module 18 protection
play

Module 18: Protection Goals of Protection Domain of Protection - PowerPoint PPT Presentation

Apr 09, 2023 •143 likes •314 views

Module 18: Protection Goals of Protection Domain of Protection Access Matrix Implementation of Access Matrix Revocation of Access Rights Capability-Based Systems Language-Based Protection Silberschatz, Galvin, and Gagne

  1. Module 18: Protection • Goals of Protection • Domain of Protection • Access Matrix • Implementation of Access Matrix • Revocation of Access Rights • Capability-Based Systems • Language-Based Protection Silberschatz, Galvin, and Gagne  1999 Applied Operating System Concepts 18.1

  2. Protection • Operating system consists of a collection of object|s, hardware or software • Each object has a unique name and can be accessed through a well-defined set of operations. • Protection problem - ensure that each object is accessed correctly and only by those processes that are allowed to do so. Silberschatz, Galvin, and Gagne  1999 Applied Operating System Concepts 18.2

  3. Domain Structure • Access-right = <object-name, rights-set> Rights-set is a subset of all valid operations that can be performed on the object. • Domain = set of access-rights Silberschatz, Galvin, and Gagne  1999 Applied Operating System Concepts 18.3

  4. Domain Implementation • System consists of 2 domains: – User – Supervisor • UNIX – Domain = user-id – Domain switch accomplished via file system. ✴ Each file has associated with it a domain bit (setuid bit). ✴ When file is executed and setuid = on, then user-id is set to owner of the file being executed. When execution completes user-id is reset. Silberschatz, Galvin, and Gagne  1999 Applied Operating System Concepts 18.4

  5. Multics Rings • Let D i and D j be any two domain rings. • If j < I ⇒ D i ⊆ D j Silberschatz, Galvin, and Gagne  1999 Applied Operating System Concepts 18.5

  6. Access Matrix Figure 1 Silberschatz, Galvin, and Gagne  1999 Applied Operating System Concepts 18.6

  7. Use of Access Matrix • If a process in Domain D i tries to do “op” on object O j , then “op” must be in the access matrix. • Can be expanded to dynamic protection. – Operations to add, delete access rights. – Special access rights: ✴ owner of O i ✴ copy op from O i to O j ✴ control – D i can modify D j s access rights ✴ transfer – switch from domain D i to D j Silberschatz, Galvin, and Gagne  1999 Applied Operating System Concepts 18.7

  8. Use of Access Matrix (Cont.) • Access matrix design separates mechanism from policy. – Mechanism ✴ Operating system provides Access-matrix + rules. ✴ If ensures that the matrix is only manipulated by authorized agents and that rules are strictly enforced. – Policy ✴ User dictates policy. ✴ Who can access what object and in what mode. Silberschatz, Galvin, and Gagne  1999 Applied Operating System Concepts 18.8

  9. Implementation of Access Matrix • Each column = Access-control list for one object Defines who can perform what operation. Domain 1 = Read, Write Domain 2 = Read Domain 3 = Read � • Each Row = Capability List (like a key) Fore each domain, what operations allowed on what objects. Object 1 – Read Object 4 – Read, Write, Execute Object 5 – Read, Write, Delete, Copy Silberschatz, Galvin, and Gagne  1999 Applied Operating System Concepts 18.9

  10. Access Matrix of Figure 1 With Domains as Objects Figure 2 Silberschatz, Galvin, and Gagne  1999 Applied Operating System Concepts 18.10

  11. Access Matrix with Copy Rights Silberschatz, Galvin, and Gagne  1999 Applied Operating System Concepts 18.11

  12. Access Matrix With Owner Rights Silberschatz, Galvin, and Gagne  1999 Applied Operating System Concepts 18.12

  13. Modified Access Matrix of Figure 2

  14. Revocation of Access Rights • Access List – Delete access rights from access list. – Simple – Immediate • Capability List – Scheme required to locate capability in the system before capability can be revoked. – Reacquisition – Back-pointers – Indirection – Keys

  15. Capability-Based Systems • Hydra – Fixed set of access rights known to and interpreted by the system. – Interpretation of user-defined rights performed solely by user's program; system provides access protection for use of these rights. • Cambridge CAP System – Data capability - provides standard read, write, execute of individual storage segments associated with object. – Software capability -interpretation left to the subsystem, through its protected procedures.

  16. Language-Based Protection • Specification of protection in a programming language allows the high-level description of policies for the allocation and use of resources. • Language implementation can provide software for protection enforcement when automatic hardware- supported checking is unavailable. • Interpret protection specifications to generate calls on whatever protection system is provided by the hardware and the operating system.

