module 18 protection
play

Module 18: Protection Goals of Protection Domain of Protection - PowerPoint PPT Presentation

Apr 09, 2023 •143 likes •314 views

Module 18: Protection Goals of Protection Domain of Protection Access Matrix Implementation of Access Matrix Revocation of Access Rights Capability-Based Systems Language-Based Protection Silberschatz, Galvin, and Gagne

  1. Module 18: Protection • Goals of Protection • Domain of Protection • Access Matrix • Implementation of Access Matrix • Revocation of Access Rights • Capability-Based Systems • Language-Based Protection Silberschatz, Galvin, and Gagne  1999 Applied Operating System Concepts 18.1

  2. Protection • Operating system consists of a collection of object|s, hardware or software • Each object has a unique name and can be accessed through a well-defined set of operations. • Protection problem - ensure that each object is accessed correctly and only by those processes that are allowed to do so. Silberschatz, Galvin, and Gagne  1999 Applied Operating System Concepts 18.2

  3. Domain Structure • Access-right = <object-name, rights-set> Rights-set is a subset of all valid operations that can be performed on the object. • Domain = set of access-rights Silberschatz, Galvin, and Gagne  1999 Applied Operating System Concepts 18.3

  4. Domain Implementation • System consists of 2 domains: – User – Supervisor • UNIX – Domain = user-id – Domain switch accomplished via file system. ✴ Each file has associated with it a domain bit (setuid bit). ✴ When file is executed and setuid = on, then user-id is set to owner of the file being executed. When execution completes user-id is reset. Silberschatz, Galvin, and Gagne  1999 Applied Operating System Concepts 18.4

  5. Multics Rings • Let D i and D j be any two domain rings. • If j < I ⇒ D i ⊆ D j Silberschatz, Galvin, and Gagne  1999 Applied Operating System Concepts 18.5

  6. Access Matrix Figure 1 Silberschatz, Galvin, and Gagne  1999 Applied Operating System Concepts 18.6

  7. Use of Access Matrix • If a process in Domain D i tries to do “op” on object O j , then “op” must be in the access matrix. • Can be expanded to dynamic protection. – Operations to add, delete access rights. – Special access rights: ✴ owner of O i ✴ copy op from O i to O j ✴ control – D i can modify D j s access rights ✴ transfer – switch from domain D i to D j Silberschatz, Galvin, and Gagne  1999 Applied Operating System Concepts 18.7

  8. Use of Access Matrix (Cont.) • Access matrix design separates mechanism from policy. – Mechanism ✴ Operating system provides Access-matrix + rules. ✴ If ensures that the matrix is only manipulated by authorized agents and that rules are strictly enforced. – Policy ✴ User dictates policy. ✴ Who can access what object and in what mode. Silberschatz, Galvin, and Gagne  1999 Applied Operating System Concepts 18.8

  9. Implementation of Access Matrix • Each column = Access-control list for one object Defines who can perform what operation. Domain 1 = Read, Write Domain 2 = Read Domain 3 = Read � • Each Row = Capability List (like a key) Fore each domain, what operations allowed on what objects. Object 1 – Read Object 4 – Read, Write, Execute Object 5 – Read, Write, Delete, Copy Silberschatz, Galvin, and Gagne  1999 Applied Operating System Concepts 18.9

  10. Access Matrix of Figure 1 With Domains as Objects Figure 2 Silberschatz, Galvin, and Gagne  1999 Applied Operating System Concepts 18.10

  11. Access Matrix with Copy Rights Silberschatz, Galvin, and Gagne  1999 Applied Operating System Concepts 18.11

  12. Access Matrix With Owner Rights Silberschatz, Galvin, and Gagne  1999 Applied Operating System Concepts 18.12

  13. Modified Access Matrix of Figure 2

  14. Revocation of Access Rights • Access List – Delete access rights from access list. – Simple – Immediate • Capability List – Scheme required to locate capability in the system before capability can be revoked. – Reacquisition – Back-pointers – Indirection – Keys

  15. Capability-Based Systems • Hydra – Fixed set of access rights known to and interpreted by the system. – Interpretation of user-defined rights performed solely by user's program; system provides access protection for use of these rights. • Cambridge CAP System – Data capability - provides standard read, write, execute of individual storage segments associated with object. – Software capability -interpretation left to the subsystem, through its protected procedures.

  16. Language-Based Protection • Specification of protection in a programming language allows the high-level description of policies for the allocation and use of resources. • Language implementation can provide software for protection enforcement when automatic hardware- supported checking is unavailable. • Interpret protection specifications to generate calls on whatever protection system is provided by the hardware and the operating system.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Module 18: Protection Goals of Protection Domain of Protection Access Matrix

Module 18: Protection Goals of Protection Domain of Protection Access Matrix

Module 18: Protection Goals of Protection Domain of Protection Access Matrix Implementation of Access Matrix Revocation of Access Rights Capability-Based Systems Language-Based Protection Operating System Concepts 18.1

355 views • 19 slides
Module 3 Doing a Noise Audit This module and Module 2 provide the necessary training needed

