Protected Objects and Methods of Protection with narration

Chapter 4 – Protection in General
Purpose Operating Systems
Protection features provided by
general-purpose operating systems—
protecting memory, files, and the
execution environment
 Controlled access to objects
 User authentication
Protected Objects and Methods of
1rst OS were simple utilities – executives
Multiprogramming OS required monitors
which oversaw each program’s execution
Protected objects
Sharable I/O devices (disks)
Serially reusable devices (printers)
Shareable programs & subprocedures
Shareable Data
Security Methods of Operating Systems
Physical Separation
(different processes
use different objects)
Temporal Separation
(processes executed
at different times)
Logical Separation
(process appears to be
Cryptographic Separation
conceal data and computations)
Security Methods of Operating Systems
Want to be able to share resources
without compromising security
• Do not protect
• Isolate different processes
• Share all or nothing
• Share via access limitation (granularity)
• Share by capabilities
• Limit use of an object
Memory & Address Protection
– confines user to one side of boundary
• Use predefined memory addresses
• Can protect OS, but not one user from another
Base/Bounds Registers
– changes all addresses of
program using offset
• Uses variable fence register (base
register) to provide lower bound
• Uses bounds register for upper address
Memory & Address Protection
Tagged Architecture
• Every word of machine memory has extra bits
to indicate access rights (expensive)
(program divided into pieces)
• Each segment has name & offset
Each address reference is checked for protection
Different classes of data can be assigned different levels of
Users can share access to segments
User cannot access an unpermitted segment
Paging (program uses equal sized “pages”;
memory divided into equal sized page frames)
Control of Access to General
File/data set
Program in memory
Directory of files
Hardware device
Data structure (stack)
Operating system table
Instructions (privileged)
Passwords / user authentication mechanism
Protection mechanism
Goals in protecting objects
Check every access
 Enforce least privilege
 Verify acceptable usage
Directory mechanism
Each user (subject) has a file
directory, which lists all files
accessible by user
 List can become too large if many
shared objects
 Cannot revoke rights of everyone to
an object
 File names for different owners may
be different
Access Control List
One list for each object with list
showing all subjects & their access
 Can use wildcards to limit size of ACL
 Access Control Matrix
• Rows for subjects
• Columns for objects
• Sparse matrix of triples <subjects,
objects, rights>
Unforgeable token that gives
possessor rights to an object
 Predecessor of Kerberos
 Can propagate capabilities to other
 Capabilities must be stored in
inaccessible memory
Procedure-Oriented Access Control
Procedure that controls access to
objects including what subjects can
do to objects