Protected Objects and Methods of Protection with narration

advertisement
Chapter 4 – Protection in General
Purpose Operating Systems
Protection features provided by
general-purpose operating systems—
protecting memory, files, and the
execution environment
 Controlled access to objects
 User authentication

Protected Objects and Methods of
Protections



1rst OS were simple utilities – executives
Multiprogramming OS required monitors
which oversaw each program’s execution
Protected objects
•
•
•
•
•
•
Memory
Sharable I/O devices (disks)
Serially reusable devices (printers)
Shareable programs & subprocedures
Networks
Shareable Data
Security Methods of Operating Systems

Physical Separation
(different processes
use different objects)

Temporal Separation
(processes executed
at different times)

Logical Separation
(process appears to be
alone)

Cryptographic Separation
conceal data and computations)
(processes
Security Methods of Operating Systems

Want to be able to share resources
without compromising security
• Do not protect
• Isolate different processes
• Share all or nothing
• Share via access limitation (granularity)
• Share by capabilities
• Limit use of an object
Memory & Address Protection

Fence
– confines user to one side of boundary
• Use predefined memory addresses
• Can protect OS, but not one user from another

Relocation

Base/Bounds Registers
– changes all addresses of
program using offset
• Uses variable fence register (base
register) to provide lower bound
• Uses bounds register for upper address
Memory & Address Protection

Tagged Architecture
• Every word of machine memory has extra bits
to indicate access rights (expensive)

Segmentation
(program divided into pieces)
• Each segment has name & offset





Each address reference is checked for protection
Different classes of data can be assigned different levels of
protection
Users can share access to segments
User cannot access an unpermitted segment
Paging (program uses equal sized “pages”;
memory divided into equal sized page frames)
Control of Access to General
Objects










Memory
File/data set
Program in memory
Directory of files
Hardware device
Data structure (stack)
Operating system table
Instructions (privileged)
Passwords / user authentication mechanism
Protection mechanism
Goals in protecting objects
Check every access
 Enforce least privilege
 Verify acceptable usage

Directory mechanism
Each user (subject) has a file
directory, which lists all files
accessible by user
 List can become too large if many
shared objects
 Cannot revoke rights of everyone to
an object
 File names for different owners may
be different

Access Control List
One list for each object with list
showing all subjects & their access
rights
 Can use wildcards to limit size of ACL
 Access Control Matrix

• Rows for subjects
• Columns for objects
• Sparse matrix of triples <subjects,
objects, rights>
Capability
Unforgeable token that gives
possessor rights to an object
 Predecessor of Kerberos
 Can propagate capabilities to other
subjects
 Capabilities must be stored in
inaccessible memory

Procedure-Oriented Access Control

Procedure that controls access to
objects including what subjects can
do to objects
Download