object j. Access matrix scheme provides us with the mechanism for implementing policy decisions concerning protection. The policy decisions involve which rights should be included in the (i,j)th entry. This separation of mechanism and policy is an import design issue. Implementation of an access matrix An access matrix cannot be implemented as-is due to efficiency reasons. Imagine how big and empty the matrix would be, when we have a large no. of users (domains) and an even large no. of files, programs and other objects! Therefore, access matrixes are implemented in a variety of ways in different operating systems:● ● ● ● Global Table Access lists for objects Capability lists for domains (found in capability systems like Hydra, CAP, Mach) Lock-key Mechanism In addition to this, there are other issues to protection like revocation of access rights and also language-based protection. If given an opportunity, we would be able to investigate further into all of the above mentioned concepts and possibly present examples of how protection is being implemented in today's widely used operating systems like Linux (SELinux support), Solaris, Windows.