Recommend

Module 18: Protection Goals of Protection Domain of Protection Access Matrix

Module 18: Protection Goals of Protection Domain of Protection Access Matrix

Module 18: Protection Goals of Protection Domain of Protection Access Matrix Implementation of Access Matrix Revocation of Access Rights Capability-Based Systems Language-Based Protection Operating System Concepts 18.1

355 views • 19 slides
Module 3 Doing a Noise Audit This module and Module 2 provide the necessary training needed

Module 3 Doing a Noise Audit This module and Module 2 provide the necessary training needed

Module 3 Doing a Noise Audit This module and Module 2 provide the necessary training needed to do a noise audit. This module covers the following topics: Conducting basic noise measurements Assessing hearing protection use

506 views • 21 slides
Bibliography for Module 8 on Immunological Correlates of Protection Fifth Summer Institute in

Bibliography for Module 8 on Immunological Correlates of Protection Fifth Summer Institute in

Bibliography for Module 8 on Immunological Correlates of Protection Fifth Summer Institute in Statistics and Modeling in Infectious Diseases (July, 2013) Ivan Chan 1 , Peter Gilbert 2 , Paul T. Edlefsen 2 , and Ying Huang 2 1 Late Development

330 views • 17 slides
Bibliography for Module 8 on Immunological Correlates of Protection Sixth Summer Institute in

Bibliography for Module 8 on Immunological Correlates of Protection Sixth Summer Institute in

Bibliography for Module 8 on Immunological Correlates of Protection Sixth Summer Institute in Statistics and Modeling in Infectious Diseases (July, 2014) Ivan Chan 1 , Peter Gilbert 2 , Paul T. Edlefsen 2 , and Ying Huang 2 1 Late Development

352 views • 17 slides
Module 8: Evaluating Immune Correlates of Protection Instructors: Ivan Chan, Peter Gilbert, Paul

Module 8: Evaluating Immune Correlates of Protection Instructors: Ivan Chan, Peter Gilbert, Paul

7/5/2013 Module 8: Evaluating Immune Correlates of Protection Instructors: Ivan Chan, Peter Gilbert, Paul T. Edlefsen, Ying Huang Session 2: Introduction to Immune Correlates of Protection Summer Institute in Statistics and Modeling in Infectious

931 views • 62 slides
Module 8: Evaluating Immune Correlates of Protection Instructors: Ivan Chan, Peter Gilbert, Paul

Module 8: Evaluating Immune Correlates of Protection Instructors: Ivan Chan, Peter Gilbert, Paul

6/30/2014 Module 8: Evaluating Immune Correlates of Protection Instructors: Ivan Chan, Peter Gilbert, Paul T. Edlefsen, Ying Huang Session 2: Introduction to Immune Correlates of Protection Summer Institute in Statistics and Modeling in

757 views • 58 slides
1 MODULE SPECIFICATION Module Aims The module aims to deliver knowledge of the essential

1 MODULE SPECIFICATION Module Aims The module aims to deliver knowledge of the essential

MODULE SPECIFICATION Project Management and Credit Module Title: Level : 5 20 Presentation Techniques Value : Is this a Code of module Module code : ENG543 new NO being replaced : module? Cost Centre : GAME JACS3 code : F311

261 views • 4 slides
WebEOC Training 1 Topics Module 1 WebEOC Overview Module 2 Getting Started Module 3

WebEOC Training 1 Topics Module 1 WebEOC Overview Module 2 Getting Started Module 3

WebEOC Training 1 Topics Module 1 WebEOC Overview Module 2 Getting Started Module 3 Status Boards Position Log Request for Assistance Mission/Task Significant Events Module 4 Forms Module 5 Links Module 6

847 views • 72 slides
Canadian Bioinformatics Workshops www.bioinformatics.ca Module #: Title of Module 2 Module bio

Canadian Bioinformatics Workshops www.bioinformatics.ca Module #: Title of Module 2 Module bio

Canadian Bioinformatics Workshops www.bioinformatics.ca Module #: Title of Module 2 Module bio informatics .ca Module 7 Data Visualization Anamaria Crisan Learning Objectives of Module Understand the process of encoding and decoding

1.31k views • 79 slides
Module 3 Supervisory Transition Module 3: Superivsory Transition 1 Objectives Learn about

Module 3 Supervisory Transition Module 3: Superivsory Transition 1 Objectives Learn about

Module 2 was an overview about leadership. But, how do we or did we gain an opportunity to lead? Module 3 gives us insight into transitioning from an employee into a supervisor and/or manager. 0 Module 3 Supervisory Transition Module 3:

1.03k views • 18 slides
Individual-Based Correlates of Protection Identification of Protective Level by Looking at

Individual-Based Correlates of Protection Identification of Protective Level by Looking at

Module 8 Evaluating Immunological Correlates of Protection Session 3 Evaluating Correlates of Protection Using Individual, Population, and Titer-specific Approaches Ivan S.F. Chan, Ph.D. Merck Research Laboratories 1 Individual-Based

541 views • 28 slides
Module 12 Effective Communication, The Who Stakeholder Identification &amp; Engagement 1 Module

Module 12 Effective Communication, The Who Stakeholder Identification &amp; Engagement 1 Module

As you learned to take your leadership vision and create a progressive strategy in Module 11, it should be apparent that our stakeholders are a priority. Module 12 identifies how to effectively communicate with our stakeholders. 0 Module 12

473 views • 15 slides
Agenda Module 1 - Risk, Volatility &amp; Timescale Module 2 - Asset Allocation Module 3 -

