Lecture 18: Security and Protection

Topics for Today

Potential Information Security Violations


Aspects of Security

Implementing protection mechanisms in real operating systems

Protection versus Security

Design Principles

Example: Unix (Solaris) Protection Mechanisms

Protection System Models

Access Matrix Model

Enforcement of Model

When subject s wants to access a to object o, system views this as request (s,a,o) to monitor of o.

Monitor permits access iff a P(s,o).

Example of Access Matrix

s1read, writeown, deleteownsendmailrecmail
s2executecopyrecmailownblock, wakeup
s3ownread, writesendmailblock, wakeupown

Does one actually ever store this matrix?

Implementation Methods


Capability Based Addressing

How does this relate to segmented/paged virtual memory?

Implementing Capabilities

Capability Pros & Cons

Access Control List

ACL Example

SubjectsAccess Rights
Chang read, write, execute
Yuread, write

ACL Pros & Cons

Changing Protections

Lock-Key Method