Lecture 18: Security and Protection

Topics for Today

Potential Information Security Violations

Unauthorized

Aspects of Security

Implementing protection mechanisms in real operating systems

Protection versus Security

Design Principles

Example: Unix (Solaris) Protection Mechanisms

Protection System Models

Access Matrix Model

Enforcement of Model

When subject s wants to access a to object o, system views this as request (s,a,o) to monitor of o.

Monitor permits access iff a P(s,o).

Example of Access Matrix

 o1o2s1s2s3
s1read, writeown, deleteownsendmailrecmail
s2executecopyrecmailownblock, wakeup
s3ownread, writesendmailblock, wakeupown

Does one actually ever store this matrix?

Implementation Methods

Capabilities

Capability Based Addressing

How does this relate to segmented/paged virtual memory?

Implementing Capabilities

Capability Pros & Cons

Access Control List

ACL Example

SubjectsAccess Rights
Chang read, write, execute
Xuread
Wangwrite
Yangexecute
Yuread, write

ACL Pros & Cons

Changing Protections

Lock-Key Method