Protection Domain and Access Matrix Model -Operating System

LalfakawmaKh 803 views 14 slides Jun 19, 2020
Slide 1
Slide 1 of 14
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14

About This Presentation

Presentation on Protection Domain,Access Matrix Model and Design Principle for Secure System

Size: 954.41 KB
Language: en
Added: Jun 19, 2020
Slides: 14 pages

Slide Content

ADVANCED OPERATING SYSTEM PROTECTION AND SECURITY in operating system LALFAKAWMA M.Tech (C.S.E)

PROTECTION SECURITY Authorization Authentication/Encryption It’s a Mechanisms to build secure System It deals with the Policy issues that use protection mechanism to build secure System OPERATING SYSTEM Control User Access to system resources. Decide which user can have access to what resources.

PROTECTION Protection deals with the access to the system resources. It determines that what files can be accessed or permeated by a special user. The protection of the system should confirm the approval of the process and users. Due to this, these licensed users and processes will care for the central processing unit, memory and alternative sources. It refers to a mechanism which controls the access of programs, processes, or users to the resources defined by a computer system.

NEED OF PROTECTION To prevent the access of unauthorized users To ensure that each active programs or processes in the system uses resources only as the stated policy, To improve reliability by detecting latent errors.

PROTECTION DOMAIN Limiting the process’s access to only needed resources Protection domain specify: Access to the resources Operation that process can perform on the resources Every process executes in its protection domain only Switching domain :- control jump from a process to another process

PROTECTION DOMAIN Computer is a collection of processes and objects OBJECT HARDWARE OBJECTS SOFTWARE OBJECTS File, Program CPU, Printer Each object has a unique name that differentiates it from all other objects in the system, and each can be accessed only through well-defined and meaningful operations Each domain defines a set of objects and the types of operations that may be invoked on each object Each process may be a domain. In this case, the set of objects that can be accessed depends on the identity of the process. Each user may be a domain. In this case, the set of objects that can be accessed depends on the identity of the user.

PROTECTION DOMAIN Process operate within a protection domains, which specify the resources that the process may access. Each domain defines a set of objects and the types of operations that may invoked on each object. The ability to execute an operation on an object is an Access Right . Domain is a collection of Access Right . Access Right < object- name , rights-set > . subset of all valid operations that can be perform on an object. Access Right . < O 4 , { print } >, is shared by both D 2 and D 3 , implying that a process executing either of these two domains can print object O 4 A process must executing in domain D 1 to read and write object O 1 , on other hand, only processes in domain D 3 may execute object O 1 .

DESIGN PRINCIPAL FOR SECURE SYSTEMS ECONOMY: COMPLETE MEDIATION: OPEN DESIGN: SEPARATION OF PRIVILEGES: Protection mechanism should be economical to develop and use . Minimum substantial cost or overhead to the system. Design as simple and small as possible. Every request to access an object be checked for the authority. A protection mechanism should work even if its underlying principles are known to an attacker. Protection mechanism that requires two keys to unlock and lock is more robust and flexible. Presence of two keys may mean satisfying two independent condition before an access is allowed.

DESIGN PRINCIPAL FOR SECURE SYSTEMS LEAST PRIVILEGE: Minimum access rights that are sufficient for it to complete its task. If the requirement of the subject changes, the subject should acquire it by switching the domain. LEAST COMMON MECHANISM: Minimizing the common portion of a mechanism, which are access by more than one user. ACCEPTABILITY: Protection mechanism must be simple to use. Complex and obscure protection mechanism will deter users from using it. FAIL-SAFE DEFAULTS: If design or implementation mistake is responsible for denial of an access, it will eventually be discovered and be fixed.

THE ACCESS MATRIX MODEL Model of protection can be viewed abstractly as a matrix, called an Access Matrix . Access Matrix is a security model of protection state in computer system. Access matrix is used to define the rights of each process executing in the domain with respect to each object. The rows of matrix represent domains and columns represent objects. Each cell of matrix represents set of access rights which are given to the processes of domain Means each entry( i , j) defines the set of operations that a process executing in domain Di can invoke on object Oj .

THE ACCESS MATRIX MODEL There are four domains and four objects- three files( F1, F2, F3 ) and one printer. A process executing in D 1 can read files F 1 and F 3 . A process executing in domain D 4 has same rights as D 1 but it can also write on files. Printer can be accessed by only one process executing in domain D 2 . The mechanism of access matrix consists of many policies and semantic properties. Specifically, We must ensure that a process executing in domain D i can access only those objects that are specified in row i .

THE ACCESS MATRIX MODEL Association between the domain and processes can be either static or dynamic . Access matrix provides an mechanism for defining the control for this association between domain and processes. When we switch a process from one domain to another, we execute a switch operation on an object(the domain). We can control domain switching by including domains among the objects of the access matrix. Processes should be able to switch from one domain ( Di ) to another domain ( Dj ) if and only is a switch right is given to access( i , j). According to the matrix: a process executing in domain D 2 can switch to domain D 3 and D 4 . A process executing in domain D 4 can switch to domain D 1 and process executing in domain D 1 can switch to domain D 2 .

THE PROTECTION STATE OF SYSTEM It represented by Triplet( S,O,P ) O P [s , o] S Subjects Objects Schematic Diagram of Access Matrix

THANKING YOU
Tags
operating system computer science and engineering protection domain access matrix model advance operating system computer science
Categories
Technology
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 803
  • Slides 14
  • Age 1992 days
Related Slideshows
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx 11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
46 views
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx 10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
46 views
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx 13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
37 views
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx 11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
34 views
Know for Certain 21
Know for Certain
DaveSinNM
21 views
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx 17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
26 views
View More in This Category