Protection and Access Control in Operating Systems, Study notes of Operating Systems

A lecture note from cs423ug operating systems course by indranil gupta. It covers the topics of protection domains, access matrix, access control lists (acls), and capability lists. The lecture explains the concepts of protection domains, the principle of least privilege, and the implementation of access matrix and its challenges. It also discusses the use of access control lists (acls) and capability lists for managing file access and their implementations.

Typology: Study notes

Pre 2010

Uploaded on 03/16/2009

koofers-user-52q
koofers-user-52q 🇺🇸

10 documents

1 / 4

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1
Security – Part 4
Indranil Gupta
Lecture 40
Dec 5, 2005
CS423UG Operating Systems
CS 423UG - Operating Systems,
Indranil Gupta
2
Content
Protection
Protection Domains
Access Matrix
ACLs vs. Capability Lists
Mixed Approaches
CS 423UG - Operating Systems,
Indranil Gupta
3
Protection Domain
A computer system is a set of processes and objects
Processes and objects have unique names
Objects are abstract data types with well-defined
operations
A process operates within a protection domain
A protection domain specifies the resources a process may
access and the types of operations that ma y be invoked on
the objects.
The Principle of Least Privilege
Need to know: The protection domain of a pr ocess
should be as small as possible consistent wit h the need
of that process to accomplish its assigne d task.
CS 423UG - Operating Systems,
Indranil Gupta
4
Protection Mechanisms
Protection Domains
Examples of three protection domains
CS 423UG - Operating Systems,
Indranil Gupta
5
Access Matrix
CS 423UG - Operating Systems,
Indranil Gupta
6
Access Matrix with Domains as
Objects
Process/User
pf3
pf4

Partial preview of the text

Download Protection and Access Control in Operating Systems and more Study notes Operating Systems in PDF only on Docsity!

Security – Part 4

Indranil GuptaLecture 40Dec 5, 2005

CS423UG Operating Systems

CS 423UG - Operating Systems,

Indranil Gupta

Content

Protection ^ Protection Domains ^ Access Matrix ^ ACLs vs. Capability Lists ^ Mixed Approaches

CS 423UG - Operating Systems,

Indranil Gupta

Protection Domain

^ A computer system is a set of processes and objects ^ Processes and objects have unique names ^ Objects are abstract data types with well-definedoperations ^ A process operates within a protection domain^ –

A protection domain specifies the resources a process mayaccess and the types of operations that may be invoked onthe objects.

^ The Principle of Least Privilege^ –

Need to know

: The protection domain of a process

should be as small as possible consistent with the needof that process to accomplish its assigned task.

CS 423UG - Operating Systems,

Indranil Gupta

Protection Mechanisms

Protection Domains

Examples of three protection domains

CS 423UG - Operating Systems,

Indranil Gupta

Access Matrix

CS 423UG - Operating Systems,

Indranil Gupta

Access Matrix with Domains as

Objects

Process/User

CS 423UG - Operating Systems,

Indranil Gupta

Implementation of the Access Matrix  Global Table - assume

<D, O, R>

: On invocation of a method R on an object O by a process Prunning in a domain D –^ Search for entry at D’th row and Oth column –^ Does this entry admit operation R?

^ Table may be Sparse ^ Table may be too large to store in main memory ormanage through paging

-^ 1000 processes X 10000+ files/directories!

^ Globally-accessible objects need to be entered ineach row ^ Linear Search/Fetch Consumes Time ^ In a distributed file system, access to table may bebottleneck

CS 423UG - Operating Systems,

Indranil Gupta

Copy Rights

^ The access matrix is an object that can be changed ^ The

copy

right allows an access right to be copied

into the same column of other rows in the matrix.  Variants:^ –^ copy

: the right and copy right is copied

-^ transfer

: when a right is copied from one Domain to another, the old Domain loses the right. – limited copy

: a right can be copied, but not the right to

copy. – copy right

: the right to copy a copy right is a separate right

CS 423UG - Operating Systems,

Indranil Gupta

Access Control Lists (ACL’s)

^ Per-object list of processes/domains that can access that object(and type of access allowed) ^ Each

column

in the access matrix. : On invocation of a method R on an object O by a process Prunning in a domain D, –^ the ACL of object O is searched for D, –^ Is there an entry in this ACL admit operation R?  Empty entries in Access Matrix can be discarded.  Storage is proportional to number of useful entries  A default can be associated with an ACL so that any Domainnot specified in the list can access the Objects using defaultmethods.  It is easy for the owner of the Object to grant access to anotherDomain or revoke

access.

^ Search is easier, but processes can “find out” other objects’existence..! ^ ACL entries can be for individual users or for a group of users.

CS 423UG - Operating Systems,

Indranil Gupta

Access Control Lists (1)

Use of access control lists to manage file access

CS 423UG - Operating Systems,

Indranil Gupta

Implementations of ACL’s

^ File Systems

-^ While opening a file, it is checked against thefile’s ACL

^ Login Shells

-^ The login to a system is checked against an ACL(usually the password file owned by root). –^ Rlogins are checked against an .rhost file thatcontains the names of machines from which arlogin is permitted.

CS 423UG - Operating Systems,

Indranil Gupta

Access Control Lists (2)^ Two access control lists

CS 423UG - Operating Systems,

Indranil Gupta

Implementation of Revocation with

Capabilities

^ Re-acquisition.

-^ Capabilities expire. The Domain must re-acquire them aftera period, allowing delayed revocation.

^ Back-pointers.

-^ Objects keep back pointers to the capabilities that point tothem. Expensive though.

^ Indirection.

-^ Capabilities go indirectly through a global table. The entry inthe global table can be removed, invalidating the capability.It does not allow selective revocation.

^ Keys.

-^ A key is kept with the capability and compared with a keystored with the object. On access, if the keys match, theaccess is permitted. The key in the object can be changed.

CS 423UG - Operating Systems,

Indranil Gupta

Readings

^ This lecture: Sections 9.0-9.7 (relevantportions of) ^ Next lecture: Unix vs. Linux (Chapter 10) ^ MP4: Challenging, but hopefully you learnt alot (about OS’s, about debugging, about C)

-^ Do-it-easy MP’s are less a learning experiencethan challenging MP’s –^ Remember Yeats:

Education is not the filling of a

pail, but the lighting of a fire.

CS 423UG - Operating Systems,

Indranil Gupta

Final Exam Reminders

^ Final Exam, December 17, 8-11am^ –

Three rooms: 1214, 1304, 1404 Siebel

^ Conflict exam signup (if you have threeexams during the day – one morning, oneafternoon and one evening)^ –

Please email Indy by the last day of classes if^ you need to take a conflict exam – Will likely be on December 16, 9 am – 12 pm (willnot be held if no conflict students)