Agenda Module 1 - Risk, Volatility &amp; Timescale Module 2 - Asset Allocation Module 3 -

Agenda Module 1 - Risk, Volatility &amp; Timescale Module 2 - Asset Allocation Module 3 - Identifying the Building Blocks Module 4 - Reviewing a portfolio This Module Active vs Passive investing Off the shelf solutions Trackers and ETFs and

648 views • 32 slides
1 The objectives of this e-module are to learn how to register for a Data Universal Numbering

1 The objectives of this e-module are to learn how to register for a Data Universal Numbering

Welcome to our e-module series on How to Work with USAID. This e- module is the first part on Registering for Federal Award Systems and focuses on DUNS registration. This e-module is geared towards non- governmental organizations

498 views • 22 slides
6.15 Module 15: Research and Presentation Module Title Research and Presentation Module NFQ

6.15 Module 15: Research and Presentation Module Title Research and Presentation Module NFQ

6.15 Module 15: Research and Presentation Module Title Research and Presentation Module NFQ Level (only if an NFQ level can be 7 demonstrated) Module number/Reference BAAMT206 Parent Programme BA (Hons) in Audio and Music Technology Stage

340 views • 6 slides
Emergency Management Roles and Responsibilities Joe Myers Agenda MODULE 1 WHAT IS MODULE

Emergency Management Roles and Responsibilities Joe Myers Agenda MODULE 1 WHAT IS MODULE

Emergency Management Roles and Responsibilities Joe Myers Agenda MODULE 1 WHAT IS MODULE 2 MODULE 3 LAWS MODULE 4 UTILIZING MODULE 5 BLUE MODULE 6 FUNDING EMERGENCY COURTHOUSE AND AUTHORITIES THE UNIFIED

654 views • 40 slides
Data integrity protection Data integrity protection with cryptsetup tools with cryptsetup tools

Data integrity protection Data integrity protection with cryptsetup tools with cryptsetup tools

Centre for Research on Cryptography and Security research.redhat.com crocs.fi.muni.cz Data integrity protection Data integrity protection with cryptsetup tools with cryptsetup tools What is the Linux dm-integrity module and What is the

883 views • 25 slides
os Module Today File I/O from last time Behind the scenes, this module loads a module

os Module Today File I/O from last time Behind the scenes, this module loads a module

os Module Today File I/O from last time Behind the scenes, this module loads a module for your particular operating system Slides 38-48 The os and sys modules Regardless of your actual OS, Python imports os The exec()

346 views • 11 slides
Evil Module 1 Module 3 OS OS Module 2 Module 4 Safe? Safe? Yes! Yes! 5 6 1 5/23/10

Evil Module 1 Module 3 OS OS Module 2 Module 4 Safe? Safe? Yes! Yes! 5 6 1 5/23/10

5/23/10 A Travel Story Bryan Parno, Jonathan McCune, Adrian Perrig Carnegie Mellon University 1 2 Does program P compute F? Trust is CriAcal Is F what the programmer intended? Will I regret having done this? X Other Y Other F X Alice Y

429 views • 5 slides
Module Title: Broadcasting &amp; Presentation Skills Level : 4 Credit Value : 20 Code of module

Module Title: Broadcasting &amp; Presentation Skills Level : 4 Credit Value : 20 Code of module

MODULE SPECIFICATION PROFORMA Module Title: Broadcasting &amp; Presentation Skills Level : 4 Credit Value : 20 Code of module Being Module Code : HUM475 New Module? No N/A Replaced : GAJM P300 Cost Centre(s) : JACS3 code : With Effect

60 views • 5 slides
Module 9 Media Communications Module Nine: Media Communications 1 Objectives Understand

Module 9 Media Communications Module Nine: Media Communications 1 Objectives Understand

The last several Modules were about communication. Our interactions may not stop with employees, peers and contractors. There may be a time when we have to deal with the media. Module 9 will help you meet this responsibility. 0 Module 9

542 views • 27 slides
Genus Video Module Genus video module is a Drupal 7 module that allows a website to interact with

Genus Video Module Genus video module is a Drupal 7 module that allows a website to interact with

Genus Video Module Genus video module is a Drupal 7 module that allows a website to interact with the Genus media streaming server and stream videos rather than traditional progressive download. This documentation is a self-explanatory guide that

279 views • 7 slides
Tier 1 Water Budget CTC SPC Meeting # 2/09 Agenda Item # 6.1 February 17, 2009 Gayle

Tier 1 Water Budget CTC SPC Meeting # 2/09 Agenda Item # 6.1 February 17, 2009 Gayle

CTC Source Protection Region CTC Source Protection Region CTC Source Protection Region CTC Source Protection Region www.ctcswp.ca CTC Source Protection Region CTC Source Protection Region CTC Source Protection Region CTC Source Protection

645 views • 48 slides
Introduction Respiratory protection is needed if personnel must enter any area in which

Introduction Respiratory protection is needed if personnel must enter any area in which

Introduction Respiratory protection is needed if personnel must enter any area in which there may be a deficiency of oxygen or an elevated concentration of airborne contaminants. The objective of this module is to provide basic

1.06k views • 63 slides

More recommend