Module 3 Doing a Noise Audit This module and Module 2 provide the necessary training needed

Module 3 Doing a Noise Audit This module and Module 2 provide the necessary training needed to do a noise audit. This module covers the following topics: Conducting basic noise measurements Assessing hearing protection use

506 views • 21 slides
Bibliography for Module 8 on Immunological Correlates of Protection Fifth Summer Institute in

Bibliography for Module 8 on Immunological Correlates of Protection Fifth Summer Institute in

Bibliography for Module 8 on Immunological Correlates of Protection Fifth Summer Institute in Statistics and Modeling in Infectious Diseases (July, 2013) Ivan Chan 1 , Peter Gilbert 2 , Paul T. Edlefsen 2 , and Ying Huang 2 1 Late Development

329 views • 17 slides
Bibliography for Module 8 on Immunological Correlates of Protection Sixth Summer Institute in

Bibliography for Module 8 on Immunological Correlates of Protection Sixth Summer Institute in

Bibliography for Module 8 on Immunological Correlates of Protection Sixth Summer Institute in Statistics and Modeling in Infectious Diseases (July, 2014) Ivan Chan 1 , Peter Gilbert 2 , Paul T. Edlefsen 2 , and Ying Huang 2 1 Late Development

352 views • 17 slides
Module 8: Evaluating Immune Correlates of Protection Instructors: Ivan Chan, Peter Gilbert, Paul

Module 8: Evaluating Immune Correlates of Protection Instructors: Ivan Chan, Peter Gilbert, Paul

7/5/2013 Module 8: Evaluating Immune Correlates of Protection Instructors: Ivan Chan, Peter Gilbert, Paul T. Edlefsen, Ying Huang Session 2: Introduction to Immune Correlates of Protection Summer Institute in Statistics and Modeling in Infectious

931 views • 62 slides
Module 8: Evaluating Immune Correlates of Protection Instructors: Ivan Chan, Peter Gilbert, Paul

Module 8: Evaluating Immune Correlates of Protection Instructors: Ivan Chan, Peter Gilbert, Paul

6/30/2014 Module 8: Evaluating Immune Correlates of Protection Instructors: Ivan Chan, Peter Gilbert, Paul T. Edlefsen, Ying Huang Session 2: Introduction to Immune Correlates of Protection Summer Institute in Statistics and Modeling in

757 views • 58 slides
1 MODULE SPECIFICATION Module Aims The module aims to deliver knowledge of the essential

1 MODULE SPECIFICATION Module Aims The module aims to deliver knowledge of the essential

MODULE SPECIFICATION Project Management and Credit Module Title: Level : 5 20 Presentation Techniques Value : Is this a Code of module Module code : ENG543 new NO being replaced : module? Cost Centre : GAME JACS3 code : F311

261 views • 4 slides
WebEOC Training 1 Topics Module 1 WebEOC Overview Module 2 Getting Started Module 3

WebEOC Training 1 Topics Module 1 WebEOC Overview Module 2 Getting Started Module 3

WebEOC Training 1 Topics Module 1 WebEOC Overview Module 2 Getting Started Module 3 Status Boards Position Log Request for Assistance Mission/Task Significant Events Module 4 Forms Module 5 Links Module 6

847 views • 72 slides
Canadian Bioinformatics Workshops www.bioinformatics.ca Module #: Title of Module 2 Module bio

Canadian Bioinformatics Workshops www.bioinformatics.ca Module #: Title of Module 2 Module bio

Canadian Bioinformatics Workshops www.bioinformatics.ca Module #: Title of Module 2 Module bio informatics .ca Module 7 Data Visualization Anamaria Crisan Learning Objectives of Module Understand the process of encoding and decoding

1.31k views • 79 slides
Module 3 Supervisory Transition Module 3: Superivsory Transition 1 Objectives Learn about

Module 3 Supervisory Transition Module 3: Superivsory Transition 1 Objectives Learn about

Module 2 was an overview about leadership. But, how do we or did we gain an opportunity to lead? Module 3 gives us insight into transitioning from an employee into a supervisor and/or manager. 0 Module 3 Supervisory Transition Module 3:

1.03k views • 18 slides
Individual-Based Correlates of Protection Identification of Protective Level by Looking at

Individual-Based Correlates of Protection Identification of Protective Level by Looking at

Module 8 Evaluating Immunological Correlates of Protection Session 3 Evaluating Correlates of Protection Using Individual, Population, and Titer-specific Approaches Ivan S.F. Chan, Ph.D. Merck Research Laboratories 1 Individual-Based

541 views • 28 slides
Module 12 Effective Communication, The Who Stakeholder Identification &amp; Engagement 1 Module

Module 12 Effective Communication, The Who Stakeholder Identification &amp; Engagement 1 Module

As you learned to take your leadership vision and create a progressive strategy in Module 11, it should be apparent that our stakeholders are a priority. Module 12 identifies how to effectively communicate with our stakeholders. 0 Module 12

473 views • 15 slides
Agenda Module 1 - Risk, Volatility &amp; Timescale Module 2 - Asset Allocation Module 3 -

