Outline
• Class evaluation
• Resource security and protection
Class Evaluation
• Course: COP 5611 01
• Instructor: Xiuwen Liu
• Today’s date: April 17, 2003
May 29, 2016
COP 5611 - Operating Systems
2
General Introduction
• Security is related to dependability
– Confidentiality
• Information should only be disclosed to authorized
parties
– Integrity
• Alterations can be made only in an authorized way
May 29, 2016
COP 5611 - Operating Systems
3
General Introduction – cont.
• Security threats
– Interception
• A situation where an unauthorized party gained access to a
service or data
– Interruption
• A situation where services or data become unavailable
– Modification
• Unauthorized changing of data or tampering with a service
– Fabrication
• Additional data or activity that would normally do not exist
May 29, 2016
COP 5611 - Operating Systems
4
General Introduction – cont.
• Security policy
– Which actions on what entities in a system are
allowed
• Security mechanisms
– By which a policy can be enforced
– Important ones include
•
•
•
•
Encryption
Authentication
Authorization
Auditing
May 29, 2016
COP 5611 - Operating Systems
5
Access Control
• Typical distributed systems are organized as
client-server architectures
– A request from a service generally involves
invoking a method of a specific object
– Verifying access right is referred to as access
control, whereas authorization is about granting
access rights
May 29, 2016
COP 5611 - Operating Systems
6
Access Control – cont.
• General issues
– The system consists of subjects that issue a request to
access an object
• Subjects are processes acting on behalf of users, but can
also be objects that need the services of other objects
• Objects are entities with their own state and operations
May 29, 2016
COP 5611 - Operating Systems
7
Access Control Matrix
• Three components
– Current objects
– Current subjects
– Generic rights
May 29, 2016
COP 5611 - Operating Systems
8
Access Control Matrix – cont.
May 29, 2016
COP 5611 - Operating Systems
9
Access Control Matrix – cont.
May 29, 2016
COP 5611 - Operating Systems
10
Capabilities
• The capability based method corresponds to
the row-wise decomposition of the access
matrix
– Each subject s is assigned a list of pairs (o,
P[s,o]) for all objects o that it is allowed to access
– The pairs are referred to as as capabilities
May 29, 2016
COP 5611 - Operating Systems
11
Capabilities – cont.
May 29, 2016
COP 5611 - Operating Systems
12
Capabilities – cont.
• Implementation considerations
– A user should not be able to read, modify or
construct a capability
– Two approaches
• The tagged approach
– One or more bits are attached to each memory location and
to every processor register to indicate whether the memory
word or a register contains a capability
• The partitioned approach
– Capabilities and ordinary data are stored separately
May 29, 2016
COP 5611 - Operating Systems
13
Capabilities – cont.
• Advantages of capabilities
– Efficiency
– Simplicity
– Flexibility
• Drawbacks
–
–
–
–
Control of propagation
Review is difficult
Revocation of access rights is difficult
Garbage collection is difficult
May 29, 2016
COP 5611 - Operating Systems
14
The Access Control List Method
• Corresponds to the column-wise decomposition
of the access matrix
– Each object o is assigned a list of pairs (s, P[s, o])
for all subjects s that are allowed to access the
object
– When a subject s requests access a to object o, the
system checks the access control list of o to see if
an entry (s, F) exists; if yes, then check if a belongs
to F
May 29, 2016
COP 5611 - Operating Systems
15
Access Control List Method – cont.
May 29, 2016
COP 5611 - Operating Systems
16
Access Control List Method – cont.
• Advantages
– Easy revocation
– Easy review of an access
• Implementation issues
– Efficiency of execution
– Efficiency of storage
• Protection groups
– Authority to change an access control list
• Self control
• Hierarchical control
May 29, 2016
COP 5611 - Operating Systems
17
The Lock-Key Method
• A hybrid of the capability-based method and
the access control list method
– Every subject has a capability list that contains
tuples of the form (O, k), indicating that the
subject can access object O using key k
– Every object has an access control list that
contains tuples of the form (l, ), called a lock
entry, indicating that any subject which can open
the lock l can access this object in modes in 
May 29, 2016
COP 5611 - Operating Systems
18
The Lock-Key Method – cont.
• When a subject s makes the request to access
object o in mode a, the system does the following
– The system locates the tuple (o, k) in the capability
list of the subject
• If no such tuple is found, the access is not permitted
– Otherwise, the access is permitted only if there exists
a lock entry (l, Y) in the access control list of the
object o such that k = l and a  
May 29, 2016
COP 5611 - Operating Systems
19
Take-Grant Model
• The take-grant model uses directed graphs to
model access control
– It provides an efficient way to implement an access
matrix that is likely to be highly sparse
• Note a sparse matrix can be stored efficiently using a
directed graph
– There are two types of modes in the graph: subjects
and objects
• An edge from node x to y indicates that the subject
represented by x has some access rights to node y
• Two special rights (take and grant) specify how the access
rights can be propagated to other nodes
May 29, 2016
COP 5611 - Operating Systems
20
Take-Grant Model – cont.
May 29, 2016
COP 5611 - Operating Systems
21
Case Studies
• The UNIX operating system
–
–
–
–
–
–
–
–
file access modes
read, write, execute
owner, group, others
set user ID on execution
set group ID on execution
enable mandatory locking
turn on sticky bit
access control lists (setfacl, getfacl)
• The Hydra Kernel
• Amoeba
• Andrew
May 29, 2016
COP 5611 - Operating Systems
22
Summary
• Protection and security deal with the control
of unauthorized use and the access to
hardware and software resources
• Access matrix model is widely used
– Capabilities
– Access control lists
• Case studies
May 29, 2016
COP 5611 - Operating Systems
23