Advanced Operating System

PROTECTION
Group Members:

Maham Riaz 2021-MSCS-10

Imtiaz Yousuf 2021-MSCS-17
Sultan Yousuf 2021-MSCS-19
Aneela Gillani 2021-MSCS-09
Taj Khan 2021-MSCS-24
1
 Table of Contents
 Introduction
 Goals Of Protection
 Principle of Protection
 Access control
 Domain
 Access Matrix
 Implementation of Access Matrix
 Capability Based System
 Language Based System 2
 Introduction
Protection refers to a mechanism for controlling the access of
programs, processes or users to the resources defined by a computer
system.
 Resources of the computer are used in a proper way.
Each object is accessed correctly and only by those processes that are
allowed.
3
 Goals of Protection

Operating system consists of a collection of objects, hardware or

software
Each object has a unique name and can be accessed through a well
defined set of operations
Protection problem – ensure that each object is accessed correctly
and only by those processes that are allowed to do
4
 Principle of Protection

Time tested guiding principle – principle of least privileges

Programs, users and systems should be given just enough privileges
to perform their tasks
The principle of least privilege can help to produce a more secure
computing environment

5
 Domain
Domain = collection of objects and a set of access rights for each of
the objects
A process operates within a Protection Domain that specifies the resources
that the process may access
Each domain defines a set of objects and the types of operations that may
be invoked on each object
Ability to execute an operation on an object is an access right
System will consists of such multiple domains each having certain
predefined access right on different object 6
Cont…
A domain can be realized in a variety of ways:
Each user may be a domain. In this case, the set of objects
that can be accessed depends on the identity of the user.
Each process may be a domain. In this case, the set of
objects that can be accessed depends on the identity of the
process.

7
For Example:

If domain D has the access right <file F,{ read,write }>, then a
process executing in domain D can both read and write file F; it
cannot, however, perform any other operation on that object.

8
 Example of UNIX

In the UNIX operating system, a domain is associated

with the user
In UNIX operating system user ID’s is used to
identify the domain

9
 Access Control
Access control is concerned with determining the allowed activities of valid users,
moderating every attempt by a user to access a resource in the system.
The problem of computer protection is to control which objects a given program can
access, and in what ways.

Basic Terminology of Access Control

Object: an entity that contains or receives information .

Example: File, programs, printer, disk ,etc.

Access Rights: the permission granted to a user to perform an operation

Example: read, write, etc.
10
 Cont.…

Access
Request Access
Subject Control Object
Policy
Request

Source (e.g. Resource (e.g.

users, process) Guard files, printers)

11
 Access Control Matrix
 View protection as a matrix (access matrix )
 Rows represent Domains
 And columns represent objects
 Each entry in the matrix consist of a set of access rights.
The entry access defines the set of operations that a
process executing in Domain can invoke on object.,

12
13
14
15
Uses Access Matrix

16
17
18
19
Thank You

20