Scribd
Upload
157 views

Access Matrix

The document discusses operating system protection through an access matrix model. It explains that the OS represents objects and domains as rows and columns in an access matrix, with the intersections indicating allowed access rights. The access matrix separates the protection mechanism enforced by the OS from authorization policies which are determined separately. It also describes how the matrix can be expanded to support dynamic changes to access rights.

Uploaded by

Amar Singh
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
157 views

Access Matrix

The document discusses operating system protection through an access matrix model. It explains that the OS represents objects and domains as rows and columns in an access matrix, with the intersections indicating allowed access rights. The access matrix separates the protection mechanism enforced by the OS from authorization policies which are determined separately. It also describes how the matrix can be expanded to support dynamic changes to access rights.

Uploaded by

Amar Singh
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

Protection

Operating System Concepts


Protection
• Operating system consists of a collection of
objects, hardware or software

• Each object has a unique name and can be


accessed through a well-defined set of
operations.

• Protection problem - ensure that each object is


accessed correctly and only by those processes
that are allowed to do so.
Operating System Concepts
Domain Structure
• Access-right = <object-name, rights-set>
where rights-set is a subset of all valid
operations that can be performed on the
object.

• Domain = set of access-rights

Operating System Concepts


Access Matrix
• View protection as a matrix (access matrix)

• Rows represent domains

• Columns represent objects

• Access(i, j) is the set of operations that a process


executing in Domaini can invoke on Objectj

Operating System Concepts


Access Matrix

Figure A

Operating System Concepts


Use of Access Matrix
• If a process in Domain Di tries to do “op” on
object Oj, then “op” must be in the access matrix.

• Can be expanded to dynamic protection.


– Operations to add, delete access rights.
– Special access rights:
• owner of Oi
• copy op from Oi to Oj
• control – Di can modify Dj access rights
• transfer – switch from domain Di to Dj

Operating System Concepts


Use of Access Matrix (Cont.)
• Access matrix design separates mechanism
from policy.
– Mechanism
• Operating system provides access-matrix + rules.
• OS ensures that the matrix is only manipulated by
authorized agents and that rules are strictly enforced.
– Policy
• User dictates policy.
• Who can access what object and in what mode.

Operating System Concepts

You might also like