Agenda Module 1 - Risk, Volatility &amp; Timescale Module 2 - Asset Allocation Module 3 -

Agenda Module 1 - Risk, Volatility &amp; Timescale Module 2 - Asset Allocation Module 3 - Identifying the Building Blocks Module 4 - Reviewing a portfolio This Module Active vs Passive investing Off the shelf solutions Trackers and ETFs and

648 views • 32 slides
1 The objectives of this e-module are to learn how to register for a Data Universal Numbering

1 The objectives of this e-module are to learn how to register for a Data Universal Numbering

Welcome to our e-module series on How to Work with USAID. This e- module is the first part on Registering for Federal Award Systems and focuses on DUNS registration. This e-module is geared towards non- governmental organizations

498 views • 22 slides
6.15 Module 15: Research and Presentation Module Title Research and Presentation Module NFQ

6.15 Module 15: Research and Presentation Module Title Research and Presentation Module NFQ

6.15 Module 15: Research and Presentation Module Title Research and Presentation Module NFQ Level (only if an NFQ level can be 7 demonstrated) Module number/Reference BAAMT206 Parent Programme BA (Hons) in Audio and Music Technology Stage

340 views • 6 slides
Emergency Management Roles and Responsibilities Joe Myers Agenda MODULE 1 WHAT IS MODULE

Emergency Management Roles and Responsibilities Joe Myers Agenda MODULE 1 WHAT IS MODULE

Emergency Management Roles and Responsibilities Joe Myers Agenda MODULE 1 WHAT IS MODULE 2 MODULE 3 LAWS MODULE 4 UTILIZING MODULE 5 BLUE MODULE 6 FUNDING EMERGENCY COURTHOUSE AND AUTHORITIES THE UNIFIED

654 views • 40 slides
What is domain adaptation?

What is domain adaptation?

A Two-Stage Approach to Domain Adaptation for Statistical Classifiers Jing Jiang &amp; ChengXiang Zhai Department of Computer Science University of Illinois at Urbana-Champaign What is domain adaptation?

523 views • 20 slides
Domain Name System (DNS) Learning Goal Foundations of DNS Security in DNS: Integrity

Domain Name System (DNS) Learning Goal Foundations of DNS Security in DNS: Integrity

IN3210 Network Security Domain Name System (DNS) Learning Goal Foundations of DNS Security in DNS: Integrity and Authenticity Confidentiality 2 Foundations of DNS 3 Domain Name System Directory services for name

727 views • 51 slides
CompSci 356: Computer Network Architectures Lecture 23: Domain Name System (DNS) and Content

CompSci 356: Computer Network Architectures Lecture 23: Domain Name System (DNS) and Content

CompSci 356: Computer Network Architectures Lecture 23: Domain Name System (DNS) and Content distribution networks Chapter 9.3.1 Xiaowei Yang xwy@cs.duke.edu Overview Domain Name System Content Distribution Networks DNS attacks

610 views • 57 slides
Dictionaries, Manifolds and Domain Adaptation for Image and Video- based Recognition Rama

Dictionaries, Manifolds and Domain Adaptation for Image and Video- based Recognition Rama

Dictionaries, Manifolds and Domain Adaptation for Image and Video- based Recognition Rama Chellappa University of Maryland Student and the teachers Major points Training and testing data come from different distributions.

780 views • 53 slides
A Practical Approach for Taking Down Avalanche Botnets Under Real-World Constraints Victor Le

A Practical Approach for Taking Down Avalanche Botnets Under Real-World Constraints Victor Le

A Practical Approach for Taking Down Avalanche Botnets Under Real-World Constraints Victor Le Pochat , Tim Van hamme, Sourena Maroofi, Tom Van Goethem, Davy Preuveneers, Andrzej Duda, Wouter Joosen, Maciej Korczyski NDSS 2020, 25 February 2020

244 views • 23 slides
A Fully Abstract Domain Model for the -Calculus Ian Stark BRICS Department of Computer

A Fully Abstract Domain Model for the -Calculus Ian Stark BRICS Department of Computer

A Fully Abstract Domain Model for the -Calculus Ian Stark BRICS Department of Computer Science University of Aarhus Denmark July 1996 The Issue Languages like CCS and the -calculus provide an algebraic approach to concurrency:

560 views • 15 slides
OLAP over Imprecise Data with Domain Constraints Doug Burdick University of Wisconsin

OLAP over Imprecise Data with Domain Constraints Doug Burdick University of Wisconsin

WILD PROJECT REVIEW WILD PROJECT REVIEW WILD PROJECT REVIEW OLAP over Imprecise Data with Domain Constraints Doug Burdick University of Wisconsin Madison Joint work with AnHai Doan (UW-Madison), Raghu Ramakrishnan (Yahoo! Research),

431 views • 27 slides
Why Is This Important? In short: SQL query without aggregation = relational calculus

Why Is This Important? In short: SQL query without aggregation = relational calculus

Why Is This Important? In short: SQL query without aggregation = relational calculus expression Relational Calculus Relational algebra expression is similar to program, describing what operations to perform in what order Calculus is

56 views • 3 slides

More recommend